]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use system workqueue to schedule power_on
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25*/
26
27/* Bluetooth L2CAP sockets. */
28
6230c9b4
PM		 29#include <linux/security.h>
30
bb58f747 31#include <net/bluetooth/bluetooth.h>
33575df7 32#include <net/bluetooth/hci_core.h>
bb58f747 33#include <net/bluetooth/l2cap.h>
f1cb9af5 34#include <net/bluetooth/smp.h>
bb58f747 35
cf2f90f5 36static const struct proto_ops l2cap_sock_ops;
80808e43
GP		 37static void l2cap_sock_init(struct sock *sk, struct sock *parent);
38static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
cf2f90f5 39
af6bcd82
GP		 40static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
41{
42 struct sock *sk = sock->sk;
4343478f 43 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 44 struct sockaddr_l2 la;
45 int len, err = 0;
46
47 BT_DBG("sk %p", sk);
48
49 if (!addr || addr->sa_family != AF_BLUETOOTH)
50 return -EINVAL;
51
52 memset(&la, 0, sizeof(la));
53 len = min_t(unsigned int, sizeof(la), alen);
54 memcpy(&la, addr, len);
55
b62f328b 56 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 57 return -EINVAL;
58
59 lock_sock(sk);
60
61 if (sk->sk_state != BT_OPEN) {
62 err = -EBADFD;
63 goto done;
64 }
65
66 if (la.l2_psm) {
67 __u16 psm = __le16_to_cpu(la.l2_psm);
68
69 /* PSM must be odd and lsb of upper byte must be 0 */
70 if ((psm & 0x0101) != 0x0001) {
71 err = -EINVAL;
72 goto done;
73 }
74
75 /* Restrict usage of well-known PSMs */
76 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
77 err = -EACCES;
78 goto done;
79 }
80 }
81
9e4425ff
GP		 82 if (la.l2_cid)
83 err = l2cap_add_scid(chan, la.l2_cid);
84 else
85 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 86
9e4425ff
GP		 87 if (err < 0)
88 goto done;
af6bcd82 89
9e4425ff
GP		 90 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
91 __le16_to_cpu(la.l2_psm) == 0x0003)
92 chan->sec_level = BT_SECURITY_SDP;
b62f328b 93
9e4425ff 94 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
89bc500e
GP		 95
96 chan->state = BT_BOUND;
9e4425ff 97 sk->sk_state = BT_BOUND;
af6bcd82
GP		 98
99done:
100 release_sock(sk);
101 return err;
102}
103
4e34c50b
GP		 104static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
105{
106 struct sock *sk = sock->sk;
0c1bc5c6 107 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 108 struct sockaddr_l2 la;
109 int len, err = 0;
110
111 BT_DBG("sk %p", sk);
112
113 if (!addr || alen < sizeof(addr->sa_family) ||
114 addr->sa_family != AF_BLUETOOTH)
115 return -EINVAL;
116
117 memset(&la, 0, sizeof(la));
118 len = min_t(unsigned int, sizeof(la), alen);
119 memcpy(&la, addr, len);
120
acd7d370 121 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 122 return -EINVAL;
123
03a00194 124 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
4e34c50b
GP		 125 if (err)
126 goto done;
127
4e34c50b
GP		 128 err = bt_sock_wait_state(sk, BT_CONNECTED,
129 sock_sndtimeo(sk, flags & O_NONBLOCK));
130done:
03a00194
GP		 131 if (sock_owned_by_user(sk))
132 release_sock(sk);
4e34c50b
GP		 133 return err;
134}
135
af6bcd82
GP		 136static int l2cap_sock_listen(struct socket *sock, int backlog)
137{
138 struct sock *sk = sock->sk;
0c1bc5c6 139 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 140 int err = 0;
141
142 BT_DBG("sk %p backlog %d", sk, backlog);
143
144 lock_sock(sk);
145
146 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
147 || sk->sk_state != BT_BOUND) {
148 err = -EBADFD;
149 goto done;
