]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
6230c9b4 30#include <linux/security.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
f1cb9af5 36#include <net/bluetooth/smp.h>
bb58f747 37
cf2f90f5 38static const struct proto_ops l2cap_sock_ops;
80808e43
GP		 39static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
cf2f90f5 41
af6bcd82
GP		 42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43{
44 struct sock *sk = sock->sk;
4343478f 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
b62f328b 58 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
9e4425ff 84 if (la.l2_cid)
6e4aff10 85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 88
9e4425ff
GP		 89 if (err < 0)
90 goto done;
af6bcd82 91
9e4425ff
GP		 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
b62f328b 95
9e4425ff 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
89bc500e
GP		 97
98 chan->state = BT_BOUND;
9e4425ff 99 sk->sk_state = BT_BOUND;
af6bcd82
GP		 100
101done:
102 release_sock(sk);
103 return err;
104}
105
4e34c50b
GP		 106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107{
108 struct sock *sk = sock->sk;
0c1bc5c6 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
acd7d370 123 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 124 return -EINVAL;
125
6e4aff10 126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 127 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 128 if (err)
b3fb611e 129 return err;
4e34c50b 130
6be36555
AE		 131 lock_sock(sk);
132
4e34c50b
GP		 133 err = bt_sock_wait_state(sk, BT_CONNECTED,
134 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 135
136 release_sock(sk);
137
4e34c50b
GP		 138 return err;
139}
140
af6bcd82
GP		 141static int l2cap_sock_listen(struct socket *sock, int backlog)
142{
143 struct sock *sk = sock->sk;
0c1bc5c6 144 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 145 int err = 0;
146
147 BT_DBG("sk %p backlog %d", sk, backlog);
148
149 lock_sock(sk);
150
6b3af733 151 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 152 err = -EBADFD;
153 goto done;
154 }
155
6b3af733
MH		 156 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
157 err = -EINVAL;
158 goto done;
159 }
160
0c1bc5c6 161 switch (chan->mode) {
af6bcd82
GP		 162 case L2CAP_MODE_BASIC:
163 break;
164 case L2CAP_MODE_ERTM:
165 case L2CAP_MODE_STREAMING:
166 if (!disable_ertm)
167 break;
168 /* fall through */
169 default:
170 err = -ENOTSUPP;
171 goto done;
172 }
173
af6bcd82
GP		 174 sk->sk_max_ack_backlog = backlog;
175 sk->sk_ack_backlog = 0;
89bc500e
GP		 176
177 chan->state = BT_LISTEN;
af6bcd82
GP		 178 sk->sk_state = BT_LISTEN;
179
180done:
181 release_sock(sk);
182 return err;
183}
184
c47b7c72
GP		 185static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
186{
187 DECLARE_WAITQUEUE(wait, current);
188 struct sock *sk = sock->sk, *nsk;
189 long timeo;
190 int err = 0;
191
192 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
193
c47b7c72
GP		 194 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
195
196 BT_DBG("sk %p timeo %ld", sk, timeo);
197
198 /* Wait for an incoming connection. (wake-one). */
199 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 200 while (1) {
c47b7c72 201 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 202
203 if (sk->sk_state != BT_LISTEN) {
204 err = -EBADFD;
c47b7c72
GP		 205 break;
206 }
207
f9a3c20a
PH		 208 nsk = bt_accept_dequeue(sk, newsock);
209 if (nsk)
210 break;
c47b7c72 211
f9a3c20a
PH		 212 if (!timeo) {
213 err = -EAGAIN;
c47b7c72
GP		 214 break;
215 }
216
