]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Connection parameters and auto connection
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 36
37#include "smp.h"
bb58f747 38
5b28d95c
MY		 39static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
41};
42
cf2f90f5 43static const struct proto_ops l2cap_sock_ops;
80808e43 44static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio);
cf2f90f5 47
b3916db3
DH		 48bool l2cap_is_socket(struct socket *sock)
49{
50 return sock && sock->ops == &l2cap_sock_ops;
51}
52EXPORT_SYMBOL(l2cap_is_socket);
53
4946096d
JH		 54static int l2cap_validate_bredr_psm(u16 psm)
55{
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
58 return -EINVAL;
59
60 /* Restrict usage of well-known PSMs */
61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
62 return -EACCES;
63
64 return 0;
65}
66
67static int l2cap_validate_le_psm(u16 psm)
68{
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
70 if (psm > 0x00ff)
71 return -EINVAL;
72
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
75 return -EACCES;
76
77 return 0;
78}
79
af6bcd82
GP		 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
81{
82 struct sock *sk = sock->sk;
4343478f 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 84 struct sockaddr_l2 la;
85 int len, err = 0;
86
87 BT_DBG("sk %p", sk);
88
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
90 return -EINVAL;
91
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
95
b62f328b 96 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 97 return -EINVAL;
98
80c1a2e7
JH		 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
100 return -EINVAL;
101
21626e62
JH		 102 if (la.l2_cid) {
103 /* When the socket gets created it defaults to
104 * CHAN_CONN_ORIENTED, so we need to overwrite the
105 * default here.
106 */
107 chan->chan_type = L2CAP_CHAN_FIXED;
108 chan->omtu = L2CAP_DEFAULT_MTU;
109 }
110
bfe4655f 111 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 112 /* We only allow ATT user space socket */
9149761a
JH		 113 if (la.l2_cid &&
114 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 115 return -EINVAL;
116 }
117
af6bcd82
GP		 118 lock_sock(sk);
119
120 if (sk->sk_state != BT_OPEN) {
121 err = -EBADFD;
122 goto done;
123 }
124
125 if (la.l2_psm) {
126 __u16 psm = __le16_to_cpu(la.l2_psm);
127
4946096d
JH		 128 if (la.l2_bdaddr_type == BDADDR_BREDR)
129 err = l2cap_validate_bredr_psm(psm);
130 else
131 err = l2cap_validate_le_psm(psm);
af6bcd82 132
4946096d 133 if (err)
af6bcd82 134 goto done;
af6bcd82
GP		 135 }
136
9e4425ff 137 if (la.l2_cid)
6e4aff10 138 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 139 else
140 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 141
9e4425ff
GP		 142 if (err < 0)
143 goto done;
af6bcd82 144
6a974b50 145 switch (chan->chan_type) {
3124b843
MH		 146 case L2CAP_CHAN_CONN_LESS:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
148 chan->sec_level = BT_SECURITY_SDP;
149 break;
6a974b50
MH		 150 case L2CAP_CHAN_CONN_ORIENTED:
151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
152 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
153 chan->sec_level = BT_SECURITY_SDP;
154 break;
cb6ca8e1
JH		 155 case L2CAP_CHAN_RAW:
156 chan->sec_level = BT_SECURITY_SDP;
157 break;
6a974b50 158 }
b62f328b 159
7eafc59e 160 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 161 chan->src_type = la.l2_bdaddr_type;
89bc500e 162
38319713 163 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 164 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 165
89bc500e 166 chan->state = BT_BOUND;
9e4425ff 167 sk->sk_state = BT_BOUND;
af6bcd82
GP		 168
169done:
170 release_sock(sk);
171 return err;
172}
173
2d792818
GP		 174static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
175 int alen, int flags)
4e34c50b
GP		 176{
177 struct sock *sk = sock->sk;
0c1bc5c6 178 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 179 struct sockaddr_l2 la;
180 int len, err = 0;
181
182 BT_DBG("sk %p", sk);
183
184 if (!addr || alen < sizeof(addr->sa_family) ||
185 addr->sa_family != AF_BLUETOOTH)
186 return -EINVAL;
187
188 memset(&la, 0, sizeof(la));
189 len = min_t(unsigned int, sizeof(la), alen);
190 memcpy(&la, addr, len);
191
acd7d370 192 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 193 return -EINVAL;
194
80c1a2e7
JH		 195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
196 return -EINVAL;
197
eb622495
JH		 198 /* Check that the socket wasn't bound to something that
199 * conflicts with the address given to connect(). If chan->src
200 * is BDADDR_ANY it means bind() was never used, in which case
201 * chan->src_type and la.l2_bdaddr_type do not need to match.
202 */
203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
204 bdaddr_type_is_le(la.l2_bdaddr_type)) {
205 /* Old user space versions will try to incorrectly bind
206 * the ATT socket using BDADDR_BREDR. We need to accept
207 * this and fix up the source address type only when
208 * both the source CID and destination CID indicate
209 * ATT. Anything else is an invalid combination.
210 */
211 if (chan->scid != L2CAP_CID_ATT ||
212 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
213 return -EINVAL;
214
215 /* We don't have the hdev available here to make a
216 * better decision on random vs public, but since all
217 * user space versions that exhibit this issue anyway do
218 * not support random local addresses assuming public
219 * here is good enough.