150 }
151
0c1bc5c6 152 switch (chan->mode) {
af6bcd82
GP		 153 case L2CAP_MODE_BASIC:
154 break;
155 case L2CAP_MODE_ERTM:
156 case L2CAP_MODE_STREAMING:
157 if (!disable_ertm)
158 break;
159 /* fall through */
160 default:
161 err = -ENOTSUPP;
162 goto done;
163 }
164
af6bcd82
GP		 165 sk->sk_max_ack_backlog = backlog;
166 sk->sk_ack_backlog = 0;
89bc500e
GP		 167
168 chan->state = BT_LISTEN;
af6bcd82
GP		 169 sk->sk_state = BT_LISTEN;
170
171done:
172 release_sock(sk);
173 return err;
174}
175
c47b7c72
GP		 176static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
177{
178 DECLARE_WAITQUEUE(wait, current);
179 struct sock *sk = sock->sk, *nsk;
180 long timeo;
181 int err = 0;
182
183 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
184
c47b7c72
GP		 185 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
186
187 BT_DBG("sk %p timeo %ld", sk, timeo);
188
189 /* Wait for an incoming connection. (wake-one). */
190 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 191 while (1) {
c47b7c72 192 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 193
194 if (sk->sk_state != BT_LISTEN) {
195 err = -EBADFD;
c47b7c72
GP		 196 break;
197 }
198
f9a3c20a
PH		 199 nsk = bt_accept_dequeue(sk, newsock);
200 if (nsk)
201 break;
c47b7c72 202
f9a3c20a
PH		 203 if (!timeo) {
204 err = -EAGAIN;
c47b7c72
GP		 205 break;
206 }
207
208 if (signal_pending(current)) {
209 err = sock_intr_errno(timeo);
210 break;
211 }
f9a3c20a
PH		 212
213 release_sock(sk);
214 timeo = schedule_timeout(timeo);
215 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 216 }
f9a3c20a 217 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 218 remove_wait_queue(sk_sleep(sk), &wait);
219
220 if (err)
221 goto done;
222
223 newsock->state = SS_CONNECTED;
224
225 BT_DBG("new socket %p", nsk);
226
227done:
228 release_sock(sk);
229 return err;
230}
231
d7175d55
GP		 232static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
233{
234 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
235 struct sock *sk = sock->sk;
0c1bc5c6 236 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 237
238 BT_DBG("sock %p, sk %p", sock, sk);
239
240 addr->sa_family = AF_BLUETOOTH;
241 *len = sizeof(struct sockaddr_l2);
242
243 if (peer) {
fe4128e0 244 la->l2_psm = chan->psm;
d7175d55 245 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 246 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 247 } else {
0c1bc5c6 248 la->l2_psm = chan->sport;
d7175d55 249 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 250 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 251 }
252
253 return 0;
254}
255
99f4808d
GP		 256static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
257{
258 struct sock *sk = sock->sk;
4343478f 259 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 260 struct l2cap_options opts;
261 struct l2cap_conninfo cinfo;
262 int len, err = 0;
263 u32 opt;
264
265 BT_DBG("sk %p", sk);
266
267 if (get_user(len, optlen))
268 return -EFAULT;
269
270 lock_sock(sk);
271
272 switch (optname) {
273 case L2CAP_OPTIONS:
e3fb592b 274 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 275 opts.imtu = chan->imtu;
276 opts.omtu = chan->omtu;
277 opts.flush_to = chan->flush_to;
278 opts.mode = chan->mode;
47d1ec61
GP		 279 opts.fcs = chan->fcs;
280 opts.max_tx = chan->max_tx;
6327eb98 281 opts.txwin_size = chan->tx_win;
99f4808d
GP		 282
283 len = min_t(unsigned int, len, sizeof(opts));
284 if (copy_to_user(optval, (char *) &opts, len))
285 err = -EFAULT;
286
