]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag '3.6-pci-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
bc3b2d7f 30#include <linux/export.h>
6230c9b4 31
bb58f747 32#include <net/bluetooth/bluetooth.h>
33575df7 33#include <net/bluetooth/hci_core.h>
bb58f747 34#include <net/bluetooth/l2cap.h>
f1cb9af5 35#include <net/bluetooth/smp.h>
bb58f747 36
cf2f90f5 37static const struct proto_ops l2cap_sock_ops;
80808e43
GP		 38static void l2cap_sock_init(struct sock *sk, struct sock *parent);
39static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
cf2f90f5 40
af6bcd82
GP		 41static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
42{
43 struct sock *sk = sock->sk;
4343478f 44 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 45 struct sockaddr_l2 la;
46 int len, err = 0;
47
48 BT_DBG("sk %p", sk);
49
50 if (!addr || addr->sa_family != AF_BLUETOOTH)
51 return -EINVAL;
52
53 memset(&la, 0, sizeof(la));
54 len = min_t(unsigned int, sizeof(la), alen);
55 memcpy(&la, addr, len);
56
b62f328b 57 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 58 return -EINVAL;
59
60 lock_sock(sk);
61
62 if (sk->sk_state != BT_OPEN) {
63 err = -EBADFD;
64 goto done;
65 }
66
67 if (la.l2_psm) {
68 __u16 psm = __le16_to_cpu(la.l2_psm);
69
70 /* PSM must be odd and lsb of upper byte must be 0 */
71 if ((psm & 0x0101) != 0x0001) {
72 err = -EINVAL;
73 goto done;
74 }
75
76 /* Restrict usage of well-known PSMs */
77 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
78 err = -EACCES;
79 goto done;
80 }
81 }
82
9e4425ff 83 if (la.l2_cid)
6e4aff10 84 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 85 else
86 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 87
9e4425ff
GP		 88 if (err < 0)
89 goto done;
af6bcd82 90
2983fd68
AE		 91 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
92 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
9e4425ff 93 chan->sec_level = BT_SECURITY_SDP;
b62f328b 94
9e4425ff 95 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
89bc500e
GP		 96
97 chan->state = BT_BOUND;
9e4425ff 98 sk->sk_state = BT_BOUND;
af6bcd82
GP		 99
100done:
101 release_sock(sk);
102 return err;
103}
104
4e34c50b
GP		 105static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
106{
107 struct sock *sk = sock->sk;
0c1bc5c6 108 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 109 struct sockaddr_l2 la;
110 int len, err = 0;
111
112 BT_DBG("sk %p", sk);
113
114 if (!addr || alen < sizeof(addr->sa_family) ||
115 addr->sa_family != AF_BLUETOOTH)
116 return -EINVAL;
117
118 memset(&la, 0, sizeof(la));
119 len = min_t(unsigned int, sizeof(la), alen);
120 memcpy(&la, addr, len);
121
acd7d370 122 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 123 return -EINVAL;
124
6e4aff10 125 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 126 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 127 if (err)
b3fb611e 128 return err;
4e34c50b 129
6be36555
AE		 130 lock_sock(sk);
131
4e34c50b
GP		 132 err = bt_sock_wait_state(sk, BT_CONNECTED,
133 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 134
135 release_sock(sk);
136
4e34c50b
GP		 137 return err;
138}
139
af6bcd82
GP		 140static int l2cap_sock_listen(struct socket *sock, int backlog)
141{
142 struct sock *sk = sock->sk;
0c1bc5c6 143 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 144 int err = 0;
145
146 BT_DBG("sk %p backlog %d", sk, backlog);
147
148 lock_sock(sk);
149
6b3af733 150 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 151 err = -EBADFD;
152 goto done;
153 }
154
6b3af733
MH		 155 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
156 err = -EINVAL;
157 goto done;
158 }
159
0c1bc5c6 160 switch (chan->mode) {
af6bcd82
GP		 161 case L2CAP_MODE_BASIC:
162 break;
163 case L2CAP_MODE_ERTM:
164 case L2CAP_MODE_STREAMING:
165 if (!disable_ertm)
166 break;
167 /* fall through */
168 default:
169 err = -ENOTSUPP;
170 goto done;
171 }
172
af6bcd82
GP		 173 sk->sk_max_ack_backlog = backlog;
174 sk->sk_ack_backlog = 0;
89bc500e