217 if (signal_pending(current)) {
218 err = sock_intr_errno(timeo);
219 break;
220 }
f9a3c20a
PH		 221
222 release_sock(sk);
223 timeo = schedule_timeout(timeo);
224 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 225 }
f9a3c20a 226 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 227 remove_wait_queue(sk_sleep(sk), &wait);
228
229 if (err)
230 goto done;
231
232 newsock->state = SS_CONNECTED;
233
234 BT_DBG("new socket %p", nsk);
235
236done:
237 release_sock(sk);
238 return err;
239}
240
d7175d55
GP		 241static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
242{
243 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
244 struct sock *sk = sock->sk;
0c1bc5c6 245 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 246
247 BT_DBG("sock %p, sk %p", sock, sk);
248
249 addr->sa_family = AF_BLUETOOTH;
250 *len = sizeof(struct sockaddr_l2);
251
252 if (peer) {
fe4128e0 253 la->l2_psm = chan->psm;
d7175d55 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 255 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 256 } else {
0c1bc5c6 257 la->l2_psm = chan->sport;
d7175d55 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 259 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 260 }
261
262 return 0;
263}
264
99f4808d
GP		 265static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
266{
267 struct sock *sk = sock->sk;
4343478f 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 269 struct l2cap_options opts;
270 struct l2cap_conninfo cinfo;
271 int len, err = 0;
272 u32 opt;
273
274 BT_DBG("sk %p", sk);
275
276 if (get_user(len, optlen))
277 return -EFAULT;
278
279 lock_sock(sk);
280
281 switch (optname) {
282 case L2CAP_OPTIONS:
e3fb592b 283 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 284 opts.imtu = chan->imtu;
285 opts.omtu = chan->omtu;
286 opts.flush_to = chan->flush_to;
287 opts.mode = chan->mode;
47d1ec61
GP		 288 opts.fcs = chan->fcs;
289 opts.max_tx = chan->max_tx;
6327eb98 290 opts.txwin_size = chan->tx_win;
99f4808d
GP		 291
292 len = min_t(unsigned int, len, sizeof(opts));
293 if (copy_to_user(optval, (char *) &opts, len))
294 err = -EFAULT;
295
296 break;
297
298 case L2CAP_LM:
4343478f 299 switch (chan->sec_level) {
99f4808d
GP		 300 case BT_SECURITY_LOW:
301 opt = L2CAP_LM_AUTH;
302 break;
303 case BT_SECURITY_MEDIUM:
304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
305 break;
306 case BT_SECURITY_HIGH:
307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
308 L2CAP_LM_SECURE;
309 break;
310 default:
311 opt = 0;
312 break;
313 }
314
43bd0f32 315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 316 opt |= L2CAP_LM_MASTER;
317
ecf61bdb 318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 319 opt |= L2CAP_LM_RELIABLE;
320
321 if (put_user(opt, (u32 __user *) optval))
322 err = -EFAULT;
323 break;
324
325 case L2CAP_CONNINFO:
326 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 327 !(sk->sk_state == BT_CONNECT2 &&
328 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 329 err = -ENOTCONN;
330 break;
331 }
332
8d03e971 333 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 334 cinfo.hci_handle = chan->conn->hcon->handle;
335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 336
337 len = min_t(unsigned int, len, sizeof(cinfo));
338 if (copy_to_user(optval, (char *) &cinfo, len))
339 err = -EFAULT;
340
341 break;
342
343 default:
344 err = -ENOPROTOOPT;
345 break;
346 }
347
348 release_sock(sk);
349 return err;
350}
351
352static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
353{