287 break;
288
289 case L2CAP_LM:
4343478f 290 switch (chan->sec_level) {
99f4808d
GP		 291 case BT_SECURITY_LOW:
292 opt = L2CAP_LM_AUTH;
293 break;
294 case BT_SECURITY_MEDIUM:
295 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
296 break;
297 case BT_SECURITY_HIGH:
298 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
299 L2CAP_LM_SECURE;
300 break;
301 default:
302 opt = 0;
303 break;
304 }
305
43bd0f32 306 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 307 opt |= L2CAP_LM_MASTER;
308
ecf61bdb 309 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 310 opt |= L2CAP_LM_RELIABLE;
311
312 if (put_user(opt, (u32 __user *) optval))
313 err = -EFAULT;
314 break;
315
316 case L2CAP_CONNINFO:
317 if (sk->sk_state != BT_CONNECTED &&
318 !(sk->sk_state == BT_CONNECT2 &&
319 bt_sk(sk)->defer_setup)) {
320 err = -ENOTCONN;
321 break;
322 }
323
8d03e971 324 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 325 cinfo.hci_handle = chan->conn->hcon->handle;
326 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 327
328 len = min_t(unsigned int, len, sizeof(cinfo));
329 if (copy_to_user(optval, (char *) &cinfo, len))
330 err = -EFAULT;
331
332 break;
333
334 default:
335 err = -ENOPROTOOPT;
336 break;
337 }
338
339 release_sock(sk);
340 return err;
341}
342
343static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
344{
345 struct sock *sk = sock->sk;
4343478f 346 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 347 struct bt_security sec;
14b12d0b 348 struct bt_power pwr;
99f4808d
GP		 349 int len, err = 0;
350
351 BT_DBG("sk %p", sk);
352
353 if (level == SOL_L2CAP)
354 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
355
356 if (level != SOL_BLUETOOTH)
357 return -ENOPROTOOPT;
358
359 if (get_user(len, optlen))
360 return -EFAULT;
361
362 lock_sock(sk);
363
364 switch (optname) {
365 case BT_SECURITY:
715ec005
GP		 366 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
367 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 368 err = -EINVAL;
369 break;
370 }
371
8f360119 372 memset(&sec, 0, sizeof(sec));
4343478f 373 sec.level = chan->sec_level;
99f4808d 374
8f360119
VCG		 375 if (sk->sk_state == BT_CONNECTED)
376 sec.key_size = chan->conn->hcon->enc_key_size;
377
99f4808d
GP		 378 len = min_t(unsigned int, len, sizeof(sec));
379 if (copy_to_user(optval, (char *) &sec, len))
380 err = -EFAULT;
381
382 break;
383
384 case BT_DEFER_SETUP:
385 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
386 err = -EINVAL;
387 break;
388 }
389
390 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
391 err = -EFAULT;
392
393 break;
394
395 case BT_FLUSHABLE:
d57b0e8b
AE		 396 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
397 (u32 __user *) optval))
99f4808d
GP		 398 err = -EFAULT;
399
400 break;
401
14b12d0b
JG		 402 case BT_POWER:
403 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
404 && sk->sk_type != SOCK_RAW) {
405 err = -EINVAL;
406 break;
407 }
408
15770b1a 409 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 410
411 len = min_t(unsigned int, len, sizeof(pwr));
412 if (copy_to_user(optval, (char *) &pwr, len))
413 err = -EFAULT;
414
415 break;
416
2ea66482
MM		 417 case BT_CHANNEL_POLICY:
418 if (!enable_hs) {
419 err = -ENOPROTOOPT;
420 break;
421 }
422
423 if (put_user(chan->chan_policy, (u32 __user *) optval))
424 err = -EFAULT;
425 break;
426
99f4808d
GP		 427 default:
428 err = -ENOPROTOOPT;
429 break;
430 }
431
432 release_sock(sk);
433 return err;
434}
435
33575df7
