]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hwmon: (occ) Remove sequence numbering and checksum calculation
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
174cd4b1 32#include <linux/sched/signal.h>
6230c9b4 33
bb58f747 34#include <net/bluetooth/bluetooth.h>
33575df7 35#include <net/bluetooth/hci_core.h>
bb58f747 36#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 37
38#include "smp.h"
bb58f747 39
5b28d95c
MY		 40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
cf2f90f5 44static const struct proto_ops l2cap_sock_ops;
80808e43 45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818 46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 47 int proto, gfp_t prio, int kern);
cf2f90f5 48
b3916db3
DH		 49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
4946096d
JH		 55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
114f9f1e 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
114f9f1e 71 if (psm > L2CAP_PSM_LE_DYN_END)
4946096d
JH		 72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
114f9f1e 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 76 return -EACCES;
77
78 return 0;
79}
80
af6bcd82
GP		 81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
4343478f 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
d2ecfa76
MJ		 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
af6bcd82
GP		 92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
bfe4655f 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 105 /* We only allow ATT user space socket */
9149761a 106 if (la.l2_cid &&
dcf4adbf 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 108 return -EINVAL;
109 }
110
af6bcd82
GP		 111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
4946096d
JH		 121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
af6bcd82 125
4946096d 126 if (err)
af6bcd82 127 goto done;
af6bcd82
GP		 128 }
129
a2342c5f
JH		 130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
9e4425ff 133 if (la.l2_cid)
6e4aff10 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 137
9e4425ff
GP		 138 if (err < 0)
139 goto done;
af6bcd82 140
6a974b50 141 switch (chan->chan_type) {
3124b843
MH		 142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
6a974b50
MH		 146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
cb6ca8e1
JH		 151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
c16900cf
JH		 154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
6a974b50 162 }
b62f328b 163
0ebe9b9f
LAD		 164 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
165 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
166 */
167 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
168 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0ce43ce6 169 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 170
89bc500e 171 chan->state = BT_BOUND;
9e4425ff 172 sk->sk_state = BT_BOUND;
af6bcd82
GP		 173
174done:
175 release_sock(sk);
176 return err;
177}
178
0681c816
LAD		 179static void l2cap_sock_init_pid(struct sock *sk)
180{
181 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
182
183 /* Only L2CAP_MODE_EXT_FLOWCTL ever need to access the PID in order to
184 * group the channels being requested.
185 */
186 if (chan->mode != L2CAP_MODE_EXT_FLOWCTL)
187 return;
188
189 spin_lock(&sk->sk_peer_lock);
190 sk->sk_peer_pid = get_pid(task_tgid(current));
191 spin_unlock(&sk->sk_peer_lock);
192}
193
2d792818
GP		 194static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
195 int alen, int flags)
4e34c50b
GP		 196{
197 struct sock *sk = sock->sk;
0c1bc5c6 198 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 199 struct sockaddr_l2 la;
200 int len, err = 0;
3af70b39 201 bool zapped;
4e34c50b
GP		 202
203 BT_DBG("sk %p", sk);
204
3af70b39
AP		 205 lock_sock(sk);
206 zapped = sock_flag(sk, SOCK_ZAPPED);
207 release_sock(sk);
208
209 if (zapped)
210 return -EINVAL;
211
d2ecfa76 212 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
4e34c50b
GP		 213 addr->sa_family != AF_BLUETOOTH)
214 return -EINVAL;
215
216 memset(&la, 0, sizeof(la));
217 len = min_t(unsigned int, sizeof(la), alen);
218 memcpy(&la, addr, len);
219
acd7d370 220 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 221 return -EINVAL;
222
80c1a2e7
JH		 223 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
224 return -EINVAL;
225
eb622495
JH		 226 /* Check that the socket wasn't bound to something that
227 * conflicts with the address given to connect(). If chan->src
228 * is BDADDR_ANY it means bind() was never used, in which case
229 * chan->src_type and la.l2_bdaddr_type do not need to match.
230 */
231 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
232 bdaddr_type_is_le(la.l2_bdaddr_type)) {
233 /* Old user space versions will try to incorrectly bind
234 * the ATT socket using BDADDR_BREDR. We need to accept
235 * this and fix up the source address type only when
236 * both the source CID and destination CID indicate
237 * ATT. Anything else is an invalid combination.
238 */
239 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 240 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 241 return -EINVAL;
242
243 /* We don't have the hdev available here to make a
244 * better decision on random vs public, but since all
245 * user space versions that exhibit this issue anyway do
246 * not support random local addresses assuming public
247 * here is good enough.
248 */
249 chan->src_type = BDADDR_LE_PUBLIC;
250 }
1f209383
JH		 251
252 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
253 return -EINVAL;
254
bfe4655f 255 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 256 /* We only allow ATT user space socket */
9149761a 257 if (la.l2_cid &&
dcf4adbf 258 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 259 return -EINVAL;
260 }
261
0ebe9b9f
LAD		 262 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
263 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
264 */
265 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
266 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0ce43ce6 267 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 268
0681c816
LAD		 269 l2cap_sock_init_pid(sk);
270
6e4aff10 271 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 272 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 273 if (err)
b3fb611e 274 return err;
4e34c50b 275
6be36555
AE		 276 lock_sock(sk);
277
4e34c50b 278 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 279 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 280
281 release_sock(sk);
282
4e34c50b
GP		 283 return err;
284}
285
af6bcd82
GP		 286static int l2cap_sock_listen(struct socket *sock, int backlog)
287{
288 struct sock *sk = sock->sk;
0c1bc5c6 289 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 290 int err = 0;
291
292 BT_DBG("sk %p backlog %d", sk, backlog);
293
294 lock_sock(sk);
295
6b3af733 296 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 297 err = -EBADFD;
298 goto done;
299 }
300
6b3af733
MH		 301 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
302 err = -EINVAL;
303 goto done;
304 }
305
0c1bc5c6 306 switch (chan->mode) {
af6bcd82 307 case L2CAP_MODE_BASIC:
38319713 308 case L2CAP_MODE_LE_FLOWCTL:
4be5ca67 309 break;
15f02b91 310 case L2CAP_MODE_EXT_FLOWCTL:
4be5ca67
LAD		 311 if (!enable_ecred) {
312 err = -EOPNOTSUPP;
313 goto done;
314 }
af6bcd82
GP		 315 break;
316 case L2CAP_MODE_ERTM:
317 case L2CAP_MODE_STREAMING:
318 if (!disable_ertm)
319 break;
19186c7b 320 fallthrough;
af6bcd82 321 default:
beb19e4c 322 err = -EOPNOTSUPP;
af6bcd82
GP		 323 goto done;
324 }
325
0681c816
LAD		 326 l2cap_sock_init_pid(sk);
327
af6bcd82
GP		 328 sk->sk_max_ack_backlog = backlog;
329 sk->sk_ack_backlog = 0;
89bc500e 330
abe84903
JH		 331 /* Listening channels need to use nested locking in order not to
332 * cause lockdep warnings when the created child channels end up
333 * being locked in the same thread as the parent channel.