GP		 175
176 chan->state = BT_LISTEN;
af6bcd82
GP		 177 sk->sk_state = BT_LISTEN;
178
179done:
180 release_sock(sk);
181 return err;
182}
183
c47b7c72
GP		 184static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
185{
186 DECLARE_WAITQUEUE(wait, current);
187 struct sock *sk = sock->sk, *nsk;
188 long timeo;
189 int err = 0;
190
191 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
192
c47b7c72
GP		 193 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
194
195 BT_DBG("sk %p timeo %ld", sk, timeo);
196
197 /* Wait for an incoming connection. (wake-one). */
198 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 199 while (1) {
c47b7c72 200 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 201
202 if (sk->sk_state != BT_LISTEN) {
203 err = -EBADFD;
c47b7c72
GP		 204 break;
205 }
206
f9a3c20a
PH		 207 nsk = bt_accept_dequeue(sk, newsock);
208 if (nsk)
209 break;
c47b7c72 210
f9a3c20a
PH		 211 if (!timeo) {
212 err = -EAGAIN;
c47b7c72
GP		 213 break;
214 }
215
216 if (signal_pending(current)) {
217 err = sock_intr_errno(timeo);
218 break;
219 }
f9a3c20a
PH		 220
221 release_sock(sk);
222 timeo = schedule_timeout(timeo);
223 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 224 }
f9a3c20a 225 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 226 remove_wait_queue(sk_sleep(sk), &wait);
227
228 if (err)
229 goto done;
230
231 newsock->state = SS_CONNECTED;
232
233 BT_DBG("new socket %p", nsk);
234
235done:
236 release_sock(sk);
237 return err;
238}
239
d7175d55
GP		 240static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
241{
242 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
243 struct sock *sk = sock->sk;
0c1bc5c6 244 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 245
246 BT_DBG("sock %p, sk %p", sock, sk);
247
792039c7 248 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 249 addr->sa_family = AF_BLUETOOTH;
250 *len = sizeof(struct sockaddr_l2);
251
252 if (peer) {
fe4128e0 253 la->l2_psm = chan->psm;
d7175d55 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 255 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 256 } else {
0c1bc5c6 257 la->l2_psm = chan->sport;
d7175d55 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 259 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 260 }
261
262 return 0;
263}
264
99f4808d
GP		 265static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
266{
267 struct sock *sk = sock->sk;
4343478f 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 269 struct l2cap_options opts;
270 struct l2cap_conninfo cinfo;
271 int len, err = 0;
272 u32 opt;
273
274 BT_DBG("sk %p", sk);
275
276 if (get_user(len, optlen))
277 return -EFAULT;
278
279 lock_sock(sk);
280
281 switch (optname) {
282 case L2CAP_OPTIONS:
e3fb592b 283 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 284 opts.imtu = chan->imtu;
285 opts.omtu = chan->omtu;
286 opts.flush_to = chan->flush_to;
287 opts.mode = chan->mode;
47d1ec61
GP		 288 opts.fcs = chan->fcs;
289 opts.max_tx = chan->max_tx;
6327eb98 290 opts.txwin_size = chan->tx_win;
99f4808d
GP		 291
292 len = min_t(unsigned int, len, sizeof(opts));
293 if (copy_to_user(optval, (char *) &opts, len))
294 err = -EFAULT;
295
296 break;
297
298 case L2CAP_LM:
4343478f 299 switch (chan->sec_level) {
99f4808d
GP		 300 case BT_SECURITY_LOW:
301 opt = L2CAP_LM_AUTH;
302 break;
303 case BT_SECURITY_MEDIUM:
304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
305 break;
306 case BT_SECURITY_HIGH:
307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
308 L2CAP_LM_SECURE;
309 break;
310 default:
311 opt = 0;
312 break;
313 }
314
43bd0f32 315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 316 opt |= L2CAP_LM_MASTER;
317
ecf61bdb 318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 319 opt |= L2CAP_LM_RELIABLE;
320
321 if (put_user(opt, (u32 __user *) optval))
322 err = -EFAULT;
323 break;
324
325 case L2CAP_CONNINFO:
326 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 327 !(sk->sk_state == BT_CONNECT2 &&
