]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hci_h5: Move variable into local scope
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
174cd4b1 32#include <linux/sched/signal.h>
6230c9b4 33
bb58f747 34#include <net/bluetooth/bluetooth.h>
33575df7 35#include <net/bluetooth/hci_core.h>
bb58f747 36#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 37
38#include "smp.h"
bb58f747 39
5b28d95c
MY		 40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
cf2f90f5 44static const struct proto_ops l2cap_sock_ops;
80808e43 45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818 46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 47 int proto, gfp_t prio, int kern);
cf2f90f5 48
b3916db3
DH		 49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
4946096d
JH		 55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
114f9f1e 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
114f9f1e 71 if (psm > L2CAP_PSM_LE_DYN_END)
4946096d
JH		 72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
114f9f1e 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 76 return -EACCES;
77
78 return 0;
79}
80
af6bcd82
GP		 81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
4343478f 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
d2ecfa76
MJ		 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
af6bcd82
GP		 92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
bfe4655f 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 105 /* We only allow ATT user space socket */
9149761a 106 if (la.l2_cid &&
dcf4adbf 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 108 return -EINVAL;
109 }
110
af6bcd82
GP		 111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
4946096d
JH		 121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
af6bcd82 125
4946096d 126 if (err)
af6bcd82 127 goto done;
af6bcd82
GP		 128 }
129
a2342c5f
JH		 130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
9e4425ff 133 if (la.l2_cid)
6e4aff10 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 137
9e4425ff
GP		 138 if (err < 0)
139 goto done;
af6bcd82 140
6a974b50 141 switch (chan->chan_type) {
3124b843
MH		 142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
6a974b50
MH		 146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
cb6ca8e1
JH		 151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
c16900cf
JH		 154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
6a974b50 162 }
b62f328b 163
38319713 164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 166
89bc500e 167 chan->state = BT_BOUND;
9e4425ff 168 sk->sk_state = BT_BOUND;
af6bcd82
GP		 169
170done:
171 release_sock(sk);
172 return err;
173}
174
2d792818
GP		 175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
4e34c50b
GP		 177{
178 struct sock *sk = sock->sk;
0c1bc5c6 179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
d2ecfa76 185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
4e34c50b
GP		 186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
acd7d370 193 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 194 return -EINVAL;
195
80c1a2e7
JH		 196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
eb622495
JH		 199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 */
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
211 */
212 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 214 return -EINVAL;
215
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
221 */
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
1f209383
JH		 224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
bfe4655f 228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 229 /* We only allow ATT user space socket */
9149761a 230 if (la.l2_cid &&
dcf4adbf 231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 232 return -EINVAL;
233 }
234
38319713 235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 237
6e4aff10 238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 239 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 240 if (err)
b3fb611e 241 return err;
4e34c50b 242
6be36555
AE		 243 lock_sock(sk);
244
4e34c50b 245 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 246 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 247
248 release_sock(sk);
249
4e34c50b
GP		 250 return err;
251}
252
af6bcd82
GP		 253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
0c1bc5c6 256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
6b3af733 263 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 264 err = -EBADFD;
265 goto done;
266 }
267
6b3af733
MH		 268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
0c1bc5c6 273 switch (chan->mode) {
af6bcd82 274 case L2CAP_MODE_BASIC:
38319713 275 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281 /* fall through */
282 default:
beb19e4c 283 err = -EOPNOTSUPP;
af6bcd82
GP		 284 goto done;
285 }
286
af6bcd82
GP		 287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
89bc500e 289
abe84903
JH		 290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
293 */
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
89bc500e 296 chan->state = BT_LISTEN;
af6bcd82
GP		 297 sk->sk_state = BT_LISTEN;
298
299done:
300 release_sock(sk);
301 return err;
302}
303
2d792818 304static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
cdfbabfb 305 int flags, bool kern)
c47b7c72 306{
dfb2fae7 307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
c47b7c72
GP		 308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
3b2ab39e 312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 313
c47b7c72
GP		 314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 320 while (1) {
f9a3c20a
PH		 321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
c47b7c72
GP		 323 break;
324 }
325
f9a3c20a
PH		 326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
c47b7c72 329
f9a3c20a
PH		 330 if (!timeo) {
331 err = -EAGAIN;
c47b7c72
GP		 332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
f9a3c20a
PH		 339
340 release_sock(sk);
dfb2fae7
PH		 341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
3b2ab39e 344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 345 }
c47b7c72
GP		 346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
2d792818 360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
9b2c45d4 361 int peer)
d7175d55
GP		 362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
0c1bc5c6 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
e8b1ab9e 369 if (peer && sk->sk_state != BT_CONNECTED &&
bf19d51b
JH		 370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
b783fbc3
JH		 372 return -ENOTCONN;
373
792039c7 374 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55 375 addr->sa_family = AF_BLUETOOTH;
d7175d55 376
d7e5e76b
JH		 377 la->l2_psm = chan->psm;
378
d7175d55 379 if (peer) {
7eafc59e 380 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 381 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 382 la->l2_bdaddr_type = chan->dst_type;
d7175d55 383 } else {
7eafc59e 384 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 385 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 386 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 387 }
388
9b2c45d4 389 return sizeof(struct sockaddr_l2);
d7175d55
GP		 390}
391
2d792818
GP		 392static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
99f4808d
GP		 394{
395 struct sock *sk = sock->sk;
4343478f 396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
399 int len, err = 0;
400 u32 opt;
401
402 BT_DBG("sk %p", sk);
403
404 if (get_user(len, optlen))
405 return -EFAULT;
406
407 lock_sock(sk);
408
409 switch (optname) {
410 case L2CAP_OPTIONS:
64b4f8dc
JH		 411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
412 * legacy ATT code depends on getsockopt for
413 * L2CAP_OPTIONS we need to let this pass.
