[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / l2cap_sock.c

/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated
   Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
   Copyright (C) 2010 Google Inc.

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth L2CAP sockets. */

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>

static void l2cap_sock_timeout(unsigned long arg)
{
	struct sock *sk = (struct sock *) arg;
	int reason;

	BT_DBG("sock %p state %d", sk, sk->sk_state);

	bh_lock_sock(sk);

	if (sock_owned_by_user(sk)) {
		/* sk is owned by user. Try again later */
		l2cap_sock_set_timer(sk, HZ / 5);
		bh_unlock_sock(sk);
		sock_put(sk);
		return;
	}

	if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
		reason = ECONNREFUSED;
	else if (sk->sk_state == BT_CONNECT &&
				l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
		reason = ECONNREFUSED;
	else
		reason = ETIMEDOUT;

	__l2cap_sock_close(sk, reason);

	bh_unlock_sock(sk);

	l2cap_sock_kill(sk);
	sock_put(sk);
}

static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
{
	struct sock *sk;
	struct hlist_node *node;
	sk_for_each(sk, node, &l2cap_sk_list.head)
		if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
			goto found;
	sk = NULL;
found:
	return sk;
}

static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
{
	struct sock *sk = sock->sk;
	struct sockaddr_l2 la;
	int len, err = 0;

	BT_DBG("sk %p", sk);

	if (!addr || addr->sa_family != AF_BLUETOOTH)
		return -EINVAL;

	memset(&la, 0, sizeof(la));
	len = min_t(unsigned int, sizeof(la), alen);
	memcpy(&la, addr, len);

	if (la.l2_cid)
		return -EINVAL;

	lock_sock(sk);

	if (sk->sk_state != BT_OPEN) {
		err = -EBADFD;
		goto done;
	}

	if (la.l2_psm) {
		__u16 psm = __le16_to_cpu(la.l2_psm);

		/* PSM must be odd and lsb of upper byte must be 0 */
		if ((psm & 0x0101) != 0x0001) {
			err = -EINVAL;
			goto done;
		}

		/* Restrict usage of well-known PSMs */
		if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
			err = -EACCES;
			goto done;
		}
	}

	write_lock_bh(&l2cap_sk_list.lock);

	if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
		err = -EADDRINUSE;
	} else {
		/* Save source address */
		bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
		l2cap_pi(sk)->psm   = la.l2_psm;
		l2cap_pi(sk)->sport = la.l2_psm;
		sk->sk_state = BT_BOUND;

		if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
					__le16_to_cpu(la.l2_psm) == 0x0003)
			l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
	}

	write_unlock_bh(&l2cap_sk_list.lock);

done:
	release_sock(sk);
	return err;
}

static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
{
	struct sock *sk = sock->sk;
	struct sockaddr_l2 la;
	int len, err = 0;

	BT_DBG("sk %p", sk);

	if (!addr || alen < sizeof(addr->sa_family) ||
	    addr->sa_family != AF_BLUETOOTH)
		return -EINVAL;

	memset(&la, 0, sizeof(la));
	len = min_t(unsigned int, sizeof(la), alen);
	memcpy(&la, addr, len);

	if (la.l2_cid)
		return -EINVAL;

	lock_sock(sk);

	if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
			&& !la.l2_psm) {
		err = -EINVAL;
		goto done;
	}

	switch (l2cap_pi(sk)->mode) {
	case L2CAP_MODE_BASIC:
		break;
	case L2CAP_MODE_ERTM:
	case L2CAP_MODE_STREAMING:
		if (!disable_ertm)
			break;
		/* fall through */
	default:
		err = -ENOTSUPP;
		goto done;
	}

	switch (sk->sk_state) {
	case BT_CONNECT:
	case BT_CONNECT2:
	case BT_CONFIG:
		/* Already connecting */
		goto wait;

	case BT_CONNECTED:
		/* Already connected */
		err = -EISCONN;
		goto done;

	case BT_OPEN:
	case BT_BOUND:
		/* Can connect */
		break;

	default:
		err = -EBADFD;
		goto done;
	}

	/* PSM must be odd and lsb of upper byte must be 0 */
	if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
		sk->sk_type != SOCK_RAW) {
		err = -EINVAL;
		goto done;
	}

	/* Set destination address and psm */
	bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
	l2cap_pi(sk)->psm = la.l2_psm;

	err = l2cap_do_connect(sk);
	if (err)
		goto done;

wait:
	err = bt_sock_wait_state(sk, BT_CONNECTED,
			sock_sndtimeo(sk, flags & O_NONBLOCK));
done:
	release_sock(sk);
	return err;
}

static int l2cap_sock_listen(struct socket *sock, int backlog)
{
	struct sock *sk = sock->sk;
	int err = 0;

	BT_DBG("sk %p backlog %d", sk, backlog);

	lock_sock(sk);

	if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
			|| sk->sk_state != BT_BOUND) {
		err = -EBADFD;
		goto done;
	}

	switch (l2cap_pi(sk)->mode) {
	case L2CAP_MODE_BASIC:
		break;
	case L2CAP_MODE_ERTM:
	case L2CAP_MODE_STREAMING:
		if (!disable_ertm)
			break;
		/* fall through */
	default:
		err = -ENOTSUPP;
		goto done;
	}

	if (!l2cap_pi(sk)->psm) {
		bdaddr_t *src = &bt_sk(sk)->src;
		u16 psm;

		err = -EINVAL;

		write_lock_bh(&l2cap_sk_list.lock);

		for (psm = 0x1001; psm < 0x1100; psm += 2)
			if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
				l2cap_pi(sk)->psm   = cpu_to_le16(psm);
				l2cap_pi(sk)->sport = cpu_to_le16(psm);
				err = 0;
				break;
			}

		write_unlock_bh(&l2cap_sk_list.lock);

		if (err < 0)
			goto done;
	}

	sk->sk_max_ack_backlog = backlog;
	sk->sk_ack_backlog = 0;
	sk->sk_state = BT_LISTEN;

done:
	release_sock(sk);
	return err;
}

static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
{
	DECLARE_WAITQUEUE(wait, current);
	struct sock *sk = sock->sk, *nsk;
	long timeo;
	int err = 0;

