1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/sched/signal.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/l2cap.h>
37
38#include "smp.h"
39
40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
44static const struct proto_ops l2cap_sock_ops;
45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
55static int l2cap_validate_bredr_psm(u16 psm)
56{
57
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79}
80
81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155
156
157
158
159
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170done:
171 release_sock(sk);
172 return err;
173}
174
175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177{
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
193 if (la.l2_cid && la.l2_psm)
194 return -EINVAL;
195
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
199
200
201
202
203
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206
207
208
209
210
211
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 return -EINVAL;
215
216
217
218
219
220
221
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229
230 if (la.l2_cid &&
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232 return -EINVAL;
233 }
234
235 if (chan->psm && bdaddr_type_is_le(chan->src_type) && !chan->mode)
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
240 if (err)
241 return err;
242
243 lock_sock(sk);
244
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
247
248 release_sock(sk);
249
250 return err;
251}
252
253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
263 if (sk->sk_state != BT_BOUND) {
264 err = -EBADFD;
265 goto done;
266 }
267
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
276 break;
277 case L2CAP_MODE_EXT_FLOWCTL:
278 if (!enable_ecred) {
279 err = -EOPNOTSUPP;
280 goto done;
281 }
282 break;
283 case L2CAP_MODE_ERTM:
284 case L2CAP_MODE_STREAMING:
285 if (!disable_ertm)
286 break;
287 fallthrough;
288 default:
289 err = -EOPNOTSUPP;
290 goto done;
291 }
292
293 sk->sk_max_ack_backlog = backlog;
294 sk->sk_ack_backlog = 0;
295
296
297
298
299
300 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
301
302 chan->state = BT_LISTEN;
303 sk->sk_state = BT_LISTEN;
304
305done:
306 release_sock(sk);
307 return err;
308}
309
310static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
311 int flags, bool kern)
312{
313 DEFINE_WAIT_FUNC(wait, woken_wake_function);
314 struct sock *sk = sock->sk, *nsk;
315 long timeo;
316 int err = 0;
317
318 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
319
320 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
321
322 BT_DBG("sk %p timeo %ld", sk, timeo);
323
324
325 add_wait_queue_exclusive(sk_sleep(sk), &wait);
326 while (1) {
327 if (sk->sk_state != BT_LISTEN) {
328 err = -EBADFD;
329 break;
330 }
331
332 nsk = bt_accept_dequeue(sk, newsock);
333 if (nsk)
334 break;
335
336 if (!timeo) {
337 err = -EAGAIN;
338 break;
339 }
340
341 if (signal_pending(current)) {
342 err = sock_intr_errno(timeo);
343 break;
344 }
345
346 release_sock(sk);
347
348 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
349
350 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
351 }
352 remove_wait_queue(sk_sleep(sk), &wait);
353
354 if (err)
355 goto done;
356
357 newsock->state = SS_CONNECTED;
358
359 BT_DBG("new socket %p", nsk);
360
361done:
362 release_sock(sk);
363 return err;
364}
365
366static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
367 int peer)
368{
369 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
370 struct sock *sk = sock->sk;
371 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
372
373 BT_DBG("sock %p, sk %p", sock, sk);
374
375 if (peer && sk->sk_state != BT_CONNECTED &&
376 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
377 sk->sk_state != BT_CONFIG)
378 return -ENOTCONN;
379
380 memset(la, 0, sizeof(struct sockaddr_l2));
381 addr->sa_family = AF_BLUETOOTH;
382
383 la->l2_psm = chan->psm;
384
385 if (peer) {
386 bacpy(&la->l2_bdaddr, &chan->dst);
387 la->l2_cid = cpu_to_le16(chan->dcid);
388 la->l2_bdaddr_type = chan->dst_type;
389 } else {
390 bacpy(&la->l2_bdaddr, &chan->src);
391 la->l2_cid = cpu_to_le16(chan->scid);
392 la->l2_bdaddr_type = chan->src_type;
393 }
394
395 return sizeof(struct sockaddr_l2);
396}
397
398static int l2cap_get_mode(struct l2cap_chan *chan)
399{
400 switch (chan->mode) {
401 case L2CAP_MODE_BASIC:
402 return BT_MODE_BASIC;
403 case L2CAP_MODE_ERTM:
404 return BT_MODE_ERTM;
405 case L2CAP_MODE_STREAMING:
406 return BT_MODE_STREAMING;
407 case L2CAP_MODE_LE_FLOWCTL:
408 return BT_MODE_LE_FLOWCTL;
409 case L2CAP_MODE_EXT_FLOWCTL:
410 return BT_MODE_EXT_FLOWCTL;
411 }
412
413 return -EINVAL;
414}
415
416static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
417 char __user *optval, int __user *optlen)