334 */
335 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
336
89bc500e 337 chan->state = BT_LISTEN;
af6bcd82
GP		 338 sk->sk_state = BT_LISTEN;
339
340done:
341 release_sock(sk);
342 return err;
343}
344
2d792818 345static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
cdfbabfb 346 int flags, bool kern)
c47b7c72 347{
dfb2fae7 348 DEFINE_WAIT_FUNC(wait, woken_wake_function);
c47b7c72
GP		 349 struct sock *sk = sock->sk, *nsk;
350 long timeo;
351 int err = 0;
352
3b2ab39e 353 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 354
c47b7c72
GP		 355 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
356
357 BT_DBG("sk %p timeo %ld", sk, timeo);
358
359 /* Wait for an incoming connection. (wake-one). */
360 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 361 while (1) {
f9a3c20a
PH		 362 if (sk->sk_state != BT_LISTEN) {
363 err = -EBADFD;
c47b7c72
GP		 364 break;
365 }
366
f9a3c20a
PH		 367 nsk = bt_accept_dequeue(sk, newsock);
368 if (nsk)
369 break;
c47b7c72 370
f9a3c20a
PH		 371 if (!timeo) {
372 err = -EAGAIN;
c47b7c72
GP		 373 break;
374 }
375
376 if (signal_pending(current)) {
377 err = sock_intr_errno(timeo);
378 break;
379 }
f9a3c20a
PH		 380
381 release_sock(sk);
dfb2fae7
PH		 382
383 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
384
3b2ab39e 385 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 386 }
c47b7c72
GP		 387 remove_wait_queue(sk_sleep(sk), &wait);
388
389 if (err)
390 goto done;
391
392 newsock->state = SS_CONNECTED;
393
394 BT_DBG("new socket %p", nsk);
395
396done:
397 release_sock(sk);
398 return err;
399}
400
2d792818 401static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
9b2c45d4 402 int peer)
d7175d55
GP		 403{
404 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
405 struct sock *sk = sock->sk;
0c1bc5c6 406 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 407
408 BT_DBG("sock %p, sk %p", sock, sk);
409
e8b1ab9e 410 if (peer && sk->sk_state != BT_CONNECTED &&
bf19d51b
JH		 411 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
412 sk->sk_state != BT_CONFIG)
b783fbc3
JH		 413 return -ENOTCONN;
414
792039c7 415 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55 416 addr->sa_family = AF_BLUETOOTH;
d7175d55 417
d7e5e76b
JH		 418 la->l2_psm = chan->psm;
419
d7175d55 420 if (peer) {
7eafc59e 421 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 422 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 423 la->l2_bdaddr_type = chan->dst_type;
d7175d55 424 } else {
7eafc59e 425 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 426 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 427 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 428 }
429
9b2c45d4 430 return sizeof(struct sockaddr_l2);
d7175d55
GP		 431}
432
3ee7b7cd
LAD		 433static int l2cap_get_mode(struct l2cap_chan *chan)
434{
435 switch (chan->mode) {
436 case L2CAP_MODE_BASIC:
437 return BT_MODE_BASIC;
438 case L2CAP_MODE_ERTM:
439 return BT_MODE_ERTM;
440 case L2CAP_MODE_STREAMING:
441 return BT_MODE_STREAMING;
442 case L2CAP_MODE_LE_FLOWCTL:
443 return BT_MODE_LE_FLOWCTL;
444 case L2CAP_MODE_EXT_FLOWCTL:
445 return BT_MODE_EXT_FLOWCTL;
446 }
447
448 return -EINVAL;
449}
450
2d792818
GP		 451static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
452 char __user *optval, int __user *optlen)
99f4808d
GP		 453{
454 struct sock *sk = sock->sk;
4343478f 455 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 456 struct l2cap_options opts;
457 struct l2cap_conninfo cinfo;
458 int len, err = 0;
459 u32 opt;
460
461 BT_DBG("sk %p", sk);
462
463 if (get_user(len, optlen))
464 return -EFAULT;
465
466 lock_sock(sk);
467
468 switch (optname) {
469 case L2CAP_OPTIONS:
64b4f8dc
JH		 470 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
471 * legacy ATT code depends on getsockopt for
472 * L2CAP_OPTIONS we need to let this pass.
473 */
474 if (bdaddr_type_is_le(chan->src_type) &&
475 chan->scid != L2CAP_CID_ATT) {
476 err = -EINVAL;
477 break;
478 }
479
b86b0b15
LAD		 480 /* Only BR/EDR modes are supported here */
481 switch (chan->mode) {
482 case L2CAP_MODE_BASIC:
483 case L2CAP_MODE_ERTM:
484 case L2CAP_MODE_STREAMING:
485 break;
486 default:
487 err = -EINVAL;
488 break;
489 }
490
491 if (err < 0)
492 break;
493
e3fb592b 494 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 495 opts.imtu = chan->imtu;
496 opts.omtu = chan->omtu;
497 opts.flush_to = chan->flush_to;
498 opts.mode = chan->mode;
47d1ec61
GP		 499 opts.fcs = chan->fcs;
500 opts.max_tx = chan->max_tx;
6327eb98 501 opts.txwin_size = chan->tx_win;
99f4808d 502
15f02b91
LAD		 503 BT_DBG("mode 0x%2.2x", chan->mode);
504
99f4808d
GP		 505 len = min_t(unsigned int, len, sizeof(opts));
506 if (copy_to_user(optval, (char *) &opts, len))
507 err = -EFAULT;
508
509 break;
510
511 case L2CAP_LM:
4343478f 512 switch (chan->sec_level) {
99f4808d
GP		 513 case BT_SECURITY_LOW:
514 opt = L2CAP_LM_AUTH;
515 break;
516 case BT_SECURITY_MEDIUM:
517 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
518 break;
519 case BT_SECURITY_HIGH:
520 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 521 L2CAP_LM_SECURE;
99f4808d 522 break;
7d513e92
MH		 523 case BT_SECURITY_FIPS:
524 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
525 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
526 break;
99f4808d
GP		 527 default:
528 opt = 0;
529 break;
530 }
531
43bd0f32 532 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 533 opt |= L2CAP_LM_MASTER;
534
ecf61bdb 535 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 536 opt |= L2CAP_LM_RELIABLE;
537
538 if (put_user(opt, (u32 __user *) optval))
539 err = -EFAULT;
7d513e92 540
99f4808d
GP		 541 break;
542
543 case L2CAP_CONNINFO:
544 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 545 !(sk->sk_state == BT_CONNECT2 &&
546 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 547 err = -ENOTCONN;
548 break;
549 }
550
8d03e971 551 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 552 cinfo.hci_handle = chan->conn->hcon->handle;
553 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 554
555 len = min_t(unsigned int, len, sizeof(cinfo));
556 if (copy_to_user(optval, (char *) &cinfo, len))
557 err = -EFAULT;
558
559 break;
560
561 default:
562 err = -ENOPROTOOPT;
563 break;
564 }
565
566 release_sock(sk);
567 return err;
568}
569
2d792818
GP		 570static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
571 char __user *optval, int __user *optlen)
