1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/sched/signal.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/l2cap.h>
37
38#include "smp.h"
39
40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
44static const struct proto_ops l2cap_sock_ops;
45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
55static int l2cap_validate_bredr_psm(u16 psm)
56{
57
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79}
80
81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155
156
157
158
159
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170done:
171 release_sock(sk);
172 return err;
173}
174
175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177{
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182 bool zapped;
183
184 BT_DBG("sk %p", sk);
185
186 lock_sock(sk);
187 zapped = sock_flag(sk, SOCK_ZAPPED);
188 release_sock(sk);
189
190 if (zapped)
191 return -EINVAL;
192
193 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
194 addr->sa_family != AF_BLUETOOTH)
195 return -EINVAL;
196
197 memset(&la, 0, sizeof(la));
198 len = min_t(unsigned int, sizeof(la), alen);
199 memcpy(&la, addr, len);
200
201 if (la.l2_cid && la.l2_psm)
202 return -EINVAL;
203
204 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
205 return -EINVAL;
206
207
208
209
210
211
212 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
213 bdaddr_type_is_le(la.l2_bdaddr_type)) {
214
215
216
217
218
219
220 if (chan->scid != L2CAP_CID_ATT ||
221 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
222 return -EINVAL;
223
224
225
226
227
228
229
230 chan->src_type = BDADDR_LE_PUBLIC;
231 }
232
233 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
234 return -EINVAL;
235
236 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
237
238 if (la.l2_cid &&
239 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
240 return -EINVAL;
241 }
242
243 if (chan->psm && bdaddr_type_is_le(chan->src_type) && !chan->mode)
244 chan->mode = L2CAP_MODE_LE_FLOWCTL;
245
246 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
247 &la.l2_bdaddr, la.l2_bdaddr_type);
248 if (err)
249 return err;
250
251 lock_sock(sk);
252
253 err = bt_sock_wait_state(sk, BT_CONNECTED,
254 sock_sndtimeo(sk, flags & O_NONBLOCK));
255
256 release_sock(sk);
257
258 return err;
259}
260
261static int l2cap_sock_listen(struct socket *sock, int backlog)
262{
263 struct sock *sk = sock->sk;
264 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
265 int err = 0;
266
267 BT_DBG("sk %p backlog %d", sk, backlog);
268
269 lock_sock(sk);
270
271 if (sk->sk_state != BT_BOUND) {
272 err = -EBADFD;
273 goto done;
274 }
275
276 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
277 err = -EINVAL;
278 goto done;
279 }
280
281 switch (chan->mode) {
282 case L2CAP_MODE_BASIC:
283 case L2CAP_MODE_LE_FLOWCTL:
284 break;
285 case L2CAP_MODE_EXT_FLOWCTL:
286 if (!enable_ecred) {
287 err = -EOPNOTSUPP;
288 goto done;
289 }
290 break;
291 case L2CAP_MODE_ERTM:
292 case L2CAP_MODE_STREAMING:
293 if (!disable_ertm)
294 break;
295 fallthrough;
296 default:
297 err = -EOPNOTSUPP;
298 goto done;
299 }
300
301 sk->sk_max_ack_backlog = backlog;
302 sk->sk_ack_backlog = 0;
303
304
305
306
307
308 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
309
310 chan->state = BT_LISTEN;
311 sk->sk_state = BT_LISTEN;
312
313done:
314 release_sock(sk);
315 return err;
316}
317
318static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
319 int flags, bool kern)
320{
321 DEFINE_WAIT_FUNC(wait, woken_wake_function);
322 struct sock *sk = sock->sk, *nsk;
323 long timeo;
324 int err = 0;
325
326 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
327
328 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
329
330 BT_DBG("sk %p timeo %ld", sk, timeo);
331
332
333 add_wait_queue_exclusive(sk_sleep(sk), &wait);
334 while (1) {
335 if (sk->sk_state != BT_LISTEN) {
336 err = -EBADFD;
337 break;
338 }
339
340 nsk = bt_accept_dequeue(sk, newsock);
341 if (nsk)
342 break;
343
344 if (!timeo) {
345 err = -EAGAIN;
346 break;
347 }
348
349 if (signal_pending(current)) {
350 err = sock_intr_errno(timeo);
351 break;
352 }
353
354 release_sock(sk);
355
356 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
357
358 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
359 }
360 remove_wait_queue(sk_sleep(sk), &wait);
361
362 if (err)
363 goto done;
364
365 newsock->state = SS_CONNECTED;
366
367 BT_DBG("new socket %p", nsk);
368
369done:
370 release_sock(sk);
371 return err;
372}
373
374static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
375 int peer)
376{
377 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
378 struct sock *sk = sock->sk;
379 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
380
381 BT_DBG("sock %p, sk %p", sock, sk);
382
383 if (peer && sk->sk_state != BT_CONNECTED &&
384 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
385 sk->sk_state != BT_CONFIG)