418{
419 struct sock *sk = sock->sk;
420 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
421 struct l2cap_options opts;
422 struct l2cap_conninfo cinfo;
423 int len, err = 0;
424 u32 opt;
425
426 BT_DBG("sk %p", sk);
427
428 if (get_user(len, optlen))
429 return -EFAULT;
430
431 lock_sock(sk);
432
433 switch (optname) {
434 case L2CAP_OPTIONS:
435
436
437
438
439 if (bdaddr_type_is_le(chan->src_type) &&
440 chan->scid != L2CAP_CID_ATT) {
441 err = -EINVAL;
442 break;
443 }
444
445
446 switch (chan->mode) {
447 case L2CAP_MODE_BASIC:
448 case L2CAP_MODE_ERTM:
449 case L2CAP_MODE_STREAMING:
450 break;
451 default:
452 err = -EINVAL;
453 break;
454 }
455
456 if (err < 0)
457 break;
458
459 memset(&opts, 0, sizeof(opts));
460 opts.imtu = chan->imtu;
461 opts.omtu = chan->omtu;
462 opts.flush_to = chan->flush_to;
463 opts.mode = chan->mode;
464 opts.fcs = chan->fcs;
465 opts.max_tx = chan->max_tx;
466 opts.txwin_size = chan->tx_win;
467
468 BT_DBG("mode 0x%2.2x", chan->mode);
469
470 len = min_t(unsigned int, len, sizeof(opts));
471 if (copy_to_user(optval, (char *) &opts, len))
472 err = -EFAULT;
473
474 break;
475
476 case L2CAP_LM:
477 switch (chan->sec_level) {
478 case BT_SECURITY_LOW:
479 opt = L2CAP_LM_AUTH;
480 break;
481 case BT_SECURITY_MEDIUM:
482 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
483 break;
484 case BT_SECURITY_HIGH:
485 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
486 L2CAP_LM_SECURE;
487 break;
488 case BT_SECURITY_FIPS:
489 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
490 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
491 break;
492 default:
493 opt = 0;
494 break;
495 }
496
497 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
498 opt |= L2CAP_LM_MASTER;
499
500 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
501 opt |= L2CAP_LM_RELIABLE;
502
503 if (put_user(opt, (u32 __user *) optval))
504 err = -EFAULT;
505
506 break;
507
508 case L2CAP_CONNINFO:
509 if (sk->sk_state != BT_CONNECTED &&
510 !(sk->sk_state == BT_CONNECT2 &&
511 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
512 err = -ENOTCONN;
513 break;
514 }
515
516 memset(&cinfo, 0, sizeof(cinfo));
517 cinfo.hci_handle = chan->conn->hcon->handle;
518 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
519
520 len = min_t(unsigned int, len, sizeof(cinfo));
521 if (copy_to_user(optval, (char *) &cinfo, len))
522 err = -EFAULT;
523
524 break;
525
526 default:
527 err = -ENOPROTOOPT;
528 break;
529 }
530
531 release_sock(sk);
532 return err;
533}
534
535static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
536 char __user *optval, int __user *optlen)
537{
538 struct sock *sk = sock->sk;
539 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
540 struct bt_security sec;
541 struct bt_power pwr;
542 u32 phys;
543 int len, mode, err = 0;
544
545 BT_DBG("sk %p", sk);
546
547 if (level == SOL_L2CAP)
548 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
549
550 if (level != SOL_BLUETOOTH)
551 return -ENOPROTOOPT;
552
553 if (get_user(len, optlen))
554 return -EFAULT;
555
556 lock_sock(sk);
557
558 switch (optname) {
559 case BT_SECURITY:
560 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
561 chan->chan_type != L2CAP_CHAN_FIXED &&
562 chan->chan_type != L2CAP_CHAN_RAW) {
563 err = -EINVAL;
564 break;
565 }
566
567 memset(&sec, 0, sizeof(sec));
568 if (chan->conn) {
569 sec.level = chan->conn->hcon->sec_level;
570
571 if (sk->sk_state == BT_CONNECTED)
572 sec.key_size = chan->conn->hcon->enc_key_size;
573 } else {
574 sec.level = chan->sec_level;
575 }
576
577 len = min_t(unsigned int, len, sizeof(sec));
578 if (copy_to_user(optval, (char *) &sec, len))
579 err = -EFAULT;
580
581 break;
582
583 case BT_DEFER_SETUP:
584 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
585 err = -EINVAL;
586 break;
587 }
588
589 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
590 (u32 __user *) optval))
591 err = -EFAULT;
592
593 break;
594
595 case BT_FLUSHABLE:
596 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
597 (u32 __user *) optval))
598 err = -EFAULT;
599
600 break;
601
602 case BT_POWER:
603 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
604 && sk->sk_type != SOCK_RAW) {
605 err = -EINVAL;
606 break;
607 }
608
609 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
610
611 len = min_t(unsigned int, len, sizeof(pwr));
612 if (copy_to_user(optval, (char *) &pwr, len))
613 err = -EFAULT;
614
615 break;
616
617 case BT_CHANNEL_POLICY:
618 if (put_user(chan->chan_policy, (u32 __user *) optval))
619 err = -EFAULT;
620 break;
621
622 case BT_SNDMTU:
623 if (!bdaddr_type_is_le(chan->src_type)) {
624 err = -EINVAL;
625 break;
626 }
627
628 if (sk->sk_state != BT_CONNECTED) {
629 err = -ENOTCONN;
630 break;
631 }
632