220 */
221 chan->src_type = BDADDR_LE_PUBLIC;
222 }
1f209383
JH		 223
224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
225 return -EINVAL;
226
bfe4655f 227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 228 /* We only allow ATT user space socket */
9149761a
JH		 229 if (la.l2_cid &&
230 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 231 return -EINVAL;
232 }
233
38319713 234 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 235 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 236
6e4aff10 237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 238 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 239 if (err)
b3fb611e 240 return err;
4e34c50b 241
6be36555
AE		 242 lock_sock(sk);
243
4e34c50b 244 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 245 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 246
247 release_sock(sk);
248
4e34c50b
GP		 249 return err;
250}
251
af6bcd82
GP		 252static int l2cap_sock_listen(struct socket *sock, int backlog)
253{
254 struct sock *sk = sock->sk;
0c1bc5c6 255 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 256 int err = 0;
257
258 BT_DBG("sk %p backlog %d", sk, backlog);
259
260 lock_sock(sk);
261
6b3af733 262 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 263 err = -EBADFD;
264 goto done;
265 }
266
6b3af733
MH		 267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
268 err = -EINVAL;
269 goto done;
270 }
271
0c1bc5c6 272 switch (chan->mode) {
af6bcd82 273 case L2CAP_MODE_BASIC:
38319713 274 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 275 break;
276 case L2CAP_MODE_ERTM:
277 case L2CAP_MODE_STREAMING:
278 if (!disable_ertm)
279 break;
280 /* fall through */
281 default:
282 err = -ENOTSUPP;
283 goto done;
284 }
285
af6bcd82
GP		 286 sk->sk_max_ack_backlog = backlog;
287 sk->sk_ack_backlog = 0;
89bc500e
GP		 288
289 chan->state = BT_LISTEN;
af6bcd82
GP		 290 sk->sk_state = BT_LISTEN;
291
292done:
293 release_sock(sk);
294 return err;
295}
296
2d792818
GP		 297static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
298 int flags)
c47b7c72
GP		 299{
300 DECLARE_WAITQUEUE(wait, current);
301 struct sock *sk = sock->sk, *nsk;
302 long timeo;
303 int err = 0;
304
305 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
306
c47b7c72
GP		 307 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
308
309 BT_DBG("sk %p timeo %ld", sk, timeo);
310
311 /* Wait for an incoming connection. (wake-one). */
312 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 313 while (1) {
c47b7c72 314 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 315
316 if (sk->sk_state != BT_LISTEN) {
317 err = -EBADFD;
c47b7c72
GP		 318 break;
319 }
320
f9a3c20a
PH		 321 nsk = bt_accept_dequeue(sk, newsock);
322 if (nsk)
323 break;
c47b7c72 324
f9a3c20a
PH		 325 if (!timeo) {
326 err = -EAGAIN;
c47b7c72
GP		 327 break;
328 }
329
330 if (signal_pending(current)) {
331 err = sock_intr_errno(timeo);
332 break;
333 }
f9a3c20a
PH		 334
335 release_sock(sk);
336 timeo = schedule_timeout(timeo);
337 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 338 }
f9a3c20a 339 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 340 remove_wait_queue(sk_sleep(sk), &wait);
341
342 if (err)
343 goto done;
344
345 newsock->state = SS_CONNECTED;
346
347 BT_DBG("new socket %p", nsk);
348
349done:
350 release_sock(sk);
351 return err;
352}
353
2d792818
GP		 354static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
355 int *len, int peer)
d7175d55
GP		 356{
357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
358 struct sock *sk = sock->sk;
0c1bc5c6 359 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 360
361 BT_DBG("sock %p, sk %p", sock, sk);
362
b783fbc3
JH		 363 if (peer && sk->sk_state != BT_CONNECTED)
364 return -ENOTCONN;
365
792039c7 366 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 367 addr->sa_family = AF_BLUETOOTH;
368 *len = sizeof(struct sockaddr_l2);
369
d7e5e76b
JH		 370 la->l2_psm = chan->psm;
371
d7175d55 372 if (peer) {
7eafc59e 373 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 374 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 375 la->l2_bdaddr_type = chan->dst_type;
d7175d55 376 } else {
7eafc59e 377 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 378 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 379 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 380 }
381
382 return 0;
383}
384
2d792818
GP		 385static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
386 char __user *optval, int __user *optlen)
99f4808d
GP		 387{
388 struct sock *sk = sock->sk;
4343478f 389 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 390 struct l2cap_options opts;
391 struct l2cap_conninfo cinfo;
392 int len, err = 0;
393 u32 opt;
394
395 BT_DBG("sk %p", sk);
396
397 if (get_user(len, optlen))
398 return -EFAULT;
399
400 lock_sock(sk);
401
402 switch (optname) {
403 case L2CAP_OPTIONS:
64b4f8dc
JH		 404 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
405 * legacy ATT code depends on getsockopt for
406 * L2CAP_OPTIONS we need to let this pass.
