]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
lib/mpi: Add the return value check of kcalloc()
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
174cd4b1 32#include <linux/sched/signal.h>
6230c9b4 33
bb58f747 34#include <net/bluetooth/bluetooth.h>
33575df7 35#include <net/bluetooth/hci_core.h>
bb58f747 36#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 37
38#include "smp.h"
bb58f747 39
5b28d95c
MY		 40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
cf2f90f5 44static const struct proto_ops l2cap_sock_ops;
80808e43 45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818 46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 47 int proto, gfp_t prio, int kern);
cf2f90f5 48
b3916db3
DH		 49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
4946096d
JH		 55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
114f9f1e 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
114f9f1e 71 if (psm > L2CAP_PSM_LE_DYN_END)
4946096d
JH		 72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
114f9f1e 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 76 return -EACCES;
77
78 return 0;
79}
80
af6bcd82
GP		 81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
4343478f 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
d2ecfa76
MJ		 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
af6bcd82
GP		 92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
bfe4655f 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 105 /* We only allow ATT user space socket */
9149761a 106 if (la.l2_cid &&
dcf4adbf 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 108 return -EINVAL;
109 }
110
af6bcd82
GP		 111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
4946096d
JH		 121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
af6bcd82 125
4946096d 126 if (err)
af6bcd82 127 goto done;
af6bcd82
GP		 128 }
129
a2342c5f
JH		 130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
9e4425ff 133 if (la.l2_cid)
6e4aff10 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 137
9e4425ff
GP		 138 if (err < 0)
139 goto done;
af6bcd82 140
6a974b50 141 switch (chan->chan_type) {
3124b843
MH		 142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
6a974b50
MH		 146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
cb6ca8e1
JH		 151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
c16900cf
JH		 154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
6a974b50 162 }
b62f328b 163
0ebe9b9f
LAD		 164 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
165 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
166 */
167 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
168 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0ce43ce6 169 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 170
89bc500e 171 chan->state = BT_BOUND;
9e4425ff 172 sk->sk_state = BT_BOUND;
af6bcd82
GP		 173
174done:
175 release_sock(sk);
176 return err;
177}
178
0681c816
LAD		 179static void l2cap_sock_init_pid(struct sock *sk)
180{
181 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
182
183 /* Only L2CAP_MODE_EXT_FLOWCTL ever need to access the PID in order to
184 * group the channels being requested.
185 */
186 if (chan->mode != L2CAP_MODE_EXT_FLOWCTL)
187 return;
188
189 spin_lock(&sk->sk_peer_lock);
190 sk->sk_peer_pid = get_pid(task_tgid(current));
191 spin_unlock(&sk->sk_peer_lock);
192}
193
2d792818
GP		 194static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
195 int alen, int flags)
4e34c50b
GP		 196{
197 struct sock *sk = sock->sk;
0c1bc5c6 198 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 199 struct sockaddr_l2 la;
200 int len, err = 0;
3af70b39 201 bool zapped;
4e34c50b
GP		 202
203 BT_DBG("sk %p", sk);
204
3af70b39
AP		 205 lock_sock(sk);
206 zapped = sock_flag(sk, SOCK_ZAPPED);
207 release_sock(sk);
208
209 if (zapped)
210 return -EINVAL;
211
d2ecfa76 212 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
4e34c50b
GP		 213 addr->sa_family != AF_BLUETOOTH)
214 return -EINVAL;
215
216 memset(&la, 0, sizeof(la));
217 len = min_t(unsigned int, sizeof(la), alen);
218 memcpy(&la, addr, len);
219
acd7d370 220 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 221 return -EINVAL;
222
80c1a2e7
JH		 223 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
224 return -EINVAL;
225
eb622495
JH		 226 /* Check that the socket wasn't bound to something that
227 * conflicts with the address given to connect(). If chan->src
228 * is BDADDR_ANY it means bind() was never used, in which case
229 * chan->src_type and la.l2_bdaddr_type do not need to match.
230 */
231 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
232 bdaddr_type_is_le(la.l2_bdaddr_type)) {
233 /* Old user space versions will try to incorrectly bind
234 * the ATT socket using BDADDR_BREDR. We need to accept
235 * this and fix up the source address type only when
236 * both the source CID and destination CID indicate
237 * ATT. Anything else is an invalid combination.
238 */
239 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 240 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 241 return -EINVAL;
242
243 /* We don't have the hdev available here to make a
244 * better decision on random vs public, but since all
245 * user space versions that exhibit this issue anyway do
246 * not support random local addresses assuming public
247 * here is good enough.