414 */
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
417 err = -EINVAL;
418 break;
419 }
420
e3fb592b 421 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
47d1ec61
GP		 426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
6327eb98 428 opts.txwin_size = chan->tx_win;
99f4808d
GP		 429
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
432 err = -EFAULT;
433
434 break;
435
436 case L2CAP_LM:
4343478f 437 switch (chan->sec_level) {
99f4808d
GP		 438 case BT_SECURITY_LOW:
439 opt = L2CAP_LM_AUTH;
440 break;
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
443 break;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 446 L2CAP_LM_SECURE;
99f4808d 447 break;
7d513e92
MH		 448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451 break;
99f4808d
GP		 452 default:
453 opt = 0;
454 break;
455 }
456
43bd0f32 457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 458 opt |= L2CAP_LM_MASTER;
459
ecf61bdb 460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 461 opt |= L2CAP_LM_RELIABLE;
462
463 if (put_user(opt, (u32 __user *) optval))
464 err = -EFAULT;
7d513e92 465
99f4808d
GP		 466 break;
467
468 case L2CAP_CONNINFO:
469 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 472 err = -ENOTCONN;
473 break;
474 }
475
8d03e971 476 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 479
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
482 err = -EFAULT;
483
484 break;
485
486 default:
487 err = -ENOPROTOOPT;
488 break;
489 }
490
491 release_sock(sk);
492 return err;
493}
494
2d792818
GP		 495static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
99f4808d
GP		 497{
498 struct sock *sk = sock->sk;
4343478f 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 500 struct bt_security sec;
14b12d0b 501 struct bt_power pwr;
eab2404b 502 u32 phys;
99f4808d
GP		 503 int len, err = 0;
504
505 BT_DBG("sk %p", sk);
506
507 if (level == SOL_L2CAP)
508 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509
510 if (level != SOL_BLUETOOTH)
511 return -ENOPROTOOPT;
512
513 if (get_user(len, optlen))
514 return -EFAULT;
515
516 lock_sock(sk);
517
518 switch (optname) {
519 case BT_SECURITY:
715ec005 520 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 521 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 522 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 523 err = -EINVAL;
524 break;
525 }
526
8f360119 527 memset(&sec, 0, sizeof(sec));
85e34368 528 if (chan->conn) {
c6585a4d 529 sec.level = chan->conn->hcon->sec_level;
99f4808d 530
85e34368
AE		 531 if (sk->sk_state == BT_CONNECTED)
532 sec.key_size = chan->conn->hcon->enc_key_size;
533 } else {
534 sec.level = chan->sec_level;
535 }
8f360119 536
99f4808d
GP		 537 len = min_t(unsigned int, len, sizeof(sec));
538 if (copy_to_user(optval, (char *) &sec, len))
539 err = -EFAULT;
540
541 break;
542
543 case BT_DEFER_SETUP:
544 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
545 err = -EINVAL;
546 break;
547 }
548
c5daa683
GP		 549 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
550 (u32 __user *) optval))
99f4808d
GP		 551 err = -EFAULT;
552
553 break;
554
555 case BT_FLUSHABLE:
d57b0e8b 556 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 557 (u32 __user *) optval))
99f4808d
GP		 558 err = -EFAULT;
559
560 break;
561
14b12d0b
JG		 562 case BT_POWER:
563 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 564 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 565 err = -EINVAL;
566 break;
567 }
568
15770b1a 569 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 570
571 len = min_t(unsigned int, len, sizeof(pwr));
572 if (copy_to_user(optval, (char *) &pwr, len))
573 err = -EFAULT;
574
575 break;
576
2ea66482 577 case BT_CHANNEL_POLICY:
2ea66482
MM		 578 if (put_user(chan->chan_policy, (u32 __user *) optval))
579 err = -EFAULT;
580 break;
581
1f435424 582 case BT_SNDMTU:
1f435424
JH		 583 if (!bdaddr_type_is_le(chan->src_type)) {
584 err = -EINVAL;
585 break;
586 }
587
588 if (sk->sk_state != BT_CONNECTED) {
589 err = -ENOTCONN;
590 break;
591 }
592
593 if (put_user(chan->omtu, (u16 __user *) optval))
594 err = -EFAULT;
595 break;
596
597 case BT_RCVMTU:
1f435424
JH		 598 if (!bdaddr_type_is_le(chan->src_type)) {
599 err = -EINVAL;
600 break;
601 }
602
603 if (put_user(chan->imtu, (u16 __user *) optval))
604 err = -EFAULT;
605 break;
606
eab2404b
LAD		 607 case BT_PHY:
608 if (sk->sk_state == BT_CONNECTED) {
609 err = -ENOTCONN;
610 break;
611 }
612
613 phys = hci_conn_get_phy(chan->conn->hcon);
614
615 if (put_user(phys, (u32 __user *) optval))
616 err = -EFAULT;
617 break;
618
99f4808d
GP		 619 default:
620 err = -ENOPROTOOPT;
621 break;
622 }
623
624 release_sock(sk);
625 return err;
626}
627
682877c3
AG		 628static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
629{
630 switch (chan->scid) {
073d1cf3 631 case L2CAP_CID_ATT:
8c3a4f00 632 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 633 return false;
634 break;
635
636 default:
637 if (mtu < L2CAP_DEFAULT_MIN_MTU)
638 return false;
639 }
640
641 return true;
642}
643
2d792818
GP		 644static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
645 char __user *optval, unsigned int optlen)
33575df7
GP		 646{
647 struct sock *sk = sock->sk;
b4450035 648 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 649 struct l2cap_options opts;