354 struct sock *sk = sock->sk;
4343478f 355 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 356 struct bt_security sec;
14b12d0b 357 struct bt_power pwr;
99f4808d
GP		 358 int len, err = 0;
359
360 BT_DBG("sk %p", sk);
361
362 if (level == SOL_L2CAP)
363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
364
365 if (level != SOL_BLUETOOTH)
366 return -ENOPROTOOPT;
367
368 if (get_user(len, optlen))
369 return -EFAULT;
370
371 lock_sock(sk);
372
373 switch (optname) {
374 case BT_SECURITY:
715ec005
GP		 375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
376 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 377 err = -EINVAL;
378 break;
379 }
380
8f360119 381 memset(&sec, 0, sizeof(sec));
c6585a4d
GP		 382 if (chan->conn)
383 sec.level = chan->conn->hcon->sec_level;
384 else
385 sec.level = chan->sec_level;
99f4808d 386
8f360119
VCG		 387 if (sk->sk_state == BT_CONNECTED)
388 sec.key_size = chan->conn->hcon->enc_key_size;
389
99f4808d
GP		 390 len = min_t(unsigned int, len, sizeof(sec));
391 if (copy_to_user(optval, (char *) &sec, len))
392 err = -EFAULT;
393
394 break;
395
396 case BT_DEFER_SETUP:
397 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
398 err = -EINVAL;
399 break;
400 }
401
c5daa683
GP		 402 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
403 (u32 __user *) optval))
99f4808d
GP		 404 err = -EFAULT;
405
406 break;
407
408 case BT_FLUSHABLE:
d57b0e8b
AE		 409 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
410 (u32 __user *) optval))
99f4808d
GP		 411 err = -EFAULT;
412
413 break;
414
14b12d0b
JG		 415 case BT_POWER:
416 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
417 && sk->sk_type != SOCK_RAW) {
418 err = -EINVAL;
419 break;
420 }
421
15770b1a 422 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 423
424 len = min_t(unsigned int, len, sizeof(pwr));
425 if (copy_to_user(optval, (char *) &pwr, len))
426 err = -EFAULT;
427
428 break;
429
2ea66482
MM		 430 case BT_CHANNEL_POLICY:
431 if (!enable_hs) {
432 err = -ENOPROTOOPT;
433 break;
434 }
435
436 if (put_user(chan->chan_policy, (u32 __user *) optval))
437 err = -EFAULT;
438 break;
439
99f4808d
GP		 440 default:
441 err = -ENOPROTOOPT;
442 break;
443 }
444
445 release_sock(sk);
446 return err;
447}
448
33575df7
GP		 449static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
450{
451 struct sock *sk = sock->sk;
b4450035 452 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 453 struct l2cap_options opts;
454 int len, err = 0;
455 u32 opt;
456
457 BT_DBG("sk %p", sk);
458
459 lock_sock(sk);
460
461 switch (optname) {
462 case L2CAP_OPTIONS:
463 if (sk->sk_state == BT_CONNECTED) {
464 err = -EINVAL;
465 break;
466 }
467
0c1bc5c6
GP		 468 opts.imtu = chan->imtu;
469 opts.omtu = chan->omtu;
470 opts.flush_to = chan->flush_to;
471 opts.mode = chan->mode;
47d1ec61
GP		 472 opts.fcs = chan->fcs;
473 opts.max_tx = chan->max_tx;
6327eb98 474 opts.txwin_size = chan->tx_win;
33575df7
GP		 475
476 len = min_t(unsigned int, sizeof(opts), optlen);
477 if (copy_from_user((char *) &opts, optval, len)) {
478 err = -EFAULT;
479 break;
480 }
481
6327eb98 482 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 483 err = -EINVAL;
484 break;
485 }
486
0c1bc5c6
GP		 487 chan->mode = opts.mode;
488 switch (chan->mode) {
33575df7 489 case L2CAP_MODE_BASIC:
c1360a1c 490 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 491 break;
492 case L2CAP_MODE_ERTM:
493 case L2CAP_MODE_STREAMING:
494 if (!disable_ertm)
495 break;
496 /* fall through */
497 default:
498 err = -EINVAL;
499 break;
500 }