386 return -ENOTCONN;
387
388 memset(la, 0, sizeof(struct sockaddr_l2));
389 addr->sa_family = AF_BLUETOOTH;
390
391 la->l2_psm = chan->psm;
392
393 if (peer) {
394 bacpy(&la->l2_bdaddr, &chan->dst);
395 la->l2_cid = cpu_to_le16(chan->dcid);
396 la->l2_bdaddr_type = chan->dst_type;
397 } else {
398 bacpy(&la->l2_bdaddr, &chan->src);
399 la->l2_cid = cpu_to_le16(chan->scid);
400 la->l2_bdaddr_type = chan->src_type;
401 }
402
403 return sizeof(struct sockaddr_l2);
404}
405
406static int l2cap_get_mode(struct l2cap_chan *chan)
407{
408 switch (chan->mode) {
409 case L2CAP_MODE_BASIC:
410 return BT_MODE_BASIC;
411 case L2CAP_MODE_ERTM:
412 return BT_MODE_ERTM;
413 case L2CAP_MODE_STREAMING:
414 return BT_MODE_STREAMING;
415 case L2CAP_MODE_LE_FLOWCTL:
416 return BT_MODE_LE_FLOWCTL;
417 case L2CAP_MODE_EXT_FLOWCTL:
418 return BT_MODE_EXT_FLOWCTL;
419 }
420
421 return -EINVAL;
422}
423
424static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
425 char __user *optval, int __user *optlen)
426{
427 struct sock *sk = sock->sk;
428 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
429 struct l2cap_options opts;
430 struct l2cap_conninfo cinfo;
431 int len, err = 0;
432 u32 opt;
433
434 BT_DBG("sk %p", sk);
435
436 if (get_user(len, optlen))
437 return -EFAULT;
438
439 lock_sock(sk);
440
441 switch (optname) {
442 case L2CAP_OPTIONS:
443
444
445
446
447 if (bdaddr_type_is_le(chan->src_type) &&
448 chan->scid != L2CAP_CID_ATT) {
449 err = -EINVAL;
450 break;
451 }
452
453
454 switch (chan->mode) {
455 case L2CAP_MODE_BASIC:
456 case L2CAP_MODE_ERTM:
457 case L2CAP_MODE_STREAMING:
458 break;
459 default:
460 err = -EINVAL;
461 break;
462 }
463
464 if (err < 0)
465 break;
466
467 memset(&opts, 0, sizeof(opts));
468 opts.imtu = chan->imtu;
469 opts.omtu = chan->omtu;
470 opts.flush_to = chan->flush_to;
471 opts.mode = chan->mode;
472 opts.fcs = chan->fcs;
473 opts.max_tx = chan->max_tx;
474 opts.txwin_size = chan->tx_win;
475
476 BT_DBG("mode 0x%2.2x", chan->mode);
477
478 len = min_t(unsigned int, len, sizeof(opts));
479 if (copy_to_user(optval, (char *) &opts, len))
480 err = -EFAULT;
481
482 break;
483
484 case L2CAP_LM:
485 switch (chan->sec_level) {
486 case BT_SECURITY_LOW:
487 opt = L2CAP_LM_AUTH;
488 break;
489 case BT_SECURITY_MEDIUM:
490 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
491 break;
492 case BT_SECURITY_HIGH:
493 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
494 L2CAP_LM_SECURE;
495 break;
496 case BT_SECURITY_FIPS:
497 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
498 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
499 break;
500 default:
501 opt = 0;
502 break;
503 }
504
505 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
506 opt |= L2CAP_LM_MASTER;
507
508 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
509 opt |= L2CAP_LM_RELIABLE;
510
511 if (put_user(opt, (u32 __user *) optval))
512 err = -EFAULT;
513
514 break;
515
516 case L2CAP_CONNINFO:
517 if (sk->sk_state != BT_CONNECTED &&
518 !(sk->sk_state == BT_CONNECT2 &&
519 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
520 err = -ENOTCONN;
521 break;
522 }
523
524 memset(&cinfo, 0, sizeof(cinfo));
525 cinfo.hci_handle = chan->conn->hcon->handle;
526 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
527
528 len = min_t(unsigned int, len, sizeof(cinfo));
529 if (copy_to_user(optval, (char *) &cinfo, len))
530 err = -EFAULT;
531
532 break;
533
534 default:
535 err = -ENOPROTOOPT;
536 break;
537 }
538
539 release_sock(sk);
540 return err;
541}
542
543static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
544 char __user *optval, int __user *optlen)
545{
546 struct sock *sk = sock->sk;
547 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
548 struct bt_security sec;
549 struct bt_power pwr;
550 u32 phys;
551 int len, mode, err = 0;
552
553 BT_DBG("sk %p", sk);
554
555 if (level == SOL_L2CAP)
556 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
557
558 if (level != SOL_BLUETOOTH)
559 return -ENOPROTOOPT;
560
561 if (get_user(len, optlen))
562 return -EFAULT;
563
564 lock_sock(sk);
565
566 switch (optname) {
567 case BT_SECURITY:
568 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
569 chan->chan_type != L2CAP_CHAN_FIXED &&
570 chan->chan_type != L2CAP_CHAN_RAW) {
571 err = -EINVAL;
572 break;
573 }
574
575 memset(&sec, 0, sizeof(sec));
576 if (chan->conn) {
577 sec.level = chan->conn->hcon->sec_level;
578
579 if (sk->sk_state == BT_CONNECTED)
580 sec.key_size = chan->conn->hcon->enc_key_size;
581 } else {
582 sec.level = chan->sec_level;
583 }
584
585 len = min_t(unsigned int, len, sizeof(sec));
586 if (copy_to_user(optval, (char *) &sec, len))
587 err = -EFAULT;
588
589 break;
590
591 case BT_DEFER_SETUP:
592 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
593 err = -EINVAL;
594 break;
595 }
596
597 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
598 (u32 __user *) optval))