	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);

	if (sk->sk_state != BT_LISTEN) {
		err = -EBADFD;
		goto done;
	}

	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);

	BT_DBG("sk %p timeo %ld", sk, timeo);

	/* Wait for an incoming connection. (wake-one). */
	add_wait_queue_exclusive(sk_sleep(sk), &wait);
	while (!(nsk = bt_accept_dequeue(sk, newsock))) {
		set_current_state(TASK_INTERRUPTIBLE);
		if (!timeo) {
			err = -EAGAIN;
			break;
		}

		release_sock(sk);
		timeo = schedule_timeout(timeo);
		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);

		if (sk->sk_state != BT_LISTEN) {
			err = -EBADFD;
			break;
		}

		if (signal_pending(current)) {
			err = sock_intr_errno(timeo);
			break;
		}
	}
	set_current_state(TASK_RUNNING);
	remove_wait_queue(sk_sleep(sk), &wait);

	if (err)
		goto done;

	newsock->state = SS_CONNECTED;

	BT_DBG("new socket %p", nsk);

done:
	release_sock(sk);
	return err;
}

static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
{
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
	struct sock *sk = sock->sk;

	BT_DBG("sock %p, sk %p", sock, sk);

	addr->sa_family = AF_BLUETOOTH;
	*len = sizeof(struct sockaddr_l2);

	if (peer) {
		la->l2_psm = l2cap_pi(sk)->psm;
		bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
		la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
	} else {
		la->l2_psm = l2cap_pi(sk)->sport;
		bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
		la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
	}

	return 0;
}

static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
{
	struct sock *sk = sock->sk;
	struct l2cap_options opts;
	struct l2cap_conninfo cinfo;
	int len, err = 0;
	u32 opt;

	BT_DBG("sk %p", sk);

	if (get_user(len, optlen))
		return -EFAULT;

	lock_sock(sk);

	switch (optname) {
	case L2CAP_OPTIONS:
		opts.imtu     = l2cap_pi(sk)->imtu;
		opts.omtu     = l2cap_pi(sk)->omtu;
		opts.flush_to = l2cap_pi(sk)->flush_to;
		opts.mode     = l2cap_pi(sk)->mode;
		opts.fcs      = l2cap_pi(sk)->fcs;
		opts.max_tx   = l2cap_pi(sk)->max_tx;
		opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;

		len = min_t(unsigned int, len, sizeof(opts));
		if (copy_to_user(optval, (char *) &opts, len))
			err = -EFAULT;

		break;

	case L2CAP_LM:
		switch (l2cap_pi(sk)->sec_level) {
		case BT_SECURITY_LOW:
			opt = L2CAP_LM_AUTH;
			break;
		case BT_SECURITY_MEDIUM:
			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
			break;
		case BT_SECURITY_HIGH:
			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
							L2CAP_LM_SECURE;
			break;
		default:
			opt = 0;
			break;
		}

		if (l2cap_pi(sk)->role_switch)
			opt |= L2CAP_LM_MASTER;

		if (l2cap_pi(sk)->force_reliable)
			opt |= L2CAP_LM_RELIABLE;

		if (put_user(opt, (u32 __user *) optval))
			err = -EFAULT;
		break;

	case L2CAP_CONNINFO:
		if (sk->sk_state != BT_CONNECTED &&
					!(sk->sk_state == BT_CONNECT2 &&
						bt_sk(sk)->defer_setup)) {
			err = -ENOTCONN;
			break;
		}

		cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
		memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);

		len = min_t(unsigned int, len, sizeof(cinfo));
		if (copy_to_user(optval, (char *) &cinfo, len))
			err = -EFAULT;

		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
{
	struct sock *sk = sock->sk;
	struct bt_security sec;
	int len, err = 0;

	BT_DBG("sk %p", sk);

	if (level == SOL_L2CAP)
		return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);

	if (level != SOL_BLUETOOTH)
		return -ENOPROTOOPT;

	if (get_user(len, optlen))
		return -EFAULT;

	lock_sock(sk);

	switch (optname) {
	case BT_SECURITY:
		if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
				&& sk->sk_type != SOCK_RAW) {
			err = -EINVAL;
			break;
		}

		sec.level = l2cap_pi(sk)->sec_level;

		len = min_t(unsigned int, len, sizeof(sec));
		if (copy_to_user(optval, (char *) &sec, len))
			err = -EFAULT;

		break;

	case BT_DEFER_SETUP:
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
			err = -EINVAL;
			break;
		}

		if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
			err = -EFAULT;

		break;

	case BT_FLUSHABLE:
		if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval))
			err = -EFAULT;

		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
{
	struct sock *sk = sock->sk;
	struct l2cap_options opts;
	int len, err = 0;
	u32 opt;