501
0c1bc5c6
GP		 502 chan->imtu = opts.imtu;
503 chan->omtu = opts.omtu;
47d1ec61
GP		 504 chan->fcs = opts.fcs;
505 chan->max_tx = opts.max_tx;
6327eb98 506 chan->tx_win = opts.txwin_size;
33575df7
GP		 507 break;
508
509 case L2CAP_LM:
510 if (get_user(opt, (u32 __user *) optval)) {
511 err = -EFAULT;
512 break;
513 }
514
515 if (opt & L2CAP_LM_AUTH)
4343478f 516 chan->sec_level = BT_SECURITY_LOW;
33575df7 517 if (opt & L2CAP_LM_ENCRYPT)
4343478f 518 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 519 if (opt & L2CAP_LM_SECURE)
4343478f 520 chan->sec_level = BT_SECURITY_HIGH;
33575df7 521
43bd0f32
AE		 522 if (opt & L2CAP_LM_MASTER)
523 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
524 else
525 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 526
527 if (opt & L2CAP_LM_RELIABLE)
528 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
529 else
530 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 531 break;
532
533 default:
534 err = -ENOPROTOOPT;
535 break;
536 }
537
538 release_sock(sk);
539 return err;
540}
541
542static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
543{
544 struct sock *sk = sock->sk;
4343478f 545 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 546 struct bt_security sec;
14b12d0b 547 struct bt_power pwr;
f1cb9af5 548 struct l2cap_conn *conn;
33575df7
GP		 549 int len, err = 0;
550 u32 opt;
551
552 BT_DBG("sk %p", sk);
553
554 if (level == SOL_L2CAP)
555 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
556
557 if (level != SOL_BLUETOOTH)
558 return -ENOPROTOOPT;
559
560 lock_sock(sk);
561
562 switch (optname) {
563 case BT_SECURITY:
715ec005
GP		 564 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
565 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 566 err = -EINVAL;
567 break;
568 }
569
570 sec.level = BT_SECURITY_LOW;
571
572 len = min_t(unsigned int, sizeof(sec), optlen);
573 if (copy_from_user((char *) &sec, optval, len)) {
574 err = -EFAULT;
575 break;
576 }
577
578 if (sec.level < BT_SECURITY_LOW ||
579 sec.level > BT_SECURITY_HIGH) {
580 err = -EINVAL;
581 break;
582 }
583
4343478f 584 chan->sec_level = sec.level;
f1cb9af5 585
0bee1d60
GP		 586 if (!chan->conn)
587 break;
588
f1cb9af5 589 conn = chan->conn;
0bee1d60
GP		 590
591 /*change security for LE channels */
592 if (chan->scid == L2CAP_CID_LE_DATA) {
f1cb9af5
VCG		 593 if (!conn->hcon->out) {
594 err = -EINVAL;
595 break;
596 }
597
598 if (smp_conn_security(conn, sec.level))
599 break;
f1cb9af5 600 sk->sk_state = BT_CONFIG;
3542b854 601 chan->state = BT_CONFIG;
0bee1d60 602
a7d7723a
GP		 603 /* or for ACL link */
604 } else if ((sk->sk_state == BT_CONNECT2 &&
c5daa683 605 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 606 sk->sk_state == BT_CONNECTED) {
607 if (!l2cap_chan_check_security(chan))
c5daa683 608 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 609 else
610 sk->sk_state_change(sk);
0bee1d60
GP		 611 } else {
612 err = -EINVAL;
f1cb9af5 613 }
33575df7
GP		 614 break;
615
616 case BT_DEFER_SETUP:
617 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
618 err = -EINVAL;
619 break;
620 }
621
622 if (get_user(opt, (u32 __user *) optval)) {
623 err = -EFAULT;
624 break;
625 }
626
c5daa683
GP		 627 if (opt)
628 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
629 else
630 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
33575df7
GP		 631 break;
632
633 case BT_FLUSHABLE:
634 if (get_user(opt, (u32 __user *) optval)) {
635 err = -EFAULT;
636 break;
637 }
638
639 if (opt > BT_FLUSHABLE_ON) {
640 err = -EINVAL;