328 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 329 err = -ENOTCONN;
330 break;
331 }
332
8d03e971 333 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 334 cinfo.hci_handle = chan->conn->hcon->handle;
335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 336
337 len = min_t(unsigned int, len, sizeof(cinfo));
338 if (copy_to_user(optval, (char *) &cinfo, len))
339 err = -EFAULT;
340
341 break;
342
343 default:
344 err = -ENOPROTOOPT;
345 break;
346 }
347
348 release_sock(sk);
349 return err;
350}
351
352static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
353{
354 struct sock *sk = sock->sk;
4343478f 355 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 356 struct bt_security sec;
14b12d0b 357 struct bt_power pwr;
99f4808d
GP		 358 int len, err = 0;
359
360 BT_DBG("sk %p", sk);
361
362 if (level == SOL_L2CAP)
363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
364
365 if (level != SOL_BLUETOOTH)
366 return -ENOPROTOOPT;
367
368 if (get_user(len, optlen))
369 return -EFAULT;
370
371 lock_sock(sk);
372
373 switch (optname) {
374 case BT_SECURITY:
715ec005
GP		 375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
376 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 377 err = -EINVAL;
378 break;
379 }
380
8f360119 381 memset(&sec, 0, sizeof(sec));
c6585a4d
GP		 382 if (chan->conn)
383 sec.level = chan->conn->hcon->sec_level;
384 else
385 sec.level = chan->sec_level;
99f4808d 386
8f360119
VCG		 387 if (sk->sk_state == BT_CONNECTED)
388 sec.key_size = chan->conn->hcon->enc_key_size;
389
99f4808d
GP		 390 len = min_t(unsigned int, len, sizeof(sec));
391 if (copy_to_user(optval, (char *) &sec, len))
392 err = -EFAULT;
393
394 break;
395
396 case BT_DEFER_SETUP:
397 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
398 err = -EINVAL;
399 break;
400 }
401
c5daa683
GP		 402 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
403 (u32 __user *) optval))
99f4808d
GP		 404 err = -EFAULT;
405
406 break;
407
408 case BT_FLUSHABLE:
d57b0e8b
AE		 409 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
410 (u32 __user *) optval))
99f4808d
GP		 411 err = -EFAULT;
412
413 break;
414
14b12d0b
JG		 415 case BT_POWER:
416 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
417 && sk->sk_type != SOCK_RAW) {
418 err = -EINVAL;
419 break;
420 }
421
15770b1a 422 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 423
424 len = min_t(unsigned int, len, sizeof(pwr));
425 if (copy_to_user(optval, (char *) &pwr, len))
426 err = -EFAULT;
427
428 break;
429
2ea66482
MM		 430 case BT_CHANNEL_POLICY:
431 if (!enable_hs) {
432 err = -ENOPROTOOPT;
433 break;
434 }
435
436 if (put_user(chan->chan_policy, (u32 __user *) optval))
437 err = -EFAULT;
438 break;
439
99f4808d
GP		 440 default:
441 err = -ENOPROTOOPT;
442 break;
443 }
444
445 release_sock(sk);
446 return err;
447}
448
682877c3
AG		 449static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
450{
451 switch (chan->scid) {
452 case L2CAP_CID_LE_DATA:
8c3a4f00 453 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 454 return false;
455 break;
456
457 default:
458 if (mtu < L2CAP_DEFAULT_MIN_MTU)
459 return false;
460 }
461
462 return true;
463}
464
33575df7
GP		 465static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
466{
467 struct sock *sk = sock->sk;
b4450035 468 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 469 struct l2cap_options opts;
470 int len, err = 0;
471 u32 opt;
472
473 BT_DBG("sk %p", sk);
474
475 lock_sock(sk);
476
477 switch (optname) {
478 case L2CAP_OPTIONS:
479 if (sk->sk_state == BT_CONNECTED) {
480 err = -EINVAL;
481 break;
482 }
483
0c1bc5c6
GP		 484 opts.imtu = chan->imtu;
485 opts.omtu = chan->omtu;
486 opts.flush_to = chan->flush_to;
487 opts.mode = chan->mode;
47d1ec61
GP		 488 opts.fcs = chan->fcs;
489 opts.max_tx = chan->max_tx;
6327eb98 490 opts.txwin_size = chan->tx_win;
33575df7
GP		 491
492 len = min_t(unsigned int, sizeof(opts), optlen);
493 if (copy_from_user((char *) &opts, optval, len)) {