248 */
249 chan->src_type = BDADDR_LE_PUBLIC;
250 }
1f209383
JH		 251
252 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
253 return -EINVAL;
254
bfe4655f 255 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 256 /* We only allow ATT user space socket */
9149761a 257 if (la.l2_cid &&
dcf4adbf 258 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 259 return -EINVAL;
260 }
261
0ebe9b9f
LAD		 262 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
263 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
264 */
265 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
266 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0ce43ce6 267 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 268
0681c816
LAD		 269 l2cap_sock_init_pid(sk);
270
6e4aff10 271 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 272 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 273 if (err)
b3fb611e 274 return err;
4e34c50b 275
6be36555
AE		 276 lock_sock(sk);
277
4e34c50b 278 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 279 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 280
281 release_sock(sk);
282
4e34c50b
GP		 283 return err;
284}
285
af6bcd82
GP		 286static int l2cap_sock_listen(struct socket *sock, int backlog)
287{
288 struct sock *sk = sock->sk;
0c1bc5c6 289 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 290 int err = 0;
291
292 BT_DBG("sk %p backlog %d", sk, backlog);
293
294 lock_sock(sk);
295
6b3af733 296 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 297 err = -EBADFD;
298 goto done;
299 }
300
6b3af733
MH		 301 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
302 err = -EINVAL;
303 goto done;
304 }
305
0c1bc5c6 306 switch (chan->mode) {
af6bcd82 307 case L2CAP_MODE_BASIC:
38319713 308 case L2CAP_MODE_LE_FLOWCTL:
4be5ca67 309 break;
15f02b91 310 case L2CAP_MODE_EXT_FLOWCTL:
4be5ca67
LAD		 311 if (!enable_ecred) {
312 err = -EOPNOTSUPP;
313 goto done;
314 }
af6bcd82
GP		 315 break;
316 case L2CAP_MODE_ERTM:
317 case L2CAP_MODE_STREAMING:
318 if (!disable_ertm)
319 break;
19186c7b 320 fallthrough;
af6bcd82 321 default:
beb19e4c 322 err = -EOPNOTSUPP;
af6bcd82
GP		 323 goto done;
324 }
325
0681c816
LAD		 326 l2cap_sock_init_pid(sk);
327
af6bcd82
GP		 328 sk->sk_max_ack_backlog = backlog;
329 sk->sk_ack_backlog = 0;
89bc500e 330
abe84903
JH		 331 /* Listening channels need to use nested locking in order not to
332 * cause lockdep warnings when the created child channels end up
333 * being locked in the same thread as the parent channel.
334 */
335 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
336
89bc500e 337 chan->state = BT_LISTEN;
af6bcd82
GP		 338 sk->sk_state = BT_LISTEN;
339
340done:
341 release_sock(sk);
342 return err;
343}
344
2d792818 345static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
cdfbabfb 346 int flags, bool kern)
c47b7c72 347{
dfb2fae7 348 DEFINE_WAIT_FUNC(wait, woken_wake_function);
c47b7c72
GP		 349 struct sock *sk = sock->sk, *nsk;
350 long timeo;
351 int err = 0;
352
3b2ab39e 353 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 354
c47b7c72
GP		 355 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
356
357 BT_DBG("sk %p timeo %ld", sk, timeo);
358
359 /* Wait for an incoming connection. (wake-one). */
360 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 361 while (1) {
f9a3c20a
PH		 362 if (sk->sk_state != BT_LISTEN) {
363 err = -EBADFD;
c47b7c72
GP		 364 break;
365 }
366
f9a3c20a
PH		 367 nsk = bt_accept_dequeue(sk, newsock);
368 if (nsk)
369 break;
c47b7c72 370
f9a3c20a
PH		 371 if (!timeo) {
372 err = -EAGAIN;
c47b7c72
GP		 373 break;
374 }
375
376 if (signal_pending(current)) {
377 err = sock_intr_errno(timeo);
378 break;
379 }
f9a3c20a
PH		 380
381 release_sock(sk);
dfb2fae7
PH		 382
383 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
384
3b2ab39e 385 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 386 }
c47b7c72
GP		 387 remove_wait_queue(sk_sleep(sk), &wait);
388
389 if (err)
390 goto done;
391
392 newsock->state = SS_CONNECTED;
393
394 BT_DBG("new socket %p", nsk);
395
396done:
397 release_sock(sk);
398 return err;
399}
400
2d792818 401static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
9b2c45d4 402 int peer)
d7175d55
GP		 403{
404 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
405 struct sock *sk = sock->sk;
0c1bc5c6 406 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 407
408 BT_DBG("sock %p, sk %p", sock, sk);
409
e8b1ab9e 410 if (peer && sk->sk_state != BT_CONNECTED &&
bf19d51b
JH		 411 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
412 sk->sk_state != BT_CONFIG)
b783fbc3
JH		 413 return -ENOTCONN;
414
792039c7 415 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55 416 addr->sa_family = AF_BLUETOOTH;
d7175d55 417
d7e5e76b
JH		 418 la->l2_psm = chan->psm;
419
d7175d55 420 if (peer) {
7eafc59e 421 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 422 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 423 la->l2_bdaddr_type = chan->dst_type;
d7175d55 424 } else {
7eafc59e 425 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 426 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 427 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 428 }
429
9b2c45d4 430 return sizeof(struct sockaddr_l2);
d7175d55
GP		 431}
432
3ee7b7cd
LAD		 433static int l2cap_get_mode(struct l2cap_chan *chan)
434{
435 switch (chan->mode) {
436 case L2CAP_MODE_BASIC:
437 return BT_MODE_BASIC;
438 case L2CAP_MODE_ERTM:
439 return BT_MODE_ERTM;
440 case L2CAP_MODE_STREAMING:
441 return BT_MODE_STREAMING;
442 case L2CAP_MODE_LE_FLOWCTL:
443 return BT_MODE_LE_FLOWCTL;
444 case L2CAP_MODE_EXT_FLOWCTL:
445 return BT_MODE_EXT_FLOWCTL;
446 }
447
448 return -EINVAL;
449}
450
2d792818
GP		 451static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
452 char __user *optval, int __user *optlen)
99f4808d
GP		 453{
454 struct sock *sk = sock->sk;
4343478f 455 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 456 struct l2cap_options opts;
457 struct l2cap_conninfo cinfo;
458 int len, err = 0;
459 u32 opt;
460
461 BT_DBG("sk %p", sk);
462
463 if (get_user(len, optlen))
464 return -EFAULT;
465
466 lock_sock(sk);
467
468 switch (optname) {
469 case L2CAP_OPTIONS:
64b4f8dc
JH		 470 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
471 * legacy ATT code depends on getsockopt for
472 * L2CAP_OPTIONS we need to let this pass.