99f4808d
GP		 572{
573 struct sock *sk = sock->sk;
4343478f 574 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 575 struct bt_security sec;
14b12d0b 576 struct bt_power pwr;
eab2404b 577 u32 phys;
3ee7b7cd 578 int len, mode, err = 0;
99f4808d
GP		 579
580 BT_DBG("sk %p", sk);
581
582 if (level == SOL_L2CAP)
583 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
584
585 if (level != SOL_BLUETOOTH)
586 return -ENOPROTOOPT;
587
588 if (get_user(len, optlen))
589 return -EFAULT;
590
591 lock_sock(sk);
592
593 switch (optname) {
594 case BT_SECURITY:
715ec005 595 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 596 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 597 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 598 err = -EINVAL;
599 break;
600 }
601
8f360119 602 memset(&sec, 0, sizeof(sec));
85e34368 603 if (chan->conn) {
c6585a4d 604 sec.level = chan->conn->hcon->sec_level;
99f4808d 605
85e34368
AE		 606 if (sk->sk_state == BT_CONNECTED)
607 sec.key_size = chan->conn->hcon->enc_key_size;
608 } else {
609 sec.level = chan->sec_level;
610 }
8f360119 611
99f4808d
GP		 612 len = min_t(unsigned int, len, sizeof(sec));
613 if (copy_to_user(optval, (char *) &sec, len))
614 err = -EFAULT;
615
616 break;
617
618 case BT_DEFER_SETUP:
619 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
620 err = -EINVAL;
621 break;
622 }
623
c5daa683
GP		 624 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
625 (u32 __user *) optval))
99f4808d
GP		 626 err = -EFAULT;
627
628 break;
629
630 case BT_FLUSHABLE:
d57b0e8b 631 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 632 (u32 __user *) optval))
99f4808d
GP		 633 err = -EFAULT;
634
635 break;
636
14b12d0b
JG		 637 case BT_POWER:
638 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 639 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 640 err = -EINVAL;
641 break;
642 }
643
15770b1a 644 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 645
646 len = min_t(unsigned int, len, sizeof(pwr));
647 if (copy_to_user(optval, (char *) &pwr, len))
648 err = -EFAULT;
649
650 break;
651
2ea66482 652 case BT_CHANNEL_POLICY:
2ea66482
MM		 653 if (put_user(chan->chan_policy, (u32 __user *) optval))
654 err = -EFAULT;
655 break;
656
1f435424 657 case BT_SNDMTU:
1f435424
JH		 658 if (!bdaddr_type_is_le(chan->src_type)) {
659 err = -EINVAL;
660 break;
661 }
662
663 if (sk->sk_state != BT_CONNECTED) {
664 err = -ENOTCONN;
665 break;
666 }
667
668 if (put_user(chan->omtu, (u16 __user *) optval))
669 err = -EFAULT;
670 break;
671
672 case BT_RCVMTU:
1f435424
JH		 673 if (!bdaddr_type_is_le(chan->src_type)) {
674 err = -EINVAL;
675 break;
676 }
677
678 if (put_user(chan->imtu, (u16 __user *) optval))
679 err = -EFAULT;
680 break;
681
eab2404b 682 case BT_PHY:
a2a8b0b4 683 if (sk->sk_state != BT_CONNECTED) {
eab2404b
LAD		 684 err = -ENOTCONN;
685 break;
686 }
687
688 phys = hci_conn_get_phy(chan->conn->hcon);
689
690 if (put_user(phys, (u32 __user *) optval))
691 err = -EFAULT;
692 break;
693
3ee7b7cd
LAD		 694 case BT_MODE:
695 if (!enable_ecred) {
696 err = -ENOPROTOOPT;
697 break;
698 }
699
700 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
701 err = -EINVAL;
702 break;
703 }
704
705 mode = l2cap_get_mode(chan);
706 if (mode < 0) {
707 err = mode;
708 break;
709 }
710
711 if (put_user(mode, (u8 __user *) optval))
712 err = -EFAULT;
713 break;
714
99f4808d
GP		 715 default:
716 err = -ENOPROTOOPT;
717 break;
718 }
719
720 release_sock(sk);
721 return err;
722}
723
682877c3
AG		 724static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
725{
726 switch (chan->scid) {
073d1cf3 727 case L2CAP_CID_ATT:
8c3a4f00 728 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 729 return false;
730 break;
731
732 default:
733 if (mtu < L2CAP_DEFAULT_MIN_MTU)
734 return false;
735 }
736
737 return true;
738}
739
2d792818 740static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
a7b75c5a 741 sockptr_t optval, unsigned int optlen)
33575df7
GP		 742{
743 struct sock *sk = sock->sk;
b4450035 744 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 745 struct l2cap_options opts;
746 int len, err = 0;
747 u32 opt;
748
749 BT_DBG("sk %p", sk);
750
751 lock_sock(sk);
752
753 switch (optname) {
754 case L2CAP_OPTIONS:
64b4f8dc
JH		 755 if (bdaddr_type_is_le(chan->src_type)) {
756 err = -EINVAL;
757 break;
758 }
759
33575df7
GP		 760 if (sk->sk_state == BT_CONNECTED) {
761 err = -EINVAL;
762 break;
763 }
764
0c1bc5c6
GP		 765 opts.imtu = chan->imtu;
766 opts.omtu = chan->omtu;
767 opts.flush_to = chan->flush_to;
768 opts.mode = chan->mode;
47d1ec61
GP		 769 opts.fcs = chan->fcs;
770 opts.max_tx = chan->max_tx;
6327eb98 771 opts.txwin_size = chan->tx_win;
33575df7
GP		 772
773 len = min_t(unsigned int, sizeof(opts), optlen);
a7b75c5a 774 if (copy_from_sockptr(&opts, optval, len)) {
33575df7
GP		 775 err = -EFAULT;
776 break;
777 }
778
6327eb98 779 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 780 err = -EINVAL;
781 break;
782 }
783
682877c3
AG		 784 if (!l2cap_valid_mtu(chan, opts.imtu)) {
785 err = -EINVAL;
786 break;
787 }
788
b86b0b15
LAD		 789 /* Only BR/EDR modes are supported here */
790 switch (opts.mode) {
33575df7 791 case L2CAP_MODE_BASIC:
c1360a1c 792 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 793 break;
794 case L2CAP_MODE_ERTM:
795 case L2CAP_MODE_STREAMING:
796 if (!disable_ertm)
797 break;
19186c7b 798 fallthrough;
33575df7
GP		 799 default:
800 err = -EINVAL;
801 break;
802 }
803
b86b0b15
LAD		 804 if (err < 0)
805 break;
806
807 chan->mode = opts.mode;
808
15f02b91
LAD		 809 BT_DBG("mode 0x%2.2x", chan->mode);
810
0c1bc5c6
GP		 811 chan->imtu = opts.imtu;
812 chan->omtu = opts.omtu;
47d1ec61
GP		 813 chan->fcs = opts.fcs;
814 chan->max_tx = opts.max_tx;
6327eb98 815 chan->tx_win = opts.txwin_size;
12d59781 816 chan->flush_to = opts.flush_to;
33575df7
GP		 817 break;
818
819 case L2CAP_LM:
a7b75c5a 820 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
33575df7
GP		 821 err = -EFAULT;
822 break;
823 }
824
7d513e92
MH		 825 if (opt & L2CAP_LM_FIPS) {
826 err = -EINVAL;
827 break;
828 }
829
33575df7 830 if (opt & L2CAP_LM_AUTH)
4343478f 831 chan->sec_level = BT_SECURITY_LOW;
33575df7 832 if (opt & L2CAP_LM_ENCRYPT)
4343478f 833 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 834 if (opt & L2CAP_LM_SECURE)
4343478f 835 chan->sec_level = BT_SECURITY_HIGH;
33575df7 836
43bd0f32