599 err = -EFAULT;
600
601 break;
602
603 case BT_FLUSHABLE:
604 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
605 (u32 __user *) optval))
606 err = -EFAULT;
607
608 break;
609
610 case BT_POWER:
611 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
612 && sk->sk_type != SOCK_RAW) {
613 err = -EINVAL;
614 break;
615 }
616
617 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
618
619 len = min_t(unsigned int, len, sizeof(pwr));
620 if (copy_to_user(optval, (char *) &pwr, len))
621 err = -EFAULT;
622
623 break;
624
625 case BT_CHANNEL_POLICY:
626 if (put_user(chan->chan_policy, (u32 __user *) optval))
627 err = -EFAULT;
628 break;
629
630 case BT_SNDMTU:
631 if (!bdaddr_type_is_le(chan->src_type)) {
632 err = -EINVAL;
633 break;
634 }
635
636 if (sk->sk_state != BT_CONNECTED) {
637 err = -ENOTCONN;
638 break;
639 }
640
641 if (put_user(chan->omtu, (u16 __user *) optval))
642 err = -EFAULT;
643 break;
644
645 case BT_RCVMTU:
646 if (!bdaddr_type_is_le(chan->src_type)) {
647 err = -EINVAL;
648 break;
649 }
650
651 if (put_user(chan->imtu, (u16 __user *) optval))
652 err = -EFAULT;
653 break;
654
655 case BT_PHY:
656 if (sk->sk_state != BT_CONNECTED) {
657 err = -ENOTCONN;
658 break;
659 }
660
661 phys = hci_conn_get_phy(chan->conn->hcon);
662
663 if (put_user(phys, (u32 __user *) optval))
664 err = -EFAULT;
665 break;
666
667 case BT_MODE:
668 if (!enable_ecred) {
669 err = -ENOPROTOOPT;
670 break;
671 }
672
673 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
674 err = -EINVAL;
675 break;
676 }
677
678 mode = l2cap_get_mode(chan);
679 if (mode < 0) {
680 err = mode;
681 break;
682 }
683
684 if (put_user(mode, (u8 __user *) optval))
685 err = -EFAULT;
686 break;
687
688 default:
689 err = -ENOPROTOOPT;
690 break;
691 }
692
693 release_sock(sk);
694 return err;
695}
696
697static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
698{
699 switch (chan->scid) {
700 case L2CAP_CID_ATT:
701 if (mtu < L2CAP_LE_MIN_MTU)
702 return false;
703 break;
704
705 default:
706 if (mtu < L2CAP_DEFAULT_MIN_MTU)
707 return false;
708 }
709
710 return true;
711}
712
713static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
714 sockptr_t optval, unsigned int optlen)
715{
716 struct sock *sk = sock->sk;
717 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
718 struct l2cap_options opts;
719 int len, err = 0;
720 u32 opt;
721
722 BT_DBG("sk %p", sk);
723
724 lock_sock(sk);
725
726 switch (optname) {
727 case L2CAP_OPTIONS:
728 if (bdaddr_type_is_le(chan->src_type)) {
729 err = -EINVAL;
730 break;
731 }
732
733 if (sk->sk_state == BT_CONNECTED) {
734 err = -EINVAL;
735 break;
736 }
737
738 opts.imtu = chan->imtu;
739 opts.omtu = chan->omtu;
740 opts.flush_to = chan->flush_to;
741 opts.mode = chan->mode;
742 opts.fcs = chan->fcs;
743 opts.max_tx = chan->max_tx;
744 opts.txwin_size = chan->tx_win;
745
746 len = min_t(unsigned int, sizeof(opts), optlen);
747 if (copy_from_sockptr(&opts, optval, len)) {
748 err = -EFAULT;
749 break;
750 }
751
752 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
753 err = -EINVAL;
754 break;
755 }
756
757 if (!l2cap_valid_mtu(chan, opts.imtu)) {
758 err = -EINVAL;
759 break;
760 }
761
762
763 switch (opts.mode) {
764 case L2CAP_MODE_BASIC:
765 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
766 break;
767 case L2CAP_MODE_ERTM:
768 case L2CAP_MODE_STREAMING:
769 if (!disable_ertm)
770 break;
771 fallthrough;
772 default:
773 err = -EINVAL;
774 break;
775 }
776
777 if (err < 0)
778 break;
779
780 chan->mode = opts.mode;
781
782 BT_DBG("mode 0x%2.2x", chan->mode);
783
784 chan->imtu = opts.imtu;
785 chan->omtu = opts.omtu;
786 chan->fcs = opts.fcs;
787 chan->max_tx = opts.max_tx;
788 chan->tx_win = opts.txwin_size;
789 chan->flush_to = opts.flush_to;
790 break;
791
792 case L2CAP_LM:
793 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
794 err = -EFAULT;
795 break;
796 }
797
798 if (opt & L2CAP_LM_FIPS) {
799 err = -EINVAL;
800 break;
801 }
802
803 if (opt & L2CAP_LM_AUTH)
804 chan->sec_level = BT_SECURITY_LOW;
805 if (opt & L2CAP_LM_ENCRYPT)
806 chan->sec_level = BT_SECURITY_MEDIUM;
807 if (opt & L2CAP_LM_SECURE)
808 chan->sec_level = BT_SECURITY_HIGH;
809
810 if (opt & L2CAP_LM_MASTER)
811 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
812 else
813 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
814
815 if (opt & L2CAP_LM_RELIABLE)
816 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
817 else
818 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
819 break;
820
821 default:
822 err = -ENOPROTOOPT;
823 break;
824 }
825
826 release_sock(sk);
827 return err;
828}
829
830static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
831{
832 switch (mode) {
833 case BT_MODE_BASIC:
834 if (bdaddr_type_is_le(chan->src_type))
835 return -EINVAL;
836 mode = L2CAP_MODE_BASIC;
837 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
838 break;
839 case BT_MODE_ERTM:
840 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
841 return -EINVAL;
842 mode = L2CAP_MODE_ERTM;
843 break;
844 case BT_MODE_STREAMING:
845 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
846 return -EINVAL;
847 mode = L2CAP_MODE_STREAMING;
848 break;
849 case BT_MODE_LE_FLOWCTL:
850 if (!bdaddr_type_is_le(chan->src_type))
851 return -EINVAL;
852 mode = L2CAP_MODE_LE_FLOWCTL;
853 break;
854 case BT_MODE_EXT_FLOWCTL:
855
856 if (!bdaddr_type_is_le(chan->src_type))
857 return -EINVAL;
858 mode = L2CAP_MODE_EXT_FLOWCTL;
859 break;
860 default:
861 return -EINVAL;
862 }
863
864 chan->mode = mode;
865
866 return 0;
867}
868
869static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
870 sockptr_t optval, unsigned int optlen)
871{
872 struct sock *sk = sock->sk;
873 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
874 struct bt_security sec;
875 struct bt_power pwr;
876 struct l2cap_conn *conn;
877 int len, err = 0;
878 u32 opt;
879
880 BT_DBG("sk %p", sk);
881
882 if (level == SOL_L2CAP)
883 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
884
885 if (level != SOL_BLUETOOTH)
886 return -ENOPROTOOPT;
887
888 lock_sock(sk);
889
890 switch (optname) {
891 case BT_SECURITY:
892 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
893 chan->chan_type != L2CAP_CHAN_FIXED &&
894 chan->chan_type != L2CAP_CHAN_RAW) {
895 err = -EINVAL;
896 break;
897 }
898
899 sec.level = BT_SECURITY_LOW;
900
901 len = min_t(unsigned int, sizeof(sec), optlen);
902 if (copy_from_sockptr(&sec, optval, len)) {
903 err = -EFAULT;
904 break;
905 }
906
907 if (sec.level < BT_SECURITY_LOW ||
908 sec.level > BT_SECURITY_FIPS) {
909 err = -EINVAL;
910 break;
911 }
912
913 chan->sec_level = sec.level;
914
915 if (!chan->conn)
916 break;
917
918 conn = chan->conn;
919
920
921 if (chan->scid == L2CAP_CID_ATT) {
922 if (smp_conn_security(conn->hcon, sec.level)) {
923 err = -EINVAL;
924 break;
925 }
926
927 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
928 sk->sk_state = BT_CONFIG;
929 chan->state = BT_CONFIG;
930
931
932 } else if ((sk->sk_state == BT_CONNECT2 &&
933 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
934 sk->sk_state == BT_CONNECTED) {
935 if (!l2cap_chan_check_security(chan, true))
936 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
937 else
938 sk->sk_state_change(sk);
939 } else {
940 err = -EINVAL;
941 }
942 break;
943
944 case BT_DEFER_SETUP:
945 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
946 err = -EINVAL;
947 break;
948 }
949
950 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
951 err = -EFAULT;
952 break;
953 }
954
955 if (opt) {
956 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
957 set_bit(FLAG_DEFER_SETUP, &chan->flags);
958 } else {
959 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
960 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
961 }
962 break;
963
964 case BT_FLUSHABLE:
965 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
966 err = -EFAULT;
967 break;
968 }
969
970 if (opt > BT_FLUSHABLE_ON) {
971 err = -EINVAL;
972 break;
973 }
974
975 if (opt == BT_FLUSHABLE_OFF) {
976 conn = chan->conn;
977
978
979 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
980 err = -EINVAL;
981 break;
982 }
983 }
984
985 if (opt)
986 set_bit(FLAG_FLUSHABLE, &chan->flags);
987 else
988 clear_bit(FLAG_FLUSHABLE, &chan->flags);
989 break;
990
991 case BT_POWER:
992 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
993 chan->chan_type != L2CAP_CHAN_RAW) {
994 err = -EINVAL;
995 break;
996 }
997
998 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
999
1000 len = min_t(unsigned int, sizeof(pwr), optlen);
1001 if (copy_from_sockptr(&pwr, optval, len)) {
1002 err = -EFAULT;
1003 break;
1004 }
1005
1006 if (pwr.force_active)
1007 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1008 else
1009 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1010 break;
1011
1012 case BT_CHANNEL_POLICY:
1013 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1014 err = -EFAULT;
1015 break;
1016 }
1017
1018 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1019 err = -EINVAL;
1020 break;
1021 }
1022
1023 if (chan->mode != L2CAP_MODE_ERTM &&
1024 chan->mode != L2CAP_MODE_STREAMING) {
1025 err = -EOPNOTSUPP;
1026 break;
1027 }
1028
1029 chan->chan_policy = (u8) opt;
1030
1031 if (sk->sk_state == BT_CONNECTED &&
1032 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1033 l2cap_move_start(chan);
1034
1035 break;
1036
1037 case BT_SNDMTU:
1038 if (!bdaddr_type_is_le(chan->src_type)) {
1039 err = -EINVAL;
1040 break;
1041 }
1042
1043
1044
1045
1046 err = -EPERM;
1047 break;
1048
1049 case BT_RCVMTU:
1050 if (!bdaddr_type_is_le(chan->src_type)) {
1051 err = -EINVAL;
1052 break;
1053 }
1054
1055 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1056 sk->sk_state == BT_CONNECTED) {
1057 err = -EISCONN;
1058 break;
1059 }
1060