GP		 436static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
437{
438 struct sock *sk = sock->sk;
b4450035 439 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 440 struct l2cap_options opts;
441 int len, err = 0;
442 u32 opt;
443
444 BT_DBG("sk %p", sk);
445
446 lock_sock(sk);
447
448 switch (optname) {
449 case L2CAP_OPTIONS:
450 if (sk->sk_state == BT_CONNECTED) {
451 err = -EINVAL;
452 break;
453 }
454
0c1bc5c6
GP		 455 opts.imtu = chan->imtu;
456 opts.omtu = chan->omtu;
457 opts.flush_to = chan->flush_to;
458 opts.mode = chan->mode;
47d1ec61
GP		 459 opts.fcs = chan->fcs;
460 opts.max_tx = chan->max_tx;
6327eb98 461 opts.txwin_size = chan->tx_win;
33575df7
GP		 462
463 len = min_t(unsigned int, sizeof(opts), optlen);
464 if (copy_from_user((char *) &opts, optval, len)) {
465 err = -EFAULT;
466 break;
467 }
468
6327eb98 469 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 470 err = -EINVAL;
471 break;
472 }
473
0c1bc5c6
GP		 474 chan->mode = opts.mode;
475 switch (chan->mode) {
33575df7 476 case L2CAP_MODE_BASIC:
c1360a1c 477 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 478 break;
479 case L2CAP_MODE_ERTM:
480 case L2CAP_MODE_STREAMING:
481 if (!disable_ertm)
482 break;
483 /* fall through */
484 default:
485 err = -EINVAL;
486 break;
487 }
488
0c1bc5c6
GP		 489 chan->imtu = opts.imtu;
490 chan->omtu = opts.omtu;
47d1ec61
GP		 491 chan->fcs = opts.fcs;
492 chan->max_tx = opts.max_tx;
6327eb98 493 chan->tx_win = opts.txwin_size;
33575df7
GP		 494 break;
495
496 case L2CAP_LM:
497 if (get_user(opt, (u32 __user *) optval)) {
498 err = -EFAULT;
499 break;
500 }
501
502 if (opt & L2CAP_LM_AUTH)
4343478f 503 chan->sec_level = BT_SECURITY_LOW;
33575df7 504 if (opt & L2CAP_LM_ENCRYPT)
4343478f 505 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 506 if (opt & L2CAP_LM_SECURE)
4343478f 507 chan->sec_level = BT_SECURITY_HIGH;
33575df7 508
43bd0f32
AE		 509 if (opt & L2CAP_LM_MASTER)
510 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
511 else
512 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 513
514 if (opt & L2CAP_LM_RELIABLE)
515 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
516 else
517 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 518 break;
519
520 default:
521 err = -ENOPROTOOPT;
522 break;
523 }
524
525 release_sock(sk);
526 return err;
527}
528
529static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
530{
531 struct sock *sk = sock->sk;
4343478f 532 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 533 struct bt_security sec;
14b12d0b 534 struct bt_power pwr;
f1cb9af5 535 struct l2cap_conn *conn;
33575df7
GP		 536 int len, err = 0;
537 u32 opt;
538
539 BT_DBG("sk %p", sk);
540
541 if (level == SOL_L2CAP)
542 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
543
544 if (level != SOL_BLUETOOTH)
545 return -ENOPROTOOPT;
546
547 lock_sock(sk);
548
549 switch (optname) {
550 case BT_SECURITY:
715ec005
GP		 551 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
552 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 553 err = -EINVAL;
554 break;
555 }
556
557 sec.level = BT_SECURITY_LOW;
558
559 len = min_t(unsigned int, sizeof(sec), optlen);
560 if (copy_from_user((char *) &sec, optval, len)) {
561 err = -EFAULT;
562 break;
563 }
564
565 if (sec.level < BT_SECURITY_LOW ||
566 sec.level > BT_SECURITY_HIGH) {
567 err = -EINVAL;
568 break;
569 }
570
4343478f 571 chan->sec_level = sec.level;
f1cb9af5 572
0bee1d60
GP		 573 if (!chan->conn)
574 break;
575
f1cb9af5 576 conn = chan->conn;