650 int len, err = 0;
651 u32 opt;
652
653 BT_DBG("sk %p", sk);
654
655 lock_sock(sk);
656
657 switch (optname) {
658 case L2CAP_OPTIONS:
64b4f8dc
JH		 659 if (bdaddr_type_is_le(chan->src_type)) {
660 err = -EINVAL;
661 break;
662 }
663
33575df7
GP		 664 if (sk->sk_state == BT_CONNECTED) {
665 err = -EINVAL;
666 break;
667 }
668
0c1bc5c6
GP		 669 opts.imtu = chan->imtu;
670 opts.omtu = chan->omtu;
671 opts.flush_to = chan->flush_to;
672 opts.mode = chan->mode;
47d1ec61
GP		 673 opts.fcs = chan->fcs;
674 opts.max_tx = chan->max_tx;
6327eb98 675 opts.txwin_size = chan->tx_win;
33575df7
GP		 676
677 len = min_t(unsigned int, sizeof(opts), optlen);
678 if (copy_from_user((char *) &opts, optval, len)) {
679 err = -EFAULT;
680 break;
681 }
682
6327eb98 683 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 684 err = -EINVAL;
685 break;
686 }
687
682877c3
AG		 688 if (!l2cap_valid_mtu(chan, opts.imtu)) {
689 err = -EINVAL;
690 break;
691 }
692
0c1bc5c6
GP		 693 chan->mode = opts.mode;
694 switch (chan->mode) {
38319713
JH		 695 case L2CAP_MODE_LE_FLOWCTL:
696 break;
33575df7 697 case L2CAP_MODE_BASIC:
c1360a1c 698 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 699 break;
700 case L2CAP_MODE_ERTM:
701 case L2CAP_MODE_STREAMING:
702 if (!disable_ertm)
703 break;
704 /* fall through */
705 default:
706 err = -EINVAL;
707 break;
708 }
709
0c1bc5c6
GP		 710 chan->imtu = opts.imtu;
711 chan->omtu = opts.omtu;
47d1ec61
GP		 712 chan->fcs = opts.fcs;
713 chan->max_tx = opts.max_tx;
6327eb98 714 chan->tx_win = opts.txwin_size;
12d59781 715 chan->flush_to = opts.flush_to;
33575df7
GP		 716 break;
717
718 case L2CAP_LM:
719 if (get_user(opt, (u32 __user *) optval)) {
720 err = -EFAULT;
721 break;
722 }
723
7d513e92
MH		 724 if (opt & L2CAP_LM_FIPS) {
725 err = -EINVAL;
726 break;
727 }
728
33575df7 729 if (opt & L2CAP_LM_AUTH)
4343478f 730 chan->sec_level = BT_SECURITY_LOW;
33575df7 731 if (opt & L2CAP_LM_ENCRYPT)
4343478f 732 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 733 if (opt & L2CAP_LM_SECURE)
4343478f 734 chan->sec_level = BT_SECURITY_HIGH;
33575df7 735
43bd0f32
AE		 736 if (opt & L2CAP_LM_MASTER)
737 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
738 else
739 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 740
741 if (opt & L2CAP_LM_RELIABLE)
742 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
743 else
744 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 745 break;
746
747 default:
748 err = -ENOPROTOOPT;
749 break;
750 }
751
752 release_sock(sk);
753 return err;
754}
755
2d792818
GP		 756static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
757 char __user *optval, unsigned int optlen)
33575df7
GP		 758{
759 struct sock *sk = sock->sk;
4343478f 760 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 761 struct bt_security sec;
14b12d0b 762 struct bt_power pwr;
f1cb9af5 763 struct l2cap_conn *conn;
33575df7
GP		 764 int len, err = 0;
765 u32 opt;
766
767 BT_DBG("sk %p", sk);
768
769 if (level == SOL_L2CAP)
770 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
771
772 if (level != SOL_BLUETOOTH)
773 return -ENOPROTOOPT;
774
775 lock_sock(sk);
776
777 switch (optname) {
778 case BT_SECURITY:
715ec005 779 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 780 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 781 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 782 err = -EINVAL;
783 break;
784 }
785
786 sec.level = BT_SECURITY_LOW;
787
788 len = min_t(unsigned int, sizeof(sec), optlen);
789 if (copy_from_user((char *) &sec, optval, len)) {
790 err = -EFAULT;
791 break;
792 }
793
794 if (sec.level < BT_SECURITY_LOW ||
a164cee1 795 sec.level > BT_SECURITY_FIPS) {
33575df7
GP		 796 err = -EINVAL;
797 break;
798 }
799
4343478f 800 chan->sec_level = sec.level;
f1cb9af5 801
0bee1d60
GP		 802 if (!chan->conn)
803 break;
804
f1cb9af5 805 conn = chan->conn;
0bee1d60 806
bbb69b37 807 /* change security for LE channels */
073d1cf3 808 if (chan->scid == L2CAP_CID_ATT) {
bbb69b37
FD		 809 if (smp_conn_security(conn->hcon, sec.level)) {
810 err = -EINVAL;
f1cb9af5 811 break;
bbb69b37
FD		 812 }
813
d52deb17 814 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
f1cb9af5 815 sk->sk_state = BT_CONFIG;
3542b854 816 chan->state = BT_CONFIG;
0bee1d60 817
a7d7723a
GP		 818 /* or for ACL link */
819 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 820 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a 821 sk->sk_state == BT_CONNECTED) {
e7cafc45 822 if (!l2cap_chan_check_security(chan, true))
c5daa683 823 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 824 else
825 sk->sk_state_change(sk);
0bee1d60
GP		 826 } else {
827 err = -EINVAL;
f1cb9af5 828 }
33575df7
GP		 829 break;
830
831 case BT_DEFER_SETUP:
832 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
833 err = -EINVAL;
834 break;
835 }
836
837 if (get_user(opt, (u32 __user *) optval)) {
838 err = -EFAULT;
839 break;
840 }
841
bdc25783 842 if (opt) {
c5daa683 843 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 844 set_bit(FLAG_DEFER_SETUP, &chan->flags);
845 } else {
c5daa683 846 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 847 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
848 }