1061 if (copy_from_sockptr(&opt, optval, sizeof(u16))) {
1062 err = -EFAULT;
1063 break;
1064 }
1065
1066 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1067 sk->sk_state == BT_CONNECTED)
1068 err = l2cap_chan_reconfigure(chan, opt);
1069 else
1070 chan->imtu = opt;
1071
1072 break;
1073
1074 case BT_MODE:
1075 if (!enable_ecred) {
1076 err = -ENOPROTOOPT;
1077 break;
1078 }
1079
1080 BT_DBG("sk->sk_state %u", sk->sk_state);
1081
1082 if (sk->sk_state != BT_BOUND) {
1083 err = -EINVAL;
1084 break;
1085 }
1086
1087 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1088 err = -EINVAL;
1089 break;
1090 }
1091
1092 if (copy_from_sockptr(&opt, optval, sizeof(u8))) {
1093 err = -EFAULT;
1094 break;
1095 }
1096
1097 BT_DBG("opt %u", opt);
1098
1099 err = l2cap_set_mode(chan, opt);
1100 if (err)
1101 break;
1102
1103 BT_DBG("mode 0x%2.2x", chan->mode);
1104
1105 break;
1106
1107 default:
1108 err = -ENOPROTOOPT;
1109 break;
1110 }
1111
1112 release_sock(sk);
1113 return err;
1114}
1115
1116static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1117 size_t len)
1118{
1119 struct sock *sk = sock->sk;
1120 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1121 int err;
1122
1123 BT_DBG("sock %p, sk %p", sock, sk);
1124
1125 err = sock_error(sk);
1126 if (err)
1127 return err;
1128
1129 if (msg->msg_flags & MSG_OOB)
1130 return -EOPNOTSUPP;
1131
1132 if (sk->sk_state != BT_CONNECTED)
1133 return -ENOTCONN;
1134
1135 lock_sock(sk);
1136 err = bt_sock_wait_ready(sk, msg->msg_flags);
1137 release_sock(sk);
1138 if (err)
1139 return err;
1140
1141 l2cap_chan_lock(chan);
1142 err = l2cap_chan_send(chan, msg, len);
1143 l2cap_chan_unlock(chan);
1144
1145 return err;
1146}
1147
1148static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1149 size_t len, int flags)
1150{
1151 struct sock *sk = sock->sk;
1152 struct l2cap_pinfo *pi = l2cap_pi(sk);
1153 int err;
1154
1155 lock_sock(sk);
1156
1157 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1158 &bt_sk(sk)->flags)) {
1159 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1160 sk->sk_state = BT_CONNECTED;
1161 pi->chan->state = BT_CONNECTED;
1162 __l2cap_ecred_conn_rsp_defer(pi->chan);
1163 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1164 sk->sk_state = BT_CONNECTED;
1165 pi->chan->state = BT_CONNECTED;
1166 __l2cap_le_connect_rsp_defer(pi->chan);
1167 } else {
1168 sk->sk_state = BT_CONFIG;
1169 pi->chan->state = BT_CONFIG;
1170 __l2cap_connect_rsp_defer(pi->chan);
1171 }
1172
1173 err = 0;
1174 goto done;
1175 }
1176
1177 release_sock(sk);
1178
1179 if (sock->type == SOCK_STREAM)
1180 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1181 else
1182 err = bt_sock_recvmsg(sock, msg, len, flags);
1183
1184 if (pi->chan->mode != L2CAP_MODE_ERTM)
1185 return err;
1186
1187
1188
1189 lock_sock(sk);
1190
1191 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1192 goto done;
1193
1194 if (pi->rx_busy_skb) {
1195 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1196 pi->rx_busy_skb = NULL;
1197 else
1198 goto done;
1199 }
1200
1201
1202
1203
1204
1205 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1206 l2cap_chan_busy(pi->chan, 0);
1207
1208done:
1209 release_sock(sk);
1210 return err;
1211}
1212
1213
1214
1215
1216static void l2cap_sock_kill(struct sock *sk)
1217{
1218 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1219 return;
1220
1221 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1222
1223
1224
1225 l2cap_chan_put(l2cap_pi(sk)->chan);
1226 sock_set_flag(sk, SOCK_DEAD);
1227 sock_put(sk);
1228}
1229
1230static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1231{
1232 DECLARE_WAITQUEUE(wait, current);
1233 int err = 0;
1234 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1235
1236 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1237
1238 add_wait_queue(sk_sleep(sk), &wait);
1239 set_current_state(TASK_INTERRUPTIBLE);
1240 do {
1241 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1242 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1243 jiffies_to_msecs(timeout - jiffies));
1244
1245 if (!timeo)
1246 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1247
1248 if (signal_pending(current)) {
1249 err = sock_intr_errno(timeo);
1250 break;
1251 }
1252
1253 release_sock(sk);
1254 timeo = schedule_timeout(timeo);
1255 lock_sock(sk);
1256 set_current_state(TASK_INTERRUPTIBLE);
1257
1258 err = sock_error(sk);
1259 if (err)
1260 break;
1261
1262 if (time_after(jiffies, timeout)) {
1263 err = -ENOLINK;
1264 break;
1265 }
1266
1267 } while (chan->unacked_frames > 0 &&
1268 chan->state == BT_CONNECTED);
1269
1270 set_current_state(TASK_RUNNING);
1271 remove_wait_queue(sk_sleep(sk), &wait);
1272 return err;
1273}
1274
1275static int l2cap_sock_shutdown(struct socket *sock, int how)
1276{
1277 struct sock *sk = sock->sk;
1278 struct l2cap_chan *chan;
1279 struct l2cap_conn *conn;
1280 int err = 0;
1281
1282 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1283