641 break;
642 }
643
644 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 645 struct l2cap_conn *conn = chan->conn;
25985edc 646 /* proceed further only when we have l2cap_conn and
33575df7
GP		 647 No Flush support in the LM */
648 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
649 err = -EINVAL;
650 break;
651 }
652 }
653
d57b0e8b
AE		 654 if (opt)
655 set_bit(FLAG_FLUSHABLE, &chan->flags);
656 else
657 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 658 break;
659
14b12d0b
JG		 660 case BT_POWER:
661 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
662 chan->chan_type != L2CAP_CHAN_RAW) {
663 err = -EINVAL;
664 break;
665 }
666
667 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
668
669 len = min_t(unsigned int, sizeof(pwr), optlen);
670 if (copy_from_user((char *) &pwr, optval, len)) {
671 err = -EFAULT;
672 break;
673 }
15770b1a
AE		 674
675 if (pwr.force_active)
676 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
677 else
678 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 679 break;
680
2ea66482
MM		 681 case BT_CHANNEL_POLICY:
682 if (!enable_hs) {
683 err = -ENOPROTOOPT;
684 break;
685 }
686
687 if (get_user(opt, (u32 __user *) optval)) {
688 err = -EFAULT;
689 break;
690 }
691
692 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
693 err = -EINVAL;
694 break;
695 }
696
697 if (chan->mode != L2CAP_MODE_ERTM &&
698 chan->mode != L2CAP_MODE_STREAMING) {
699 err = -EOPNOTSUPP;
700 break;
701 }
702
703 chan->chan_policy = (u8) opt;
14b12d0b
JG		 704 break;
705
33575df7
GP		 706 default:
707 err = -ENOPROTOOPT;
708 break;
709 }
710
711 release_sock(sk);
712 return err;
713}
fd83ccdb
GP		 714
715static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
716{
717 struct sock *sk = sock->sk;
0c1bc5c6 718 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 719 int err;
720
721 BT_DBG("sock %p, sk %p", sock, sk);
722
723 err = sock_error(sk);
724 if (err)
725 return err;
726
727 if (msg->msg_flags & MSG_OOB)
728 return -EOPNOTSUPP;
729
a6a5568c 730 if (sk->sk_state != BT_CONNECTED)
9a91a04a 731 return -ENOTCONN;
fd83ccdb 732
a6a5568c 733 l2cap_chan_lock(chan);
5e59b791 734 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 735 l2cap_chan_unlock(chan);
fd83ccdb 736
fd83ccdb
GP		 737 return err;
738}
33575df7 739
68983259
GP		 740static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
741{
742 struct sock *sk = sock->sk;
e328140f
MM		 743 struct l2cap_pinfo *pi = l2cap_pi(sk);
744 int err;
68983259
GP		 745
746 lock_sock(sk);
747
c5daa683
GP		 748 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
749 &bt_sk(sk)->flags)) {
8c1d787b 750 sk->sk_state = BT_CONFIG;
3542b854 751 pi->chan->state = BT_CONFIG;
8c1d787b 752
e328140f 753 __l2cap_connect_rsp_defer(pi->chan);
68983259
GP		 754 release_sock(sk);
755 return 0;
756 }
757
758 release_sock(sk);
759
760 if (sock->type == SOCK_STREAM)
e328140f
MM		 761 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
762 else
763 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
764
765 if (pi->chan->mode != L2CAP_MODE_ERTM)
766 return err;
767
768 /* Attempt to put pending rx data in the socket buffer */
769
770 lock_sock(sk);
771
772 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
773 goto done;
774
775 if (pi->rx_busy_skb) {
776 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
777 pi->rx_busy_skb = NULL;
778 else
779 goto done;
780 }
781
782 /* Restore data flow when half of the receive buffer is
783 * available. This avoids resending large numbers of
784 * frames.