33575df7
GP		 849 break;
850
851 case BT_FLUSHABLE:
852 if (get_user(opt, (u32 __user *) optval)) {
853 err = -EFAULT;
854 break;
855 }
856
857 if (opt > BT_FLUSHABLE_ON) {
858 err = -EINVAL;
859 break;
860 }
861
862 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 863 conn = chan->conn;
25985edc 864 /* proceed further only when we have l2cap_conn and
33575df7
GP		 865 No Flush support in the LM */
866 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
867 err = -EINVAL;
868 break;
869 }
870 }
871
d57b0e8b
AE		 872 if (opt)
873 set_bit(FLAG_FLUSHABLE, &chan->flags);
874 else
875 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 876 break;
877
14b12d0b
JG		 878 case BT_POWER:
879 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 880 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 881 err = -EINVAL;
882 break;
883 }
884
885 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
886
887 len = min_t(unsigned int, sizeof(pwr), optlen);
888 if (copy_from_user((char *) &pwr, optval, len)) {
889 err = -EFAULT;
890 break;
891 }
15770b1a
AE		 892
893 if (pwr.force_active)
894 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
895 else
896 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 897 break;
898
2ea66482 899 case BT_CHANNEL_POLICY:
2ea66482
MM		 900 if (get_user(opt, (u32 __user *) optval)) {
901 err = -EFAULT;
902 break;
903 }
904
905 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
906 err = -EINVAL;
907 break;
908 }
909
910 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 911 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 912 err = -EOPNOTSUPP;
913 break;
914 }
915
916 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 917
918 if (sk->sk_state == BT_CONNECTED &&
919 chan->move_role == L2CAP_MOVE_ROLE_NONE)
920 l2cap_move_start(chan);
921
14b12d0b
JG		 922 break;
923
1f435424 924 case BT_SNDMTU:
1f435424
JH		 925 if (!bdaddr_type_is_le(chan->src_type)) {
926 err = -EINVAL;
927 break;
928 }
929
930 /* Setting is not supported as it's the remote side that
931 * decides this.
932 */
933 err = -EPERM;
934 break;
935
936 case BT_RCVMTU:
1f435424
JH		 937 if (!bdaddr_type_is_le(chan->src_type)) {
938 err = -EINVAL;
939 break;
940 }
941
942 if (sk->sk_state == BT_CONNECTED) {
943 err = -EISCONN;
944 break;
945 }
946
23bc6ab0 947 if (get_user(opt, (u16 __user *) optval)) {
1f435424
JH		 948 err = -EFAULT;
949 break;
950 }
951
952 chan->imtu = opt;
953 break;
954
33575df7
GP		 955 default:
956 err = -ENOPROTOOPT;
957 break;
958 }
959
960 release_sock(sk);
961 return err;
962}
fd83ccdb 963
1b784140
YX		 964static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
965 size_t len)
fd83ccdb
GP		 966{
967 struct sock *sk = sock->sk;
0c1bc5c6 968 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 969 int err;
970
971 BT_DBG("sock %p, sk %p", sock, sk);
972
973 err = sock_error(sk);
974 if (err)
975 return err;
976
977 if (msg->msg_flags & MSG_OOB)
978 return -EOPNOTSUPP;
979
a6a5568c 980 if (sk->sk_state != BT_CONNECTED)
9a91a04a 981 return -ENOTCONN;
fd83ccdb 982
e793dcf0
JH		 983 lock_sock(sk);
984 err = bt_sock_wait_ready(sk, msg->msg_flags);
985 release_sock(sk);
986 if (err)
987 return err;
988
a6a5568c 989 l2cap_chan_lock(chan);
8d46321c 990 err = l2cap_chan_send(chan, msg, len);
a6a5568c 991 l2cap_chan_unlock(chan);
fd83ccdb 992
fd83ccdb
GP		 993 return err;
994}
33575df7 995
1b784140
YX		 996static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
997 size_t len, int flags)
68983259
GP		 998{
999 struct sock *sk = sock->sk;
e328140f
MM		 1000 struct l2cap_pinfo *pi = l2cap_pi(sk);
1001 int err;
68983259
GP		 1002
1003 lock_sock(sk);
1004
c5daa683
GP		 1005 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1006 &bt_sk(sk)->flags)) {
38319713
JH		 1007 if (bdaddr_type_is_le(pi->chan->src_type)) {
1008 sk->sk_state = BT_CONNECTED;
1009 pi->chan->state = BT_CONNECTED;
1010 __l2cap_le_connect_rsp_defer(pi->chan);
1011 } else {
1012 sk->sk_state = BT_CONFIG;
1013 pi->chan->state = BT_CONFIG;
1014 __l2cap_connect_rsp_defer(pi->chan);
1015 }
8c1d787b 1016
970871bc
JH		 1017 err = 0;
1018 goto done;
68983259
GP		 1019 }
1020
1021 release_sock(sk);
1022
1023 if (sock->type == SOCK_STREAM)
1b784140 1024 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
e328140f 1025 else
1b784140 1026 err = bt_sock_recvmsg(sock, msg, len, flags);
e328140f
MM		 1027
1028 if (pi->chan->mode != L2CAP_MODE_ERTM)
1029 return err;
1030
1031 /* Attempt to put pending rx data in the socket buffer */
1032
1033 lock_sock(sk);
1034
1035 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1036 goto done;
1037
1038 if (pi->rx_busy_skb) {
dbb50887 1039 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
e328140f
MM		 1040 pi->rx_busy_skb = NULL;
1041 else
1042 goto done;
1043 }
1044
1045 /* Restore data flow when half of the receive buffer is
1046 * available. This avoids resending large numbers of
1047 * frames.
1048 */
1049 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1050 l2cap_chan_busy(pi->chan, 0);
68983259 1051
e328140f
MM		 1052done:
1053 release_sock(sk);
1054 return err;
68983259
GP		 1055}
1056
05fc1576 1057/* Kill socket (only if zapped and orphan)
6c08fc89 1058 * Must be called on unlocked socket, with l2cap channel lock.