407 */
408 if (bdaddr_type_is_le(chan->src_type) &&
409 chan->scid != L2CAP_CID_ATT) {
410 err = -EINVAL;
411 break;
412 }
413
e3fb592b 414 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 415 opts.imtu = chan->imtu;
416 opts.omtu = chan->omtu;
417 opts.flush_to = chan->flush_to;
418 opts.mode = chan->mode;
47d1ec61
GP		 419 opts.fcs = chan->fcs;
420 opts.max_tx = chan->max_tx;
6327eb98 421 opts.txwin_size = chan->tx_win;
99f4808d
GP		 422
423 len = min_t(unsigned int, len, sizeof(opts));
424 if (copy_to_user(optval, (char *) &opts, len))
425 err = -EFAULT;
426
427 break;
428
429 case L2CAP_LM:
4343478f 430 switch (chan->sec_level) {
99f4808d
GP		 431 case BT_SECURITY_LOW:
432 opt = L2CAP_LM_AUTH;
433 break;
434 case BT_SECURITY_MEDIUM:
435 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
436 break;
437 case BT_SECURITY_HIGH:
438 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 439 L2CAP_LM_SECURE;
99f4808d 440 break;
7d513e92
MH		 441 case BT_SECURITY_FIPS:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
443 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
444 break;
99f4808d
GP		 445 default:
446 opt = 0;
447 break;
448 }
449
43bd0f32 450 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 451 opt |= L2CAP_LM_MASTER;
452
ecf61bdb 453 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 454 opt |= L2CAP_LM_RELIABLE;
455
456 if (put_user(opt, (u32 __user *) optval))
457 err = -EFAULT;
7d513e92 458
99f4808d
GP		 459 break;
460
461 case L2CAP_CONNINFO:
462 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 463 !(sk->sk_state == BT_CONNECT2 &&
464 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 465 err = -ENOTCONN;
466 break;
467 }
468
8d03e971 469 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 470 cinfo.hci_handle = chan->conn->hcon->handle;
471 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 472
473 len = min_t(unsigned int, len, sizeof(cinfo));
474 if (copy_to_user(optval, (char *) &cinfo, len))
475 err = -EFAULT;
476
477 break;
478
479 default:
480 err = -ENOPROTOOPT;
481 break;
482 }
483
484 release_sock(sk);
485 return err;
486}
487
2d792818
GP		 488static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
489 char __user *optval, int __user *optlen)
99f4808d
GP		 490{
491 struct sock *sk = sock->sk;
4343478f 492 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 493 struct bt_security sec;
14b12d0b 494 struct bt_power pwr;
99f4808d
GP		 495 int len, err = 0;
496
497 BT_DBG("sk %p", sk);
498
499 if (level == SOL_L2CAP)
500 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
501
502 if (level != SOL_BLUETOOTH)
503 return -ENOPROTOOPT;
504
505 if (get_user(len, optlen))
506 return -EFAULT;
507
508 lock_sock(sk);
509
510 switch (optname) {
511 case BT_SECURITY:
715ec005 512 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 513 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 514 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 515 err = -EINVAL;
516 break;
517 }
518
8f360119 519 memset(&sec, 0, sizeof(sec));
85e34368 520 if (chan->conn) {
c6585a4d 521 sec.level = chan->conn->hcon->sec_level;
99f4808d 522
85e34368
AE		 523 if (sk->sk_state == BT_CONNECTED)
524 sec.key_size = chan->conn->hcon->enc_key_size;
525 } else {
526 sec.level = chan->sec_level;
527 }
8f360119 528
99f4808d
GP		 529 len = min_t(unsigned int, len, sizeof(sec));
530 if (copy_to_user(optval, (char *) &sec, len))
531 err = -EFAULT;
532
533 break;
534
535 case BT_DEFER_SETUP:
536 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
537 err = -EINVAL;
538 break;
539 }
540
c5daa683
GP		 541 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
542 (u32 __user *) optval))
99f4808d
GP		 543 err = -EFAULT;
544
545 break;
546
547 case BT_FLUSHABLE:
d57b0e8b 548 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 549 (u32 __user *) optval))
99f4808d
GP		 550 err = -EFAULT;
551
552 break;
553
14b12d0b
JG		 554 case BT_POWER:
555 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 556 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 557 err = -EINVAL;
558 break;
559 }
560
15770b1a 561 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 562
563 len = min_t(unsigned int, len, sizeof(pwr));
564 if (copy_to_user(optval, (char *) &pwr, len))
565 err = -EFAULT;
566
567 break;
568
2ea66482 569 case BT_CHANNEL_POLICY:
2ea66482
MM		 570 if (put_user(chan->chan_policy, (u32 __user *) optval))
571 err = -EFAULT;
572 break;
573
1f435424 574 case BT_SNDMTU:
1f435424
JH		 575 if (!bdaddr_type_is_le(chan->src_type)) {
576 err = -EINVAL;
577 break;
578 }
579
580 if (sk->sk_state != BT_CONNECTED) {
581 err = -ENOTCONN;
582 break;
583 }
584
585 if (put_user(chan->omtu, (u16 __user *) optval))
586 err = -EFAULT;
587 break;
588
589 case BT_RCVMTU:
1f435424
JH		 590 if (!bdaddr_type_is_le(chan->src_type)) {
591 err = -EINVAL;
592 break;
593 }
594
595 if (put_user(chan->imtu, (u16 __user *) optval))
596 err = -EFAULT;
597 break;
598
99f4808d
GP		 599 default:
600 err = -ENOPROTOOPT;
601 break;
602 }
603
604 release_sock(sk);
605 return err;
606}
607
682877c3
AG		 608static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
609{
610 switch (chan->scid) {
073d1cf3 611 case L2CAP_CID_ATT:
8c3a4f00 612 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 613 return false;
614 break;
615
616 default:
617 if (mtu < L2CAP_DEFAULT_MIN_MTU)
618 return false;
619 }
620
621 return true;
622}
623
2d792818
GP		 624static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
625 char __user *optval, unsigned int optlen)
33575df7
GP		 626{
627 struct sock *sk = sock->sk;
b4450035 628 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 629 struct l2cap_options opts;
630 int len, err = 0;
631 u32 opt;
632
633 BT_DBG("sk %p", sk);
634
635 lock_sock(sk);
636
637 switch (optname) {
638 case L2CAP_OPTIONS:
64b4f8dc
JH		 639 if (bdaddr_type_is_le(chan->src_type)) {
640 err = -EINVAL;
641 break;
642 }
643
33575df7
GP		 644 if (sk->sk_state == BT_CONNECTED) {
645 err = -EINVAL;
646 break;
647 }
648
0c1bc5c6
GP		 649 opts.imtu = chan->imtu;
650 opts.omtu = chan->omtu;
651 opts.flush_to = chan->flush_to;
652 opts.mode = chan->mode;
47d1ec61
GP		 653 opts.fcs = chan->fcs;
654 opts.max_tx = chan->max_tx;
6327eb98 655 opts.txwin_size = chan->tx_win;
33575df7
GP		 656
657 len = min_t(unsigned int, sizeof(opts), optlen);
658 if (copy_from_user((char *) &opts, optval, len)) {
659 err = -EFAULT;
660 break;
661 }
662