0bee1d60
GP		 577
578 /*change security for LE channels */
579 if (chan->scid == L2CAP_CID_LE_DATA) {
f1cb9af5
VCG		 580 if (!conn->hcon->out) {
581 err = -EINVAL;
582 break;
583 }
584
585 if (smp_conn_security(conn, sec.level))
586 break;
f1cb9af5 587 sk->sk_state = BT_CONFIG;
0bee1d60
GP		 588
589 /* or for ACL link, under defer_setup time */
590 } else if (sk->sk_state == BT_CONNECT2 &&
591 bt_sk(sk)->defer_setup) {
592 err = l2cap_chan_check_security(chan);
593 } else {
594 err = -EINVAL;
f1cb9af5 595 }
33575df7
GP		 596 break;
597
598 case BT_DEFER_SETUP:
599 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
600 err = -EINVAL;
601 break;
602 }
603
604 if (get_user(opt, (u32 __user *) optval)) {
605 err = -EFAULT;
606 break;
607 }
608
609 bt_sk(sk)->defer_setup = opt;
610 break;
611
612 case BT_FLUSHABLE:
613 if (get_user(opt, (u32 __user *) optval)) {
614 err = -EFAULT;
615 break;
616 }
617
618 if (opt > BT_FLUSHABLE_ON) {
619 err = -EINVAL;
620 break;
621 }
622
623 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 624 struct l2cap_conn *conn = chan->conn;
25985edc 625 /* proceed further only when we have l2cap_conn and
33575df7
GP		 626 No Flush support in the LM */
627 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
628 err = -EINVAL;
629 break;
630 }
631 }
632
d57b0e8b
AE		 633 if (opt)
634 set_bit(FLAG_FLUSHABLE, &chan->flags);
635 else
636 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 637 break;
638
14b12d0b
JG		 639 case BT_POWER:
640 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
641 chan->chan_type != L2CAP_CHAN_RAW) {
642 err = -EINVAL;
643 break;
644 }
645
646 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
647
648 len = min_t(unsigned int, sizeof(pwr), optlen);
649 if (copy_from_user((char *) &pwr, optval, len)) {
650 err = -EFAULT;
651 break;
652 }
15770b1a
AE		 653
654 if (pwr.force_active)
655 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
656 else
657 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 658 break;
659
2ea66482
MM		 660 case BT_CHANNEL_POLICY:
661 if (!enable_hs) {
662 err = -ENOPROTOOPT;
663 break;
664 }
665
666 if (get_user(opt, (u32 __user *) optval)) {
667 err = -EFAULT;
668 break;
669 }
670
671 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
672 err = -EINVAL;
673 break;
674 }
675
676 if (chan->mode != L2CAP_MODE_ERTM &&
677 chan->mode != L2CAP_MODE_STREAMING) {
678 err = -EOPNOTSUPP;
679 break;
680 }
681
682 chan->chan_policy = (u8) opt;
14b12d0b
JG		 683 break;
684
33575df7
GP		 685 default:
686 err = -ENOPROTOOPT;
687 break;
688 }
689
690 release_sock(sk);
691 return err;
692}
fd83ccdb
GP		 693
694static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
695{
696 struct sock *sk = sock->sk;
0c1bc5c6 697 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 698 int err;
699
700 BT_DBG("sock %p, sk %p", sock, sk);
701
702 err = sock_error(sk);
703 if (err)
704 return err;
705
706 if (msg->msg_flags & MSG_OOB)
707 return -EOPNOTSUPP;
708
709 lock_sock(sk);
710
711 if (sk->sk_state != BT_CONNECTED) {
9a91a04a
GP		 712 release_sock(sk);
713 return -ENOTCONN;
fd83ccdb
GP		 714 }
715
5e59b791 716 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
fd83ccdb 717
fd83ccdb
GP		 718 release_sock(sk);
719 return err;
720}
33575df7 721
68983259
GP		 722static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
723{
724 struct sock *sk = sock->sk;
e328140f
MM		 725 struct l2cap_pinfo *pi = l2cap_pi(sk);
726 int err;
68983259
GP		 727