473 */
474 if (bdaddr_type_is_le(chan->src_type) &&
475 chan->scid != L2CAP_CID_ATT) {
476 err = -EINVAL;
477 break;
478 }
479
b86b0b15
LAD		 480 /* Only BR/EDR modes are supported here */
481 switch (chan->mode) {
482 case L2CAP_MODE_BASIC:
483 case L2CAP_MODE_ERTM:
484 case L2CAP_MODE_STREAMING:
485 break;
486 default:
487 err = -EINVAL;
488 break;
489 }
490
491 if (err < 0)
492 break;
493
e3fb592b 494 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 495 opts.imtu = chan->imtu;
496 opts.omtu = chan->omtu;
497 opts.flush_to = chan->flush_to;
498 opts.mode = chan->mode;
47d1ec61
GP		 499 opts.fcs = chan->fcs;
500 opts.max_tx = chan->max_tx;
6327eb98 501 opts.txwin_size = chan->tx_win;
99f4808d 502
15f02b91
LAD		 503 BT_DBG("mode 0x%2.2x", chan->mode);
504
99f4808d
GP		 505 len = min_t(unsigned int, len, sizeof(opts));
506 if (copy_to_user(optval, (char *) &opts, len))
507 err = -EFAULT;
508
509 break;
510
511 case L2CAP_LM:
4343478f 512 switch (chan->sec_level) {
99f4808d
GP		 513 case BT_SECURITY_LOW:
514 opt = L2CAP_LM_AUTH;
515 break;
516 case BT_SECURITY_MEDIUM:
517 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
518 break;
519 case BT_SECURITY_HIGH:
520 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 521 L2CAP_LM_SECURE;
99f4808d 522 break;
7d513e92
MH		 523 case BT_SECURITY_FIPS:
524 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
525 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
526 break;
99f4808d
GP		 527 default:
528 opt = 0;
529 break;
530 }
531
43bd0f32 532 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 533 opt |= L2CAP_LM_MASTER;
534
ecf61bdb 535 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 536 opt |= L2CAP_LM_RELIABLE;
537
538 if (put_user(opt, (u32 __user *) optval))
539 err = -EFAULT;
7d513e92 540
99f4808d
GP		 541 break;
542
543 case L2CAP_CONNINFO:
544 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 545 !(sk->sk_state == BT_CONNECT2 &&
546 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 547 err = -ENOTCONN;
548 break;
549 }
550
8d03e971 551 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 552 cinfo.hci_handle = chan->conn->hcon->handle;
553 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 554
555 len = min_t(unsigned int, len, sizeof(cinfo));
556 if (copy_to_user(optval, (char *) &cinfo, len))
557 err = -EFAULT;
558
559 break;
560
561 default:
562 err = -ENOPROTOOPT;
563 break;
564 }
565
566 release_sock(sk);
567 return err;
568}
569
2d792818
GP		 570static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
571 char __user *optval, int __user *optlen)
99f4808d
GP		 572{
573 struct sock *sk = sock->sk;
4343478f 574 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 575 struct bt_security sec;
14b12d0b 576 struct bt_power pwr;
eab2404b 577 u32 phys;
3ee7b7cd 578 int len, mode, err = 0;
99f4808d
GP		 579
580 BT_DBG("sk %p", sk);
581
582 if (level == SOL_L2CAP)
583 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
584
585 if (level != SOL_BLUETOOTH)
586 return -ENOPROTOOPT;
587
588 if (get_user(len, optlen))
589 return -EFAULT;
590
591 lock_sock(sk);
592
593 switch (optname) {
594 case BT_SECURITY:
715ec005 595 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 596 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 597 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 598 err = -EINVAL;
599 break;
600 }
601
8f360119 602 memset(&sec, 0, sizeof(sec));
85e34368 603 if (chan->conn) {
c6585a4d 604 sec.level = chan->conn->hcon->sec_level;
99f4808d 605
85e34368
AE		 606 if (sk->sk_state == BT_CONNECTED)
607 sec.key_size = chan->conn->hcon->enc_key_size;
608 } else {
609 sec.level = chan->sec_level;
610 }
8f360119 611
99f4808d
GP		 612 len = min_t(unsigned int, len, sizeof(sec));
613 if (copy_to_user(optval, (char *) &sec, len))
614 err = -EFAULT;
615
616 break;
617
618 case BT_DEFER_SETUP:
619 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
620 err = -EINVAL;
621 break;
622 }
623
c5daa683
GP		 624 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
625 (u32 __user *) optval))
99f4808d
GP		 626 err = -EFAULT;
627
628 break;
629
630 case BT_FLUSHABLE:
d57b0e8b 631 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 632 (u32 __user *) optval))
99f4808d
GP		 633 err = -EFAULT;
634
635 break;
636
14b12d0b
JG		 637 case BT_POWER:
638 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 639 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 640 err = -EINVAL;
641 break;
642 }
643
15770b1a 644 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 645
646 len = min_t(unsigned int, len, sizeof(pwr));