05fc1576 1059 */
ba3bd0ee 1060static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1061{
1062 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1063 return;
1064
e05dcc32 1065 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1066
1067 /* Kill poor orphan */
6ff5abbf 1068
4af66c69 1069 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1070 sock_set_flag(sk, SOCK_DEAD);
1071 sock_put(sk);
1072}
1073
f65468f6 1074static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
dc25306b 1075{
dc25306b
GP		 1076 DECLARE_WAITQUEUE(wait, current);
1077 int err = 0;
cb02a255 1078 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
e432c72c
DJ		 1079 /* Timeout to prevent infinite loop */
1080 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
dc25306b
GP		 1081
1082 add_wait_queue(sk_sleep(sk), &wait);
1083 set_current_state(TASK_INTERRUPTIBLE);
f65468f6 1084 do {
e432c72c
DJ		 1085 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1086 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1087 jiffies_to_msecs(timeout - jiffies));
451e4c6c 1088
dc25306b 1089 if (!timeo)
cb02a255 1090 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
dc25306b
GP		 1091
1092 if (signal_pending(current)) {
1093 err = sock_intr_errno(timeo);
1094 break;
1095 }
1096
1097 release_sock(sk);
1098 timeo = schedule_timeout(timeo);
1099 lock_sock(sk);
1100 set_current_state(TASK_INTERRUPTIBLE);
1101
1102 err = sock_error(sk);
1103 if (err)
1104 break;
f65468f6 1105
e432c72c
DJ		 1106 if (time_after(jiffies, timeout)) {
1107 err = -ENOLINK;
1108 break;
1109 }
1110
f65468f6
DJ		 1111 } while (chan->unacked_frames > 0 &&
1112 chan->state == BT_CONNECTED);
1113
dc25306b
GP		 1114 set_current_state(TASK_RUNNING);
1115 remove_wait_queue(sk_sleep(sk), &wait);
1116 return err;
1117}
1118
dcba0dba
GP		 1119static int l2cap_sock_shutdown(struct socket *sock, int how)
1120{
1121 struct sock *sk = sock->sk;
7ddb6e0f 1122 struct l2cap_chan *chan;
3df91ea2 1123 struct l2cap_conn *conn;
dcba0dba
GP		 1124 int err = 0;
1125
1126 BT_DBG("sock %p, sk %p", sock, sk);
1127
1128 if (!sk)
1129 return 0;
1130
04ba72e6
DJ		 1131 lock_sock(sk);
1132
e7456437
DJ		 1133 if (sk->sk_shutdown)
1134 goto shutdown_already;
1135
1136 BT_DBG("Handling sock shutdown");
1137
2baea85d
DJ		 1138 /* prevent sk structure from being freed whilst unlocked */
1139 sock_hold(sk);
1140
7ddb6e0f 1141 chan = l2cap_pi(sk)->chan;
2baea85d
DJ		 1142 /* prevent chan structure from being freed whilst unlocked */
1143 l2cap_chan_hold(chan);
3df91ea2 1144
49d11741
JH		 1145 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1146
e7456437
DJ		 1147 if (chan->mode == L2CAP_MODE_ERTM &&
1148 chan->unacked_frames > 0 &&
9f7378a9 1149 chan->state == BT_CONNECTED) {
e7456437 1150 err = __l2cap_wait_ack(sk, chan);
dcba0dba 1151
9f7378a9
DJ		 1152 /* After waiting for ACKs, check whether shutdown
1153 * has already been actioned to close the L2CAP
1154 * link such as by l2cap_disconnection_req().
1155 */
1156 if (sk->sk_shutdown)
1157 goto has_shutdown;
1158 }
1159
e7456437 1160 sk->sk_shutdown = SHUTDOWN_MASK;
e7456437 1161 release_sock(sk);
04ba72e6
DJ		 1162
1163 l2cap_chan_lock(chan);
1164 conn = chan->conn;
1165 if (conn)
1166 /* prevent conn structure from being freed */
1167 l2cap_conn_get(conn);
1168 l2cap_chan_unlock(chan);
1169
1170 if (conn)
1171 /* mutex lock must be taken before l2cap_chan_lock() */
1172 mutex_lock(&conn->chan_lock);
1173
1174 l2cap_chan_lock(chan);
e7456437 1175 l2cap_chan_close(chan, 0);
04ba72e6
DJ		 1176 l2cap_chan_unlock(chan);
1177
1178 if (conn) {
1179 mutex_unlock(&conn->chan_lock);
1180 l2cap_conn_put(conn);
1181 }
1182
e7456437 1183 lock_sock(sk);
dcba0dba 1184
e7456437
DJ		 1185 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1186 !(current->flags & PF_EXITING))
1187 err = bt_sock_wait_state(sk, BT_CLOSED,
1188 sk->sk_lingertime);
dcba0dba 1189
9f7378a9 1190has_shutdown:
04ba72e6
DJ		 1191 l2cap_chan_put(chan);
1192 sock_put(sk);
1193
1194shutdown_already:
dcba0dba
GP		 1195 if (!err && sk->sk_err)
1196 err = -sk->sk_err;
1197
1198 release_sock(sk);
3df91ea2 1199
04ba72e6 1200 BT_DBG("Sock shutdown complete err: %d", err);
451e4c6c 1201
dcba0dba
GP		 1202 return err;
1203}
1204
554f05bb
GP		 1205static int l2cap_sock_release(struct socket *sock)
1206{
1207 struct sock *sk = sock->sk;
1208 int err;
2a154903 1209 struct l2cap_chan *chan;
554f05bb