AE		 837 if (opt & L2CAP_LM_MASTER)
838 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
839 else
840 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 841
842 if (opt & L2CAP_LM_RELIABLE)
843 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
844 else
845 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 846 break;
847
848 default:
849 err = -ENOPROTOOPT;
850 break;
851 }
852
853 release_sock(sk);
854 return err;
855}
856
3ee7b7cd
LAD		 857static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
858{
859 switch (mode) {
860 case BT_MODE_BASIC:
861 if (bdaddr_type_is_le(chan->src_type))
862 return -EINVAL;
863 mode = L2CAP_MODE_BASIC;
864 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
865 break;
866 case BT_MODE_ERTM:
867 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
868 return -EINVAL;
869 mode = L2CAP_MODE_ERTM;
870 break;
871 case BT_MODE_STREAMING:
872 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
873 return -EINVAL;
874 mode = L2CAP_MODE_STREAMING;
875 break;
876 case BT_MODE_LE_FLOWCTL:
877 if (!bdaddr_type_is_le(chan->src_type))
878 return -EINVAL;
879 mode = L2CAP_MODE_LE_FLOWCTL;
880 break;
881 case BT_MODE_EXT_FLOWCTL:
882 /* TODO: Add support for ECRED PDUs to BR/EDR */
883 if (!bdaddr_type_is_le(chan->src_type))
884 return -EINVAL;
885 mode = L2CAP_MODE_EXT_FLOWCTL;
886 break;
887 default:
888 return -EINVAL;
889 }
890
891 chan->mode = mode;
892
893 return 0;
894}
895
2d792818 896static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
a7b75c5a 897 sockptr_t optval, unsigned int optlen)
33575df7
GP		 898{
899 struct sock *sk = sock->sk;
4343478f 900 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 901 struct bt_security sec;
14b12d0b 902 struct bt_power pwr;
f1cb9af5 903 struct l2cap_conn *conn;
33575df7
GP		 904 int len, err = 0;
905 u32 opt;
163ea6e2
DC		 906 u16 mtu;
907 u8 mode;
33575df7
GP		 908
909 BT_DBG("sk %p", sk);
910
911 if (level == SOL_L2CAP)
912 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
913
914 if (level != SOL_BLUETOOTH)
915 return -ENOPROTOOPT;
916
917 lock_sock(sk);
918
919 switch (optname) {
920 case BT_SECURITY:
715ec005 921 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 922 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 923 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 924 err = -EINVAL;
925 break;
926 }
927
928 sec.level = BT_SECURITY_LOW;
929
930 len = min_t(unsigned int, sizeof(sec), optlen);
a7b75c5a 931 if (copy_from_sockptr(&sec, optval, len)) {
33575df7
GP		 932 err = -EFAULT;
933 break;
934 }
935
936 if (sec.level < BT_SECURITY_LOW ||
a164cee1 937 sec.level > BT_SECURITY_FIPS) {
33575df7
GP		 938 err = -EINVAL;
939 break;
940 }
941
4343478f 942 chan->sec_level = sec.level;
f1cb9af5 943
0bee1d60
GP		 944 if (!chan->conn)
945 break;
946
f1cb9af5 947 conn = chan->conn;
0bee1d60 948
bbb69b37 949 /* change security for LE channels */
073d1cf3 950 if (chan->scid == L2CAP_CID_ATT) {
bbb69b37
FD		 951 if (smp_conn_security(conn->hcon, sec.level)) {
952 err = -EINVAL;
f1cb9af5 953 break;
bbb69b37
FD		 954 }
955
d52deb17 956 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
f1cb9af5 957 sk->sk_state = BT_CONFIG;
3542b854 958 chan->state = BT_CONFIG;
0bee1d60 959
a7d7723a
GP		 960 /* or for ACL link */
961 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 962 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a 963 sk->sk_state == BT_CONNECTED) {
e7cafc45 964 if (!l2cap_chan_check_security(chan, true))
c5daa683 965 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 966 else
967 sk->sk_state_change(sk);
0bee1d60
GP		 968 } else {
969 err = -EINVAL;
f1cb9af5 970 }
33575df7
GP		 971 break;
972
973 case BT_DEFER_SETUP:
974 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
975 err = -EINVAL;
976 break;
977 }
978
a7b75c5a 979 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
33575df7
GP		 980 err = -EFAULT;
981 break;
982 }
983
bdc25783 984 if (opt) {
c5daa683 985 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 986 set_bit(FLAG_DEFER_SETUP, &chan->flags);
987 } else {
c5daa683 988 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 989 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
990 }
33575df7
GP		 991 break;
992
993 case BT_FLUSHABLE:
a7b75c5a 994 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
33575df7
GP		 995 err = -EFAULT;
996 break;
997 }
998
999 if (opt > BT_FLUSHABLE_ON) {
1000 err = -EINVAL;
1001 break;
1002 }
1003
1004 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 1005 conn = chan->conn;
25985edc 1006 /* proceed further only when we have l2cap_conn and
33575df7
GP		 1007 No Flush support in the LM */
1008 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
1009 err = -EINVAL;
1010 break;
1011 }
1012 }
1013
d57b0e8b
AE		 1014 if (opt)
1015 set_bit(FLAG_FLUSHABLE, &chan->flags);
1016 else
1017 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 1018 break;
1019
14b12d0b
JG		 1020 case BT_POWER:
1021 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 1022 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 1023 err = -EINVAL;
1024 break;
1025 }
1026
1027 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
1028
1029 len = min_t(unsigned int, sizeof(pwr), optlen);
a7b75c5a 1030 if (copy_from_sockptr(&pwr, optval, len)) {
14b12d0b
JG		 1031 err = -EFAULT;
1032 break;
1033 }
15770b1a
AE		 1034
1035 if (pwr.force_active)
1036 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1037 else
1038 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 1039 break;
1040
2ea66482 1041 case BT_CHANNEL_POLICY:
a7b75c5a 1042 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
2ea66482
MM		 1043 err = -EFAULT;
1044 break;
1045 }
1046
1047 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1048 err = -EINVAL;
1049 break;
1050 }
1051
1052 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 1053 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 1054 err = -EOPNOTSUPP;
1055 break;
1056 }
1057
1058 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 1059
1060 if (sk->sk_state == BT_CONNECTED &&
1061 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1062 l2cap_move_start(chan);
1063
14b12d0b
JG		 1064 break;
1065
1f435424 1066 case BT_SNDMTU:
1f435424
JH		 1067 if (!bdaddr_type_is_le(chan->src_type)) {
1068 err = -EINVAL;
1069 break;
1070 }
1071
1072 /* Setting is not supported as it's the remote side that
1073 * decides this.