647 if (copy_to_user(optval, (char *) &pwr, len))
648 err = -EFAULT;
649
650 break;
651
2ea66482 652 case BT_CHANNEL_POLICY:
2ea66482
MM		 653 if (put_user(chan->chan_policy, (u32 __user *) optval))
654 err = -EFAULT;
655 break;
656
1f435424 657 case BT_SNDMTU:
1f435424
JH		 658 if (!bdaddr_type_is_le(chan->src_type)) {
659 err = -EINVAL;
660 break;
661 }
662
663 if (sk->sk_state != BT_CONNECTED) {
664 err = -ENOTCONN;
665 break;
666 }
667
668 if (put_user(chan->omtu, (u16 __user *) optval))
669 err = -EFAULT;
670 break;
671
672 case BT_RCVMTU:
1f435424
JH		 673 if (!bdaddr_type_is_le(chan->src_type)) {
674 err = -EINVAL;
675 break;
676 }
677
678 if (put_user(chan->imtu, (u16 __user *) optval))
679 err = -EFAULT;
680 break;
681
eab2404b 682 case BT_PHY:
a2a8b0b4 683 if (sk->sk_state != BT_CONNECTED) {
eab2404b
LAD		 684 err = -ENOTCONN;
685 break;
686 }
687
688 phys = hci_conn_get_phy(chan->conn->hcon);
689
690 if (put_user(phys, (u32 __user *) optval))
691 err = -EFAULT;
692 break;
693
3ee7b7cd
LAD		 694 case BT_MODE:
695 if (!enable_ecred) {
696 err = -ENOPROTOOPT;
697 break;
698 }
699
700 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
701 err = -EINVAL;
702 break;
703 }
704
705 mode = l2cap_get_mode(chan);
706 if (mode < 0) {
707 err = mode;
708 break;
709 }
710
711 if (put_user(mode, (u8 __user *) optval))
712 err = -EFAULT;
713 break;
714
99f4808d
GP		 715 default:
716 err = -ENOPROTOOPT;
717 break;
718 }
719
720 release_sock(sk);
721 return err;
722}
723
682877c3
AG		 724static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
725{
726 switch (chan->scid) {
073d1cf3 727 case L2CAP_CID_ATT:
8c3a4f00 728 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 729 return false;
730 break;
731
732 default:
733 if (mtu < L2CAP_DEFAULT_MIN_MTU)
734 return false;
735 }
736
737 return true;
738}
739
2d792818 740static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
a7b75c5a 741 sockptr_t optval, unsigned int optlen)
33575df7
GP		 742{
743 struct sock *sk = sock->sk;
b4450035 744 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 745 struct l2cap_options opts;
746 int len, err = 0;
747 u32 opt;
748
749 BT_DBG("sk %p", sk);
750
751 lock_sock(sk);
752
753 switch (optname) {
754 case L2CAP_OPTIONS:
64b4f8dc
JH		 755 if (bdaddr_type_is_le(chan->src_type)) {
756 err = -EINVAL;
757 break;
758 }
759
33575df7
GP		 760 if (sk->sk_state == BT_CONNECTED) {
761 err = -EINVAL;
762 break;
763 }
764
0c1bc5c6
GP		 765 opts.imtu = chan->imtu;
766 opts.omtu = chan->omtu;
767 opts.flush_to = chan->flush_to;
768 opts.mode = chan->mode;
47d1ec61
GP		 769 opts.fcs = chan->fcs;
770 opts.max_tx = chan->max_tx;
6327eb98 771 opts.txwin_size = chan->tx_win;
33575df7
GP		 772
773 len = min_t(unsigned int, sizeof(opts), optlen);
a7b75c5a 774 if (copy_from_sockptr(&opts, optval, len)) {
33575df7
GP		 775 err = -EFAULT;
776 break;
777 }
778
6327eb98 779 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 780 err = -EINVAL;
781 break;
782 }
783
682877c3
AG		 784 if (!l2cap_valid_mtu(chan, opts.imtu)) {
785 err = -EINVAL;
786 break;
787 }
788
b86b0b15
LAD		 789 /* Only BR/EDR modes are supported here */
790 switch (opts.mode) {
33575df7 791 case L2CAP_MODE_BASIC:
c1360a1c 792 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 793 break;
794 case L2CAP_MODE_ERTM:
795 case L2CAP_MODE_STREAMING:
796 if (!disable_ertm)
797 break;
19186c7b 798 fallthrough;
33575df7
GP		 799 default:
800 err = -EINVAL;
801 break;
802 }
803
b86b0b15
LAD		 804 if (err < 0)
805 break;
806
807 chan->mode = opts.mode;
808
15f02b91
LAD		 809 BT_DBG("mode 0x%2.2x", chan->mode);
810
0c1bc5c6
GP		 811 chan->imtu = opts.imtu;
812 chan->omtu = opts.omtu;
47d1ec61
GP		 813 chan->fcs = opts.fcs;
814 chan->max_tx = opts.max_tx;
6327eb98 815 chan->tx_win = opts.txwin_size;
12d59781 816 chan->flush_to = opts.flush_to;
33575df7
GP		 817 break;
818
819 case L2CAP_LM:
a7b75c5a 820 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
33575df7
GP		 821 err = -EFAULT;
822 break;
823 }
824
7d513e92
MH		 825 if (opt & L2CAP_LM_FIPS) {
826 err = -EINVAL;
827 break;
828 }
829
33575df7 830 if (opt & L2CAP_LM_AUTH)
4343478f 831 chan->sec_level = BT_SECURITY_LOW;
33575df7 832 if (opt & L2CAP_LM_ENCRYPT)
4343478f 833 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 834 if (opt & L2CAP_LM_SECURE)
4343478f 835 chan->sec_level = BT_SECURITY_HIGH;
33575df7 836
43bd0f32
AE		 837 if (opt & L2CAP_LM_MASTER)
838 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
839 else
840 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 841
842 if (opt & L2CAP_LM_RELIABLE)