494 err = -EFAULT;
495 break;
496 }
497
6327eb98 498 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 499 err = -EINVAL;
500 break;
501 }
502
682877c3
AG		 503 if (!l2cap_valid_mtu(chan, opts.imtu)) {
504 err = -EINVAL;
505 break;
506 }
507
0c1bc5c6
GP		 508 chan->mode = opts.mode;
509 switch (chan->mode) {
33575df7 510 case L2CAP_MODE_BASIC:
c1360a1c 511 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 512 break;
513 case L2CAP_MODE_ERTM:
514 case L2CAP_MODE_STREAMING:
515 if (!disable_ertm)
516 break;
517 /* fall through */
518 default:
519 err = -EINVAL;
520 break;
521 }
522
0c1bc5c6
GP		 523 chan->imtu = opts.imtu;
524 chan->omtu = opts.omtu;
47d1ec61
GP		 525 chan->fcs = opts.fcs;
526 chan->max_tx = opts.max_tx;
6327eb98 527 chan->tx_win = opts.txwin_size;
33575df7
GP		 528 break;
529
530 case L2CAP_LM:
531 if (get_user(opt, (u32 __user *) optval)) {
532 err = -EFAULT;
533 break;
534 }
535
536 if (opt & L2CAP_LM_AUTH)
4343478f 537 chan->sec_level = BT_SECURITY_LOW;
33575df7 538 if (opt & L2CAP_LM_ENCRYPT)
4343478f 539 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 540 if (opt & L2CAP_LM_SECURE)
4343478f 541 chan->sec_level = BT_SECURITY_HIGH;
33575df7 542
43bd0f32
AE		 543 if (opt & L2CAP_LM_MASTER)
544 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
545 else
546 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 547
548 if (opt & L2CAP_LM_RELIABLE)
549 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
550 else
551 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 552 break;
553
554 default:
555 err = -ENOPROTOOPT;
556 break;
557 }
558
559 release_sock(sk);
560 return err;
561}
562
563static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
564{
565 struct sock *sk = sock->sk;
4343478f 566 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 567 struct bt_security sec;
14b12d0b 568 struct bt_power pwr;
f1cb9af5 569 struct l2cap_conn *conn;
33575df7
GP		 570 int len, err = 0;
571 u32 opt;
572
573 BT_DBG("sk %p", sk);
574
575 if (level == SOL_L2CAP)
576 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
577
578 if (level != SOL_BLUETOOTH)
579 return -ENOPROTOOPT;
580
581 lock_sock(sk);
582
583 switch (optname) {
584 case BT_SECURITY:
715ec005
GP		 585 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
586 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 587 err = -EINVAL;
588 break;
589 }
590
591 sec.level = BT_SECURITY_LOW;
592
593 len = min_t(unsigned int, sizeof(sec), optlen);
594 if (copy_from_user((char *) &sec, optval, len)) {
595 err = -EFAULT;
596 break;
597 }
598
599 if (sec.level < BT_SECURITY_LOW ||
600 sec.level > BT_SECURITY_HIGH) {
601 err = -EINVAL;
602 break;
603 }
604
4343478f 605 chan->sec_level = sec.level;
f1cb9af5 606
0bee1d60
GP		 607 if (!chan->conn)
608 break;
609
f1cb9af5 610 conn = chan->conn;
0bee1d60
GP		 611
612 /*change security for LE channels */
613 if (chan->scid == L2CAP_CID_LE_DATA) {
f1cb9af5
VCG		 614 if (!conn->hcon->out) {
615 err = -EINVAL;
616 break;
617 }
618
619 if (smp_conn_security(conn, sec.level))
620 break;
f1cb9af5 621 sk->sk_state = BT_CONFIG;
3542b854 622 chan->state = BT_CONFIG;
0bee1d60 623
a7d7723a
GP		 624 /* or for ACL link */
625 } else if ((sk->sk_state == BT_CONNECT2 &&
c5daa683 626 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 627 sk->sk_state == BT_CONNECTED) {
628 if (!l2cap_chan_check_security(chan))
c5daa683 629 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 630 else
631 sk->sk_state_change(sk);
0bee1d60
GP		 632 } else {
633 err = -EINVAL;
f1cb9af5 634 }
33575df7
GP		 635 break;
636
637 case BT_DEFER_SETUP:
638 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
639 err = -EINVAL;
640 break;
641 }
642
643 if (get_user(opt, (u32 __user *) optval)) {
644 err = -EFAULT;
645 break;
646 }
647
c5daa683
GP		 648 if (opt)
649 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
650 else
651 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
33575df7
GP		 652 break;
653