6327eb98 663 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 664 err = -EINVAL;
665 break;
666 }
667
682877c3
AG		 668 if (!l2cap_valid_mtu(chan, opts.imtu)) {
669 err = -EINVAL;
670 break;
671 }
672
0c1bc5c6
GP		 673 chan->mode = opts.mode;
674 switch (chan->mode) {
38319713
JH		 675 case L2CAP_MODE_LE_FLOWCTL:
676 break;
33575df7 677 case L2CAP_MODE_BASIC:
c1360a1c 678 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 679 break;
680 case L2CAP_MODE_ERTM:
681 case L2CAP_MODE_STREAMING:
682 if (!disable_ertm)
683 break;
684 /* fall through */
685 default:
686 err = -EINVAL;
687 break;
688 }
689
0c1bc5c6
GP		 690 chan->imtu = opts.imtu;
691 chan->omtu = opts.omtu;
47d1ec61
GP		 692 chan->fcs = opts.fcs;
693 chan->max_tx = opts.max_tx;
6327eb98 694 chan->tx_win = opts.txwin_size;
12d59781 695 chan->flush_to = opts.flush_to;
33575df7
GP		 696 break;
697
698 case L2CAP_LM:
699 if (get_user(opt, (u32 __user *) optval)) {
700 err = -EFAULT;
701 break;
702 }
703
7d513e92
MH		 704 if (opt & L2CAP_LM_FIPS) {
705 err = -EINVAL;
706 break;
707 }
708
33575df7 709 if (opt & L2CAP_LM_AUTH)
4343478f 710 chan->sec_level = BT_SECURITY_LOW;
33575df7 711 if (opt & L2CAP_LM_ENCRYPT)
4343478f 712 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 713 if (opt & L2CAP_LM_SECURE)
4343478f 714 chan->sec_level = BT_SECURITY_HIGH;
33575df7 715
43bd0f32
AE		 716 if (opt & L2CAP_LM_MASTER)
717 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
718 else
719 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 720
721 if (opt & L2CAP_LM_RELIABLE)
722 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
723 else
724 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 725 break;
726
727 default:
728 err = -ENOPROTOOPT;
729 break;
730 }
731
732 release_sock(sk);
733 return err;
734}
735
2d792818
GP		 736static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
737 char __user *optval, unsigned int optlen)
33575df7
GP		 738{
739 struct sock *sk = sock->sk;
4343478f 740 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 741 struct bt_security sec;
14b12d0b 742 struct bt_power pwr;
f1cb9af5 743 struct l2cap_conn *conn;
33575df7
GP		 744 int len, err = 0;
745 u32 opt;
746
747 BT_DBG("sk %p", sk);
748
749 if (level == SOL_L2CAP)
750 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
751
752 if (level != SOL_BLUETOOTH)
753 return -ENOPROTOOPT;
754
755 lock_sock(sk);
756
757 switch (optname) {
758 case BT_SECURITY:
715ec005 759 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 760 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 761 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 762 err = -EINVAL;
763 break;
764 }
765
766 sec.level = BT_SECURITY_LOW;
767
768 len = min_t(unsigned int, sizeof(sec), optlen);
769 if (copy_from_user((char *) &sec, optval, len)) {
770 err = -EFAULT;
771 break;
772 }
773
774 if (sec.level < BT_SECURITY_LOW ||
2d792818 775 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 776 err = -EINVAL;
777 break;
778 }
779
4343478f 780 chan->sec_level = sec.level;
f1cb9af5 781
0bee1d60
GP		 782 if (!chan->conn)
783 break;
784
f1cb9af5 785 conn = chan->conn;
0bee1d60
GP		 786
787 /*change security for LE channels */
073d1cf3 788 if (chan->scid == L2CAP_CID_ATT) {
f1cb9af5
VCG		 789 if (!conn->hcon->out) {
790 err = -EINVAL;
791 break;
792 }
793
cc110922 794 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 795 break;
f1cb9af5 796 sk->sk_state = BT_CONFIG;
3542b854 797 chan->state = BT_CONFIG;
0bee1d60 798
a7d7723a
GP		 799 /* or for ACL link */
800 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 801 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 802 sk->sk_state == BT_CONNECTED) {
803 if (!l2cap_chan_check_security(chan))
c5daa683 804 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 805 else
806 sk->sk_state_change(sk);
0bee1d60
GP		 807 } else {
808 err = -EINVAL;
f1cb9af5 809 }
33575df7
GP		 810 break;
811
812 case BT_DEFER_SETUP:
813 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
814 err = -EINVAL;
815 break;
816 }
817
818 if (get_user(opt, (u32 __user *) optval)) {
819 err = -EFAULT;
820 break;
821 }
822
bdc25783 823 if (opt) {
c5daa683 824 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 825 set_bit(FLAG_DEFER_SETUP, &chan->flags);
826 } else {
c5daa683 827 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 828 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
829 }
33575df7
GP		 830 break;
831
832 case BT_FLUSHABLE:
833 if (get_user(opt, (u32 __user *) optval)) {
834 err = -EFAULT;
835 break;
836 }
837
838 if (opt > BT_FLUSHABLE_ON) {
839 err = -EINVAL;
840 break;
841 }
842
843 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 844 conn = chan->conn;
25985edc 845 /* proceed further only when we have l2cap_conn and
33575df7
GP		 846 No Flush support in the LM */
847 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
848 err = -EINVAL;
849 break;
850 }
851 }
852
d57b0e8b
AE		 853 if (opt)
854 set_bit(FLAG_FLUSHABLE, &chan->flags);
855 else
856 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 857 break;
858
14b12d0b
JG		 859 case BT_POWER:
860 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 861 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 862 err = -EINVAL;
863 break;
864 }
865
866 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
867
868 len = min_t(unsigned int, sizeof(pwr), optlen);
869 if (copy_from_user((char *) &pwr, optval, len)) {
870 err = -EFAULT;
871 break;
872 }
15770b1a
AE		 873
874 if (pwr.force_active)
875 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
876 else
877 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 878 break;
879
2ea66482 880 case BT_CHANNEL_POLICY:
2ea66482
MM		 881 if (get_user(opt, (u32 __user *) optval)) {
882 err = -EFAULT;
883 break;
884 }
885
886 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
887 err = -EINVAL;
888 break;
889 }
890
891 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 892 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 893 err = -EOPNOTSUPP;
894 break;
895 }
896
897 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 898
899 if (sk->sk_state == BT_CONNECTED &&
900 chan->move_role == L2CAP_MOVE_ROLE_NONE)
901 l2cap_move_start(chan);
902
14b12d0b
JG		 903 break;
904
1f435424 905 case BT_SNDMTU:
1f435424
JH		 906 if (!bdaddr_type_is_le(chan->src_type)) {
907 err = -EINVAL;
908 break;
909 }
910
911 /* Setting is not supported as it's the remote side that
912 * decides this.