GP		 1210
1211 BT_DBG("sock %p, sk %p", sock, sk);
1212
1213 if (!sk)
1214 return 0;
1215
5b28d95c
MY		 1216 bt_sock_unlink(&l2cap_sk_list, sk);
1217
554f05bb 1218 err = l2cap_sock_shutdown(sock, 2);
2a154903 1219 chan = l2cap_pi(sk)->chan;
554f05bb 1220
2a154903
HD		 1221 l2cap_chan_hold(chan);
1222 l2cap_chan_lock(chan);
6c08fc89 1223
554f05bb
GP		 1224 sock_orphan(sk);
1225 l2cap_sock_kill(sk);
6c08fc89 1226
2a154903
HD		 1227 l2cap_chan_unlock(chan);
1228 l2cap_chan_put(chan);
6c08fc89 1229
554f05bb
GP		 1230 return err;
1231}
1232
c0df7f6e
AE		 1233static void l2cap_sock_cleanup_listen(struct sock *parent)
1234{
1235 struct sock *sk;
1236
49d11741
JH		 1237 BT_DBG("parent %p state %s", parent,
1238 state_to_string(parent->sk_state));
c0df7f6e
AE		 1239
1240 /* Close not yet accepted channels */
1241 while ((sk = bt_accept_dequeue(parent, NULL))) {
1242 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1243
49d11741
JH		 1244 BT_DBG("child chan %p state %s", chan,
1245 state_to_string(chan->state));
1246
6c08fc89 1247 l2cap_chan_hold(chan);
c0df7f6e 1248 l2cap_chan_lock(chan);
6c08fc89 1249
c0df7f6e
AE		 1250 __clear_chan_timer(chan);
1251 l2cap_chan_close(chan, ECONNRESET);
c0df7f6e 1252 l2cap_sock_kill(sk);
6c08fc89
MM		 1253
1254 l2cap_chan_unlock(chan);
1255 l2cap_chan_put(chan);
c0df7f6e
AE		 1256 }
1257}
1258
80b98027 1259static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1260{
80b98027 1261 struct sock *sk, *parent = chan->data;
80808e43 1262
8ffb9290
GP		 1263 lock_sock(parent);
1264
53826692
GP		 1265 /* Check for backlog size */
1266 if (sk_acceptq_is_full(parent)) {
1267 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1268 release_sock(parent);
53826692
GP		 1269 return NULL;
1270 }
1271
80808e43 1272 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
11aa9c28 1273 GFP_ATOMIC, 0);
8a96f3cd
JT		 1274 if (!sk) {
1275 release_sock(parent);
80808e43 1276 return NULL;
8a96f3cd 1277 }
80808e43 1278
d22015aa
OP		 1279 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1280
80808e43
GP		 1281 l2cap_sock_init(sk, parent);
1282
c4f5627f 1283 bt_accept_enqueue(parent, sk, false);
644912e1 1284
8ffb9290
GP		 1285 release_sock(parent);
1286
80808e43
GP		 1287 return l2cap_pi(sk)->chan;
1288}
1289
80b98027 1290static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1291{
80b98027 1292 struct sock *sk = chan->data;
84b34d98 1293 int err;
e328140f 1294
6be36555
AE		 1295 lock_sock(sk);
1296
84b34d98 1297 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1298 err = -ENOMEM;
1299 goto done;
1300 }
e328140f 1301
dbb50887
DB		 1302 if (chan->mode != L2CAP_MODE_ERTM &&
1303 chan->mode != L2CAP_MODE_STREAMING) {
1304 /* Even if no filter is attached, we could potentially
1305 * get errors from security modules, etc.
1306 */
1307 err = sk_filter(sk, skb);
1308 if (err)
1309 goto done;
1310 }
1311
1312 err = __sock_queue_rcv_skb(sk, skb);
e328140f
MM		 1313
1314 /* For ERTM, handle one skb that doesn't fit into the recv
1315 * buffer. This is important to do because the data frames
1316 * have already been acked, so the skb cannot be discarded.
1317 *
1318 * Notify the l2cap core that the buffer is full, so the
1319 * LOCAL_BUSY state is entered and no more frames are
1320 * acked and reassembled until there is buffer space
1321 * available.
1322 */
84b34d98
MH		 1323 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1324 l2cap_pi(sk)->rx_busy_skb = skb;
1325 l2cap_chan_busy(chan, 1);
e328140f
MM		 1326 err = 0;
1327 }
23070494 1328
6be36555
AE		 1329done:
1330 release_sock(sk);
1331
e328140f 1332 return err;
23070494
GP		 1333}
1334
80b98027 1335static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1336{
80b98027 1337 struct sock *sk = chan->data;
ba3bd0ee
GP		 1338
1339 l2cap_sock_kill(sk);
1340}
1341
c0df7f6e
AE		 1342static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1343{
1344 struct sock *sk = chan->data;
1345 struct sock *parent;
1346
49d11741
JH		 1347 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1348
3b2ab39e
JH		 1349 /* This callback can be called both for server (BT_LISTEN)
1350 * sockets as well as "normal" ones. To avoid lockdep warnings
1351 * with child socket locking (through l2cap_sock_cleanup_listen)
1352 * we need separation into separate nesting levels. The simplest
1353 * way to accomplish this is to inherit the nesting level used
1354 * for the channel.