728 lock_sock(sk);
729
730 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
8c1d787b
GP		 731 sk->sk_state = BT_CONFIG;
732
e328140f 733 __l2cap_connect_rsp_defer(pi->chan);
68983259
GP		 734 release_sock(sk);
735 return 0;
736 }
737
738 release_sock(sk);
739
740 if (sock->type == SOCK_STREAM)
e328140f
MM		 741 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
742 else
743 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
744
745 if (pi->chan->mode != L2CAP_MODE_ERTM)
746 return err;
747
748 /* Attempt to put pending rx data in the socket buffer */
749
750 lock_sock(sk);
751
752 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
753 goto done;
754
755 if (pi->rx_busy_skb) {
756 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
757 pi->rx_busy_skb = NULL;
758 else
759 goto done;
760 }
761
762 /* Restore data flow when half of the receive buffer is
763 * available. This avoids resending large numbers of
764 * frames.
765 */
766 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
767 l2cap_chan_busy(pi->chan, 0);
68983259 768
e328140f
MM		 769done:
770 release_sock(sk);
771 return err;
68983259
GP		 772}
773
05fc1576
GP		 774/* Kill socket (only if zapped and orphan)
775 * Must be called on unlocked socket.
776 */
ba3bd0ee 777static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 778{
779 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
780 return;
781
782 BT_DBG("sk %p state %d", sk, sk->sk_state);
783
784 /* Kill poor orphan */
6ff5abbf 785
23691d75 786 l2cap_chan_destroy(l2cap_pi(sk)->chan);
05fc1576
GP		 787 sock_set_flag(sk, SOCK_DEAD);
788 sock_put(sk);
789}
790
dcba0dba
GP		 791static int l2cap_sock_shutdown(struct socket *sock, int how)
792{
793 struct sock *sk = sock->sk;
0c1bc5c6 794 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
dcba0dba
GP		 795 int err = 0;
796
797 BT_DBG("sock %p, sk %p", sock, sk);
798
799 if (!sk)
800 return 0;
801
802 lock_sock(sk);
803 if (!sk->sk_shutdown) {
0c1bc5c6 804 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 805 err = __l2cap_wait_ack(sk);
806
807 sk->sk_shutdown = SHUTDOWN_MASK;
0f852724 808 l2cap_chan_close(chan, 0);
dcba0dba
GP		 809
810 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
811 err = bt_sock_wait_state(sk, BT_CLOSED,
812 sk->sk_lingertime);
813 }
814
815 if (!err && sk->sk_err)
816 err = -sk->sk_err;
817
818 release_sock(sk);
819 return err;
820}
821
554f05bb
GP		 822static int l2cap_sock_release(struct socket *sock)
823{
824 struct sock *sk = sock->sk;
825 int err;
826
827 BT_DBG("sock %p, sk %p", sock, sk);
828
829 if (!sk)
830 return 0;
831
832 err = l2cap_sock_shutdown(sock, 2);
833
834 sock_orphan(sk);
835 l2cap_sock_kill(sk);
836 return err;
837}
838
80808e43
GP		 839static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
840{
841 struct sock *sk, *parent = data;
842
843 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
844 GFP_ATOMIC);
845 if (!sk)
846 return NULL;
847
848 l2cap_sock_init(sk, parent);
849
850 return l2cap_pi(sk)->chan;
851}
852
23070494
GP		 853static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
854{
e328140f 855 int err;
23070494 856 struct sock *sk = data;
e328140f
MM		 857 struct l2cap_pinfo *pi = l2cap_pi(sk);
858
859 if (pi->rx_busy_skb)
860 return -ENOMEM;
861
862 err = sock_queue_rcv_skb(sk, skb);
863
864 /* For ERTM, handle one skb that doesn't fit into the recv
865 * buffer. This is important to do because the data frames
866 * have already been acked, so the skb cannot be discarded.