1284
1285
1286
1287
1288
1289 how++;
1290
1291 if (!sk)
1292 return 0;
1293
1294 lock_sock(sk);
1295
1296 if ((sk->sk_shutdown & how) == how)
1297 goto shutdown_already;
1298
1299 BT_DBG("Handling sock shutdown");
1300
1301
1302 sock_hold(sk);
1303
1304 chan = l2cap_pi(sk)->chan;
1305
1306 l2cap_chan_hold(chan);
1307
1308 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1309
1310 if (chan->mode == L2CAP_MODE_ERTM &&
1311 chan->unacked_frames > 0 &&
1312 chan->state == BT_CONNECTED) {
1313 err = __l2cap_wait_ack(sk, chan);
1314
1315
1316
1317
1318
1319 if ((sk->sk_shutdown & how) == how)
1320 goto shutdown_matched;
1321 }
1322
1323
1324
1325
1326 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1327 sk->sk_shutdown |= RCV_SHUTDOWN;
1328 if ((sk->sk_shutdown & how) == how)
1329 goto shutdown_matched;
1330 }
1331
1332 sk->sk_shutdown |= SEND_SHUTDOWN;
1333 release_sock(sk);
1334
1335 l2cap_chan_lock(chan);
1336 conn = chan->conn;
1337 if (conn)
1338
1339 l2cap_conn_get(conn);
1340 l2cap_chan_unlock(chan);
1341
1342 if (conn)
1343
1344 mutex_lock(&conn->chan_lock);
1345
1346 l2cap_chan_lock(chan);
1347 l2cap_chan_close(chan, 0);
1348 l2cap_chan_unlock(chan);
1349
1350 if (conn) {
1351 mutex_unlock(&conn->chan_lock);
1352 l2cap_conn_put(conn);
1353 }
1354
1355 lock_sock(sk);
1356
1357 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1358 !(current->flags & PF_EXITING))
1359 err = bt_sock_wait_state(sk, BT_CLOSED,
1360 sk->sk_lingertime);
1361
1362shutdown_matched:
1363 l2cap_chan_put(chan);
1364 sock_put(sk);
1365
1366shutdown_already:
1367 if (!err && sk->sk_err)
1368 err = -sk->sk_err;
1369
1370 release_sock(sk);
1371
1372 BT_DBG("Sock shutdown complete err: %d", err);
1373
1374 return err;
1375}
1376
1377static int l2cap_sock_release(struct socket *sock)
1378{
1379 struct sock *sk = sock->sk;
1380 int err;
1381 struct l2cap_chan *chan;
1382
1383 BT_DBG("sock %p, sk %p", sock, sk);
1384
1385 if (!sk)
1386 return 0;
1387
1388 bt_sock_unlink(&l2cap_sk_list, sk);
1389
1390 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
1391 chan = l2cap_pi(sk)->chan;
1392
1393 l2cap_chan_hold(chan);
1394 l2cap_chan_lock(chan);
1395
1396 sock_orphan(sk);
1397 l2cap_sock_kill(sk);
1398
1399 l2cap_chan_unlock(chan);
1400 l2cap_chan_put(chan);
1401
1402 return err;
1403}
1404
1405static void l2cap_sock_cleanup_listen(struct sock *parent)
1406{
1407 struct sock *sk;
1408
1409 BT_DBG("parent %p state %s", parent,
1410 state_to_string(parent->sk_state));
1411
1412
1413 while ((sk = bt_accept_dequeue(parent, NULL))) {
1414 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1415
1416 BT_DBG("child chan %p state %s", chan,
1417 state_to_string(chan->state));
1418
1419 l2cap_chan_hold(chan);
1420 l2cap_chan_lock(chan);
1421
1422 __clear_chan_timer(chan);
1423 l2cap_chan_close(chan, ECONNRESET);
1424 l2cap_sock_kill(sk);
1425
1426 l2cap_chan_unlock(chan);
1427 l2cap_chan_put(chan);
1428 }
1429}
1430
1431static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1432{
1433 struct sock *sk, *parent = chan->data;
1434
1435 lock_sock(parent);
1436
1437
1438 if (sk_acceptq_is_full(parent)) {
1439 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1440 release_sock(parent);
1441 return NULL;
1442 }
1443
1444 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1445 GFP_ATOMIC, 0);
1446 if (!sk) {
1447 release_sock(parent);
1448 return NULL;
1449 }
1450
1451 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1452
1453 l2cap_sock_init(sk, parent);
1454
1455 bt_accept_enqueue(parent, sk, false);
1456
1457 release_sock(parent);
1458
1459 return l2cap_pi(sk)->chan;
1460}
1461
1462static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1463{
1464 struct sock *sk = chan->data;
1465 int err;
1466
1467 lock_sock(sk);
1468
1469 if (l2cap_pi(sk)->rx_busy_skb) {
1470 err = -ENOMEM;
1471 goto done;
1472 }
1473
1474 if (chan->mode != L2CAP_MODE_ERTM &&
1475 chan->mode != L2CAP_MODE_STREAMING) {
1476
1477
1478
1479 err = sk_filter(sk, skb);
1480 if (err)
1481 goto done;
1482 }
1483
1484 err = __sock_queue_rcv_skb(sk, skb);
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1496 l2cap_pi(sk)->rx_busy_skb = skb;
1497 l2cap_chan_busy(chan, 1);
1498 err = 0;
1499 }
1500
1501done:
1502 release_sock(sk);
1503
1504 return err;
1505}
1506
1507static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1508{
1509 struct sock *sk = chan->data;
1510
1511 l2cap_sock_kill(sk);
1512}
1513
1514static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1515{
1516 struct sock *sk = chan->data;
1517 struct sock *parent;
1518
1519 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1520
1521
1522
1523
1524
1525
1526
1527
1528 lock_sock_nested(sk, atomic_read(&chan->nesting));
1529
1530 parent = bt_sk(sk)->parent;
1531
1532 switch (chan->state) {
1533 case BT_OPEN:
1534 case BT_BOUND:
1535 case BT_CLOSED:
1536 break;
1537 case BT_LISTEN:
1538 l2cap_sock_cleanup_listen(sk);
1539 sk->sk_state = BT_CLOSED;
1540 chan->state = BT_CLOSED;
1541
1542 break;
1543 default:
1544 sk->sk_state = BT_CLOSED;
1545 chan->state = BT_CLOSED;
1546
1547 sk->sk_err = err;
1548
1549 if (parent) {
1550 bt_accept_unlink(sk);
1551 parent->sk_data_ready(parent);
1552 } else {
1553 sk->sk_state_change(sk);
1554 }
1555
1556 break;
1557 }
1558 release_sock(sk);
1559
1560
1561 sock_set_flag(sk, SOCK_ZAPPED);
1562
1563}
1564
1565static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1566 int err)
1567{
1568 struct sock *sk = chan->data;
1569
1570 sk->sk_state = state;
1571
1572 if (err)
1573 sk->sk_err = err;
1574}
1575
1576static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1577 unsigned long hdr_len,
1578 unsigned long len, int nb)
1579{
1580 struct sock *sk = chan->data;
1581 struct sk_buff *skb;
1582 int err;
1583
1584 l2cap_chan_unlock(chan);
1585 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1586 l2cap_chan_lock(chan);
1587
1588 if (!skb)
1589 return ERR_PTR(err);
1590
1591 skb->priority = sk->sk_priority;
1592
1593 bt_cb(skb)->l2cap.chan = chan;
1594
1595 return skb;
1596}
1597
1598static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1599{
1600 struct sock *sk = chan->data;
1601 struct sock *parent;
1602
1603 lock_sock(sk);
1604
1605 parent = bt_sk(sk)->parent;
1606
1607 BT_DBG("sk %p, parent %p", sk, parent);
1608
1609 sk->sk_state = BT_CONNECTED;
1610 sk->sk_state_change(sk);
1611
1612 if (parent)
1613 parent->sk_data_ready(parent);
1614
1615 release_sock(sk);
1616}
1617
1618static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1619{
1620 struct sock *parent, *sk = chan->data;
1621
1622 lock_sock(sk);
1623
1624 parent = bt_sk(sk)->parent;
1625 if (parent)
1626 parent->sk_data_ready(parent);
1627
1628 release_sock(sk);
1629}
1630
1631static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1632{
1633 struct sock *sk = chan->data;
1634
1635 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1636 sk->sk_state = BT_CONNECTED;
1637 chan->state = BT_CONNECTED;
1638 }
1639
1640 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1641 sk->sk_state_change(sk);
1642}
1643
1644static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1645{
1646 struct sock *sk = chan->data;
1647
1648 lock_sock(sk);
1649 sk->sk_shutdown = SHUTDOWN_MASK;
1650 release_sock(sk);
1651}
1652
1653static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1654{
1655 struct sock *sk = chan->data;
1656
1657 return sk->sk_sndtimeo;
1658}
1659
1660static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1661{
1662 struct sock *sk = chan->data;
1663
1664 return sk->sk_peer_pid;
1665}
1666
1667static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1668{
1669 struct sock *sk = chan->data;
1670
1671 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1672 sk->sk_state_change(sk);
1673}
1674
1675static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1676{
1677 struct sock *sk = chan->data;
1678
1679 switch (chan->mode) {
1680 case L2CAP_MODE_ERTM:
1681 case L2CAP_MODE_STREAMING:
1682 return sk_filter(sk, skb);
1683 }
1684
1685 return 0;
1686}
1687
1688static const struct l2cap_ops l2cap_chan_ops = {
1689 .name = "L2CAP Socket Interface",
1690 .new_connection = l2cap_sock_new_connection_cb,
1691 .recv = l2cap_sock_recv_cb,
1692 .close = l2cap_sock_close_cb,
1693 .teardown = l2cap_sock_teardown_cb,
1694 .state_change = l2cap_sock_state_change_cb,
1695 .ready = l2cap_sock_ready_cb,
1696 .defer = l2cap_sock_defer_cb,
1697 .resume = l2cap_sock_resume_cb,
1698 .suspend = l2cap_sock_suspend_cb,
1699 .set_shutdown = l2cap_sock_set_shutdown_cb,
1700 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1701 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1702 .alloc_skb = l2cap_sock_alloc_skb_cb,
1703 .filter = l2cap_sock_filter,
1704};
1705
1706static void l2cap_sock_destruct(struct sock *sk)
1707{
1708 BT_DBG("sk %p", sk);
1709
1710 if (l2cap_pi(sk)->chan)
1711 l2cap_chan_put(l2cap_pi(sk)->chan);
1712
1713 if (l2cap_pi(sk)->rx_busy_skb) {
1714 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1715 l2cap_pi(sk)->rx_busy_skb = NULL;
1716 }
1717
1718 skb_queue_purge(&sk->sk_receive_queue);
1719 skb_queue_purge(&sk->sk_write_queue);
1720}
1721
1722static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1723 int *msg_namelen)
1724{
1725 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1726
1727 memset(la, 0, sizeof(struct sockaddr_l2));
1728 la->l2_family = AF_BLUETOOTH;
1729 la->l2_psm = bt_cb(skb)->l2cap.psm;
1730 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1731
1732 *msg_namelen = sizeof(struct sockaddr_l2);
1733}
1734
1735static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1736{
1737 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1738
1739 BT_DBG("sk %p", sk);
1740
1741 if (parent) {
1742 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1743