843 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
844 else
845 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 846 break;
847
848 default:
849 err = -ENOPROTOOPT;
850 break;
851 }
852
853 release_sock(sk);
854 return err;
855}
856
3ee7b7cd
LAD		 857static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
858{
859 switch (mode) {
860 case BT_MODE_BASIC:
861 if (bdaddr_type_is_le(chan->src_type))
862 return -EINVAL;
863 mode = L2CAP_MODE_BASIC;
864 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
865 break;
866 case BT_MODE_ERTM:
867 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
868 return -EINVAL;
869 mode = L2CAP_MODE_ERTM;
870 break;
871 case BT_MODE_STREAMING:
872 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
873 return -EINVAL;
874 mode = L2CAP_MODE_STREAMING;
875 break;
876 case BT_MODE_LE_FLOWCTL:
877 if (!bdaddr_type_is_le(chan->src_type))
878 return -EINVAL;
879 mode = L2CAP_MODE_LE_FLOWCTL;
880 break;
881 case BT_MODE_EXT_FLOWCTL:
882 /* TODO: Add support for ECRED PDUs to BR/EDR */
883 if (!bdaddr_type_is_le(chan->src_type))
884 return -EINVAL;
885 mode = L2CAP_MODE_EXT_FLOWCTL;
886 break;
887 default:
888 return -EINVAL;
889 }
890
891 chan->mode = mode;
892
893 return 0;
894}
895
2d792818 896static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
a7b75c5a 897 sockptr_t optval, unsigned int optlen)
33575df7
GP		 898{
899 struct sock *sk = sock->sk;
4343478f 900 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 901 struct bt_security sec;
14b12d0b 902 struct bt_power pwr;
f1cb9af5 903 struct l2cap_conn *conn;
33575df7
GP		 904 int len, err = 0;
905 u32 opt;
906
907 BT_DBG("sk %p", sk);
908
909 if (level == SOL_L2CAP)
910 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
911
912 if (level != SOL_BLUETOOTH)
913 return -ENOPROTOOPT;
914
915 lock_sock(sk);
916
917 switch (optname) {
918 case BT_SECURITY:
715ec005 919 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 920 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 921 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 922 err = -EINVAL;
923 break;
924 }
925
926 sec.level = BT_SECURITY_LOW;
927
928 len = min_t(unsigned int, sizeof(sec), optlen);
a7b75c5a 929 if (copy_from_sockptr(&sec, optval, len)) {
33575df7
GP		 930 err = -EFAULT;
931 break;
932 }
933
934 if (sec.level < BT_SECURITY_LOW ||
a164cee1 935 sec.level > BT_SECURITY_FIPS) {
33575df7
GP		 936 err = -EINVAL;
937 break;
938 }
939
4343478f 940 chan->sec_level = sec.level;
f1cb9af5 941
0bee1d60
GP		 942 if (!chan->conn)
943 break;
944
f1cb9af5 945 conn = chan->conn;
0bee1d60 946
bbb69b37 947 /* change security for LE channels */
073d1cf3 948 if (chan->scid == L2CAP_CID_ATT) {
bbb69b37
FD		 949 if (smp_conn_security(conn->hcon, sec.level)) {
950 err = -EINVAL;
f1cb9af5 951 break;
bbb69b37
FD		 952 }
953
d52deb17 954 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
f1cb9af5 955 sk->sk_state = BT_CONFIG;
3542b854 956 chan->state = BT_CONFIG;
0bee1d60 957
a7d7723a
GP		 958 /* or for ACL link */
959 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 960 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a 961 sk->sk_state == BT_CONNECTED) {
e7cafc45 962 if (!l2cap_chan_check_security(chan, true))
c5daa683 963 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 964 else
965 sk->sk_state_change(sk);
0bee1d60
GP		 966 } else {
967 err = -EINVAL;
f1cb9af5 968 }
33575df7
GP		 969 break;
970
971 case BT_DEFER_SETUP:
972 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
973 err = -EINVAL;
974 break;
975 }
976
a7b75c5a 977 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
33575df7
GP		 978 err = -EFAULT;
979 break;
980 }
981
bdc25783 982 if (opt) {
c5daa683 983 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 984 set_bit(FLAG_DEFER_SETUP, &chan->flags);
985 } else {
c5daa683 986 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 987 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
988 }
33575df7
GP		 989 break;
990
991 case BT_FLUSHABLE:
a7b75c5a 992 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
33575df7
GP		 993 err = -EFAULT;
994 break;
995 }
996
997 if (opt > BT_FLUSHABLE_ON) {
998 err = -EINVAL;
999 break;
1000 }
1001
1002 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 1003 conn = chan->conn;
25985edc 1004 /* proceed further only when we have l2cap_conn and
33575df7
GP		 1005 No Flush support in the LM */
1006 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
1007 err = -EINVAL;
1008 break;
1009 }
1010 }
1011
d57b0e8b
AE		 1012 if (opt)
1013 set_bit(FLAG_FLUSHABLE, &chan->flags);
1014 else