1074 */
1075 err = -EPERM;
1076 break;
1077
1078 case BT_RCVMTU:
1f435424
JH		 1079 if (!bdaddr_type_is_le(chan->src_type)) {
1080 err = -EINVAL;
1081 break;
1082 }
1083
15f02b91
LAD		 1084 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1085 sk->sk_state == BT_CONNECTED) {
1f435424
JH		 1086 err = -EISCONN;
1087 break;
1088 }
1089
163ea6e2 1090 if (copy_from_sockptr(&mtu, optval, sizeof(u16))) {
1f435424
JH		 1091 err = -EFAULT;
1092 break;
1093 }
1094
15f02b91
LAD		 1095 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1096 sk->sk_state == BT_CONNECTED)
163ea6e2 1097 err = l2cap_chan_reconfigure(chan, mtu);
15f02b91 1098 else
163ea6e2 1099 chan->imtu = mtu;
15f02b91 1100
1f435424
JH		 1101 break;
1102
3ee7b7cd
LAD		 1103 case BT_MODE:
1104 if (!enable_ecred) {
1105 err = -ENOPROTOOPT;
1106 break;
1107 }
1108
1109 BT_DBG("sk->sk_state %u", sk->sk_state);
1110
1111 if (sk->sk_state != BT_BOUND) {
1112 err = -EINVAL;
1113 break;
1114 }
1115
1116 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1117 err = -EINVAL;
1118 break;
1119 }
1120
163ea6e2 1121 if (copy_from_sockptr(&mode, optval, sizeof(u8))) {
3ee7b7cd
LAD		 1122 err = -EFAULT;
1123 break;
1124 }
1125
163ea6e2 1126 BT_DBG("mode %u", mode);
3ee7b7cd 1127
163ea6e2 1128 err = l2cap_set_mode(chan, mode);
3ee7b7cd
LAD		 1129 if (err)
1130 break;
1131
1132 BT_DBG("mode 0x%2.2x", chan->mode);
1133
1134 break;
1135
33575df7
GP		 1136 default:
1137 err = -ENOPROTOOPT;
1138 break;
1139 }
1140
1141 release_sock(sk);
1142 return err;
1143}
fd83ccdb 1144
1b784140
YX		 1145static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1146 size_t len)
fd83ccdb
GP		 1147{
1148 struct sock *sk = sock->sk;
0c1bc5c6 1149 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 1150 int err;
1151
1152 BT_DBG("sock %p, sk %p", sock, sk);
1153
1154 err = sock_error(sk);
1155 if (err)
1156 return err;
1157
1158 if (msg->msg_flags & MSG_OOB)
1159 return -EOPNOTSUPP;
1160
a6a5568c 1161 if (sk->sk_state != BT_CONNECTED)
9a91a04a 1162 return -ENOTCONN;
fd83ccdb 1163
e793dcf0
JH		 1164 lock_sock(sk);
1165 err = bt_sock_wait_ready(sk, msg->msg_flags);
1166 release_sock(sk);
1167 if (err)
1168 return err;
1169
a6a5568c 1170 l2cap_chan_lock(chan);
8d46321c 1171 err = l2cap_chan_send(chan, msg, len);
a6a5568c 1172 l2cap_chan_unlock(chan);
fd83ccdb 1173
fd83ccdb
GP		 1174 return err;
1175}
33575df7 1176
1b784140
YX		 1177static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1178 size_t len, int flags)
68983259
GP		 1179{
1180 struct sock *sk = sock->sk;
e328140f
MM		 1181 struct l2cap_pinfo *pi = l2cap_pi(sk);
1182 int err;
68983259
GP		 1183
1184 lock_sock(sk);
1185
c5daa683
GP		 1186 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1187 &bt_sk(sk)->flags)) {
15f02b91
LAD		 1188 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1189 sk->sk_state = BT_CONNECTED;
1190 pi->chan->state = BT_CONNECTED;
1191 __l2cap_ecred_conn_rsp_defer(pi->chan);
b354e6c1 1192 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
38319713
JH		 1193 sk->sk_state = BT_CONNECTED;
1194 pi->chan->state = BT_CONNECTED;
1195 __l2cap_le_connect_rsp_defer(pi->chan);
1196 } else {
1197 sk->sk_state = BT_CONFIG;
1198 pi->chan->state = BT_CONFIG;
1199 __l2cap_connect_rsp_defer(pi->chan);
1200 }
8c1d787b 1201
970871bc
JH		 1202 err = 0;
1203 goto done;
68983259
GP		 1204 }
1205
1206 release_sock(sk);
1207
1208 if (sock->type == SOCK_STREAM)
1b784140 1209 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
e328140f 1210 else
1b784140 1211 err = bt_sock_recvmsg(sock, msg, len, flags);
e328140f
MM		 1212
1213 if (pi->chan->mode != L2CAP_MODE_ERTM)
1214 return err;
1215
1216 /* Attempt to put pending rx data in the socket buffer */
1217
1218 lock_sock(sk);
1219
1220 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1221 goto done;
1222
1223 if (pi->rx_busy_skb) {
dbb50887 1224 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
e328140f
MM		 1225 pi->rx_busy_skb = NULL;
1226 else
1227 goto done;
1228 }
1229
1230 /* Restore data flow when half of the receive buffer is
1231 * available. This avoids resending large numbers of
1232 * frames.
1233 */
1234 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1235 l2cap_chan_busy(pi->chan, 0);
68983259 1236
e328140f
MM		 1237done:
1238 release_sock(sk);
1239 return err;
68983259
GP		 1240}
1241
05fc1576 1242/* Kill socket (only if zapped and orphan)
6c08fc89 1243 * Must be called on unlocked socket, with l2cap channel lock.
05fc1576 1244 */
ba3bd0ee 1245static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1246{
1247 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1248 return;
1249
e05dcc32 1250 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1251
1252 /* Kill poor orphan */
6ff5abbf 1253
4af66c69 1254 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1255 sock_set_flag(sk, SOCK_DEAD);
1256 sock_put(sk);
1257}
1258
f65468f6 1259static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
dc25306b 1260{
dc25306b
GP		 1261 DECLARE_WAITQUEUE(wait, current);
1262 int err = 0;
cb02a255 1263 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
e432c72c
DJ		 1264 /* Timeout to prevent infinite loop */
1265 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
dc25306b
GP		 1266
1267 add_wait_queue(sk_sleep(sk), &wait);
1268 set_current_state(TASK_INTERRUPTIBLE);
f65468f6 1269 do {
e432c72c
DJ		 1270 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1271 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1272 jiffies_to_msecs(timeout - jiffies));
451e4c6c 1273
dc25306b 1274 if (!timeo)
cb02a255 1275 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
dc25306b
GP		 1276
1277 if (signal_pending(current)) {
1278 err = sock_intr_errno(timeo);
1279 break;
1280 }
1281
1282 release_sock(sk);
1283 timeo = schedule_timeout(timeo);
1284 lock_sock(sk);
1285 set_current_state(TASK_INTERRUPTIBLE);
1286
1287 err = sock_error(sk);
1288 if (err)
1289 break;
f65468f6 1290
e432c72c
DJ		 1291 if (time_after(jiffies, timeout)) {
1292 err = -ENOLINK;
1293 break;
1294 }
1295
f65468f6
DJ		 1296 } while (chan->unacked_frames > 0 &&
1297 chan->state == BT_CONNECTED);
1298
dc25306b
GP		 1299 set_current_state(TASK_RUNNING);
1300 remove_wait_queue(sk_sleep(sk), &wait);
1301 return err;
1302}
1303
dcba0dba
GP		 1304static int l2cap_sock_shutdown(struct socket *sock, int how)
1305{
1306 struct sock *sk = sock->sk;
7ddb6e0f 1307 struct l2cap_chan *chan;
3df91ea2 1308 struct l2cap_conn *conn;
dcba0dba
GP		 1309 int err = 0;
1310
5b440676
AP		 1311 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1312
1313 /* 'how' parameter is mapped to sk_shutdown as follows:
1314 * SHUT_RD (0) --> RCV_SHUTDOWN (1)
1315 * SHUT_WR (1) --> SEND_SHUTDOWN (2)
1316 * SHUT_RDWR (2) --> SHUTDOWN_MASK (3)
1317 */
1318 how++;
dcba0dba
GP		 1319
1320 if (!sk)
1321 return 0;
1322
04ba72e6
DJ		 1323 lock_sock(sk);
1324
5b440676 1325 if ((sk->sk_shutdown & how) == how)
e7456437
DJ		 1326 goto shutdown_already;
1327
1328 BT_DBG("Handling sock shutdown");
1329
2baea85d
DJ		 1330 /* prevent sk structure from being freed whilst unlocked */
1331 sock_hold(sk);
1332
7ddb6e0f 1333 chan = l2cap_pi(sk)->chan;
2baea85d
DJ		 1334 /* prevent chan structure from being freed whilst unlocked */
1335 l2cap_chan_hold(chan);
3df91ea2 1336
49d11741
JH		 1337 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1338
e7456437
DJ		 1339 if (chan->mode == L2CAP_MODE_ERTM &&
1340 chan->unacked_frames > 0 &&
9f7378a9 1341 chan->state == BT_CONNECTED) {
e7456437 1342 err = __l2cap_wait_ack(sk, chan);
dcba0dba 1343
9f7378a9
DJ		 1344 /* After waiting for ACKs, check whether shutdown
1345 * has already been actioned to close the L2CAP
1346 * link such as by l2cap_disconnection_req().