913 */
914 err = -EPERM;
915 break;
916
917 case BT_RCVMTU:
1f435424
JH		 918 if (!bdaddr_type_is_le(chan->src_type)) {
919 err = -EINVAL;
920 break;
921 }
922
923 if (sk->sk_state == BT_CONNECTED) {
924 err = -EISCONN;
925 break;
926 }
927
928 if (get_user(opt, (u32 __user *) optval)) {
929 err = -EFAULT;
930 break;
931 }
932
933 chan->imtu = opt;
934 break;
935
33575df7
GP		 936 default:
937 err = -ENOPROTOOPT;
938 break;
939 }
940
941 release_sock(sk);
942 return err;
943}
fd83ccdb 944
2d792818
GP		 945static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
946 struct msghdr *msg, size_t len)
fd83ccdb
GP		 947{
948 struct sock *sk = sock->sk;
0c1bc5c6 949 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 950 int err;
951
952 BT_DBG("sock %p, sk %p", sock, sk);
953
954 err = sock_error(sk);
955 if (err)
956 return err;
957
958 if (msg->msg_flags & MSG_OOB)
959 return -EOPNOTSUPP;
960
a6a5568c 961 if (sk->sk_state != BT_CONNECTED)
9a91a04a 962 return -ENOTCONN;
fd83ccdb 963
e793dcf0
JH		 964 lock_sock(sk);
965 err = bt_sock_wait_ready(sk, msg->msg_flags);
966 release_sock(sk);
967 if (err)
968 return err;
969
a6a5568c 970 l2cap_chan_lock(chan);
5e59b791 971 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 972 l2cap_chan_unlock(chan);
fd83ccdb 973
fd83ccdb
GP		 974 return err;
975}
33575df7 976
2d792818
GP		 977static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
978 struct msghdr *msg, size_t len, int flags)
68983259
GP		 979{
980 struct sock *sk = sock->sk;
e328140f
MM		 981 struct l2cap_pinfo *pi = l2cap_pi(sk);
982 int err;
68983259
GP		 983
984 lock_sock(sk);
985
c5daa683
GP		 986 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
987 &bt_sk(sk)->flags)) {
38319713
JH		 988 if (bdaddr_type_is_le(pi->chan->src_type)) {
989 sk->sk_state = BT_CONNECTED;
990 pi->chan->state = BT_CONNECTED;
991 __l2cap_le_connect_rsp_defer(pi->chan);
992 } else {
993 sk->sk_state = BT_CONFIG;
994 pi->chan->state = BT_CONFIG;
995 __l2cap_connect_rsp_defer(pi->chan);
996 }
8c1d787b 997
970871bc
JH		 998 err = 0;
999 goto done;
68983259
GP		 1000 }
1001
1002 release_sock(sk);
1003
1004 if (sock->type == SOCK_STREAM)
e328140f
MM		 1005 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1006 else
1007 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1008
1009 if (pi->chan->mode != L2CAP_MODE_ERTM)
1010 return err;
1011
1012 /* Attempt to put pending rx data in the socket buffer */
1013
1014 lock_sock(sk);
1015
1016 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1017 goto done;
1018
1019 if (pi->rx_busy_skb) {
1020 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1021 pi->rx_busy_skb = NULL;
1022 else
1023 goto done;
1024 }
1025
1026 /* Restore data flow when half of the receive buffer is
1027 * available. This avoids resending large numbers of
1028 * frames.
1029 */
1030 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1031 l2cap_chan_busy(pi->chan, 0);
68983259 1032
e328140f
MM		 1033done:
1034 release_sock(sk);
1035 return err;
68983259
GP		 1036}
1037
05fc1576
GP		 1038/* Kill socket (only if zapped and orphan)
1039 * Must be called on unlocked socket.