785 */
786 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
787 l2cap_chan_busy(pi->chan, 0);
68983259 788
e328140f
MM		 789done:
790 release_sock(sk);
791 return err;
68983259
GP		 792}
793
05fc1576
GP		 794/* Kill socket (only if zapped and orphan)
795 * Must be called on unlocked socket.
796 */
ba3bd0ee 797static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 798{
799 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
800 return;
801
e05dcc32 802 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 803
804 /* Kill poor orphan */
6ff5abbf 805
23691d75 806 l2cap_chan_destroy(l2cap_pi(sk)->chan);
05fc1576
GP		 807 sock_set_flag(sk, SOCK_DEAD);
808 sock_put(sk);
809}
810
dcba0dba
GP		 811static int l2cap_sock_shutdown(struct socket *sock, int how)
812{
813 struct sock *sk = sock->sk;
7ddb6e0f 814 struct l2cap_chan *chan;
3df91ea2 815 struct l2cap_conn *conn;
dcba0dba
GP		 816 int err = 0;
817
818 BT_DBG("sock %p, sk %p", sock, sk);
819
820 if (!sk)
821 return 0;
822
7ddb6e0f 823 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 824 conn = chan->conn;
825
826 if (conn)
827 mutex_lock(&conn->chan_lock);
7ddb6e0f 828
6be36555 829 l2cap_chan_lock(chan);
dcba0dba 830 lock_sock(sk);
6be36555 831
dcba0dba 832 if (!sk->sk_shutdown) {
0c1bc5c6 833 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 834 err = __l2cap_wait_ack(sk);
835
836 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 837
6be36555 838 release_sock(sk);
0f852724 839 l2cap_chan_close(chan, 0);
6be36555 840 lock_sock(sk);
dcba0dba
GP		 841
842 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
843 err = bt_sock_wait_state(sk, BT_CLOSED,
844 sk->sk_lingertime);
845 }
846
847 if (!err && sk->sk_err)
848 err = -sk->sk_err;
849
850 release_sock(sk);
6be36555 851 l2cap_chan_unlock(chan);
3df91ea2
AE		 852
853 if (conn)
854 mutex_unlock(&conn->chan_lock);
855
dcba0dba
GP		 856 return err;
857}
858
554f05bb
GP		 859static int l2cap_sock_release(struct socket *sock)
860{
861 struct sock *sk = sock->sk;
862 int err;
863
864 BT_DBG("sock %p, sk %p", sock, sk);
865
866 if (!sk)
867 return 0;
868
869 err = l2cap_sock_shutdown(sock, 2);
870
871 sock_orphan(sk);
872 l2cap_sock_kill(sk);
873 return err;
874}
875
80808e43
GP		 876static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
877{
878 struct sock *sk, *parent = data;
879
880 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
881 GFP_ATOMIC);
882 if (!sk)
883 return NULL;
884
d22015aa
OP		 885 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
886
80808e43
GP		 887 l2cap_sock_init(sk, parent);
888
889 return l2cap_pi(sk)->chan;
890}
891
23070494
GP		 892static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
893{
e328140f 894 int err;
23070494 895 struct sock *sk = data;
e328140f
MM		 896 struct l2cap_pinfo *pi = l2cap_pi(sk);
897
6be36555
AE		 898 lock_sock(sk);
899
900 if (pi->rx_busy_skb) {
901 err = -ENOMEM;
902 goto done;
903 }
e328140f
MM		 904
905 err = sock_queue_rcv_skb(sk, skb);
906
907 /* For ERTM, handle one skb that doesn't fit into the recv
908 * buffer. This is important to do because the data frames
909 * have already been acked, so the skb cannot be discarded.
910 *
911 * Notify the l2cap core that the buffer is full, so the
912 * LOCAL_BUSY state is entered and no more frames are
913 * acked and reassembled until there is buffer space
914 * available.