1347 */
5b440676
AP		 1348 if ((sk->sk_shutdown & how) == how)
1349 goto shutdown_matched;
1350 }
1351
1352 /* Try setting the RCV_SHUTDOWN bit, return early if SEND_SHUTDOWN
1353 * is already set
1354 */
1355 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1356 sk->sk_shutdown |= RCV_SHUTDOWN;
1357 if ((sk->sk_shutdown & how) == how)
1358 goto shutdown_matched;
9f7378a9
DJ		 1359 }
1360
5b440676 1361 sk->sk_shutdown |= SEND_SHUTDOWN;
e7456437 1362 release_sock(sk);
04ba72e6
DJ		 1363
1364 l2cap_chan_lock(chan);
1365 conn = chan->conn;
1366 if (conn)
1367 /* prevent conn structure from being freed */
1368 l2cap_conn_get(conn);
1369 l2cap_chan_unlock(chan);
1370
1371 if (conn)
1372 /* mutex lock must be taken before l2cap_chan_lock() */
1373 mutex_lock(&conn->chan_lock);
1374
1375 l2cap_chan_lock(chan);
e7456437 1376 l2cap_chan_close(chan, 0);
04ba72e6
DJ		 1377 l2cap_chan_unlock(chan);
1378
1379 if (conn) {
1380 mutex_unlock(&conn->chan_lock);
1381 l2cap_conn_put(conn);
1382 }
1383
e7456437 1384 lock_sock(sk);
dcba0dba 1385
e7456437
DJ		 1386 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1387 !(current->flags & PF_EXITING))
1388 err = bt_sock_wait_state(sk, BT_CLOSED,
1389 sk->sk_lingertime);
dcba0dba 1390
5b440676 1391shutdown_matched:
04ba72e6
DJ		 1392 l2cap_chan_put(chan);
1393 sock_put(sk);
1394
1395shutdown_already:
dcba0dba
GP		 1396 if (!err && sk->sk_err)
1397 err = -sk->sk_err;
1398
1399 release_sock(sk);
3df91ea2 1400
04ba72e6 1401 BT_DBG("Sock shutdown complete err: %d", err);
451e4c6c 1402
dcba0dba
GP		 1403 return err;
1404}
1405
554f05bb
GP		 1406static int l2cap_sock_release(struct socket *sock)
1407{
1408 struct sock *sk = sock->sk;
1409 int err;
2a154903 1410 struct l2cap_chan *chan;
554f05bb
GP		 1411
1412 BT_DBG("sock %p, sk %p", sock, sk);
1413
1414 if (!sk)
1415 return 0;
1416
5b28d95c
MY		 1417 bt_sock_unlink(&l2cap_sk_list, sk);
1418
5b440676 1419 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
2a154903 1420 chan = l2cap_pi(sk)->chan;
554f05bb 1421
2a154903
HD		 1422 l2cap_chan_hold(chan);
1423 l2cap_chan_lock(chan);
6c08fc89 1424
554f05bb
GP		 1425 sock_orphan(sk);
1426 l2cap_sock_kill(sk);
6c08fc89 1427
2a154903
HD		 1428 l2cap_chan_unlock(chan);
1429 l2cap_chan_put(chan);
6c08fc89 1430
554f05bb
GP		 1431 return err;
1432}
1433
c0df7f6e
AE		 1434static void l2cap_sock_cleanup_listen(struct sock *parent)
1435{
1436 struct sock *sk;
1437
49d11741
JH		 1438 BT_DBG("parent %p state %s", parent,
1439 state_to_string(parent->sk_state));
c0df7f6e
AE		 1440
1441 /* Close not yet accepted channels */
1442 while ((sk = bt_accept_dequeue(parent, NULL))) {
1443 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1444
49d11741
JH		 1445 BT_DBG("child chan %p state %s", chan,
1446 state_to_string(chan->state));
1447
6c08fc89 1448 l2cap_chan_hold(chan);
c0df7f6e 1449 l2cap_chan_lock(chan);
6c08fc89 1450
c0df7f6e
AE		 1451 __clear_chan_timer(chan);
1452 l2cap_chan_close(chan, ECONNRESET);
c0df7f6e 1453 l2cap_sock_kill(sk);
6c08fc89
MM		 1454
1455 l2cap_chan_unlock(chan);
1456 l2cap_chan_put(chan);
c0df7f6e
AE		 1457 }
1458}
1459
80b98027 1460static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1461{
80b98027 1462 struct sock *sk, *parent = chan->data;
80808e43 1463
8ffb9290
GP		 1464 lock_sock(parent);
1465
53826692
GP		 1466 /* Check for backlog size */
1467 if (sk_acceptq_is_full(parent)) {
1468 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1469 release_sock(parent);
53826692
GP		 1470 return NULL;
1471 }
1472
80808e43 1473 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
11aa9c28 1474 GFP_ATOMIC, 0);
8a96f3cd
JT		 1475 if (!sk) {
1476 release_sock(parent);
80808e43 1477 return NULL;
8a96f3cd 1478 }
80808e43 1479
d22015aa
OP		 1480 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1481
80808e43
GP		 1482 l2cap_sock_init(sk, parent);
1483
c4f5627f 1484 bt_accept_enqueue(parent, sk, false);
644912e1 1485
8ffb9290
GP		 1486 release_sock(parent);
1487
80808e43
GP		 1488 return l2cap_pi(sk)->chan;
1489}
1490
80b98027 1491static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1492{
80b98027 1493 struct sock *sk = chan->data;
84b34d98 1494 int err;
e328140f 1495
6be36555
AE		 1496 lock_sock(sk);
1497
84b34d98 1498 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1499 err = -ENOMEM;
1500 goto done;
1501 }
e328140f 1502
dbb50887
DB		 1503 if (chan->mode != L2CAP_MODE_ERTM &&
1504 chan->mode != L2CAP_MODE_STREAMING) {
1505 /* Even if no filter is attached, we could potentially
1506 * get errors from security modules, etc.
1507 */
1508 err = sk_filter(sk, skb);
1509 if (err)
1510 goto done;
1511 }
1512
1513 err = __sock_queue_rcv_skb(sk, skb);
e328140f
MM		 1514
1515 /* For ERTM, handle one skb that doesn't fit into the recv
1516 * buffer. This is important to do because the data frames
1517 * have already been acked, so the skb cannot be discarded.
1518 *
1519 * Notify the l2cap core that the buffer is full, so the
1520 * LOCAL_BUSY state is entered and no more frames are
1521 * acked and reassembled until there is buffer space
1522 * available.