633 if (put_user(chan->omtu, (u16 __user *) optval))
634 err = -EFAULT;
635 break;
636
637 case BT_RCVMTU:
638 if (!bdaddr_type_is_le(chan->src_type)) {
639 err = -EINVAL;
640 break;
641 }
642
643 if (put_user(chan->imtu, (u16 __user *) optval))
644 err = -EFAULT;
645 break;
646
647 case BT_PHY:
648 if (sk->sk_state != BT_CONNECTED) {
649 err = -ENOTCONN;
650 break;
651 }
652
653 phys = hci_conn_get_phy(chan->conn->hcon);
654
655 if (put_user(phys, (u32 __user *) optval))
656 err = -EFAULT;
657 break;
658
659 case BT_MODE:
660 if (!enable_ecred) {
661 err = -ENOPROTOOPT;
662 break;
663 }
664
665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
666 err = -EINVAL;
667 break;
668 }
669
670 mode = l2cap_get_mode(chan);
671 if (mode < 0) {
672 err = mode;
673 break;
674 }
675
676 if (put_user(mode, (u8 __user *) optval))
677 err = -EFAULT;
678 break;
679
680 default:
681 err = -ENOPROTOOPT;
682 break;
683 }
684
685 release_sock(sk);
686 return err;
687}
688
689static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
690{
691 switch (chan->scid) {
692 case L2CAP_CID_ATT:
693 if (mtu < L2CAP_LE_MIN_MTU)
694 return false;
695 break;
696
697 default:
698 if (mtu < L2CAP_DEFAULT_MIN_MTU)
699 return false;
700 }
701
702 return true;
703}
704
705static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
706 sockptr_t optval, unsigned int optlen)
707{
708 struct sock *sk = sock->sk;
709 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
710 struct l2cap_options opts;
711 int len, err = 0;
712 u32 opt;
713
714 BT_DBG("sk %p", sk);
715
716 lock_sock(sk);
717
718 switch (optname) {
719 case L2CAP_OPTIONS:
720 if (bdaddr_type_is_le(chan->src_type)) {
721 err = -EINVAL;
722 break;
723 }
724
725 if (sk->sk_state == BT_CONNECTED) {
726 err = -EINVAL;
727 break;
728 }
729
730 opts.imtu = chan->imtu;
731 opts.omtu = chan->omtu;
732 opts.flush_to = chan->flush_to;
733 opts.mode = chan->mode;
734 opts.fcs = chan->fcs;
735 opts.max_tx = chan->max_tx;
736 opts.txwin_size = chan->tx_win;
737
738 len = min_t(unsigned int, sizeof(opts), optlen);
739 if (copy_from_sockptr(&opts, optval, len)) {
740 err = -EFAULT;
741 break;
742 }
743
744 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
745 err = -EINVAL;
746 break;
747 }
748
749 if (!l2cap_valid_mtu(chan, opts.imtu)) {
750 err = -EINVAL;
751 break;
752 }
753
754
755 switch (opts.mode) {
756 case L2CAP_MODE_BASIC:
757 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
758 break;
759 case L2CAP_MODE_ERTM:
760 case L2CAP_MODE_STREAMING:
761 if (!disable_ertm)
762 break;
763 fallthrough;
764 default:
765 err = -EINVAL;
766 break;
767 }
768
769 if (err < 0)
770 break;
771
772 chan->mode = opts.mode;
773
774 BT_DBG("mode 0x%2.2x", chan->mode);
775
776 chan->imtu = opts.imtu;
777 chan->omtu = opts.omtu;
778 chan->fcs = opts.fcs;
779 chan->max_tx = opts.max_tx;
780 chan->tx_win = opts.txwin_size;
781 chan->flush_to = opts.flush_to;
782 break;
783
784 case L2CAP_LM:
785 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
786 err = -EFAULT;
787 break;
788 }
789
790 if (opt & L2CAP_LM_FIPS) {
791 err = -EINVAL;
792 break;
793 }
794
795 if (opt & L2CAP_LM_AUTH)
796 chan->sec_level = BT_SECURITY_LOW;
797 if (opt & L2CAP_LM_ENCRYPT)
798 chan->sec_level = BT_SECURITY_MEDIUM;
799 if (opt & L2CAP_LM_SECURE)
800 chan->sec_level = BT_SECURITY_HIGH;
801
802 if (opt & L2CAP_LM_MASTER)
803 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
804 else
805 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
806
807 if (opt & L2CAP_LM_RELIABLE)
808 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
809 else
810 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
811 break;
812
813 default:
814 err = -ENOPROTOOPT;
815 break;
816 }
817
818 release_sock(sk);
819 return err;
820}
821
822static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
823{
824 switch (mode) {
825 case BT_MODE_BASIC:
826 if (bdaddr_type_is_le(chan->src_type))
827 return -EINVAL;
828 mode = L2CAP_MODE_BASIC;
829 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
830 break;
831 case BT_MODE_ERTM:
832 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
833 return -EINVAL;
834 mode = L2CAP_MODE_ERTM;
835 break;
836 case BT_MODE_STREAMING:
837 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
838 return -EINVAL;
839 mode = L2CAP_MODE_STREAMING;
840 break;
841 case BT_MODE_LE_FLOWCTL:
842 if (!bdaddr_type_is_le(chan->src_type))
843 return -EINVAL;
844 mode = L2CAP_MODE_LE_FLOWCTL;
845 break;
846 case BT_MODE_EXT_FLOWCTL:
847
848 if (!bdaddr_type_is_le(chan->src_type))
849 return -EINVAL;
850 mode = L2CAP_MODE_EXT_FLOWCTL;
851 break;
852 default:
853 return -EINVAL;
854 }
855
856 chan->mode = mode;
857
858 return 0;
859}
860
861static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