654 case BT_FLUSHABLE:
655 if (get_user(opt, (u32 __user *) optval)) {
656 err = -EFAULT;
657 break;
658 }
659
660 if (opt > BT_FLUSHABLE_ON) {
661 err = -EINVAL;
662 break;
663 }
664
665 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 666 struct l2cap_conn *conn = chan->conn;
25985edc 667 /* proceed further only when we have l2cap_conn and
33575df7
GP		 668 No Flush support in the LM */
669 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
670 err = -EINVAL;
671 break;
672 }
673 }
674
d57b0e8b
AE		 675 if (opt)
676 set_bit(FLAG_FLUSHABLE, &chan->flags);
677 else
678 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 679 break;
680
14b12d0b
JG		 681 case BT_POWER:
682 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
683 chan->chan_type != L2CAP_CHAN_RAW) {
684 err = -EINVAL;
685 break;
686 }
687
688 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
689
690 len = min_t(unsigned int, sizeof(pwr), optlen);
691 if (copy_from_user((char *) &pwr, optval, len)) {
692 err = -EFAULT;
693 break;
694 }
15770b1a
AE		 695
696 if (pwr.force_active)
697 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
698 else
699 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 700 break;
701
2ea66482
MM		 702 case BT_CHANNEL_POLICY:
703 if (!enable_hs) {
704 err = -ENOPROTOOPT;
705 break;
706 }
707
708 if (get_user(opt, (u32 __user *) optval)) {
709 err = -EFAULT;
710 break;
711 }
712
713 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
714 err = -EINVAL;
715 break;
716 }
717
718 if (chan->mode != L2CAP_MODE_ERTM &&
719 chan->mode != L2CAP_MODE_STREAMING) {
720 err = -EOPNOTSUPP;
721 break;
722 }
723
724 chan->chan_policy = (u8) opt;
14b12d0b
JG		 725 break;
726
33575df7
GP		 727 default:
728 err = -ENOPROTOOPT;
729 break;
730 }
731
732 release_sock(sk);
733 return err;
734}
fd83ccdb
GP		 735
736static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
737{
738 struct sock *sk = sock->sk;
0c1bc5c6 739 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 740 int err;
741
742 BT_DBG("sock %p, sk %p", sock, sk);
743
744 err = sock_error(sk);
745 if (err)
746 return err;
747
748 if (msg->msg_flags & MSG_OOB)
749 return -EOPNOTSUPP;
750
a6a5568c 751 if (sk->sk_state != BT_CONNECTED)
9a91a04a 752 return -ENOTCONN;
fd83ccdb 753
a6a5568c 754 l2cap_chan_lock(chan);
5e59b791 755 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 756 l2cap_chan_unlock(chan);
fd83ccdb 757
fd83ccdb
GP		 758 return err;
759}
33575df7 760
68983259
GP		 761static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
762{
763 struct sock *sk = sock->sk;
e328140f
MM		 764 struct l2cap_pinfo *pi = l2cap_pi(sk);
765 int err;
68983259
GP		 766
767 lock_sock(sk);
768
c5daa683
GP		 769 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
770 &bt_sk(sk)->flags)) {
8c1d787b 771 sk->sk_state = BT_CONFIG;
3542b854 772 pi->chan->state = BT_CONFIG;
8c1d787b 773
e328140f 774 __l2cap_connect_rsp_defer(pi->chan);
68983259
GP		 775 release_sock(sk);
776 return 0;
777 }
778
779 release_sock(sk);
780
781 if (sock->type == SOCK_STREAM)
e328140f
MM		 782 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
783 else
784 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
785
786 if (pi->chan->mode != L2CAP_MODE_ERTM)
787 return err;
788
789 /* Attempt to put pending rx data in the socket buffer */
790
791 lock_sock(sk);
792
793 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
794 goto done;
795
796 if (pi->rx_busy_skb) {
797 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
798 pi->rx_busy_skb = NULL;
799 else
800 goto done;
801 }
802
803 /* Restore data flow when half of the receive buffer is
804 * available. This avoids resending large numbers of
805 * frames.
806 */
807 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
808 l2cap_chan_busy(pi->chan, 0);
68983259 809
e328140f
MM		 810done:
811 release_sock(sk);
812 return err;
68983259
GP		 813}
814
05fc1576
GP		 815/* Kill socket (only if zapped and orphan)
816 * Must be called on unlocked socket.