915 */
916 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
917 pi->rx_busy_skb = skb;
918 l2cap_chan_busy(pi->chan, 1);
919 err = 0;
920 }
23070494 921
6be36555
AE		 922done:
923 release_sock(sk);
924
e328140f 925 return err;
23070494
GP		 926}
927
ba3bd0ee
GP		 928static void l2cap_sock_close_cb(void *data)
929{
930 struct sock *sk = data;
931
932 l2cap_sock_kill(sk);
933}
934
89bc500e
GP		 935static void l2cap_sock_state_change_cb(void *data, int state)
936{
937 struct sock *sk = data;
938
939 sk->sk_state = state;
940}
941
2f7719ce 942static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 943 unsigned long len, int nb)
2f7719ce 944{
90338947
GP		 945 struct sk_buff *skb;
946 int err;
947
a6a5568c 948 l2cap_chan_unlock(chan);
90338947 949 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
a6a5568c
MM		 950 l2cap_chan_lock(chan);
951
90338947
GP		 952 if (!skb)
953 return ERR_PTR(err);
2f7719ce 954
90338947 955 return skb;
2f7719ce
AE		 956}
957
80808e43
GP		 958static struct l2cap_ops l2cap_chan_ops = {
959 .name = "L2CAP Socket Interface",
960 .new_connection = l2cap_sock_new_connection_cb,
23070494 961 .recv = l2cap_sock_recv_cb,
ba3bd0ee 962 .close = l2cap_sock_close_cb,
89bc500e 963 .state_change = l2cap_sock_state_change_cb,
2f7719ce 964 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 965};
966
bb58f747
GP		 967static void l2cap_sock_destruct(struct sock *sk)
968{
969 BT_DBG("sk %p", sk);
970
61d6ef3e 971 l2cap_chan_put(l2cap_pi(sk)->chan);
e328140f
MM		 972 if (l2cap_pi(sk)->rx_busy_skb) {
973 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
974 l2cap_pi(sk)->rx_busy_skb = NULL;
975 }
976
bb58f747
GP		 977 skb_queue_purge(&sk->sk_receive_queue);
978 skb_queue_purge(&sk->sk_write_queue);
979}
980
80808e43 981static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747
GP		 982{
983 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 984 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 985
986 BT_DBG("sk %p", sk);
987
988 if (parent) {
b4450035
GP		 989 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
990
bb58f747 991 sk->sk_type = parent->sk_type;
c5daa683 992 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 993
715ec005 994 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 995 chan->imtu = pchan->imtu;
996 chan->omtu = pchan->omtu;
b4450035 997 chan->conf_state = pchan->conf_state;
0c1bc5c6 998 chan->mode = pchan->mode;
47d1ec61
GP		 999 chan->fcs = pchan->fcs;
1000 chan->max_tx = pchan->max_tx;
1001 chan->tx_win = pchan->tx_win;
6b3c7104 1002 chan->tx_win_max = pchan->tx_win_max;
4343478f 1003 chan->sec_level = pchan->sec_level;
d57b0e8b 1004 chan->flags = pchan->flags;
6230c9b4
PM		 1005
1006 security_sk_clone(parent, sk);
bb58f747 1007 } else {
715ec005
GP		 1008
1009 switch (sk->sk_type) {
1010 case SOCK_RAW:
1011 chan->chan_type = L2CAP_CHAN_RAW;
1012 break;
1013 case SOCK_DGRAM:
1014 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1015 break;
1016 case SOCK_SEQPACKET:
1017 case SOCK_STREAM:
1018 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1019 break;
1020 }
1021
0c1bc5c6
GP		 1022 chan->imtu = L2CAP_DEFAULT_MTU;
1023 chan->omtu = 0;
bb58f747 1024 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1025 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1026 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1027 } else {
0c1bc5c6 1028 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1029 }
bd4b1653
AE		 1030
1031 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1032 }
1033