	BT_DBG("sk %p", sk);

	lock_sock(sk);

	switch (optname) {
	case L2CAP_OPTIONS:
		if (sk->sk_state == BT_CONNECTED) {
			err = -EINVAL;
			break;
		}

		opts.imtu     = l2cap_pi(sk)->imtu;
		opts.omtu     = l2cap_pi(sk)->omtu;
		opts.flush_to = l2cap_pi(sk)->flush_to;
		opts.mode     = l2cap_pi(sk)->mode;
		opts.fcs      = l2cap_pi(sk)->fcs;
		opts.max_tx   = l2cap_pi(sk)->max_tx;
		opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;

		len = min_t(unsigned int, sizeof(opts), optlen);
		if (copy_from_user((char *) &opts, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
			err = -EINVAL;
			break;
		}

		l2cap_pi(sk)->mode = opts.mode;
		switch (l2cap_pi(sk)->mode) {
		case L2CAP_MODE_BASIC:
			l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
			break;
		case L2CAP_MODE_ERTM:
		case L2CAP_MODE_STREAMING:
			if (!disable_ertm)
				break;
			/* fall through */
		default:
			err = -EINVAL;
			break;
		}

		l2cap_pi(sk)->imtu = opts.imtu;
		l2cap_pi(sk)->omtu = opts.omtu;
		l2cap_pi(sk)->fcs  = opts.fcs;
		l2cap_pi(sk)->max_tx = opts.max_tx;
		l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
		break;

	case L2CAP_LM:
		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

		if (opt & L2CAP_LM_AUTH)
			l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
		if (opt & L2CAP_LM_ENCRYPT)
			l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
		if (opt & L2CAP_LM_SECURE)
			l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;

		l2cap_pi(sk)->role_switch    = (opt & L2CAP_LM_MASTER);
		l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
{
	struct sock *sk = sock->sk;
	struct bt_security sec;
	int len, err = 0;
	u32 opt;

	BT_DBG("sk %p", sk);

	if (level == SOL_L2CAP)
		return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);

	if (level != SOL_BLUETOOTH)
		return -ENOPROTOOPT;

	lock_sock(sk);

	switch (optname) {
	case BT_SECURITY:
		if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
				&& sk->sk_type != SOCK_RAW) {
			err = -EINVAL;
			break;
		}

		sec.level = BT_SECURITY_LOW;

		len = min_t(unsigned int, sizeof(sec), optlen);
		if (copy_from_user((char *) &sec, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (sec.level < BT_SECURITY_LOW ||
					sec.level > BT_SECURITY_HIGH) {
			err = -EINVAL;
			break;
		}

		l2cap_pi(sk)->sec_level = sec.level;
		break;

	case BT_DEFER_SETUP:
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
			err = -EINVAL;
			break;
		}

		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

		bt_sk(sk)->defer_setup = opt;
		break;

	case BT_FLUSHABLE:
		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

		if (opt > BT_FLUSHABLE_ON) {
			err = -EINVAL;
			break;
		}

		if (opt == BT_FLUSHABLE_OFF) {
			struct l2cap_conn *conn = l2cap_pi(sk)->conn;
			/* proceed futher only when we have l2cap_conn and
			   No Flush support in the LM */
			if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
				err = -EINVAL;
				break;
			}
		}

		l2cap_pi(sk)->flushable = opt;
		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

static int l2cap_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	int err;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (!sk)
		return 0;

	err = l2cap_sock_shutdown(sock, 2);

	sock_orphan(sk);
	l2cap_sock_kill(sk);
	return err;
}

static void l2cap_sock_destruct(struct sock *sk)
{
	BT_DBG("sk %p", sk);

	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);
}

void l2cap_sock_init(struct sock *sk, struct sock *parent)
{
	struct l2cap_pinfo *pi = l2cap_pi(sk);

	BT_DBG("sk %p", sk);

	if (parent) {
		sk->sk_type = parent->sk_type;
		bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;

		pi->imtu = l2cap_pi(parent)->imtu;
		pi->omtu = l2cap_pi(parent)->omtu;
		pi->conf_state = l2cap_pi(parent)->conf_state;
		pi->mode = l2cap_pi(parent)->mode;
		pi->fcs  = l2cap_pi(parent)->fcs;
		pi->max_tx = l2cap_pi(parent)->max_tx;
		pi->tx_win = l2cap_pi(parent)->tx_win;
		pi->sec_level = l2cap_pi(parent)->sec_level;
		pi->role_switch = l2cap_pi(parent)->role_switch;
		pi->force_reliable = l2cap_pi(parent)->force_reliable;
		pi->flushable = l2cap_pi(parent)->flushable;
	} else {
		pi->imtu = L2CAP_DEFAULT_MTU;
		pi->omtu = 0;
		if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
			pi->mode = L2CAP_MODE_ERTM;
			pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
		} else {
			pi->mode = L2CAP_MODE_BASIC;
		}
		pi->max_tx = L2CAP_DEFAULT_MAX_TX;
		pi->fcs  = L2CAP_FCS_CRC16;
		pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
		pi->sec_level = BT_SECURITY_LOW;
		pi->role_switch = 0;
		pi->force_reliable = 0;
		pi->flushable = BT_FLUSHABLE_OFF;
	}

	/* Default config options */
	pi->conf_len = 0;
	pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
	skb_queue_head_init(TX_QUEUE(sk));
	skb_queue_head_init(SREJ_QUEUE(sk));
	skb_queue_head_init(BUSY_QUEUE(sk));
	INIT_LIST_HEAD(SREJ_LIST(sk));
}

static struct proto l2cap_proto = {
	.name		= "L2CAP",
	.owner		= THIS_MODULE,
	.obj_size	= sizeof(struct l2cap_pinfo)
};

struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
{
	struct sock *sk;

	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
	if (!sk)
		return NULL;

	sock_init_data(sock, sk);
	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);

	sk->sk_destruct = l2cap_sock_destruct;
	sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);

	sock_reset_flag(sk, SOCK_ZAPPED);

	sk->sk_protocol = proto;
	sk->sk_state = BT_OPEN;

	setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);

	bt_sock_link(&l2cap_sk_list, sk);
	return sk;
}

static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
			     int kern)
{
	struct sock *sk;