1523 */
84b34d98
MH		 1524 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1525 l2cap_pi(sk)->rx_busy_skb = skb;
1526 l2cap_chan_busy(chan, 1);
e328140f
MM		 1527 err = 0;
1528 }
23070494 1529
6be36555
AE		 1530done:
1531 release_sock(sk);
1532
e328140f 1533 return err;
23070494
GP		 1534}
1535
80b98027 1536static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1537{
80b98027 1538 struct sock *sk = chan->data;
ba3bd0ee 1539
ea4c054c
WS		 1540 if (!sk)
1541 return;
1542
ba3bd0ee
GP		 1543 l2cap_sock_kill(sk);
1544}
1545
c0df7f6e
AE		 1546static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1547{
1548 struct sock *sk = chan->data;
1549 struct sock *parent;
1550
ea4c054c
WS		 1551 if (!sk)
1552 return;
1553
49d11741
JH		 1554 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1555
3b2ab39e
JH		 1556 /* This callback can be called both for server (BT_LISTEN)
1557 * sockets as well as "normal" ones. To avoid lockdep warnings
1558 * with child socket locking (through l2cap_sock_cleanup_listen)
1559 * we need separation into separate nesting levels. The simplest
1560 * way to accomplish this is to inherit the nesting level used
1561 * for the channel.
1562 */
1563 lock_sock_nested(sk, atomic_read(&chan->nesting));
c0df7f6e
AE		 1564
1565 parent = bt_sk(sk)->parent;
1566
c0df7f6e
AE		 1567 switch (chan->state) {
1568 case BT_OPEN:
1569 case BT_BOUND:
1570 case BT_CLOSED:
1571 break;
1572 case BT_LISTEN:
1573 l2cap_sock_cleanup_listen(sk);
1574 sk->sk_state = BT_CLOSED;
1575 chan->state = BT_CLOSED;
1576
1577 break;
1578 default:
1579 sk->sk_state = BT_CLOSED;
1580 chan->state = BT_CLOSED;
1581
1582 sk->sk_err = err;
1583
1584 if (parent) {
1585 bt_accept_unlink(sk);
676d2369 1586 parent->sk_data_ready(parent);
c0df7f6e
AE		 1587 } else {
1588 sk->sk_state_change(sk);
1589 }
1590
1591 break;
1592 }
c0df7f6e 1593 release_sock(sk);
20ae4089
APS		 1594
1595 /* Only zap after cleanup to avoid use after free race */
1596 sock_set_flag(sk, SOCK_ZAPPED);
1597
c0df7f6e
AE		 1598}
1599
53f52121
GP		 1600static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1601 int err)
89bc500e 1602{
80b98027 1603 struct sock *sk = chan->data;
89bc500e
GP		 1604
1605 sk->sk_state = state;
53f52121
GP		 1606
1607 if (err)
1608 sk->sk_err = err;
89bc500e
GP		 1609}
1610
2f7719ce 1611static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
d9fbd02b 1612 unsigned long hdr_len,
90338947 1613 unsigned long len, int nb)
2f7719ce 1614{
0f2c6153 1615 struct sock *sk = chan->data;
90338947
GP		 1616 struct sk_buff *skb;
1617 int err;
1618
a6a5568c 1619 l2cap_chan_unlock(chan);
d9fbd02b 1620 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
a6a5568c
MM		 1621 l2cap_chan_lock(chan);
1622
90338947
GP		 1623 if (!skb)
1624 return ERR_PTR(err);
2f7719ce 1625
8d46321c
MH		 1626 skb->priority = sk->sk_priority;
1627
a4368ff3 1628 bt_cb(skb)->l2cap.chan = chan;
0e790c64 1629
90338947 1630 return skb;
2f7719ce
AE		 1631}
1632
54a59aa2
AE		 1633static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1634{
1635 struct sock *sk = chan->data;
1636 struct sock *parent;
1637
1638 lock_sock(sk);
1639
1640 parent = bt_sk(sk)->parent;
1641
1642 BT_DBG("sk %p, parent %p", sk, parent);
1643
1644 sk->sk_state = BT_CONNECTED;
1645 sk->sk_state_change(sk);
1646
1647 if (parent)
676d2369 1648 parent->sk_data_ready(parent);
54a59aa2
AE		 1649
1650 release_sock(sk);
1651}
1652
2dc4e510
GP		 1653static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1654{
acdcabf5
GP		 1655 struct sock *parent, *sk = chan->data;
1656
1657 lock_sock(sk);
2dc4e510 1658
acdcabf5 1659 parent = bt_sk(sk)->parent;
2dc4e510 1660 if (parent)
676d2369 1661 parent->sk_data_ready(parent);
acdcabf5
GP		 1662
1663 release_sock(sk);
2dc4e510
GP		 1664}
1665
d97c899b
MH		 1666static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1667{
1668 struct sock *sk = chan->data;
1669
d52deb17
JH		 1670 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1671 sk->sk_state = BT_CONNECTED;
1672 chan->state = BT_CONNECTED;
1673 }
1674
d97c899b
MH		 1675 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1676 sk->sk_state_change(sk);
1677}
1678
5ec1bbe5
GP		 1679static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1680{
1681 struct sock *sk = chan->data;
1682
1683 lock_sock(sk);
1684 sk->sk_shutdown = SHUTDOWN_MASK;
1685 release_sock(sk);
1686}
1687
8d836d71
GP		 1688static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1689{
1690 struct sock *sk = chan->data;
1691
1692 return sk->sk_sndtimeo;
1693}
1694
b48596d1
LAD		 1695static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1696{
1697 struct sock *sk = chan->data;
1698
1699 return sk->sk_peer_pid;
1700}
1701
837776f7
JH		 1702static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1703{
1704 struct sock *sk = chan->data;
1705
1706 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1707 sk->sk_state_change(sk);
1708}
1709
f1942564
LAD		 1710static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1711{
1712 struct sock *sk = chan->data;
1713
1714 switch (chan->mode) {
1715 case L2CAP_MODE_ERTM:
1716 case L2CAP_MODE_STREAMING:
1717 return sk_filter(sk, skb);
1718 }
1719
1720 return 0;
1721}
1722
67f86a45 1723static const struct l2cap_ops l2cap_chan_ops = {
0498878b
JR		 1724 .name = "L2CAP Socket Interface",
1725 .new_connection = l2cap_sock_new_connection_cb,
1726 .recv = l2cap_sock_recv_cb,
1727 .close = l2cap_sock_close_cb,
1728 .teardown = l2cap_sock_teardown_cb,
1729 .state_change = l2cap_sock_state_change_cb,
1730 .ready = l2cap_sock_ready_cb,
1731 .defer = l2cap_sock_defer_cb,
1732 .resume = l2cap_sock_resume_cb,
1733 .suspend = l2cap_sock_suspend_cb,
1734 .set_shutdown = l2cap_sock_set_shutdown_cb,
1735 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
b48596d1 1736 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
0498878b 1737 .alloc_skb = l2cap_sock_alloc_skb_cb,
f1942564 1738 .filter = l2cap_sock_filter,
80808e43
GP		 1739};
1740
bb58f747
GP		 1741static void l2cap_sock_destruct(struct sock *sk)
1742{
1743 BT_DBG("sk %p", sk);
1744
ea4c054c
WS		 1745 if (l2cap_pi(sk)->chan) {
1746 l2cap_pi(sk)->chan->data = NULL;
23d3a869 1747 l2cap_chan_put(l2cap_pi(sk)->chan);
ea4c054c 1748 }
84b34d98 1749
e328140f
MM		 1750 if (l2cap_pi(sk)->rx_busy_skb) {
1751 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1752 l2cap_pi(sk)->rx_busy_skb = NULL;
1753 }
1754
bb58f747
GP		 1755 skb_queue_purge(&sk->sk_receive_queue);
1756 skb_queue_purge(&sk->sk_write_queue);
1757}
1758
2edf870d