867 *
868 * Notify the l2cap core that the buffer is full, so the
869 * LOCAL_BUSY state is entered and no more frames are
870 * acked and reassembled until there is buffer space
871 * available.
872 */
873 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
874 pi->rx_busy_skb = skb;
875 l2cap_chan_busy(pi->chan, 1);
876 err = 0;
877 }
23070494 878
e328140f 879 return err;
23070494
GP		 880}
881
ba3bd0ee
GP		 882static void l2cap_sock_close_cb(void *data)
883{
884 struct sock *sk = data;
885
886 l2cap_sock_kill(sk);
887}
888
89bc500e
GP		 889static void l2cap_sock_state_change_cb(void *data, int state)
890{
891 struct sock *sk = data;
892
893 sk->sk_state = state;
894}
895
80808e43
GP		 896static struct l2cap_ops l2cap_chan_ops = {
897 .name = "L2CAP Socket Interface",
898 .new_connection = l2cap_sock_new_connection_cb,
23070494 899 .recv = l2cap_sock_recv_cb,
ba3bd0ee 900 .close = l2cap_sock_close_cb,
89bc500e 901 .state_change = l2cap_sock_state_change_cb,
80808e43
GP		 902};
903
bb58f747
GP		 904static void l2cap_sock_destruct(struct sock *sk)
905{
906 BT_DBG("sk %p", sk);
907
e328140f
MM		 908 if (l2cap_pi(sk)->rx_busy_skb) {
909 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
910 l2cap_pi(sk)->rx_busy_skb = NULL;
911 }
912
bb58f747
GP		 913 skb_queue_purge(&sk->sk_receive_queue);
914 skb_queue_purge(&sk->sk_write_queue);
915}
916
80808e43 917static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747
GP		 918{
919 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 920 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 921
922 BT_DBG("sk %p", sk);
923
924 if (parent) {
b4450035
GP		 925 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
926
bb58f747
GP		 927 sk->sk_type = parent->sk_type;
928 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
929
715ec005 930 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 931 chan->imtu = pchan->imtu;
932 chan->omtu = pchan->omtu;
b4450035 933 chan->conf_state = pchan->conf_state;
0c1bc5c6 934 chan->mode = pchan->mode;
47d1ec61
GP		 935 chan->fcs = pchan->fcs;
936 chan->max_tx = pchan->max_tx;
937 chan->tx_win = pchan->tx_win;
6b3c7104 938 chan->tx_win_max = pchan->tx_win_max;
4343478f 939 chan->sec_level = pchan->sec_level;
d57b0e8b 940 chan->flags = pchan->flags;
6230c9b4
PM		 941
942 security_sk_clone(parent, sk);
bb58f747 943 } else {
715ec005
GP		 944
945 switch (sk->sk_type) {
946 case SOCK_RAW:
947 chan->chan_type = L2CAP_CHAN_RAW;
948 break;
949 case SOCK_DGRAM:
950 chan->chan_type = L2CAP_CHAN_CONN_LESS;
951 break;
952 case SOCK_SEQPACKET:
953 case SOCK_STREAM:
954 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
955 break;
956 }
957
0c1bc5c6
GP		 958 chan->imtu = L2CAP_DEFAULT_MTU;
959 chan->omtu = 0;
bb58f747 960 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 961 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 962 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 963 } else {
0c1bc5c6 964 chan->mode = L2CAP_MODE_BASIC;
bb58f747 965 }
47d1ec61
GP		 966 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
967 chan->fcs = L2CAP_FCS_CRC16;
968 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
6b3c7104 969 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
4343478f 970 chan->sec_level = BT_SECURITY_LOW;
d57b0e8b 971 chan->flags = 0;
15770b1a 972 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
bb58f747
GP		 973 }
974