1040 */
ba3bd0ee 1041static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1042{
1043 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1044 return;
1045
e05dcc32 1046 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1047
1048 /* Kill poor orphan */
6ff5abbf 1049
4af66c69 1050 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1051 sock_set_flag(sk, SOCK_DEAD);
1052 sock_put(sk);
1053}
1054
dc25306b
GP		 1055static int __l2cap_wait_ack(struct sock *sk)
1056{
1057 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1058 DECLARE_WAITQUEUE(wait, current);
1059 int err = 0;
1060 int timeo = HZ/5;
1061
1062 add_wait_queue(sk_sleep(sk), &wait);
1063 set_current_state(TASK_INTERRUPTIBLE);
1064 while (chan->unacked_frames > 0 && chan->conn) {
1065 if (!timeo)
1066 timeo = HZ/5;
1067
1068 if (signal_pending(current)) {
1069 err = sock_intr_errno(timeo);
1070 break;
1071 }
1072
1073 release_sock(sk);
1074 timeo = schedule_timeout(timeo);
1075 lock_sock(sk);
1076 set_current_state(TASK_INTERRUPTIBLE);
1077
1078 err = sock_error(sk);
1079 if (err)
1080 break;
1081 }
1082 set_current_state(TASK_RUNNING);
1083 remove_wait_queue(sk_sleep(sk), &wait);
1084 return err;
1085}
1086
dcba0dba
GP		 1087static int l2cap_sock_shutdown(struct socket *sock, int how)
1088{
1089 struct sock *sk = sock->sk;
7ddb6e0f 1090 struct l2cap_chan *chan;
3df91ea2 1091 struct l2cap_conn *conn;
dcba0dba
GP		 1092 int err = 0;
1093
1094 BT_DBG("sock %p, sk %p", sock, sk);
1095
1096 if (!sk)
1097 return 0;
1098
7ddb6e0f 1099 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 1100 conn = chan->conn;
1101
1102 if (conn)
1103 mutex_lock(&conn->chan_lock);
7ddb6e0f 1104
6be36555 1105 l2cap_chan_lock(chan);
dcba0dba 1106 lock_sock(sk);
6be36555 1107
dcba0dba 1108 if (!sk->sk_shutdown) {
0c1bc5c6 1109 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 1110 err = __l2cap_wait_ack(sk);
1111
1112 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 1113
6be36555 1114 release_sock(sk);
0f852724 1115 l2cap_chan_close(chan, 0);
6be36555 1116 lock_sock(sk);
dcba0dba
GP		 1117
1118 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1119 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 1120 sk->sk_lingertime);
dcba0dba
GP		 1121 }
1122
1123 if (!err && sk->sk_err)
1124 err = -sk->sk_err;
1125
1126 release_sock(sk);
6be36555 1127 l2cap_chan_unlock(chan);
3df91ea2
AE		 1128
1129 if (conn)
1130 mutex_unlock(&conn->chan_lock);
1131
dcba0dba
GP		 1132 return err;
1133}
1134
554f05bb
GP		 1135static int l2cap_sock_release(struct socket *sock)
1136{
1137 struct sock *sk = sock->sk;
1138 int err;
1139
1140 BT_DBG("sock %p, sk %p", sock, sk);
1141
1142 if (!sk)
1143 return 0;
1144
5b28d95c
MY		 1145 bt_sock_unlink(&l2cap_sk_list, sk);
1146
554f05bb
GP		 1147 err = l2cap_sock_shutdown(sock, 2);
1148
1149 sock_orphan(sk);
1150 l2cap_sock_kill(sk);
1151 return err;
1152}
1153
c0df7f6e
AE		 1154static void l2cap_sock_cleanup_listen(struct sock *parent)
1155{
1156 struct sock *sk;
1157
1158 BT_DBG("parent %p", parent);
1159
1160 /* Close not yet accepted channels */
1161 while ((sk = bt_accept_dequeue(parent, NULL))) {
1162 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1163
1164 l2cap_chan_lock(chan);
1165 __clear_chan_timer(chan);
1166 l2cap_chan_close(chan, ECONNRESET);
1167 l2cap_chan_unlock(chan);
1168
1169 l2cap_sock_kill(sk);
1170 }
1171}
1172
80b98027 1173static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1174{
80b98027 1175 struct sock *sk, *parent = chan->data;
80808e43 1176
8ffb9290
GP		 1177 lock_sock(parent);
1178
53826692
GP		 1179 /* Check for backlog size */
1180 if (sk_acceptq_is_full(parent)) {
1181 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1182 return NULL;
1183 }
1184
80808e43 1185 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 1186 GFP_ATOMIC);
80808e43
GP		 1187 if (!sk)
1188 return NULL;
1189
d22015aa
OP		 1190 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1191
80808e43
GP		 1192 l2cap_sock_init(sk, parent);
1193
644912e1
GP		 1194 bt_accept_enqueue(parent, sk);
1195
8ffb9290
GP		 1196 release_sock(parent);
1197
80808e43
GP		 1198 return l2cap_pi(sk)->chan;
1199}
1200
80b98027 1201static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1202{
80b98027 1203 struct sock *sk = chan->data;
84b34d98 1204 int err;
e328140f 1205
6be36555
AE		 1206 lock_sock(sk);
1207
84b34d98 1208 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1209 err = -ENOMEM;
1210 goto done;
1211 }
e328140f
MM		 1212
1213 err = sock_queue_rcv_skb(sk, skb);
1214
1215 /* For ERTM, handle one skb that doesn't fit into the recv
1216 * buffer. This is important to do because the data frames
1217 * have already been acked, so the skb cannot be discarded.
1218 *
1219 * Notify the l2cap core that the buffer is full, so the
1220 * LOCAL_BUSY state is entered and no more frames are
1221 * acked and reassembled until there is buffer space
1222 * available.