817 */
ba3bd0ee 818static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 819{
820 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
821 return;
822
e05dcc32 823 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 824
825 /* Kill poor orphan */
6ff5abbf 826
23691d75 827 l2cap_chan_destroy(l2cap_pi(sk)->chan);
05fc1576
GP		 828 sock_set_flag(sk, SOCK_DEAD);
829 sock_put(sk);
830}
831
dcba0dba
GP		 832static int l2cap_sock_shutdown(struct socket *sock, int how)
833{
834 struct sock *sk = sock->sk;
7ddb6e0f 835 struct l2cap_chan *chan;
3df91ea2 836 struct l2cap_conn *conn;
dcba0dba
GP		 837 int err = 0;
838
839 BT_DBG("sock %p, sk %p", sock, sk);
840
841 if (!sk)
842 return 0;
843
7ddb6e0f 844 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 845 conn = chan->conn;
846
847 if (conn)
848 mutex_lock(&conn->chan_lock);
7ddb6e0f 849
6be36555 850 l2cap_chan_lock(chan);
dcba0dba 851 lock_sock(sk);
6be36555 852
dcba0dba 853 if (!sk->sk_shutdown) {
0c1bc5c6 854 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 855 err = __l2cap_wait_ack(sk);
856
857 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 858
6be36555 859 release_sock(sk);
0f852724 860 l2cap_chan_close(chan, 0);
6be36555 861 lock_sock(sk);
dcba0dba
GP		 862
863 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
864 err = bt_sock_wait_state(sk, BT_CLOSED,
865 sk->sk_lingertime);
866 }
867
868 if (!err && sk->sk_err)
869 err = -sk->sk_err;
870
871 release_sock(sk);
6be36555 872 l2cap_chan_unlock(chan);
3df91ea2
AE		 873
874 if (conn)
875 mutex_unlock(&conn->chan_lock);
876
dcba0dba
GP		 877 return err;
878}
879
554f05bb
GP		 880static int l2cap_sock_release(struct socket *sock)
881{
882 struct sock *sk = sock->sk;
883 int err;
884
885 BT_DBG("sock %p, sk %p", sock, sk);
886
887 if (!sk)
888 return 0;
889
890 err = l2cap_sock_shutdown(sock, 2);
891
892 sock_orphan(sk);
893 l2cap_sock_kill(sk);
894 return err;
895}
896
c0df7f6e
AE		 897static void l2cap_sock_cleanup_listen(struct sock *parent)
898{
899 struct sock *sk;
900
901 BT_DBG("parent %p", parent);
902
903 /* Close not yet accepted channels */
904 while ((sk = bt_accept_dequeue(parent, NULL))) {
905 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
906
907 l2cap_chan_lock(chan);
908 __clear_chan_timer(chan);
909 l2cap_chan_close(chan, ECONNRESET);
910 l2cap_chan_unlock(chan);
911
912 l2cap_sock_kill(sk);
913 }
914}
915
80b98027 916static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 917{
80b98027 918 struct sock *sk, *parent = chan->data;
80808e43 919
53826692
GP		 920 /* Check for backlog size */
921 if (sk_acceptq_is_full(parent)) {
922 BT_DBG("backlog full %d", parent->sk_ack_backlog);
923 return NULL;
924 }
925
80808e43
GP		 926 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
927 GFP_ATOMIC);
928 if (!sk)
929 return NULL;
930
d22015aa
OP		 931 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
932
80808e43
GP		 933 l2cap_sock_init(sk, parent);
934
935 return l2cap_pi(sk)->chan;
936}
937
80b98027 938static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 939{
e328140f 940 int err;
80b98027 941 struct sock *sk = chan->data;
e328140f
MM		 942 struct l2cap_pinfo *pi = l2cap_pi(sk);
943
6be36555
AE		 944 lock_sock(sk);
945
946 if (pi->rx_busy_skb) {
947 err = -ENOMEM;
948 goto done;
949 }
e328140f
MM		 950
951 err = sock_queue_rcv_skb(sk, skb);
952
953 /* For ERTM, handle one skb that doesn't fit into the recv
954 * buffer. This is important to do because the data frames
955 * have already been acked, so the skb cannot be discarded.
956 *
957 * Notify the l2cap core that the buffer is full, so the
958 * LOCAL_BUSY state is entered and no more frames are
959 * acked and reassembled until there is buffer space
960 * available.