	BT_DBG("sock %p", sock);

	sock->state = SS_UNCONNECTED;

	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
			sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
		return -ESOCKTNOSUPPORT;

	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
		return -EPERM;

	sock->ops = &l2cap_sock_ops;

	sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
	if (!sk)
		return -ENOMEM;

	l2cap_sock_init(sk, NULL);
	return 0;
}

const struct proto_ops l2cap_sock_ops = {
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= l2cap_sock_release,
	.bind		= l2cap_sock_bind,
	.connect	= l2cap_sock_connect,
	.listen		= l2cap_sock_listen,
	.accept		= l2cap_sock_accept,
	.getname	= l2cap_sock_getname,
	.sendmsg	= l2cap_sock_sendmsg,
	.recvmsg	= l2cap_sock_recvmsg,
	.poll		= bt_sock_poll,
	.ioctl		= bt_sock_ioctl,
	.mmap		= sock_no_mmap,
	.socketpair	= sock_no_socketpair,
	.shutdown	= l2cap_sock_shutdown,
	.setsockopt	= l2cap_sock_setsockopt,
	.getsockopt	= l2cap_sock_getsockopt
};

static const struct net_proto_family l2cap_sock_family_ops = {
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= l2cap_sock_create,
};

int __init l2cap_init_sockets(void)
{
       int err;

       err = proto_register(&l2cap_proto, 0);
       if (err < 0)
               return err;

       err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
       if (err < 0)
               goto error;

       BT_INFO("L2CAP socket layer initialized");

       return 0;

error:
       BT_ERR("L2CAP socket registration failed");
       proto_unregister(&l2cap_proto);
       return err;
}

void l2cap_cleanup_sockets(void)
{
       if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
               BT_ERR("L2CAP socket unregistration failed");