1015 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 1016 break;
1017
14b12d0b
JG		 1018 case BT_POWER:
1019 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 1020 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 1021 err = -EINVAL;
1022 break;
1023 }
1024
1025 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
1026
1027 len = min_t(unsigned int, sizeof(pwr), optlen);
a7b75c5a 1028 if (copy_from_sockptr(&pwr, optval, len)) {
14b12d0b
JG		 1029 err = -EFAULT;
1030 break;
1031 }
15770b1a
AE		 1032
1033 if (pwr.force_active)
1034 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1035 else
1036 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 1037 break;
1038
2ea66482 1039 case BT_CHANNEL_POLICY:
a7b75c5a 1040 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
2ea66482
MM		 1041 err = -EFAULT;
1042 break;
1043 }
1044
1045 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1046 err = -EINVAL;
1047 break;
1048 }
1049
1050 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 1051 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 1052 err = -EOPNOTSUPP;
1053 break;
1054 }
1055
1056 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 1057
1058 if (sk->sk_state == BT_CONNECTED &&
1059 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1060 l2cap_move_start(chan);
1061
14b12d0b
JG		 1062 break;
1063
1f435424 1064 case BT_SNDMTU:
1f435424
JH		 1065 if (!bdaddr_type_is_le(chan->src_type)) {
1066 err = -EINVAL;
1067 break;
1068 }
1069
1070 /* Setting is not supported as it's the remote side that
1071 * decides this.
1072 */
1073 err = -EPERM;
1074 break;
1075
1076 case BT_RCVMTU:
1f435424
JH		 1077 if (!bdaddr_type_is_le(chan->src_type)) {
1078 err = -EINVAL;
1079 break;
1080 }
1081
15f02b91
LAD		 1082 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1083 sk->sk_state == BT_CONNECTED) {
1f435424
JH		 1084 err = -EISCONN;
1085 break;
1086 }
1087
a7b75c5a 1088 if (copy_from_sockptr(&opt, optval, sizeof(u16))) {
1f435424
JH		 1089 err = -EFAULT;
1090 break;
1091 }
1092
15f02b91
LAD		 1093 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1094 sk->sk_state == BT_CONNECTED)
1095 err = l2cap_chan_reconfigure(chan, opt);
1096 else
1097 chan->imtu = opt;
1098
1f435424
JH		 1099 break;
1100
3ee7b7cd
LAD		 1101 case BT_MODE:
1102 if (!enable_ecred) {
1103 err = -ENOPROTOOPT;
1104 break;
1105 }
1106
1107 BT_DBG("sk->sk_state %u", sk->sk_state);
1108
1109 if (sk->sk_state != BT_BOUND) {
1110 err = -EINVAL;
1111 break;
1112 }
1113
1114 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1115 err = -EINVAL;
1116 break;
1117 }
1118
a7b75c5a 1119 if (copy_from_sockptr(&opt, optval, sizeof(u8))) {
3ee7b7cd
LAD		 1120 err = -EFAULT;
1121 break;
1122 }
1123
1124 BT_DBG("opt %u", opt);
1125
1126 err = l2cap_set_mode(chan, opt);
1127 if (err)
1128 break;
1129
1130 BT_DBG("mode 0x%2.2x", chan->mode);
1131
1132 break;
1133
33575df7
GP		 1134 default:
1135 err = -ENOPROTOOPT;
1136 break;
1137 }
1138
1139 release_sock(sk);
1140 return err;
1141}
fd83ccdb 1142
1b784140
YX		 1143static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1144 size_t len)
fd83ccdb
GP		 1145{
1146 struct sock *sk = sock->sk;
0c1bc5c6 1147 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 1148 int err;
1149
1150 BT_DBG("sock %p, sk %p", sock, sk);
1151
1152 err = sock_error(sk);
1153 if (err)
1154 return err;
1155
1156 if (msg->msg_flags & MSG_OOB)
1157 return -EOPNOTSUPP;
1158
a6a5568c 1159 if (sk->sk_state != BT_CONNECTED)
9a91a04a 1160 return -ENOTCONN;
fd83ccdb 1161
e793dcf0
JH		 1162 lock_sock(sk);
1163 err = bt_sock_wait_ready(sk, msg->msg_flags);
1164 release_sock(sk);
1165 if (err)
1166 return err;
1167
a6a5568c 1168 l2cap_chan_lock(chan);
8d46321c 1169 err = l2cap_chan_send(chan, msg, len);
a6a5568c 1170 l2cap_chan_unlock(chan);
fd83ccdb 1171
fd83ccdb
GP		 1172 return err;
1173}
33575df7 1174
1b784140
YX		 1175static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1176 size_t len, int flags)
68983259
GP		 1177{
1178 struct sock *sk = sock->sk;
e328140f
MM		 1179 struct l2cap_pinfo *pi = l2cap_pi(sk);
1180 int err;
68983259
GP		 1181
1182 lock_sock(sk);
1183
c5daa683
GP		 1184 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1185 &bt_sk(sk)->flags)) {
15f02b91
LAD		 1186 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1187 sk->sk_state = BT_CONNECTED;
1188 pi->chan->state = BT_CONNECTED;
1189 __l2cap_ecred_conn_rsp_defer(pi->chan);
b354e6c1 1190 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
38319713
JH		 1191 sk->sk_state = BT_CONNECTED;
1192 pi->chan->state = BT_CONNECTED;
1193 __l2cap_le_connect_rsp_defer(pi->chan);