1034 /* Default config options */
0c1bc5c6 1035 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1036
1037 chan->data = sk;
1038 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1039}
1040
1041static struct proto l2cap_proto = {
1042 .name = "L2CAP",
1043 .owner = THIS_MODULE,
1044 .obj_size = sizeof(struct l2cap_pinfo)
1045};
1046
80808e43 1047static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
bb58f747
GP		 1048{
1049 struct sock *sk;
dc50a06d 1050 struct l2cap_chan *chan;
bb58f747
GP		 1051
1052 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1053 if (!sk)
1054 return NULL;
1055
1056 sock_init_data(sock, sk);
1057 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1058
1059 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1060 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1061
1062 sock_reset_flag(sk, SOCK_ZAPPED);
1063
1064 sk->sk_protocol = proto;
1065 sk->sk_state = BT_OPEN;
1066
eef1d9b6 1067 chan = l2cap_chan_create();
dc50a06d
GP		 1068 if (!chan) {
1069 l2cap_sock_kill(sk);
1070 return NULL;
1071 }
1072
61d6ef3e
MM		 1073 l2cap_chan_hold(chan);
1074
eef1d9b6
GP		 1075 chan->sk = sk;
1076
dc50a06d
GP		 1077 l2cap_pi(sk)->chan = chan;
1078
bb58f747
GP		 1079 return sk;
1080}
1081
1082static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1083 int kern)
1084{
1085 struct sock *sk;
1086
1087 BT_DBG("sock %p", sock);
1088
1089 sock->state = SS_UNCONNECTED;
1090
1091 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1092 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1093 return -ESOCKTNOSUPPORT;
1094
1095 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1096 return -EPERM;
1097
1098 sock->ops = &l2cap_sock_ops;
1099
1100 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1101 if (!sk)
1102 return -ENOMEM;
1103
1104 l2cap_sock_init(sk, NULL);
1105 return 0;
1106}
1107
cf2f90f5 1108static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1109 .family = PF_BLUETOOTH,
1110 .owner = THIS_MODULE,
1111 .release = l2cap_sock_release,
1112 .bind = l2cap_sock_bind,
1113 .connect = l2cap_sock_connect,
1114 .listen = l2cap_sock_listen,
1115 .accept = l2cap_sock_accept,
1116 .getname = l2cap_sock_getname,
1117 .sendmsg = l2cap_sock_sendmsg,
1118 .recvmsg = l2cap_sock_recvmsg,
1119 .poll = bt_sock_poll,
1120 .ioctl = bt_sock_ioctl,
1121 .mmap = sock_no_mmap,
1122 .socketpair = sock_no_socketpair,
1123 .shutdown = l2cap_sock_shutdown,
1124 .setsockopt = l2cap_sock_setsockopt,
1125 .getsockopt = l2cap_sock_getsockopt
1126};
1127
bb58f747
GP		 1128static const struct net_proto_family l2cap_sock_family_ops = {
1129 .family = PF_BLUETOOTH,
1130 .owner = THIS_MODULE,
1131 .create = l2cap_sock_create,
1132};
1133
1134int __init l2cap_init_sockets(void)
1135{
e2174ca4 1136 int err;
bb58f747 1137
e2174ca4
GP		 1138 err = proto_register(&l2cap_proto, 0);
1139 if (err < 0)
1140 return err;
bb58f747 1141
e2174ca4
GP		 1142 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1143 if (err < 0)
1144 goto error;
bb58f747 1145
e2174ca4 1146 BT_INFO("L2CAP socket layer initialized");
bb58f747 1147
e2174ca4 1148 return 0;
bb58f747
GP		 1149
1150error:
e2174ca4
GP		 1151 BT_ERR("L2CAP socket registration failed");
1152 proto_unregister(&l2cap_proto);
1153 return err;
bb58f747
GP		 1154}
1155
1156void l2cap_cleanup_sockets(void)
1157{
e2174ca4
GP		 1158 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1159 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1160
e2174ca4 1161 proto_unregister(&l2cap_proto);
bb58f747 1162}
ubuntu-zesty-kernel mirror