       proto_unregister(&l2cap_proto);
}
Commit	Line	Data
bb58f747 GP	1	/*
	2	BlueZ - Bluetooth protocol stack for Linux
	3	Copyright (C) 2000-2001 Qualcomm Incorporated
	4	Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
	5	Copyright (C) 2010 Google Inc.
	6
	7	Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
	8
	9	This program is free software; you can redistribute it and/or modify
	10	it under the terms of the GNU General Public License version 2 as
	11	published by the Free Software Foundation;
	12
	13	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	14	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	15	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	16	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	17	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	18	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	19	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	20	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	21
	22	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	23	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	24	SOFTWARE IS DISCLAIMED.
	25	*/
	26
	27	/* Bluetooth L2CAP sockets. */
	28
	29	#include <net/bluetooth/bluetooth.h>
33575df7	30	#include <net/bluetooth/hci_core.h>
bb58f747 GP	31	#include <net/bluetooth/l2cap.h>
	32
	33	static void l2cap_sock_timeout(unsigned long arg)
	34	{
	35	struct sock sk = (struct sock ) arg;
	36	int reason;
	37
	38	BT_DBG("sock %p state %d", sk, sk->sk_state);
	39
	40	bh_lock_sock(sk);
	41
	42	if (sock_owned_by_user(sk)) {
	43	/* sk is owned by user. Try again later */
	44	l2cap_sock_set_timer(sk, HZ / 5);
	45	bh_unlock_sock(sk);
	46	sock_put(sk);
	47	return;
	48	}
	49
	50	if (sk->sk_state == BT_CONNECTED \|\| sk->sk_state == BT_CONFIG)
	51	reason = ECONNREFUSED;
	52	else if (sk->sk_state == BT_CONNECT &&
	53	l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
	54	reason = ECONNREFUSED;
	55	else
	56	reason = ETIMEDOUT;
	57
	58	__l2cap_sock_close(sk, reason);
	59
	60	bh_unlock_sock(sk);
	61
	62	l2cap_sock_kill(sk);
	63	sock_put(sk);
	64	}
	65
af6bcd82 GP	66	static struct sock __l2cap_get_sock_by_addr(__le16 psm, bdaddr_t src)
	67	{
	68	struct sock *sk;
	69	struct hlist_node *node;
	70	sk_for_each(sk, node, &l2cap_sk_list.head)
	71	if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
	72	goto found;
	73	sk = NULL;
	74	found:
	75	return sk;
	76	}
	77
	78	static int l2cap_sock_bind(struct socket sock, struct sockaddr addr, int alen)
	79	{
	80	struct sock *sk = sock->sk;
	81	struct sockaddr_l2 la;
	82	int len, err = 0;
	83
	84	BT_DBG("sk %p", sk);
	85
	86	if (!addr \|\| addr->sa_family != AF_BLUETOOTH)
	87	return -EINVAL;
	88
	89	memset(&la, 0, sizeof(la));
	90	len = min_t(unsigned int, sizeof(la), alen);
	91	memcpy(&la, addr, len);
	92
	93	if (la.l2_cid)
	94	return -EINVAL;
	95
	96	lock_sock(sk);
	97
	98	if (sk->sk_state != BT_OPEN) {
	99	err = -EBADFD;
	100	goto done;
	101	}
	102
	103	if (la.l2_psm) {
	104	__u16 psm = __le16_to_cpu(la.l2_psm);
	105
	106	/* PSM must be odd and lsb of upper byte must be 0 */
	107	if ((psm & 0x0101) != 0x0001) {
	108	err = -EINVAL;
	109	goto done;
	110	}
	111
	112	/* Restrict usage of well-known PSMs */
	113	if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
	114	err = -EACCES;
	115	goto done;
	116	}
	117	}
	118
	119	write_lock_bh(&l2cap_sk_list.lock);
	120
	121	if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
	122	err = -EADDRINUSE;
	123	} else {
	124	/* Save source address */
	125	bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
	126	l2cap_pi(sk)->psm = la.l2_psm;
	127	l2cap_pi(sk)->sport = la.l2_psm;
	128	sk->sk_state = BT_BOUND;
	129
130	if (__le16_to_cpu(la.l2_psm) == 0x0001 \|\|
131	__le16_to_cpu(la.l2_psm) == 0x0003)
132	l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
133	}
134
135	write_unlock_bh(&l2cap_sk_list.lock);
136
137	done:
138	release_sock(sk);
139	return err;
140	}
141
4e34c50b GP	142	static int l2cap_sock_connect(struct socket sock, struct sockaddr addr, int alen, int flags)
	143	{
	144	struct sock *sk = sock->sk;
	145	struct sockaddr_l2 la;
	146	int len, err = 0;
	147
	148	BT_DBG("sk %p", sk);
	149
	150	if (!addr \|\| alen < sizeof(addr->sa_family) \|\|
	151	addr->sa_family != AF_BLUETOOTH)
	152	return -EINVAL;
	153
	154	memset(&la, 0, sizeof(la));
	155	len = min_t(unsigned int, sizeof(la), alen);
	156	memcpy(&la, addr, len);
	157
	158	if (la.l2_cid)
	159	return -EINVAL;
	160
	161	lock_sock(sk);
	162
	163	if ((sk->sk_type == SOCK_SEQPACKET \|\| sk->sk_type == SOCK_STREAM)
	164	&& !la.l2_psm) {
	165	err = -EINVAL;
	166	goto done;
	167	}
	168
	169	switch (l2cap_pi(sk)->mode) {
	170	case L2CAP_MODE_BASIC:
	171	break;
	172	case L2CAP_MODE_ERTM:
	173	case L2CAP_MODE_STREAMING:
	174	if (!disable_ertm)
	175	break;
	176	/* fall through */
	177	default:
	178	err = -ENOTSUPP;
	179	goto done;
	180	}
	181
	182	switch (sk->sk_state) {
	183	case BT_CONNECT:
	184	case BT_CONNECT2:
	185	case BT_CONFIG:
	186	/* Already connecting */
	187	goto wait;
	188
	189	case BT_CONNECTED:
	190	/* Already connected */
	191	err = -EISCONN;
	192	goto done;
	193
	194	case BT_OPEN:
	195	case BT_BOUND:
	196	/* Can connect */
	197	break;
	198
	199	default:
	200	err = -EBADFD;
	201	goto done;
	202	}
	203
	204	/* PSM must be odd and lsb of upper byte must be 0 */
	205	if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
206	sk->sk_type != SOCK_RAW) {