862 sockptr_t optval, unsigned int optlen)
863{
864 struct sock *sk = sock->sk;
865 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
866 struct bt_security sec;
867 struct bt_power pwr;
868 struct l2cap_conn *conn;
869 int len, err = 0;
870 u32 opt;
871
872 BT_DBG("sk %p", sk);
873
874 if (level == SOL_L2CAP)
875 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
876
877 if (level != SOL_BLUETOOTH)
878 return -ENOPROTOOPT;
879
880 lock_sock(sk);
881
882 switch (optname) {
883 case BT_SECURITY:
884 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
885 chan->chan_type != L2CAP_CHAN_FIXED &&
886 chan->chan_type != L2CAP_CHAN_RAW) {
887 err = -EINVAL;
888 break;
889 }
890
891 sec.level = BT_SECURITY_LOW;
892
893 len = min_t(unsigned int, sizeof(sec), optlen);
894 if (copy_from_sockptr(&sec, optval, len)) {
895 err = -EFAULT;
896 break;
897 }
898
899 if (sec.level < BT_SECURITY_LOW ||
900 sec.level > BT_SECURITY_FIPS) {
901 err = -EINVAL;
902 break;
903 }
904
905 chan->sec_level = sec.level;
906
907 if (!chan->conn)
908 break;
909
910 conn = chan->conn;
911
912
913 if (chan->scid == L2CAP_CID_ATT) {
914 if (smp_conn_security(conn->hcon, sec.level)) {
915 err = -EINVAL;
916 break;
917 }
918
919 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
920 sk->sk_state = BT_CONFIG;
921 chan->state = BT_CONFIG;
922
923
924 } else if ((sk->sk_state == BT_CONNECT2 &&
925 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
926 sk->sk_state == BT_CONNECTED) {
927 if (!l2cap_chan_check_security(chan, true))
928 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
929 else
930 sk->sk_state_change(sk);
931 } else {
932 err = -EINVAL;
933 }
934 break;
935
936 case BT_DEFER_SETUP:
937 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
938 err = -EINVAL;
939 break;
940 }
941
942 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
943 err = -EFAULT;
944 break;
945 }
946
947 if (opt) {
948 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
949 set_bit(FLAG_DEFER_SETUP, &chan->flags);
950 } else {
951 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
952 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
953 }
954 break;
955
956 case BT_FLUSHABLE:
957 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
958 err = -EFAULT;
959 break;
960 }
961
962 if (opt > BT_FLUSHABLE_ON) {
963 err = -EINVAL;
964 break;
965 }
966
967 if (opt == BT_FLUSHABLE_OFF) {
968 conn = chan->conn;
969
970
971 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
972 err = -EINVAL;
973 break;
974 }
975 }
976
977 if (opt)
978 set_bit(FLAG_FLUSHABLE, &chan->flags);
979 else
980 clear_bit(FLAG_FLUSHABLE, &chan->flags);
981 break;
982
983 case BT_POWER:
984 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
985 chan->chan_type != L2CAP_CHAN_RAW) {
986 err = -EINVAL;
987 break;
988 }
989
990 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
991
992 len = min_t(unsigned int, sizeof(pwr), optlen);
993 if (copy_from_sockptr(&pwr, optval, len)) {
994 err = -EFAULT;
995 break;
996 }
997
998 if (pwr.force_active)
999 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1000 else
1001 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1002 break;
1003
1004 case BT_CHANNEL_POLICY:
1005 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1006 err = -EFAULT;
1007 break;
1008 }
1009
1010 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1011 err = -EINVAL;
1012 break;
1013 }
1014
1015 if (chan->mode != L2CAP_MODE_ERTM &&
1016 chan->mode != L2CAP_MODE_STREAMING) {
1017 err = -EOPNOTSUPP;
1018 break;
1019 }
1020
1021 chan->chan_policy = (u8) opt;
1022
1023 if (sk->sk_state == BT_CONNECTED &&
1024 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1025 l2cap_move_start(chan);
1026
1027 break;
1028
1029 case BT_SNDMTU:
1030 if (!bdaddr_type_is_le(chan->src_type)) {
1031 err = -EINVAL;
1032 break;
1033 }
1034
1035
1036
1037
1038 err = -EPERM;
1039 break;
1040
1041 case BT_RCVMTU:
1042 if (!bdaddr_type_is_le(chan->src_type)) {
1043 err = -EINVAL;
1044 break;
1045 }
1046
1047 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1048 sk->sk_state == BT_CONNECTED) {
1049 err = -EISCONN;
1050 break;
1051 }
1052
1053 if (copy_from_sockptr(&opt, optval, sizeof(u16))) {
1054 err = -EFAULT;
1055 break;
1056 }
1057
1058 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1059 sk->sk_state == BT_CONNECTED)
1060 err = l2cap_chan_reconfigure(chan, opt);
1061 else
1062 chan->imtu = opt;
1063
1064 break;
1065
1066 case BT_MODE:
1067 if (!enable_ecred) {
1068 err = -ENOPROTOOPT;
1069 break;
1070 }
1071
1072 BT_DBG("sk->sk_state %u", sk->sk_state);
1073
1074 if (sk->sk_state != BT_BOUND) {
1075 err = -EINVAL;
1076 break;
1077 }
1078
1079 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1080 err = -EINVAL;