975 /* Default config options */
0c1bc5c6 976 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 977
978 chan->data = sk;
979 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 980}
981
982static struct proto l2cap_proto = {
983 .name = "L2CAP",
984 .owner = THIS_MODULE,
985 .obj_size = sizeof(struct l2cap_pinfo)
986};
987
80808e43 988static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
bb58f747
GP		 989{
990 struct sock *sk;
dc50a06d 991 struct l2cap_chan *chan;
bb58f747
GP		 992
993 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
994 if (!sk)
995 return NULL;
996
997 sock_init_data(sock, sk);
998 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
999
1000 sk->sk_destruct = l2cap_sock_destruct;
6be6b11f 1001 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1002
1003 sock_reset_flag(sk, SOCK_ZAPPED);
1004
1005 sk->sk_protocol = proto;
1006 sk->sk_state = BT_OPEN;
1007
dc50a06d
GP		 1008 chan = l2cap_chan_create(sk);
1009 if (!chan) {
1010 l2cap_sock_kill(sk);
1011 return NULL;
1012 }
1013
1014 l2cap_pi(sk)->chan = chan;
1015
bb58f747
GP		 1016 return sk;
1017}
1018
1019static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1020 int kern)
1021{
1022 struct sock *sk;
1023
1024 BT_DBG("sock %p", sock);
1025
1026 sock->state = SS_UNCONNECTED;
1027
1028 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1029 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1030 return -ESOCKTNOSUPPORT;
1031
1032 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1033 return -EPERM;
1034
1035 sock->ops = &l2cap_sock_ops;
1036
1037 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1038 if (!sk)
1039 return -ENOMEM;
1040
1041 l2cap_sock_init(sk, NULL);
1042 return 0;
1043}
1044
cf2f90f5 1045static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1046 .family = PF_BLUETOOTH,
1047 .owner = THIS_MODULE,
1048 .release = l2cap_sock_release,
1049 .bind = l2cap_sock_bind,
1050 .connect = l2cap_sock_connect,
1051 .listen = l2cap_sock_listen,
1052 .accept = l2cap_sock_accept,
1053 .getname = l2cap_sock_getname,
1054 .sendmsg = l2cap_sock_sendmsg,
1055 .recvmsg = l2cap_sock_recvmsg,
1056 .poll = bt_sock_poll,
1057 .ioctl = bt_sock_ioctl,
1058 .mmap = sock_no_mmap,
1059 .socketpair = sock_no_socketpair,
1060 .shutdown = l2cap_sock_shutdown,
1061 .setsockopt = l2cap_sock_setsockopt,
1062 .getsockopt = l2cap_sock_getsockopt
1063};
1064
bb58f747
GP		 1065static const struct net_proto_family l2cap_sock_family_ops = {
1066 .family = PF_BLUETOOTH,
1067 .owner = THIS_MODULE,
1068 .create = l2cap_sock_create,
1069};
1070
1071int __init l2cap_init_sockets(void)
1072{
e2174ca4 1073 int err;
bb58f747 1074
e2174ca4
GP		 1075 err = proto_register(&l2cap_proto, 0);
1076 if (err < 0)
1077 return err;
bb58f747 1078
e2174ca4
GP		 1079 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1080 if (err < 0)
1081 goto error;
bb58f747 1082
e2174ca4 1083 BT_INFO("L2CAP socket layer initialized");
bb58f747 1084
e2174ca4 1085 return 0;
bb58f747
GP		 1086
1087error:
e2174ca4
GP		 1088 BT_ERR("L2CAP socket registration failed");
1089 proto_unregister(&l2cap_proto);
1090 return err;
bb58f747
GP		 1091}
1092
1093void l2cap_cleanup_sockets(void)
1094{
e2174ca4
GP		 1095 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1096 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1097
e2174ca4 1098 proto_unregister(&l2cap_proto);
bb58f747 1099}
Ubuntu Artful kernel mirror