MH		 1759static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1760 int *msg_namelen)
1761{
342dfc30 1762 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1763
1764 memset(la, 0, sizeof(struct sockaddr_l2));
1765 la->l2_family = AF_BLUETOOTH;
a4368ff3
JH		 1766 la->l2_psm = bt_cb(skb)->l2cap.psm;
1767 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
2edf870d
MH		 1768
1769 *msg_namelen = sizeof(struct sockaddr_l2);
1770}
1771
80808e43 1772static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1773{
84b34d98 1774 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1775
1776 BT_DBG("sk %p", sk);
1777
1778 if (parent) {
b4450035
GP		 1779 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1780
bb58f747 1781 sk->sk_type = parent->sk_type;
c5daa683 1782 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1783
715ec005 1784 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1785 chan->imtu = pchan->imtu;
1786 chan->omtu = pchan->omtu;
b4450035 1787 chan->conf_state = pchan->conf_state;
0c1bc5c6 1788 chan->mode = pchan->mode;
47d1ec61
GP		 1789 chan->fcs = pchan->fcs;
1790 chan->max_tx = pchan->max_tx;
1791 chan->tx_win = pchan->tx_win;
6b3c7104 1792 chan->tx_win_max = pchan->tx_win_max;
4343478f 1793 chan->sec_level = pchan->sec_level;
d57b0e8b 1794 chan->flags = pchan->flags;
0cd75f7e
JH		 1795 chan->tx_credits = pchan->tx_credits;
1796 chan->rx_credits = pchan->rx_credits;
6230c9b4 1797
7a8e5a31
JH		 1798 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1799 chan->scid = pchan->scid;
1800 chan->dcid = pchan->scid;
1801 }
1802
6230c9b4 1803 security_sk_clone(parent, sk);
bb58f747 1804 } else {
715ec005
GP		 1805 switch (sk->sk_type) {
1806 case SOCK_RAW:
1807 chan->chan_type = L2CAP_CHAN_RAW;
1808 break;
1809 case SOCK_DGRAM:
1810 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1811 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1812 break;
1813 case SOCK_SEQPACKET:
1814 case SOCK_STREAM:
1815 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1816 break;
1817 }
1818
0c1bc5c6
GP		 1819 chan->imtu = L2CAP_DEFAULT_MTU;
1820 chan->omtu = 0;
bb58f747 1821 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1822 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1823 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1824 } else {
0c1bc5c6 1825 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1826 }
bd4b1653
AE		 1827
1828 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1829 }
1830
1831 /* Default config options */
0c1bc5c6 1832 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1833
1834 chan->data = sk;
1835 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1836}
1837
1838static struct proto l2cap_proto = {
1839 .name = "L2CAP",
1840 .owner = THIS_MODULE,
1841 .obj_size = sizeof(struct l2cap_pinfo)
1842};
1843
2d792818 1844static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 1845 int proto, gfp_t prio, int kern)
bb58f747
GP		 1846{
1847 struct sock *sk;
dc50a06d 1848 struct l2cap_chan *chan;
bb58f747 1849
11aa9c28 1850 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
bb58f747
GP		 1851 if (!sk)
1852 return NULL;
1853
1854 sock_init_data(sock, sk);
1855 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1856
1857 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1858 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1859
1860 sock_reset_flag(sk, SOCK_ZAPPED);
1861
1862 sk->sk_protocol = proto;
1863 sk->sk_state = BT_OPEN;
1864
eef1d9b6 1865 chan = l2cap_chan_create();
dc50a06d 1866 if (!chan) {
49dfbb91 1867 sk_free(sk);
dc50a06d
GP		 1868 return NULL;
1869 }
1870
61d6ef3e
MM		 1871 l2cap_chan_hold(chan);
1872
dc50a06d
GP		 1873 l2cap_pi(sk)->chan = chan;
1874
bb58f747
GP		 1875 return sk;
1876}
1877
1878static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1879 int kern)
1880{
1881 struct sock *sk;
1882
1883 BT_DBG("sock %p", sock);
1884
1885 sock->state = SS_UNCONNECTED;
1886
1887 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1888 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1889 return -ESOCKTNOSUPPORT;
1890
1891 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1892 return -EPERM;
1893
1894 sock->ops = &l2cap_sock_ops;
1895
11aa9c28 1896 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
bb58f747
GP		 1897 if (!sk)
1898 return -ENOMEM;
1899
1900 l2cap_sock_init(sk, NULL);
5b28d95c 1901 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1902 return 0;
1903}
1904
cf2f90f5 1905static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1906 .family = PF_BLUETOOTH,
1907 .owner = THIS_MODULE,
1908 .release = l2cap_sock_release,
1909 .bind = l2cap_sock_bind,
1910 .connect = l2cap_sock_connect,
1911 .listen = l2cap_sock_listen,
1912 .accept = l2cap_sock_accept,
1913 .getname = l2cap_sock_getname,
1914 .sendmsg = l2cap_sock_sendmsg,
1915 .recvmsg = l2cap_sock_recvmsg,
a11e1d43 1916 .poll = bt_sock_poll,
65390587 1917 .ioctl = bt_sock_ioctl,
c7cbdbf2 1918 .gettstamp = sock_gettstamp,
65390587
GP		 1919 .mmap = sock_no_mmap,
1920 .socketpair = sock_no_socketpair,
1921 .shutdown = l2cap_sock_shutdown,
1922 .setsockopt = l2cap_sock_setsockopt,
1923 .getsockopt = l2cap_sock_getsockopt
1924};
1925
bb58f747
GP		 1926static const struct net_proto_family l2cap_sock_family_ops = {
1927 .family = PF_BLUETOOTH,
1928 .owner = THIS_MODULE,
1929 .create = l2cap_sock_create,
1930};
1931
1932int __init l2cap_init_sockets(void)
1933{
e2174ca4 1934 int err;
bb58f747 1935
dd625558
MH		 1936 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1937
e2174ca4
GP		 1938 err = proto_register(&l2cap_proto, 0);
1939 if (err < 0)
1940 return err;
bb58f747 1941
e2174ca4 1942 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1943 if (err < 0) {
1944 BT_ERR("L2CAP socket registration failed");
e2174ca4 1945 goto error;
5b28d95c
MY		 1946 }
1947
b0316615 1948 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1949 NULL);
5b28d95c
MY		 1950 if (err < 0) {
1951 BT_ERR("Failed to create L2CAP proc file");
1952 bt_sock_unregister(BTPROTO_L2CAP);
1953 goto error;
1954 }
bb58f747 1955
e2174ca4 1956 BT_INFO("L2CAP socket layer initialized");
bb58f747 1957
e2174ca4 1958 return 0;
bb58f747
GP		 1959
1960error:
e2174ca4
GP		 1961 proto_unregister(&l2cap_proto);
1962 return err;
bb58f747
GP		 1963}
1964
1965void l2cap_cleanup_sockets(void)
1966{
5b28d95c 1967 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1968 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1969 proto_unregister(&l2cap_proto);
bb58f747 1970}
Ubuntu Jammy Linux kernel mirror