1081 break;
1082 }
1083
1084 if (copy_from_sockptr(&opt, optval, sizeof(u8))) {
1085 err = -EFAULT;
1086 break;
1087 }
1088
1089 BT_DBG("opt %u", opt);
1090
1091 err = l2cap_set_mode(chan, opt);
1092 if (err)
1093 break;
1094
1095 BT_DBG("mode 0x%2.2x", chan->mode);
1096
1097 break;
1098
1099 default:
1100 err = -ENOPROTOOPT;
1101 break;
1102 }
1103
1104 release_sock(sk);
1105 return err;
1106}
1107
1108static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1109 size_t len)
1110{
1111 struct sock *sk = sock->sk;
1112 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1113 int err;
1114
1115 BT_DBG("sock %p, sk %p", sock, sk);
1116
1117 err = sock_error(sk);
1118 if (err)
1119 return err;
1120
1121 if (msg->msg_flags & MSG_OOB)
1122 return -EOPNOTSUPP;
1123
1124 if (sk->sk_state != BT_CONNECTED)
1125 return -ENOTCONN;
1126
1127 lock_sock(sk);
1128 err = bt_sock_wait_ready(sk, msg->msg_flags);
1129 release_sock(sk);
1130 if (err)
1131 return err;
1132
1133 l2cap_chan_lock(chan);
1134 err = l2cap_chan_send(chan, msg, len);
1135 l2cap_chan_unlock(chan);
1136
1137 return err;
1138}
1139
1140static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1141 size_t len, int flags)
1142{
1143 struct sock *sk = sock->sk;
1144 struct l2cap_pinfo *pi = l2cap_pi(sk);
1145 int err;
1146
1147 lock_sock(sk);
1148
1149 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1150 &bt_sk(sk)->flags)) {
1151 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1152 sk->sk_state = BT_CONNECTED;
1153 pi->chan->state = BT_CONNECTED;
1154 __l2cap_ecred_conn_rsp_defer(pi->chan);
1155 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1156 sk->sk_state = BT_CONNECTED;
1157 pi->chan->state = BT_CONNECTED;
1158 __l2cap_le_connect_rsp_defer(pi->chan);
1159 } else {
1160 sk->sk_state = BT_CONFIG;
1161 pi->chan->state = BT_CONFIG;
1162 __l2cap_connect_rsp_defer(pi->chan);
1163 }
1164
1165 err = 0;
1166 goto done;
1167 }
1168
1169 release_sock(sk);
1170
1171 if (sock->type == SOCK_STREAM)
1172 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1173 else
1174 err = bt_sock_recvmsg(sock, msg, len, flags);
1175
1176 if (pi->chan->mode != L2CAP_MODE_ERTM)
1177 return err;
1178
1179
1180
1181 lock_sock(sk);
1182
1183 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1184 goto done;
1185
1186 if (pi->rx_busy_skb) {
1187 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1188 pi->rx_busy_skb = NULL;
1189 else
1190 goto done;
1191 }
1192
1193
1194
1195
1196
1197 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1198 l2cap_chan_busy(pi->chan, 0);
1199
1200done:
1201 release_sock(sk);
1202 return err;
1203}
1204
1205
1206
1207
1208static void l2cap_sock_kill(struct sock *sk)
1209{
1210 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1211 return;
1212
1213 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1214
1215
1216
1217 l2cap_chan_put(l2cap_pi(sk)->chan);
1218 sock_set_flag(sk, SOCK_DEAD);
1219 sock_put(sk);
1220}
1221
1222static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1223{
1224 DECLARE_WAITQUEUE(wait, current);
1225 int err = 0;
1226 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1227
1228 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1229
1230 add_wait_queue(sk_sleep(sk), &wait);
1231 set_current_state(TASK_INTERRUPTIBLE);
1232 do {
1233 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1234 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1235 jiffies_to_msecs(timeout - jiffies));
1236
1237 if (!timeo)
1238 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1239
1240 if (signal_pending(current)) {
1241 err = sock_intr_errno(timeo);
1242 break;
1243 }
1244
1245 release_sock(sk);
1246 timeo = schedule_timeout(timeo);
1247 lock_sock(sk);
1248 set_current_state(TASK_INTERRUPTIBLE);
1249
1250 err = sock_error(sk);
1251 if (err)
1252 break;
1253
1254 if (time_after(jiffies, timeout)) {
1255 err = -ENOLINK;
1256 break;
1257 }
1258
1259 } while (chan->unacked_frames > 0 &&
1260 chan->state == BT_CONNECTED);
1261
1262 set_current_state(TASK_RUNNING);
1263 remove_wait_queue(sk_sleep(sk), &wait);
1264 return err;
1265}
1266
1267static int l2cap_sock_shutdown(struct socket *sock, int how)
1268{
1269 struct sock *sk = sock->sk;
1270 struct l2cap_chan *chan;
1271 struct l2cap_conn *conn;
1272 int err = 0;
1273
1274 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1275
1276
1277
1278
1279
1280
1281 how++;
1282
1283 if (!sk)
1284 return 0;
1285
1286 lock_sock(sk);
1287
1288 if ((sk->sk_shutdown & how) == how)
1289 goto shutdown_already;
1290
1291 BT_DBG("Handling sock shutdown");
1292
1293
1294 sock_hold(sk);
1295
1296 chan = l2cap_pi(sk)->chan;
1297
1298 l2cap_chan_hold(chan);
1299
1300 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1301