1223 */
84b34d98
MH		 1224 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1225 l2cap_pi(sk)->rx_busy_skb = skb;
1226 l2cap_chan_busy(chan, 1);
e328140f
MM		 1227 err = 0;
1228 }
23070494 1229
6be36555
AE		 1230done:
1231 release_sock(sk);
1232
e328140f 1233 return err;
23070494
GP		 1234}
1235
80b98027 1236static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1237{
80b98027 1238 struct sock *sk = chan->data;
ba3bd0ee
GP		 1239
1240 l2cap_sock_kill(sk);
1241}
1242
c0df7f6e
AE		 1243static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1244{
1245 struct sock *sk = chan->data;
1246 struct sock *parent;
1247
1248 lock_sock(sk);
1249
1250 parent = bt_sk(sk)->parent;
1251
1252 sock_set_flag(sk, SOCK_ZAPPED);
1253
1254 switch (chan->state) {
1255 case BT_OPEN:
1256 case BT_BOUND:
1257 case BT_CLOSED:
1258 break;
1259 case BT_LISTEN:
1260 l2cap_sock_cleanup_listen(sk);
1261 sk->sk_state = BT_CLOSED;
1262 chan->state = BT_CLOSED;
1263
1264 break;
1265 default:
1266 sk->sk_state = BT_CLOSED;
1267 chan->state = BT_CLOSED;
1268
1269 sk->sk_err = err;
1270
1271 if (parent) {
1272 bt_accept_unlink(sk);
1273 parent->sk_data_ready(parent, 0);
1274 } else {
1275 sk->sk_state_change(sk);
1276 }
1277
1278 break;
1279 }
1280
1281 release_sock(sk);
1282}
1283
53f52121
GP		 1284static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1285 int err)
89bc500e 1286{
80b98027 1287 struct sock *sk = chan->data;
89bc500e
GP		 1288
1289 sk->sk_state = state;
53f52121
GP		 1290
1291 if (err)
1292 sk->sk_err = err;
89bc500e
GP		 1293}
1294
2f7719ce 1295static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1296 unsigned long len, int nb)
2f7719ce 1297{
0f2c6153 1298 struct sock *sk = chan->data;
90338947
GP		 1299 struct sk_buff *skb;
1300 int err;
1301
a6a5568c 1302 l2cap_chan_unlock(chan);
0f2c6153 1303 skb = bt_skb_send_alloc(sk, len, nb, &err);
a6a5568c
MM		 1304 l2cap_chan_lock(chan);
1305
90338947
GP		 1306 if (!skb)
1307 return ERR_PTR(err);
2f7719ce 1308
0e790c64
GP		 1309 bt_cb(skb)->chan = chan;
1310
90338947 1311 return skb;
2f7719ce
AE		 1312}
1313
54a59aa2
AE		 1314static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1315{
1316 struct sock *sk = chan->data;
1317 struct sock *parent;
1318
1319 lock_sock(sk);
1320
1321 parent = bt_sk(sk)->parent;
1322
1323 BT_DBG("sk %p, parent %p", sk, parent);
1324
1325 sk->sk_state = BT_CONNECTED;
1326 sk->sk_state_change(sk);
1327
1328 if (parent)
1329 parent->sk_data_ready(parent, 0);
1330
1331 release_sock(sk);
1332}
1333
2dc4e510
GP		 1334static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1335{
acdcabf5
GP		 1336 struct sock *parent, *sk = chan->data;
1337
1338 lock_sock(sk);
2dc4e510 1339
acdcabf5 1340 parent = bt_sk(sk)->parent;
2dc4e510
GP		 1341 if (parent)
1342 parent->sk_data_ready(parent, 0);
acdcabf5
GP		 1343
1344 release_sock(sk);
2dc4e510
GP		 1345}
1346
d97c899b
MH		 1347static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1348{
1349 struct sock *sk = chan->data;
1350
1351 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1352 sk->sk_state_change(sk);
1353}
1354
5ec1bbe5
GP		 1355static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1356{
1357 struct sock *sk = chan->data;
1358
1359 lock_sock(sk);
1360 sk->sk_shutdown = SHUTDOWN_MASK;
1361 release_sock(sk);
1362}
1363
8d836d71
GP		 1364static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1365{
1366 struct sock *sk = chan->data;
1367
1368 return sk->sk_sndtimeo;
1369}
1370
837776f7
JH		 1371static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1372{
1373 struct sock *sk = chan->data;
1374
1375 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1376 sk->sk_state_change(sk);
1377}
1378
80808e43
GP		 1379static struct l2cap_ops l2cap_chan_ops = {
1380 .name = "L2CAP Socket Interface",
1381 .new_connection = l2cap_sock_new_connection_cb,
23070494 1382 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1383 .close = l2cap_sock_close_cb,
c0df7f6e 1384 .teardown = l2cap_sock_teardown_cb,
89bc500e 1385 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1386 .ready = l2cap_sock_ready_cb,
2dc4e510 1387 .defer = l2cap_sock_defer_cb,
d97c899b 1388 .resume = l2cap_sock_resume_cb,
837776f7 1389 .suspend = l2cap_sock_suspend_cb,
5ec1bbe5 1390 .set_shutdown = l2cap_sock_set_shutdown_cb,
8d836d71 1391 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
2f7719ce 1392 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1393};
1394
bb58f747
GP		 1395static void l2cap_sock_destruct(struct sock *sk)
1396{
1397 BT_DBG("sk %p", sk);
1398
23d3a869
SL		 1399 if (l2cap_pi(sk)->chan)
1400 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1401
e328140f
MM		 1402 if (l2cap_pi(sk)->rx_busy_skb) {
1403 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1404 l2cap_pi(sk)->rx_busy_skb = NULL;
1405 }
1406
bb58f747
GP		 1407 skb_queue_purge(&sk->sk_receive_queue);
1408 skb_queue_purge(&sk->sk_write_queue);
1409}
1410
2edf870d
MH		 1411static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1412 int *msg_namelen)
1413{
342dfc30 1414 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1415
1416 memset(la, 0, sizeof(struct sockaddr_l2));
1417 la->l2_family = AF_BLUETOOTH;
1418 la->l2_psm = bt_cb(skb)->psm;
1419 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1420
1421 *msg_namelen = sizeof(struct sockaddr_l2);
1422}
1423
80808e43 1424static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1425{
84b34d98 1426 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1427
1428 BT_DBG("sk %p", sk);
1429
1430 if (parent) {
b4450035
GP		 1431 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1432