961 */
962 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
963 pi->rx_busy_skb = skb;
964 l2cap_chan_busy(pi->chan, 1);
965 err = 0;
966 }
23070494 967
6be36555
AE		 968done:
969 release_sock(sk);
970
e328140f 971 return err;
23070494
GP		 972}
973
80b98027 974static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 975{
80b98027 976 struct sock *sk = chan->data;
ba3bd0ee
GP		 977
978 l2cap_sock_kill(sk);
979}
980
c0df7f6e
AE		 981static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
982{
983 struct sock *sk = chan->data;
984 struct sock *parent;
985
986 lock_sock(sk);
987
988 parent = bt_sk(sk)->parent;
989
990 sock_set_flag(sk, SOCK_ZAPPED);
991
992 switch (chan->state) {
993 case BT_OPEN:
994 case BT_BOUND:
995 case BT_CLOSED:
996 break;
997 case BT_LISTEN:
998 l2cap_sock_cleanup_listen(sk);
999 sk->sk_state = BT_CLOSED;
1000 chan->state = BT_CLOSED;
1001
1002 break;
1003 default:
1004 sk->sk_state = BT_CLOSED;
1005 chan->state = BT_CLOSED;
1006
1007 sk->sk_err = err;
1008
1009 if (parent) {
1010 bt_accept_unlink(sk);
1011 parent->sk_data_ready(parent, 0);
1012 } else {
1013 sk->sk_state_change(sk);
1014 }
1015
1016 break;
1017 }
1018
1019 release_sock(sk);
1020}
1021
80b98027 1022static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
89bc500e 1023{
80b98027 1024 struct sock *sk = chan->data;
89bc500e
GP		 1025
1026 sk->sk_state = state;
1027}
1028
2f7719ce 1029static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1030 unsigned long len, int nb)
2f7719ce 1031{
90338947
GP		 1032 struct sk_buff *skb;
1033 int err;
1034
a6a5568c 1035 l2cap_chan_unlock(chan);
90338947 1036 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
a6a5568c
MM		 1037 l2cap_chan_lock(chan);
1038
90338947
GP		 1039 if (!skb)
1040 return ERR_PTR(err);
2f7719ce 1041
90338947 1042 return skb;
2f7719ce
AE		 1043}
1044
54a59aa2
AE		 1045static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1046{
1047 struct sock *sk = chan->data;
1048 struct sock *parent;
1049
1050 lock_sock(sk);
1051
1052 parent = bt_sk(sk)->parent;
1053
1054 BT_DBG("sk %p, parent %p", sk, parent);
1055
1056 sk->sk_state = BT_CONNECTED;
1057 sk->sk_state_change(sk);
1058
1059 if (parent)
1060 parent->sk_data_ready(parent, 0);
1061
1062 release_sock(sk);
1063}
1064
80808e43
GP		 1065static struct l2cap_ops l2cap_chan_ops = {
1066 .name = "L2CAP Socket Interface",
1067 .new_connection = l2cap_sock_new_connection_cb,
23070494 1068 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1069 .close = l2cap_sock_close_cb,
c0df7f6e 1070 .teardown = l2cap_sock_teardown_cb,
89bc500e 1071 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1072 .ready = l2cap_sock_ready_cb,
2f7719ce 1073 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1074};
1075
bb58f747
GP		 1076static void l2cap_sock_destruct(struct sock *sk)
1077{
1078 BT_DBG("sk %p", sk);
1079
61d6ef3e 1080 l2cap_chan_put(l2cap_pi(sk)->chan);
e328140f
MM		 1081 if (l2cap_pi(sk)->rx_busy_skb) {
1082 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1083 l2cap_pi(sk)->rx_busy_skb = NULL;
1084 }
1085
bb58f747
GP		 1086 skb_queue_purge(&sk->sk_receive_queue);
1087 skb_queue_purge(&sk->sk_write_queue);
1088}
1089
80808e43 1090static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747
GP		 1091{
1092 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 1093 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 1094
1095 BT_DBG("sk %p", sk);
1096
1097 if (parent) {
b4450035
GP		 1098 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1099
bb58f747 1100 sk->sk_type = parent->sk_type;
c5daa683 1101 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1102
715ec005 1103 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1104 chan->imtu = pchan->imtu;
1105 chan->omtu = pchan->omtu;
b4450035 1106 chan->conf_state = pchan->conf_state;
0c1bc5c6 1107 chan->mode = pchan->mode;
47d1ec61
GP		 1108 chan->fcs = pchan->fcs;
1109 chan->max_tx = pchan->max_tx;
1110 chan->tx_win = pchan->tx_win;
6b3c7104 1111 chan->tx_win_max = pchan->tx_win_max;
4343478f 1112 chan->sec_level = pchan->sec_level;
d57b0e8b 1113 chan->flags = pchan->flags;
6230c9b4
PM		 1114
1115 security_sk_clone(parent, sk);
bb58f747 1116 } else {
715ec005
GP		 1117
1118 switch (sk->sk_type) {
1119 case SOCK_RAW:
1120 chan->chan_type = L2CAP_CHAN_RAW;
1121 break;
1122 case SOCK_DGRAM:
1123 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1124 break;
1125 case SOCK_SEQPACKET:
1126 case SOCK_STREAM:
1127 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1128 break;
1129 }
1130
0c1bc5c6
GP		 1131 chan->imtu = L2CAP_DEFAULT_MTU;
1132 chan->omtu = 0;
bb58f747 1133 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1134 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1135 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1136 } else {
0c1bc5c6 1137 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1138 }
bd4b1653
AE		 1139
1140 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1141 }
1142
1143 /* Default config options */
0c1bc5c6 1144 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1145
1146 chan->data = sk;
1147 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1148}
1149
1150static struct proto l2cap_proto = {
1151 .name = "L2CAP",
1152 .owner = THIS_MODULE,
1153 .obj_size = sizeof(struct l2cap_pinfo)
1154};
1155
80808e43 1156static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
bb58f747
GP		 1157{
1158 struct sock *sk;
dc50a06d 1159 struct l2cap_chan *chan;
bb58f747
GP		 1160
1161 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1162 if (!sk)
1163 return NULL;
1164
1165 sock_init_data(sock, sk);
1166 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1167
1168 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1169 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1170
1171 sock_reset_flag(sk, SOCK_ZAPPED);
1172
1173 sk->sk_protocol = proto;
1174 sk->sk_state = BT_OPEN;
1175
eef1d9b6 1176 chan = l2cap_chan_create();
dc50a06d 1177 if (!chan) {
49dfbb91 1178 sk_free(sk);
dc50a06d
GP		 1179 return NULL;
1180 }
1181
61d6ef3e
MM		 1182 l2cap_chan_hold(chan);
1183
eef1d9b6
GP		 1184 chan->sk = sk;
1185
dc50a06d
GP		 1186 l2cap_pi(sk)->chan = chan;
1187
bb58f747
GP		 1188 return sk;
1189}
1190
1191static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1192 int kern)
1193{
1194 struct sock *sk;
1195
1196 BT_DBG("sock %p", sock);
1197
1198 sock->state = SS_UNCONNECTED;
1199
1200 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1201 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1202 return -ESOCKTNOSUPPORT;
1203
1204 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1205 return -EPERM;
1206
1207 sock->ops = &l2cap_sock_ops;
1208
1209 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1210 if (!sk)
1211 return -ENOMEM;
1212
1213 l2cap_sock_init(sk, NULL);
1214 return 0;
1215}
1216
cf2f90f5 1217static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1218 .family = PF_BLUETOOTH,
1219 .owner = THIS_MODULE,
1220 .release = l2cap_sock_release,
1221 .bind = l2cap_sock_bind,
1222 .connect = l2cap_sock_connect,
1223 .listen = l2cap_sock_listen,
1224 .accept = l2cap_sock_accept,
1225 .getname = l2cap_sock_getname,
1226 .sendmsg = l2cap_sock_sendmsg,
1227 .recvmsg = l2cap_sock_recvmsg,
1228 .poll = bt_sock_poll,
1229 .ioctl = bt_sock_ioctl,
1230 .mmap = sock_no_mmap,
1231 .socketpair = sock_no_socketpair,
1232 .shutdown = l2cap_sock_shutdown,
1233 .setsockopt = l2cap_sock_setsockopt,
1234 .getsockopt = l2cap_sock_getsockopt
1235};
1236
bb58f747
GP		 1237static const struct net_proto_family l2cap_sock_family_ops = {
1238 .family = PF_BLUETOOTH,
1239 .owner = THIS_MODULE,
1240 .create = l2cap_sock_create,
1241};
1242
1243int __init l2cap_init_sockets(void)
1244{
e2174ca4 1245 int err;
bb58f747 1246
e2174ca4
GP		 1247 err = proto_register(&l2cap_proto, 0);
1248 if (err < 0)
1249 return err;
bb58f747 1250
e2174ca4
GP		 1251 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1252 if (err < 0)
1253 goto error;
bb58f747 1254
e2174ca4 1255 BT_INFO("L2CAP socket layer initialized");
bb58f747 1256
e2174ca4 1257 return 0;
bb58f747
GP		 1258
1259error:
e2174ca4
GP		 1260 BT_ERR("L2CAP socket registration failed");
1261 proto_unregister(&l2cap_proto);
1262 return err;
bb58f747
GP		 1263}
1264
1265void l2cap_cleanup_sockets(void)
1266{
e2174ca4
GP		 1267 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1268 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1269
e2174ca4 1270 proto_unregister(&l2cap_proto);
bb58f747 1271}
Ubuntu Jammy Linux kernel mirror