1302 if (chan->mode == L2CAP_MODE_ERTM &&
1303 chan->unacked_frames > 0 &&
1304 chan->state == BT_CONNECTED) {
1305 err = __l2cap_wait_ack(sk, chan);
1306
1307
1308
1309
1310
1311 if ((sk->sk_shutdown & how) == how)
1312 goto shutdown_matched;
1313 }
1314
1315
1316
1317
1318 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1319 sk->sk_shutdown |= RCV_SHUTDOWN;
1320 if ((sk->sk_shutdown & how) == how)
1321 goto shutdown_matched;
1322 }
1323
1324 sk->sk_shutdown |= SEND_SHUTDOWN;
1325 release_sock(sk);
1326
1327 l2cap_chan_lock(chan);
1328 conn = chan->conn;
1329 if (conn)
1330
1331 l2cap_conn_get(conn);
1332 l2cap_chan_unlock(chan);
1333
1334 if (conn)
1335
1336 mutex_lock(&conn->chan_lock);
1337
1338 l2cap_chan_lock(chan);
1339 l2cap_chan_close(chan, 0);
1340 l2cap_chan_unlock(chan);
1341
1342 if (conn) {
1343 mutex_unlock(&conn->chan_lock);
1344 l2cap_conn_put(conn);
1345 }
1346
1347 lock_sock(sk);
1348
1349 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1350 !(current->flags & PF_EXITING))
1351 err = bt_sock_wait_state(sk, BT_CLOSED,
1352 sk->sk_lingertime);
1353
1354shutdown_matched:
1355 l2cap_chan_put(chan);
1356 sock_put(sk);
1357
1358shutdown_already:
1359 if (!err && sk->sk_err)
1360 err = -sk->sk_err;
1361
1362 release_sock(sk);
1363
1364 BT_DBG("Sock shutdown complete err: %d", err);
1365
1366 return err;
1367}
1368
1369static int l2cap_sock_release(struct socket *sock)
1370{
1371 struct sock *sk = sock->sk;
1372 int err;
1373 struct l2cap_chan *chan;
1374
1375 BT_DBG("sock %p, sk %p", sock, sk);
1376
1377 if (!sk)
1378 return 0;
1379
1380 bt_sock_unlink(&l2cap_sk_list, sk);
1381
1382 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
1383 chan = l2cap_pi(sk)->chan;
1384
1385 l2cap_chan_hold(chan);
1386 l2cap_chan_lock(chan);
1387
1388 sock_orphan(sk);
1389 l2cap_sock_kill(sk);
1390
1391 l2cap_chan_unlock(chan);
1392 l2cap_chan_put(chan);
1393
1394 return err;
1395}
1396
1397static void l2cap_sock_cleanup_listen(struct sock *parent)
1398{
1399 struct sock *sk;
1400
1401 BT_DBG("parent %p state %s", parent,
1402 state_to_string(parent->sk_state));
1403
1404
1405 while ((sk = bt_accept_dequeue(parent, NULL))) {
1406 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1407
1408 BT_DBG("child chan %p state %s", chan,
1409 state_to_string(chan->state));
1410
1411 l2cap_chan_hold(chan);
1412 l2cap_chan_lock(chan);
1413
1414 __clear_chan_timer(chan);
1415 l2cap_chan_close(chan, ECONNRESET);
1416 l2cap_sock_kill(sk);
1417
1418 l2cap_chan_unlock(chan);
1419 l2cap_chan_put(chan);
1420 }
1421}
1422
1423static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1424{
1425 struct sock *sk, *parent = chan->data;
1426
1427 lock_sock(parent);
1428
1429
1430 if (sk_acceptq_is_full(parent)) {
1431 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1432 release_sock(parent);
1433 return NULL;
1434 }
1435
1436 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1437 GFP_ATOMIC, 0);
1438 if (!sk) {
1439 release_sock(parent);
1440 return NULL;
1441 }
1442
1443 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1444
1445 l2cap_sock_init(sk, parent);
1446
1447 bt_accept_enqueue(parent, sk, false);
1448
1449 release_sock(parent);
1450
1451 return l2cap_pi(sk)->chan;
1452}
1453
1454static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1455{
1456 struct sock *sk = chan->data;
1457 int err;
1458
1459 lock_sock(sk);
1460
1461 if (l2cap_pi(sk)->rx_busy_skb) {
1462 err = -ENOMEM;
1463 goto done;
1464 }
1465
1466 if (chan->mode != L2CAP_MODE_ERTM &&
1467 chan->mode != L2CAP_MODE_STREAMING) {
1468
1469
1470
1471 err = sk_filter(sk, skb);
1472 if (err)
1473 goto done;
1474 }
1475
1476 err = __sock_queue_rcv_skb(sk, skb);
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1488 l2cap_pi(sk)->rx_busy_skb = skb;
1489 l2cap_chan_busy(chan, 1);
1490 err = 0;
1491 }
1492
1493done:
1494 release_sock(sk);
1495
1496 return err;
1497}
1498
1499static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1500{
1501 struct sock *sk = chan->data;
1502
1503 l2cap_sock_kill(sk);
1504}
1505
1506static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1507{
1508 struct sock *sk = chan->data;
1509 struct sock *parent;
1510
1511 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1512
1513
1514
1515
1516
1517
1518
1519
1520 lock_sock_nested(sk, atomic_read(&chan->nesting));
1521
1522 parent = bt_sk(sk)->parent;
1523
1524 switch (chan->state) {
1525 case BT_OPEN:
1526 case BT_BOUND:
1527 case BT_CLOSED:
1528 break;
1529 case BT_LISTEN:
1530 l2cap_sock_cleanup_listen(sk);
1531 sk->sk_state = BT_CLOSED;
1532 chan->state = BT_CLOSED;
1533
1534 break;
1535 default:
1536 sk->sk_state = BT_CLOSED;
1537 chan->state = BT_CLOSED;
1538
1539 sk->sk_err = err;
1540
1541 if (parent) {
1542 bt_accept_unlink(sk);