bb58f747 1433 sk->sk_type = parent->sk_type;
c5daa683 1434 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1435
715ec005 1436 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1437 chan->imtu = pchan->imtu;
1438 chan->omtu = pchan->omtu;
b4450035 1439 chan->conf_state = pchan->conf_state;
0c1bc5c6 1440 chan->mode = pchan->mode;
47d1ec61
GP		 1441 chan->fcs = pchan->fcs;
1442 chan->max_tx = pchan->max_tx;
1443 chan->tx_win = pchan->tx_win;
6b3c7104 1444 chan->tx_win_max = pchan->tx_win_max;
4343478f 1445 chan->sec_level = pchan->sec_level;
d57b0e8b 1446 chan->flags = pchan->flags;
0cd75f7e
JH		 1447 chan->tx_credits = pchan->tx_credits;
1448 chan->rx_credits = pchan->rx_credits;
6230c9b4 1449
7a8e5a31
JH		 1450 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1451 chan->scid = pchan->scid;
1452 chan->dcid = pchan->scid;
1453 }
1454
6230c9b4 1455 security_sk_clone(parent, sk);
bb58f747 1456 } else {
715ec005
GP		 1457 switch (sk->sk_type) {
1458 case SOCK_RAW:
1459 chan->chan_type = L2CAP_CHAN_RAW;
1460 break;
1461 case SOCK_DGRAM:
1462 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1463 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1464 break;
1465 case SOCK_SEQPACKET:
1466 case SOCK_STREAM:
1467 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1468 break;
1469 }
1470
0c1bc5c6
GP		 1471 chan->imtu = L2CAP_DEFAULT_MTU;
1472 chan->omtu = 0;
bb58f747 1473 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1474 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1475 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1476 } else {
0c1bc5c6 1477 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1478 }
bd4b1653
AE		 1479
1480 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1481 }
1482
1483 /* Default config options */
0c1bc5c6 1484 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1485
1486 chan->data = sk;
1487 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1488}
1489
1490static struct proto l2cap_proto = {
1491 .name = "L2CAP",
1492 .owner = THIS_MODULE,
1493 .obj_size = sizeof(struct l2cap_pinfo)
1494};
1495
2d792818
GP		 1496static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1497 int proto, gfp_t prio)
bb58f747
GP		 1498{
1499 struct sock *sk;
dc50a06d 1500 struct l2cap_chan *chan;
bb58f747
GP		 1501
1502 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1503 if (!sk)
1504 return NULL;
1505
1506 sock_init_data(sock, sk);
1507 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1508
1509 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1510 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1511
1512 sock_reset_flag(sk, SOCK_ZAPPED);
1513
1514 sk->sk_protocol = proto;
1515 sk->sk_state = BT_OPEN;
1516
eef1d9b6 1517 chan = l2cap_chan_create();
dc50a06d 1518 if (!chan) {
49dfbb91 1519 sk_free(sk);
dc50a06d
GP		 1520 return NULL;
1521 }
1522
61d6ef3e
MM		 1523 l2cap_chan_hold(chan);
1524
dc50a06d
GP		 1525 l2cap_pi(sk)->chan = chan;
1526
bb58f747
GP		 1527 return sk;
1528}
1529
1530static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1531 int kern)
1532{
1533 struct sock *sk;
1534
1535 BT_DBG("sock %p", sock);
1536
1537 sock->state = SS_UNCONNECTED;
1538
1539 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1540 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1541 return -ESOCKTNOSUPPORT;
1542
1543 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1544 return -EPERM;
1545
1546 sock->ops = &l2cap_sock_ops;
1547
1548 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1549 if (!sk)
1550 return -ENOMEM;
1551
1552 l2cap_sock_init(sk, NULL);
5b28d95c 1553 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1554 return 0;
1555}
1556
cf2f90f5 1557static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1558 .family = PF_BLUETOOTH,
1559 .owner = THIS_MODULE,
1560 .release = l2cap_sock_release,
1561 .bind = l2cap_sock_bind,
1562 .connect = l2cap_sock_connect,
1563 .listen = l2cap_sock_listen,
1564 .accept = l2cap_sock_accept,
1565 .getname = l2cap_sock_getname,
1566 .sendmsg = l2cap_sock_sendmsg,
1567 .recvmsg = l2cap_sock_recvmsg,
1568 .poll = bt_sock_poll,
1569 .ioctl = bt_sock_ioctl,
1570 .mmap = sock_no_mmap,
1571 .socketpair = sock_no_socketpair,
1572 .shutdown = l2cap_sock_shutdown,
1573 .setsockopt = l2cap_sock_setsockopt,
1574 .getsockopt = l2cap_sock_getsockopt
1575};
1576
bb58f747
GP		 1577static const struct net_proto_family l2cap_sock_family_ops = {
1578 .family = PF_BLUETOOTH,
1579 .owner = THIS_MODULE,
1580 .create = l2cap_sock_create,
1581};
1582
1583int __init l2cap_init_sockets(void)
1584{
e2174ca4 1585 int err;
bb58f747 1586
e2174ca4
GP		 1587 err = proto_register(&l2cap_proto, 0);
1588 if (err < 0)
1589 return err;
bb58f747 1590
e2174ca4 1591 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1592 if (err < 0) {
1593 BT_ERR("L2CAP socket registration failed");
e2174ca4 1594 goto error;
5b28d95c
MY		 1595 }
1596
b0316615 1597 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1598 NULL);
5b28d95c
MY		 1599 if (err < 0) {
1600 BT_ERR("Failed to create L2CAP proc file");
1601 bt_sock_unregister(BTPROTO_L2CAP);
1602 goto error;
1603 }
bb58f747 1604
e2174ca4 1605 BT_INFO("L2CAP socket layer initialized");
bb58f747 1606
e2174ca4 1607 return 0;
bb58f747
GP		 1608
1609error:
e2174ca4
GP		 1610 proto_unregister(&l2cap_proto);
1611 return err;
bb58f747
GP		 1612}
1613
1614void l2cap_cleanup_sockets(void)
1615{
5b28d95c 1616 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1617 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1618 proto_unregister(&l2cap_proto);
bb58f747 1619}
Ubuntu Artful kernel mirror