207	err = -EINVAL;
208	goto done;
209	}
210
211	/* Set destination address and psm */
212	bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
213	l2cap_pi(sk)->psm = la.l2_psm;
214
215	err = l2cap_do_connect(sk);
216	if (err)
217	goto done;
218
219	wait:
220	err = bt_sock_wait_state(sk, BT_CONNECTED,
221	sock_sndtimeo(sk, flags & O_NONBLOCK));
222	done:
223	release_sock(sk);
224	return err;
225	}
226
af6bcd82 GP	227	static int l2cap_sock_listen(struct socket *sock, int backlog)
	228	{
	229	struct sock *sk = sock->sk;
	230	int err = 0;
	231
	232	BT_DBG("sk %p backlog %d", sk, backlog);
	233
	234	lock_sock(sk);
	235
	236	if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
	237	\|\| sk->sk_state != BT_BOUND) {
	238	err = -EBADFD;
	239	goto done;
	240	}
	241
	242	switch (l2cap_pi(sk)->mode) {
	243	case L2CAP_MODE_BASIC:
	244	break;
	245	case L2CAP_MODE_ERTM:
	246	case L2CAP_MODE_STREAMING:
	247	if (!disable_ertm)
	248	break;
	249	/* fall through */
	250	default:
	251	err = -ENOTSUPP;
	252	goto done;
	253	}
	254
	255	if (!l2cap_pi(sk)->psm) {
	256	bdaddr_t *src = &bt_sk(sk)->src;
	257	u16 psm;
	258
	259	err = -EINVAL;
	260
	261	write_lock_bh(&l2cap_sk_list.lock);
	262
	263	for (psm = 0x1001; psm < 0x1100; psm += 2)
	264	if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
	265	l2cap_pi(sk)->psm = cpu_to_le16(psm);
	266	l2cap_pi(sk)->sport = cpu_to_le16(psm);
	267	err = 0;
	268	break;
	269	}
	270
	271	write_unlock_bh(&l2cap_sk_list.lock);
	272
	273	if (err < 0)
	274	goto done;
	275	}
	276
	277	sk->sk_max_ack_backlog = backlog;
	278	sk->sk_ack_backlog = 0;
	279	sk->sk_state = BT_LISTEN;
	280
	281	done:
	282	release_sock(sk);
	283	return err;
	284	}
	285
c47b7c72 GP	286	static int l2cap_sock_accept(struct socket sock, struct socket newsock, int flags)
	287	{
	288	DECLARE_WAITQUEUE(wait, current);
	289	struct sock sk = sock->sk, nsk;
	290	long timeo;
	291	int err = 0;
	292
	293	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
	294
	295	if (sk->sk_state != BT_LISTEN) {
	296	err = -EBADFD;
	297	goto done;
	298	}
	299
	300	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
	301
	302	BT_DBG("sk %p timeo %ld", sk, timeo);
	303
	304	/* Wait for an incoming connection. (wake-one). */
	305	add_wait_queue_exclusive(sk_sleep(sk), &wait);
	306	while (!(nsk = bt_accept_dequeue(sk, newsock))) {
	307	set_current_state(TASK_INTERRUPTIBLE);
	308	if (!timeo) {
	309	err = -EAGAIN;
	310	break;
	311	}
	312
	313	release_sock(sk);
	314	timeo = schedule_timeout(timeo);
	315	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
	316
	317	if (sk->sk_state != BT_LISTEN) {
	318	err = -EBADFD;
	319	break;
	320	}
	321
	322	if (signal_pending(current)) {
	323	err = sock_intr_errno(timeo);
	324	break;
	325	}
	326	}
	327	set_current_state(TASK_RUNNING);
	328	remove_wait_queue(sk_sleep(sk), &wait);
	329
	330	if (err)
	331	goto done;
	332
	333	newsock->state = SS_CONNECTED;
	334
	335	BT_DBG("new socket %p", nsk);
	336
	337	done:
	338	release_sock(sk);
	339	return err;
	340	}
	341
d7175d55 GP	342	static int l2cap_sock_getname(struct socket sock, struct sockaddr addr, int *len, int peer)
	343	{
	344	struct sockaddr_l2 la = (struct sockaddr_l2 ) addr;
	345	struct sock *sk = sock->sk;
	346
	347	BT_DBG("sock %p, sk %p", sock, sk);
	348
	349	addr->sa_family = AF_BLUETOOTH;
	350	*len = sizeof(struct sockaddr_l2);
	351
	352	if (peer) {
	353	la->l2_psm = l2cap_pi(sk)->psm;
	354	bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
	355	la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
	356	} else {
	357	la->l2_psm = l2cap_pi(sk)->sport;
	358	bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
	359	la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
	360	}
	361
	362	return 0;
	363	}
	364
99f4808d GP	365	static int l2cap_sock_getsockopt_old(struct socket sock, int optname, char __user optval, int __user *optlen)
	366	{
	367	struct sock *sk = sock->sk;
	368	struct l2cap_options opts;
	369	struct l2cap_conninfo cinfo;
	370	int len, err = 0;
	371	u32 opt;
	372
	373	BT_DBG("sk %p", sk);
	374
	375	if (get_user(len, optlen))
	376	return -EFAULT;
	377
	378	lock_sock(sk);
	379
	380	switch (optname) {
	381	case L2CAP_OPTIONS:
	382	opts.imtu = l2cap_pi(sk)->imtu;
	383	opts.omtu = l2cap_pi(sk)->omtu;
	384	opts.flush_to = l2cap_pi(sk)->flush_to;
	385	opts.mode = l2cap_pi(sk)->mode;
	386	opts.fcs = l2cap_pi(sk)->fcs;
	387	opts.max_tx = l2cap_pi(sk)->max_tx;
	388	opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
	389
	390	len = min_t(unsigned int, len, sizeof(opts));
	391	if (copy_to_user(optval, (char *) &opts, len))
	392	err = -EFAULT;
	393
	394	break;
	395
	396	case L2CAP_LM:
	397	switch (l2cap_pi(sk)->sec_level) {
	398	case BT_SECURITY_LOW:
	399	opt = L2CAP_LM_AUTH;
	400	break;
	401	case BT_SECURITY_MEDIUM:
	402	opt = L2CAP_LM_AUTH \| L2CAP_LM_ENCRYPT;
	403	break;
	404	case BT_SECURITY_HIGH:
	405	opt = L2CAP_LM_AUTH \| L2CAP_LM_ENCRYPT \|
	406	L2CAP_LM_SECURE;
	407	break;
	408	default:
	409	opt = 0;
	410	break;
	411	}
	412
	413	if (l2cap_pi(sk)->role_switch)
	414	opt \|= L2CAP_LM_MASTER;
	415
	416	if (l2cap_pi(sk)->force_reliable)
	417	opt \|= L2CAP_LM_RELIABLE;
	418
	419	if (put_user(opt, (u32 __user *) optval))
	420	err = -EFAULT;
	421	break;
	422
	423	case L2CAP_CONNINFO:
	424	if (sk->sk_state != BT_CONNECTED &&
	425	!(sk->sk_state == BT_CONNECT2 &&
	426	bt_sk(sk)->defer_setup)) {
	427	err = -ENOTCONN;