1543 parent->sk_data_ready(parent);
1544 } else {
1545 sk->sk_state_change(sk);
1546 }
1547
1548 break;
1549 }
1550 release_sock(sk);
1551
1552
1553 sock_set_flag(sk, SOCK_ZAPPED);
1554
1555}
1556
1557static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1558 int err)
1559{
1560 struct sock *sk = chan->data;
1561
1562 sk->sk_state = state;
1563
1564 if (err)
1565 sk->sk_err = err;
1566}
1567
1568static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1569 unsigned long hdr_len,
1570 unsigned long len, int nb)
1571{
1572 struct sock *sk = chan->data;
1573 struct sk_buff *skb;
1574 int err;
1575
1576 l2cap_chan_unlock(chan);
1577 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1578 l2cap_chan_lock(chan);
1579
1580 if (!skb)
1581 return ERR_PTR(err);
1582
1583 skb->priority = sk->sk_priority;
1584
1585 bt_cb(skb)->l2cap.chan = chan;
1586
1587 return skb;
1588}
1589
1590static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1591{
1592 struct sock *sk = chan->data;
1593 struct sock *parent;
1594
1595 lock_sock(sk);
1596
1597 parent = bt_sk(sk)->parent;
1598
1599 BT_DBG("sk %p, parent %p", sk, parent);
1600
1601 sk->sk_state = BT_CONNECTED;
1602 sk->sk_state_change(sk);
1603
1604 if (parent)
1605 parent->sk_data_ready(parent);
1606
1607 release_sock(sk);
1608}
1609
1610static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1611{
1612 struct sock *parent, *sk = chan->data;
1613
1614 lock_sock(sk);
1615
1616 parent = bt_sk(sk)->parent;
1617 if (parent)
1618 parent->sk_data_ready(parent);
1619
1620 release_sock(sk);
1621}
1622
1623static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1624{
1625 struct sock *sk = chan->data;
1626
1627 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1628 sk->sk_state = BT_CONNECTED;
1629 chan->state = BT_CONNECTED;
1630 }
1631
1632 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1633 sk->sk_state_change(sk);
1634}
1635
1636static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1637{
1638 struct sock *sk = chan->data;
1639
1640 lock_sock(sk);
1641 sk->sk_shutdown = SHUTDOWN_MASK;
1642 release_sock(sk);
1643}
1644
1645static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1646{
1647 struct sock *sk = chan->data;
1648
1649 return sk->sk_sndtimeo;
1650}
1651
1652static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1653{
1654 struct sock *sk = chan->data;
1655
1656 return sk->sk_peer_pid;
1657}
1658
1659static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1660{
1661 struct sock *sk = chan->data;
1662
1663 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1664 sk->sk_state_change(sk);
1665}
1666
1667static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1668{
1669 struct sock *sk = chan->data;
1670
1671 switch (chan->mode) {
1672 case L2CAP_MODE_ERTM:
1673 case L2CAP_MODE_STREAMING:
1674 return sk_filter(sk, skb);
1675 }
1676
1677 return 0;
1678}
1679
1680static const struct l2cap_ops l2cap_chan_ops = {
1681 .name = "L2CAP Socket Interface",
1682 .new_connection = l2cap_sock_new_connection_cb,
1683 .recv = l2cap_sock_recv_cb,
1684 .close = l2cap_sock_close_cb,
1685 .teardown = l2cap_sock_teardown_cb,
1686 .state_change = l2cap_sock_state_change_cb,
1687 .ready = l2cap_sock_ready_cb,
1688 .defer = l2cap_sock_defer_cb,
1689 .resume = l2cap_sock_resume_cb,
1690 .suspend = l2cap_sock_suspend_cb,
1691 .set_shutdown = l2cap_sock_set_shutdown_cb,
1692 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1693 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1694 .alloc_skb = l2cap_sock_alloc_skb_cb,
1695 .filter = l2cap_sock_filter,
1696};
1697
1698static void l2cap_sock_destruct(struct sock *sk)
1699{
1700 BT_DBG("sk %p", sk);
1701
1702 if (l2cap_pi(sk)->chan)
1703 l2cap_chan_put(l2cap_pi(sk)->chan);
1704
1705 if (l2cap_pi(sk)->rx_busy_skb) {
1706 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1707 l2cap_pi(sk)->rx_busy_skb = NULL;
1708 }
1709
1710 skb_queue_purge(&sk->sk_receive_queue);
1711 skb_queue_purge(&sk->sk_write_queue);
1712}
1713
1714static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1715 int *msg_namelen)
1716{
1717 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1718
1719 memset(la, 0, sizeof(struct sockaddr_l2));
1720 la->l2_family = AF_BLUETOOTH;
1721 la->l2_psm = bt_cb(skb)->l2cap.psm;
1722 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1723
1724 *msg_namelen = sizeof(struct sockaddr_l2);
1725}
1726
1727static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1728{
1729 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1730
1731 BT_DBG("sk %p", sk);
1732
1733 if (parent) {
1734 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1735
1736 sk->sk_type = parent->sk_type;
1737 bt_sk(sk)->flags = bt_sk(parent)->flags;
1738
1739 chan->chan_type = pchan->chan_type;