1355 */
1356 lock_sock_nested(sk, atomic_read(&chan->nesting));
c0df7f6e
AE		 1357
1358 parent = bt_sk(sk)->parent;
1359
1360 sock_set_flag(sk, SOCK_ZAPPED);
1361
1362 switch (chan->state) {
1363 case BT_OPEN:
1364 case BT_BOUND:
1365 case BT_CLOSED:
1366 break;
1367 case BT_LISTEN:
1368 l2cap_sock_cleanup_listen(sk);
1369 sk->sk_state = BT_CLOSED;
1370 chan->state = BT_CLOSED;
1371
1372 break;
1373 default:
1374 sk->sk_state = BT_CLOSED;
1375 chan->state = BT_CLOSED;
1376
1377 sk->sk_err = err;
1378
1379 if (parent) {
1380 bt_accept_unlink(sk);
676d2369 1381 parent->sk_data_ready(parent);
c0df7f6e
AE		 1382 } else {
1383 sk->sk_state_change(sk);
1384 }
1385
1386 break;
1387 }
1388
1389 release_sock(sk);
1390}
1391
53f52121
GP		 1392static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1393 int err)
89bc500e 1394{
80b98027 1395 struct sock *sk = chan->data;
89bc500e
GP		 1396
1397 sk->sk_state = state;
53f52121
GP		 1398
1399 if (err)
1400 sk->sk_err = err;
89bc500e
GP		 1401}
1402
2f7719ce 1403static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
d9fbd02b 1404 unsigned long hdr_len,
90338947 1405 unsigned long len, int nb)
2f7719ce 1406{
0f2c6153 1407 struct sock *sk = chan->data;
90338947
GP		 1408 struct sk_buff *skb;
1409 int err;
1410
a6a5568c 1411 l2cap_chan_unlock(chan);
d9fbd02b 1412 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
a6a5568c
MM		 1413 l2cap_chan_lock(chan);
1414
90338947
GP		 1415 if (!skb)
1416 return ERR_PTR(err);
2f7719ce 1417
8d46321c
MH		 1418 skb->priority = sk->sk_priority;
1419
a4368ff3 1420 bt_cb(skb)->l2cap.chan = chan;
0e790c64 1421
90338947 1422 return skb;
2f7719ce
AE		 1423}
1424
54a59aa2
AE		 1425static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1426{
1427 struct sock *sk = chan->data;
1428 struct sock *parent;
1429
1430 lock_sock(sk);
1431
1432 parent = bt_sk(sk)->parent;
1433
1434 BT_DBG("sk %p, parent %p", sk, parent);
1435
1436 sk->sk_state = BT_CONNECTED;
1437 sk->sk_state_change(sk);
1438
1439 if (parent)
676d2369 1440 parent->sk_data_ready(parent);
54a59aa2
AE		 1441
1442 release_sock(sk);
1443}
1444
2dc4e510
GP		 1445static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1446{
acdcabf5
GP		 1447 struct sock *parent, *sk = chan->data;
1448
1449 lock_sock(sk);
2dc4e510 1450
acdcabf5 1451 parent = bt_sk(sk)->parent;
2dc4e510 1452 if (parent)
676d2369 1453 parent->sk_data_ready(parent);
acdcabf5
GP		 1454
1455 release_sock(sk);
2dc4e510
GP		 1456}
1457
d97c899b
MH		 1458static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1459{
1460 struct sock *sk = chan->data;
1461
d52deb17
JH		 1462 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1463 sk->sk_state = BT_CONNECTED;
1464 chan->state = BT_CONNECTED;
1465 }
1466
d97c899b
MH		 1467 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1468 sk->sk_state_change(sk);
1469}
1470
5ec1bbe5
GP		 1471static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1472{
1473 struct sock *sk = chan->data;
1474
1475 lock_sock(sk);
1476 sk->sk_shutdown = SHUTDOWN_MASK;
1477 release_sock(sk);
1478}
1479
8d836d71
GP		 1480static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1481{
1482 struct sock *sk = chan->data;
1483
1484 return sk->sk_sndtimeo;
1485}
1486
837776f7
JH		 1487static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1488{
1489 struct sock *sk = chan->data;
1490
1491 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1492 sk->sk_state_change(sk);
1493}
1494
67f86a45 1495static const struct l2cap_ops l2cap_chan_ops = {
0498878b
JR		 1496 .name = "L2CAP Socket Interface",
1497 .new_connection = l2cap_sock_new_connection_cb,
1498 .recv = l2cap_sock_recv_cb,
1499 .close = l2cap_sock_close_cb,
1500 .teardown = l2cap_sock_teardown_cb,
1501 .state_change = l2cap_sock_state_change_cb,
1502 .ready = l2cap_sock_ready_cb,
1503 .defer = l2cap_sock_defer_cb,
1504 .resume = l2cap_sock_resume_cb,
1505 .suspend = l2cap_sock_suspend_cb,
1506 .set_shutdown = l2cap_sock_set_shutdown_cb,
1507 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1508 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1509};
1510
bb58f747
GP		 1511static void l2cap_sock_destruct(struct sock *sk)
1512{
1513 BT_DBG("sk %p", sk);
1514
23d3a869
SL		 1515 if (l2cap_pi(sk)->chan)
1516 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1517
e328140f
MM		 1518 if (l2cap_pi(sk)->rx_busy_skb) {
1519 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1520 l2cap_pi(sk)->rx_busy_skb = NULL;
1521 }
1522
bb58f747
GP		 1523 skb_queue_purge(&sk->sk_receive_queue);
1524 skb_queue_purge(&sk->sk_write_queue);
1525}
1526
2edf870d
MH		 1527static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1528 int *msg_namelen)
1529{
342dfc30 1530 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1531
1532 memset(la, 0, sizeof(struct sockaddr_l2));
1533 la->l2_family = AF_BLUETOOTH;
a4368ff3
JH		 1534 la->l2_psm = bt_cb(skb)->l2cap.psm;
1535 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
2edf870d
MH		 1536
1537 *msg_namelen = sizeof(struct sockaddr_l2);
1538}
1539
80808e43 1540static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1541{
84b34d98 1542 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1543
1544 BT_DBG("sk %p", sk);
1545
1546 if (parent) {
b4450035
GP		 1547 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1548
bb58f747 1549 sk->sk_type = parent->sk_type;
c5daa683 1550 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1551
715ec005 1552 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1553 chan->imtu = pchan->imtu;
1554 chan->omtu = pchan->omtu;