1744 sk->sk_type = parent->sk_type;
1745 bt_sk(sk)->flags = bt_sk(parent)->flags;
1746
1747 chan->chan_type = pchan->chan_type;
1748 chan->imtu = pchan->imtu;
1749 chan->omtu = pchan->omtu;
1750 chan->conf_state = pchan->conf_state;
1751 chan->mode = pchan->mode;
1752 chan->fcs = pchan->fcs;
1753 chan->max_tx = pchan->max_tx;
1754 chan->tx_win = pchan->tx_win;
1755 chan->tx_win_max = pchan->tx_win_max;
1756 chan->sec_level = pchan->sec_level;
1757 chan->flags = pchan->flags;
1758 chan->tx_credits = pchan->tx_credits;
1759 chan->rx_credits = pchan->rx_credits;
1760
1761 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1762 chan->scid = pchan->scid;
1763 chan->dcid = pchan->scid;
1764 }
1765
1766 security_sk_clone(parent, sk);
1767 } else {
1768 switch (sk->sk_type) {
1769 case SOCK_RAW:
1770 chan->chan_type = L2CAP_CHAN_RAW;
1771 break;
1772 case SOCK_DGRAM:
1773 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1774 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1775 break;
1776 case SOCK_SEQPACKET:
1777 case SOCK_STREAM:
1778 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1779 break;
1780 }
1781
1782 chan->imtu = L2CAP_DEFAULT_MTU;
1783 chan->omtu = 0;
1784 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1785 chan->mode = L2CAP_MODE_ERTM;
1786 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1787 } else {
1788 chan->mode = L2CAP_MODE_BASIC;
1789 }
1790
1791 l2cap_chan_set_defaults(chan);
1792 }
1793
1794
1795 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1796
1797 chan->data = sk;
1798 chan->ops = &l2cap_chan_ops;
1799}
1800
1801static struct proto l2cap_proto = {
1802 .name = "L2CAP",
1803 .owner = THIS_MODULE,
1804 .obj_size = sizeof(struct l2cap_pinfo)
1805};
1806
1807static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1808 int proto, gfp_t prio, int kern)
1809{
1810 struct sock *sk;
1811 struct l2cap_chan *chan;
1812
1813 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1814 if (!sk)
1815 return NULL;
1816
1817 sock_init_data(sock, sk);
1818 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1819
1820 sk->sk_destruct = l2cap_sock_destruct;
1821 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1822
1823 sock_reset_flag(sk, SOCK_ZAPPED);
1824
1825 sk->sk_protocol = proto;
1826 sk->sk_state = BT_OPEN;
1827
1828 chan = l2cap_chan_create();
1829 if (!chan) {
1830 sk_free(sk);
1831 return NULL;
1832 }
1833
1834 l2cap_chan_hold(chan);
1835
1836 l2cap_pi(sk)->chan = chan;
1837
1838 return sk;
1839}
1840
1841static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1842 int kern)
1843{
1844 struct sock *sk;
1845
1846 BT_DBG("sock %p", sock);
1847
1848 sock->state = SS_UNCONNECTED;
1849
1850 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1851 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1852 return -ESOCKTNOSUPPORT;
1853
1854 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1855 return -EPERM;
1856
1857 sock->ops = &l2cap_sock_ops;
1858
1859 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1860 if (!sk)
1861 return -ENOMEM;
1862
1863 l2cap_sock_init(sk, NULL);
1864 bt_sock_link(&l2cap_sk_list, sk);
1865 return 0;
1866}
1867
1868static const struct proto_ops l2cap_sock_ops = {
1869 .family = PF_BLUETOOTH,
1870 .owner = THIS_MODULE,
1871 .release = l2cap_sock_release,
1872 .bind = l2cap_sock_bind,
1873 .connect = l2cap_sock_connect,
1874 .listen = l2cap_sock_listen,
1875 .accept = l2cap_sock_accept,
1876 .getname = l2cap_sock_getname,
1877 .sendmsg = l2cap_sock_sendmsg,
1878 .recvmsg = l2cap_sock_recvmsg,
1879 .poll = bt_sock_poll,
1880 .ioctl = bt_sock_ioctl,
1881 .gettstamp = sock_gettstamp,
1882 .mmap = sock_no_mmap,
1883 .socketpair = sock_no_socketpair,
1884 .shutdown = l2cap_sock_shutdown,
1885 .setsockopt = l2cap_sock_setsockopt,
1886 .getsockopt = l2cap_sock_getsockopt
1887};
1888
1889static const struct net_proto_family l2cap_sock_family_ops = {
1890 .family = PF_BLUETOOTH,
1891 .owner = THIS_MODULE,
1892 .create = l2cap_sock_create,
1893};
1894
1895int __init l2cap_init_sockets(void)
1896{
1897 int err;
1898
1899 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1900
1901 err = proto_register(&l2cap_proto, 0);
1902 if (err < 0)
1903 return err;
1904
1905 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1906 if (err < 0) {
1907 BT_ERR("L2CAP socket registration failed");
1908 goto error;
1909 }
1910
1911 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1912 NULL);
1913 if (err < 0) {
1914 BT_ERR("Failed to create L2CAP proc file");
1915 bt_sock_unregister(BTPROTO_L2CAP);
1916 goto error;
1917 }
1918
1919 BT_INFO("L2CAP socket layer initialized");
1920
1921 return 0;
1922
1923error:
1924 proto_unregister(&l2cap_proto);
1925 return err;
1926}
1927
1928void l2cap_cleanup_sockets(void)
1929{
1930 bt_procfs_cleanup(&init_net, "l2cap");
1931 bt_sock_unregister(BTPROTO_L2CAP);
1932 proto_unregister(&l2cap_proto);
1933}
1934