1740 chan->imtu = pchan->imtu;
1741 chan->omtu = pchan->omtu;
1742 chan->conf_state = pchan->conf_state;
1743 chan->mode = pchan->mode;
1744 chan->fcs = pchan->fcs;
1745 chan->max_tx = pchan->max_tx;
1746 chan->tx_win = pchan->tx_win;
1747 chan->tx_win_max = pchan->tx_win_max;
1748 chan->sec_level = pchan->sec_level;
1749 chan->flags = pchan->flags;
1750 chan->tx_credits = pchan->tx_credits;
1751 chan->rx_credits = pchan->rx_credits;
1752
1753 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1754 chan->scid = pchan->scid;
1755 chan->dcid = pchan->scid;
1756 }
1757
1758 security_sk_clone(parent, sk);
1759 } else {
1760 switch (sk->sk_type) {
1761 case SOCK_RAW:
1762 chan->chan_type = L2CAP_CHAN_RAW;
1763 break;
1764 case SOCK_DGRAM:
1765 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1766 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1767 break;
1768 case SOCK_SEQPACKET:
1769 case SOCK_STREAM:
1770 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1771 break;
1772 }
1773
1774 chan->imtu = L2CAP_DEFAULT_MTU;
1775 chan->omtu = 0;
1776 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1777 chan->mode = L2CAP_MODE_ERTM;
1778 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1779 } else {
1780 chan->mode = L2CAP_MODE_BASIC;
1781 }
1782
1783 l2cap_chan_set_defaults(chan);
1784 }
1785
1786
1787 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1788
1789 chan->data = sk;
1790 chan->ops = &l2cap_chan_ops;
1791}
1792
1793static struct proto l2cap_proto = {
1794 .name = "L2CAP",
1795 .owner = THIS_MODULE,
1796 .obj_size = sizeof(struct l2cap_pinfo)
1797};
1798
1799static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1800 int proto, gfp_t prio, int kern)
1801{
1802 struct sock *sk;
1803 struct l2cap_chan *chan;
1804
1805 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1806 if (!sk)
1807 return NULL;
1808
1809 sock_init_data(sock, sk);
1810 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1811
1812 sk->sk_destruct = l2cap_sock_destruct;
1813 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1814
1815 sock_reset_flag(sk, SOCK_ZAPPED);
1816
1817 sk->sk_protocol = proto;
1818 sk->sk_state = BT_OPEN;
1819
1820 chan = l2cap_chan_create();
1821 if (!chan) {
1822 sk_free(sk);
1823 return NULL;
1824 }
1825
1826 l2cap_chan_hold(chan);
1827
1828 l2cap_pi(sk)->chan = chan;
1829
1830 return sk;
1831}
1832
1833static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1834 int kern)
1835{
1836 struct sock *sk;
1837
1838 BT_DBG("sock %p", sock);
1839
1840 sock->state = SS_UNCONNECTED;
1841
1842 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1843 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1844 return -ESOCKTNOSUPPORT;
1845
1846 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1847 return -EPERM;
1848
1849 sock->ops = &l2cap_sock_ops;
1850
1851 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1852 if (!sk)
1853 return -ENOMEM;
1854
1855 l2cap_sock_init(sk, NULL);
1856 bt_sock_link(&l2cap_sk_list, sk);
1857 return 0;
1858}
1859
1860static const struct proto_ops l2cap_sock_ops = {
1861 .family = PF_BLUETOOTH,
1862 .owner = THIS_MODULE,
1863 .release = l2cap_sock_release,
1864 .bind = l2cap_sock_bind,
1865 .connect = l2cap_sock_connect,
1866 .listen = l2cap_sock_listen,
1867 .accept = l2cap_sock_accept,
1868 .getname = l2cap_sock_getname,
1869 .sendmsg = l2cap_sock_sendmsg,
1870 .recvmsg = l2cap_sock_recvmsg,
1871 .poll = bt_sock_poll,
1872 .ioctl = bt_sock_ioctl,
1873 .gettstamp = sock_gettstamp,
1874 .mmap = sock_no_mmap,
1875 .socketpair = sock_no_socketpair,
1876 .shutdown = l2cap_sock_shutdown,
1877 .setsockopt = l2cap_sock_setsockopt,
1878 .getsockopt = l2cap_sock_getsockopt
1879};
1880
1881static const struct net_proto_family l2cap_sock_family_ops = {
1882 .family = PF_BLUETOOTH,
1883 .owner = THIS_MODULE,
1884 .create = l2cap_sock_create,
1885};
1886
1887int __init l2cap_init_sockets(void)
1888{
1889 int err;
1890
1891 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1892
1893 err = proto_register(&l2cap_proto, 0);
1894 if (err < 0)
1895 return err;
1896
1897 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1898 if (err < 0) {
1899 BT_ERR("L2CAP socket registration failed");
1900 goto error;
1901 }
1902
1903 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1904 NULL);
1905 if (err < 0) {
1906 BT_ERR("Failed to create L2CAP proc file");
1907 bt_sock_unregister(BTPROTO_L2CAP);
1908 goto error;
1909 }
1910
1911 BT_INFO("L2CAP socket layer initialized");
1912
1913 return 0;
1914
1915error:
1916 proto_unregister(&l2cap_proto);
1917 return err;
1918}
1919
1920void l2cap_cleanup_sockets(void)
1921{
1922 bt_procfs_cleanup(&init_net, "l2cap");
1923 bt_sock_unregister(BTPROTO_L2CAP);
1924 proto_unregister(&l2cap_proto);
1925}
1926