b4450035 1555 chan->conf_state = pchan->conf_state;
0c1bc5c6 1556 chan->mode = pchan->mode;
47d1ec61
GP		 1557 chan->fcs = pchan->fcs;
1558 chan->max_tx = pchan->max_tx;
1559 chan->tx_win = pchan->tx_win;
6b3c7104 1560 chan->tx_win_max = pchan->tx_win_max;
4343478f 1561 chan->sec_level = pchan->sec_level;
d57b0e8b 1562 chan->flags = pchan->flags;
0cd75f7e
JH		 1563 chan->tx_credits = pchan->tx_credits;
1564 chan->rx_credits = pchan->rx_credits;
6230c9b4 1565
7a8e5a31
JH		 1566 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1567 chan->scid = pchan->scid;
1568 chan->dcid = pchan->scid;
1569 }
1570
6230c9b4 1571 security_sk_clone(parent, sk);
bb58f747 1572 } else {
715ec005
GP		 1573 switch (sk->sk_type) {
1574 case SOCK_RAW:
1575 chan->chan_type = L2CAP_CHAN_RAW;
1576 break;
1577 case SOCK_DGRAM:
1578 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1579 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1580 break;
1581 case SOCK_SEQPACKET:
1582 case SOCK_STREAM:
1583 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1584 break;
1585 }
1586
0c1bc5c6
GP		 1587 chan->imtu = L2CAP_DEFAULT_MTU;
1588 chan->omtu = 0;
bb58f747 1589 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1590 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1591 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1592 } else {
0c1bc5c6 1593 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1594 }
bd4b1653
AE		 1595
1596 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1597 }
1598
1599 /* Default config options */
0c1bc5c6 1600 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1601
1602 chan->data = sk;
1603 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1604}
1605
1606static struct proto l2cap_proto = {
1607 .name = "L2CAP",
1608 .owner = THIS_MODULE,
1609 .obj_size = sizeof(struct l2cap_pinfo)
1610};
1611
2d792818 1612static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 1613 int proto, gfp_t prio, int kern)
bb58f747
GP		 1614{
1615 struct sock *sk;
dc50a06d 1616 struct l2cap_chan *chan;
bb58f747 1617
11aa9c28 1618 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
bb58f747
GP		 1619 if (!sk)
1620 return NULL;
1621
1622 sock_init_data(sock, sk);
1623 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1624
1625 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1626 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1627
1628 sock_reset_flag(sk, SOCK_ZAPPED);
1629
1630 sk->sk_protocol = proto;
1631 sk->sk_state = BT_OPEN;
1632
eef1d9b6 1633 chan = l2cap_chan_create();
dc50a06d 1634 if (!chan) {
49dfbb91 1635 sk_free(sk);
dc50a06d
GP		 1636 return NULL;
1637 }
1638
61d6ef3e
MM		 1639 l2cap_chan_hold(chan);
1640
dc50a06d
GP		 1641 l2cap_pi(sk)->chan = chan;
1642
bb58f747
GP		 1643 return sk;
1644}
1645
1646static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1647 int kern)
1648{
1649 struct sock *sk;
1650
1651 BT_DBG("sock %p", sock);
1652
1653 sock->state = SS_UNCONNECTED;
1654
1655 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1656 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1657 return -ESOCKTNOSUPPORT;
1658
1659 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1660 return -EPERM;
1661
1662 sock->ops = &l2cap_sock_ops;
1663
11aa9c28 1664 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
bb58f747
GP		 1665 if (!sk)
1666 return -ENOMEM;
1667
1668 l2cap_sock_init(sk, NULL);
5b28d95c 1669 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1670 return 0;
1671}
1672
cf2f90f5 1673static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1674 .family = PF_BLUETOOTH,
1675 .owner = THIS_MODULE,
1676 .release = l2cap_sock_release,
1677 .bind = l2cap_sock_bind,
1678 .connect = l2cap_sock_connect,
1679 .listen = l2cap_sock_listen,
1680 .accept = l2cap_sock_accept,
1681 .getname = l2cap_sock_getname,
1682 .sendmsg = l2cap_sock_sendmsg,
1683 .recvmsg = l2cap_sock_recvmsg,
a11e1d43 1684 .poll = bt_sock_poll,
65390587 1685 .ioctl = bt_sock_ioctl,
c7cbdbf2 1686 .gettstamp = sock_gettstamp,
65390587
GP		 1687 .mmap = sock_no_mmap,
1688 .socketpair = sock_no_socketpair,
1689 .shutdown = l2cap_sock_shutdown,
1690 .setsockopt = l2cap_sock_setsockopt,
1691 .getsockopt = l2cap_sock_getsockopt
1692};
1693
bb58f747
GP		 1694static const struct net_proto_family l2cap_sock_family_ops = {
1695 .family = PF_BLUETOOTH,
1696 .owner = THIS_MODULE,
1697 .create = l2cap_sock_create,
1698};
1699
1700int __init l2cap_init_sockets(void)
1701{
e2174ca4 1702 int err;
bb58f747 1703
dd625558
MH		 1704 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1705
e2174ca4
GP		 1706 err = proto_register(&l2cap_proto, 0);
1707 if (err < 0)
1708 return err;
bb58f747 1709
e2174ca4 1710 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1711 if (err < 0) {
1712 BT_ERR("L2CAP socket registration failed");
e2174ca4 1713 goto error;
5b28d95c
MY		 1714 }
1715
b0316615 1716 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1717 NULL);
5b28d95c
MY		 1718 if (err < 0) {
1719 BT_ERR("Failed to create L2CAP proc file");
1720 bt_sock_unregister(BTPROTO_L2CAP);
1721 goto error;
1722 }
bb58f747 1723
e2174ca4 1724 BT_INFO("L2CAP socket layer initialized");
bb58f747 1725
e2174ca4 1726 return 0;
bb58f747
GP		 1727
1728error:
e2174ca4
GP		 1729 proto_unregister(&l2cap_proto);
1730 return err;
bb58f747
GP		 1731}
1732
1733void l2cap_cleanup_sockets(void)
1734{
5b28d95c 1735 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1736 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1737 proto_unregister(&l2cap_proto);
bb58f747 1738}
Ubuntu Jammy Linux kernel mirror