1194 } else {
1195 sk->sk_state = BT_CONFIG;
1196 pi->chan->state = BT_CONFIG;
1197 __l2cap_connect_rsp_defer(pi->chan);
1198 }
8c1d787b 1199
970871bc
JH		 1200 err = 0;
1201 goto done;
68983259
GP		 1202 }
1203
1204 release_sock(sk);
1205
1206 if (sock->type == SOCK_STREAM)
1b784140 1207 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
e328140f 1208 else
1b784140 1209 err = bt_sock_recvmsg(sock, msg, len, flags);
e328140f
MM		 1210
1211 if (pi->chan->mode != L2CAP_MODE_ERTM)
1212 return err;
1213
1214 /* Attempt to put pending rx data in the socket buffer */
1215
1216 lock_sock(sk);
1217
1218 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1219 goto done;
1220
1221 if (pi->rx_busy_skb) {
dbb50887 1222 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
e328140f
MM		 1223 pi->rx_busy_skb = NULL;
1224 else
1225 goto done;
1226 }
1227
1228 /* Restore data flow when half of the receive buffer is
1229 * available. This avoids resending large numbers of
1230 * frames.
1231 */
1232 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1233 l2cap_chan_busy(pi->chan, 0);
68983259 1234
e328140f
MM		 1235done:
1236 release_sock(sk);
1237 return err;
68983259
GP		 1238}
1239
05fc1576 1240/* Kill socket (only if zapped and orphan)
6c08fc89 1241 * Must be called on unlocked socket, with l2cap channel lock.
05fc1576 1242 */
ba3bd0ee 1243static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1244{
1245 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1246 return;
1247
e05dcc32 1248 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1249
1250 /* Kill poor orphan */
6ff5abbf 1251
4af66c69 1252 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1253 sock_set_flag(sk, SOCK_DEAD);
1254 sock_put(sk);
1255}
1256
f65468f6 1257static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
dc25306b 1258{
dc25306b
GP		 1259 DECLARE_WAITQUEUE(wait, current);
1260 int err = 0;
cb02a255 1261 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
e432c72c
DJ		 1262 /* Timeout to prevent infinite loop */
1263 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
dc25306b
GP		 1264
1265 add_wait_queue(sk_sleep(sk), &wait);
1266 set_current_state(TASK_INTERRUPTIBLE);
f65468f6 1267 do {
e432c72c
DJ		 1268 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1269 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1270 jiffies_to_msecs(timeout - jiffies));
451e4c6c 1271
dc25306b 1272 if (!timeo)
cb02a255 1273 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
dc25306b
GP		 1274
1275 if (signal_pending(current)) {
1276 err = sock_intr_errno(timeo);
1277 break;
1278 }
1279
1280 release_sock(sk);
1281 timeo = schedule_timeout(timeo);
1282 lock_sock(sk);
1283 set_current_state(TASK_INTERRUPTIBLE);
1284
1285 err = sock_error(sk);
1286 if (err)
1287 break;
f65468f6 1288
e432c72c
DJ		 1289 if (time_after(jiffies, timeout)) {
1290 err = -ENOLINK;
1291 break;
1292 }
1293
f65468f6
DJ		 1294 } while (chan->unacked_frames > 0 &&
1295 chan->state == BT_CONNECTED);
1296
dc25306b
GP		 1297 set_current_state(TASK_RUNNING);
1298 remove_wait_queue(sk_sleep(sk), &wait);
1299 return err;
1300}
1301
dcba0dba
GP		 1302static int l2cap_sock_shutdown(struct socket *sock, int how)
1303{
1304 struct sock *sk = sock->sk;
7ddb6e0f 1305 struct l2cap_chan *chan;
3df91ea2 1306 struct l2cap_conn *conn;
dcba0dba
GP		 1307 int err = 0;
1308
5b440676
AP		 1309 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1310
1311 /* 'how' parameter is mapped to sk_shutdown as follows:
1312 * SHUT_RD (0) --> RCV_SHUTDOWN (1)
1313 * SHUT_WR (1) --> SEND_SHUTDOWN (2)
1314 * SHUT_RDWR (2) --> SHUTDOWN_MASK (3)
1315 */
1316 how++;
dcba0dba
GP		 1317
1318 if (!sk)
1319 return 0;
1320
04ba72e6
DJ		 1321 lock_sock(sk);
1322
5b440676 1323 if ((sk->sk_shutdown & how) == how)
e7456437
DJ		 1324 goto shutdown_already;
1325
1326 BT_DBG("Handling sock shutdown");
1327
2baea85d
DJ		 1328 /* prevent sk structure from being freed whilst unlocked */
1329 sock_hold(sk);
1330
7ddb6e0f 1331 chan = l2cap_pi(sk)->chan;
2baea85d
DJ		 1332 /* prevent chan structure from being freed whilst unlocked */
1333 l2cap_chan_hold(chan);
3df91ea2 1334
49d11741
JH		 1335 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1336
e7456437
DJ		 1337 if (chan->mode == L2CAP_MODE_ERTM &&
1338 chan->unacked_frames > 0 &&
9f7378a9 1339 chan->state == BT_CONNECTED) {
e7456437 1340 err = __l2cap_wait_ack(sk, chan);
dcba0dba 1341
9f7378a9
DJ		 1342 /* After waiting for ACKs, check whether shutdown
1343 * has already been actioned to close the L2CAP
1344 * link such as by l2cap_disconnection_req().