	428	break;
429	}
430
431	cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
432	memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
433
434	len = min_t(unsigned int, len, sizeof(cinfo));
435	if (copy_to_user(optval, (char *) &cinfo, len))
436	err = -EFAULT;
437
438	break;
439
440	default:
441	err = -ENOPROTOOPT;
442	break;
443	}
444
445	release_sock(sk);
446	return err;
447	}
448
449	static int l2cap_sock_getsockopt(struct socket sock, int level, int optname, char __user optval, int __user *optlen)
450	{
451	struct sock *sk = sock->sk;
452	struct bt_security sec;
453	int len, err = 0;
454
455	BT_DBG("sk %p", sk);
456
457	if (level == SOL_L2CAP)
458	return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
459
460	if (level != SOL_BLUETOOTH)
461	return -ENOPROTOOPT;
462
463	if (get_user(len, optlen))
464	return -EFAULT;
465
466	lock_sock(sk);
467
468	switch (optname) {
469	case BT_SECURITY:
470	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
471	&& sk->sk_type != SOCK_RAW) {
472	err = -EINVAL;
473	break;
474	}
475
476	sec.level = l2cap_pi(sk)->sec_level;
477
478	len = min_t(unsigned int, len, sizeof(sec));
479	if (copy_to_user(optval, (char *) &sec, len))
480	err = -EFAULT;
481
482	break;
483
484	case BT_DEFER_SETUP:
485	if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
486	err = -EINVAL;
487	break;
488	}
489
490	if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
491	err = -EFAULT;
492
493	break;
494
495	case BT_FLUSHABLE:
496	if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval))
497	err = -EFAULT;
498
499	break;
500
501	default:
502	err = -ENOPROTOOPT;
503	break;
504	}
505
506	release_sock(sk);
507	return err;
508	}
509
33575df7 GP	510	static int l2cap_sock_setsockopt_old(struct socket sock, int optname, char __user optval, unsigned int optlen)
	511	{
	512	struct sock *sk = sock->sk;
	513	struct l2cap_options opts;
	514	int len, err = 0;
	515	u32 opt;
	516
	517	BT_DBG("sk %p", sk);
	518
	519	lock_sock(sk);
	520
	521	switch (optname) {
	522	case L2CAP_OPTIONS:
	523	if (sk->sk_state == BT_CONNECTED) {
	524	err = -EINVAL;
	525	break;
	526	}
	527
	528	opts.imtu = l2cap_pi(sk)->imtu;
	529	opts.omtu = l2cap_pi(sk)->omtu;
	530	opts.flush_to = l2cap_pi(sk)->flush_to;
	531	opts.mode = l2cap_pi(sk)->mode;
	532	opts.fcs = l2cap_pi(sk)->fcs;
	533	opts.max_tx = l2cap_pi(sk)->max_tx;
	534	opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
	535
	536	len = min_t(unsigned int, sizeof(opts), optlen);
	537	if (copy_from_user((char *) &opts, optval, len)) {
	538	err = -EFAULT;
	539	break;
	540	}
	541
	542	if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
	543	err = -EINVAL;
	544	break;
	545	}
	546
	547	l2cap_pi(sk)->mode = opts.mode;
	548	switch (l2cap_pi(sk)->mode) {
	549	case L2CAP_MODE_BASIC:
	550	l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
	551	break;
	552	case L2CAP_MODE_ERTM:
	553	case L2CAP_MODE_STREAMING:
	554	if (!disable_ertm)
	555	break;
	556	/* fall through */
	557	default:
	558	err = -EINVAL;
	559	break;
	560	}
	561
	562	l2cap_pi(sk)->imtu = opts.imtu;
	563	l2cap_pi(sk)->omtu = opts.omtu;
	564	l2cap_pi(sk)->fcs = opts.fcs;
	565	l2cap_pi(sk)->max_tx = opts.max_tx;
	566	l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
	567	break;
	568
	569	case L2CAP_LM:
	570	if (get_user(opt, (u32 __user *) optval)) {
	571	err = -EFAULT;
	572	break;
	573	}
574
575	if (opt & L2CAP_LM_AUTH)
576	l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
577	if (opt & L2CAP_LM_ENCRYPT)
578	l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
579	if (opt & L2CAP_LM_SECURE)
580	l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
581
582	l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
583	l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
584	break;
585
586	default:
587	err = -ENOPROTOOPT;
588	break;
589	}
590
591	release_sock(sk);
592	return err;
593	}
594
595	static int l2cap_sock_setsockopt(struct socket sock, int level, int optname, char __user optval, unsigned int optlen)
596	{
597	struct sock *sk = sock->sk;
598	struct bt_security sec;
599	int len, err = 0;
600	u32 opt;
601
602	BT_DBG("sk %p", sk);
603
604	if (level == SOL_L2CAP)
605	return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
606
607	if (level != SOL_BLUETOOTH)
608	return -ENOPROTOOPT;
609
610	lock_sock(sk);
611
612	switch (optname) {
613	case BT_SECURITY:
614	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
615	&& sk->sk_type != SOCK_RAW) {
616	err = -EINVAL;
617	break;
618	}
619
620	sec.level = BT_SECURITY_LOW;
621
622	len = min_t(unsigned int, sizeof(sec), optlen);
623	if (copy_from_user((char *) &sec, optval, len)) {
624	err = -EFAULT;
625	break;
626	}
627
628	if (sec.level < BT_SECURITY_LOW \|\|
629	sec.level > BT_SECURITY_HIGH) {
630	err = -EINVAL;
631	break;
632	}
633
634	l2cap_pi(sk)->sec_level = sec.level;
635	break;
636
637	case BT_DEFER_SETUP:
638	if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
639	err = -EINVAL;
640	break;
641	}
642
643	if (get_user(opt, (u32 __user *) optval)) {
644	err = -EFAULT;
645	break;
646	}
647
648	bt_sk(sk)->defer_setup = opt;
649	break;
650
651	case BT_FLUSHABLE:
652	if (get_user(opt, (u32 __user *) optval)) {
653	err = -EFAULT;
654	break;
655	}
656
657	if (opt > BT_FLUSHABLE_ON) {
658	err = -EINVAL;
659	break;
660	}
661
662	if (opt == BT_FLUSHABLE_OFF) {
663	struct l2cap_conn *conn = l2cap_pi(sk)->conn;
664	/* proceed futher only when we have l2cap_conn and
665	No Flush support in the LM */
666	if (!conn \|\| !lmp_no_flush_capable(conn->hcon->hdev)) {
667	err = -EINVAL;
668	break;
669	}
670	}
671
672	l2cap_pi(sk)->flushable = opt;
673	break;
674
675	default:
676	err = -ENOPROTOOPT;
677	break;
678	}
679
680	release_sock(sk);
681	return err;
682	}
683
554f05bb GP	684	static int l2cap_sock_release(struct socket *sock)
	685	{
	686	struct sock *sk = sock->sk;
	687	int err;
	688
	689	BT_DBG("sock %p, sk %p", sock, sk);
	690
	691	if (!sk)
	692	return 0;
	693
	694	err = l2cap_sock_shutdown(sock, 2);
	695
	696	sock_orphan(sk);
	697	l2cap_sock_kill(sk);
	698	return err;
	699	}
	700
bb58f747 GP	701	static void l2cap_sock_destruct(struct sock *sk)
	702	{
	703	BT_DBG("sk %p", sk);
	704
	705	skb_queue_purge(&sk->sk_receive_queue);
	706	skb_queue_purge(&sk->sk_write_queue);
	707	}
	708
	709	void l2cap_sock_init(struct sock sk, struct sock parent)
	710	{
	711	struct l2cap_pinfo *pi = l2cap_pi(sk);
	712
	713	BT_DBG("sk %p", sk);
	714
	715	if (parent) {
	716	sk->sk_type = parent->sk_type;
	717	bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
	718
	719	pi->imtu = l2cap_pi(parent)->imtu;
	720	pi->omtu = l2cap_pi(parent)->omtu;
	721	pi->conf_state = l2cap_pi(parent)->conf_state;
	722	pi->mode = l2cap_pi(parent)->mode;
	723	pi->fcs = l2cap_pi(parent)->fcs;
	724	pi->max_tx = l2cap_pi(parent)->max_tx;
	725	pi->tx_win = l2cap_pi(parent)->tx_win;
	726	pi->sec_level = l2cap_pi(parent)->sec_level;
	727	pi->role_switch = l2cap_pi(parent)->role_switch;
	728	pi->force_reliable = l2cap_pi(parent)->force_reliable;
	729	pi->flushable = l2cap_pi(parent)->flushable;
	730	} else {
	731	pi->imtu = L2CAP_DEFAULT_MTU;
	732	pi->omtu = 0;
	733	if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
	734	pi->mode = L2CAP_MODE_ERTM;
	735	pi->conf_state \|= L2CAP_CONF_STATE2_DEVICE;
	736	} else {
	737	pi->mode = L2CAP_MODE_BASIC;
	738	}
	739	pi->max_tx = L2CAP_DEFAULT_MAX_TX;
	740	pi->fcs = L2CAP_FCS_CRC16;
	741	pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
	742	pi->sec_level = BT_SECURITY_LOW;
	743	pi->role_switch = 0;
	744	pi->force_reliable = 0;
	745	pi->flushable = BT_FLUSHABLE_OFF;
	746	}
	747
	748	/* Default config options */
	749	pi->conf_len = 0;
	750	pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
	751	skb_queue_head_init(TX_QUEUE(sk));
	752	skb_queue_head_init(SREJ_QUEUE(sk));
	753	skb_queue_head_init(BUSY_QUEUE(sk));
	754	INIT_LIST_HEAD(SREJ_LIST(sk));
	755	}
	756
	757	static struct proto l2cap_proto = {
	758	.name = "L2CAP",
	759	.owner = THIS_MODULE,
	760	.obj_size = sizeof(struct l2cap_pinfo)
	761	};
	762
	763	struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int proto, gfp_t prio)
	764	{
765	struct sock *sk;
766
767	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
768	if (!sk)
769	return NULL;
770
771	sock_init_data(sock, sk);
772	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
773
774	sk->sk_destruct = l2cap_sock_destruct;
775	sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
776
777	sock_reset_flag(sk, SOCK_ZAPPED);
778
779	sk->sk_protocol = proto;
780	sk->sk_state = BT_OPEN;
781
782	setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
783
784	bt_sock_link(&l2cap_sk_list, sk);
785	return sk;
786	}
787
788	static int l2cap_sock_create(struct net net, struct socket sock, int protocol,
789	int kern)
790	{
791	struct sock *sk;
792
793	BT_DBG("sock %p", sock);
794
795	sock->state = SS_UNCONNECTED;
796
797	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
798	sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
799	return -ESOCKTNOSUPPORT;
800
801	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
802	return -EPERM;
803
804	sock->ops = &l2cap_sock_ops;
805
806	sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
807	if (!sk)
808	return -ENOMEM;
809
810	l2cap_sock_init(sk, NULL);
811	return 0;
812	}
813
65390587 GP	814	const struct proto_ops l2cap_sock_ops = {
	815	.family = PF_BLUETOOTH,
	816	.owner = THIS_MODULE,
	817	.release = l2cap_sock_release,
	818	.bind = l2cap_sock_bind,
	819	.connect = l2cap_sock_connect,
	820	.listen = l2cap_sock_listen,
	821	.accept = l2cap_sock_accept,
	822	.getname = l2cap_sock_getname,
	823	.sendmsg = l2cap_sock_sendmsg,
	824	.recvmsg = l2cap_sock_recvmsg,
	825	.poll = bt_sock_poll,
	826	.ioctl = bt_sock_ioctl,
	827	.mmap = sock_no_mmap,
	828	.socketpair = sock_no_socketpair,
	829	.shutdown = l2cap_sock_shutdown,
	830	.setsockopt = l2cap_sock_setsockopt,
	831	.getsockopt = l2cap_sock_getsockopt
	832	};
	833
bb58f747 GP	834	static const struct net_proto_family l2cap_sock_family_ops = {
	835	.family = PF_BLUETOOTH,
	836	.owner = THIS_MODULE,
	837	.create = l2cap_sock_create,
	838	};
	839
	840	int __init l2cap_init_sockets(void)
	841	{
	842	int err;
	843
	844	err = proto_register(&l2cap_proto, 0);
	845	if (err < 0)
	846	return err;
	847
	848	err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
	849	if (err < 0)
	850	goto error;
	851
	852	BT_INFO("L2CAP socket layer initialized");
	853
	854	return 0;
	855
	856	error:
	857	BT_ERR("L2CAP socket registration failed");
	858	proto_unregister(&l2cap_proto);
	859	return err;
	860	}
	861
	862	void l2cap_cleanup_sockets(void)
	863	{
	864	if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
	865	BT_ERR("L2CAP socket unregistration failed");
	866
	867	proto_unregister(&l2cap_proto);
	868	}