1345 */
5b440676
AP		 1346 if ((sk->sk_shutdown & how) == how)
1347 goto shutdown_matched;
1348 }
1349
1350 /* Try setting the RCV_SHUTDOWN bit, return early if SEND_SHUTDOWN
1351 * is already set
1352 */
1353 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1354 sk->sk_shutdown |= RCV_SHUTDOWN;
1355 if ((sk->sk_shutdown & how) == how)
1356 goto shutdown_matched;
9f7378a9
DJ		 1357 }
1358
5b440676 1359 sk->sk_shutdown |= SEND_SHUTDOWN;
e7456437 1360 release_sock(sk);
04ba72e6
DJ		 1361
1362 l2cap_chan_lock(chan);
1363 conn = chan->conn;
1364 if (conn)
1365 /* prevent conn structure from being freed */
1366 l2cap_conn_get(conn);
1367 l2cap_chan_unlock(chan);
1368
1369 if (conn)
1370 /* mutex lock must be taken before l2cap_chan_lock() */
1371 mutex_lock(&conn->chan_lock);
1372
1373 l2cap_chan_lock(chan);
e7456437 1374 l2cap_chan_close(chan, 0);
04ba72e6
DJ		 1375 l2cap_chan_unlock(chan);
1376
1377 if (conn) {
1378 mutex_unlock(&conn->chan_lock);
1379 l2cap_conn_put(conn);
1380 }
1381
e7456437 1382 lock_sock(sk);
dcba0dba 1383
e7456437
DJ		 1384 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1385 !(current->flags & PF_EXITING))
1386 err = bt_sock_wait_state(sk, BT_CLOSED,
1387 sk->sk_lingertime);
dcba0dba 1388
5b440676 1389shutdown_matched:
04ba72e6
DJ		 1390 l2cap_chan_put(chan);
1391 sock_put(sk);
1392
1393shutdown_already:
dcba0dba
GP		 1394 if (!err && sk->sk_err)
1395 err = -sk->sk_err;
1396
1397 release_sock(sk);
3df91ea2 1398
04ba72e6 1399 BT_DBG("Sock shutdown complete err: %d", err);
451e4c6c 1400
dcba0dba
GP		 1401 return err;
1402}
1403
554f05bb
GP		 1404static int l2cap_sock_release(struct socket *sock)
1405{
1406 struct sock *sk = sock->sk;
1407 int err;
2a154903 1408 struct l2cap_chan *chan;
554f05bb
GP		 1409
1410 BT_DBG("sock %p, sk %p", sock, sk);
1411
1412 if (!sk)
1413 return 0;
1414
5b28d95c
MY		 1415 bt_sock_unlink(&l2cap_sk_list, sk);
1416
5b440676 1417 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
2a154903 1418 chan = l2cap_pi(sk)->chan;
554f05bb 1419
2a154903
HD		 1420 l2cap_chan_hold(chan);
1421 l2cap_chan_lock(chan);
6c08fc89 1422
554f05bb
GP		 1423 sock_orphan(sk);
1424 l2cap_sock_kill(sk);
6c08fc89 1425
2a154903
HD		 1426 l2cap_chan_unlock(chan);
1427 l2cap_chan_put(chan);
6c08fc89 1428
554f05bb
GP		 1429 return err;
1430}
1431
c0df7f6e
AE		 1432static void l2cap_sock_cleanup_listen(struct sock *parent)
1433{
1434 struct sock *sk;
1435
49d11741
JH		 1436 BT_DBG("parent %p state %s", parent,
1437 state_to_string(parent->sk_state));
c0df7f6e
AE		 1438
1439 /* Close not yet accepted channels */
1440 while ((sk = bt_accept_dequeue(parent, NULL))) {
1441 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1442
49d11741
JH		 1443 BT_DBG("child chan %p state %s", chan,
1444 state_to_string(chan->state));
1445
6c08fc89 1446 l2cap_chan_hold(chan);
c0df7f6e 1447 l2cap_chan_lock(chan);
6c08fc89 1448
c0df7f6e
AE		 1449 __clear_chan_timer(chan);
1450 l2cap_chan_close(chan, ECONNRESET);
c0df7f6e 1451 l2cap_sock_kill(sk);
6c08fc89
MM		 1452
1453 l2cap_chan_unlock(chan);
1454 l2cap_chan_put(chan);
c0df7f6e
AE		 1455 }
1456}
1457
80b98027 1458static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1459{
80b98027 1460 struct sock *sk, *parent = chan->data;
80808e43 1461
8ffb9290
GP		 1462 lock_sock(parent);
1463
53826692
GP		 1464 /* Check for backlog size */
1465 if (sk_acceptq_is_full(parent)) {
1466 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1467 release_sock(parent);
53826692
GP		 1468 return NULL;
1469 }
1470
80808e43 1471 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
11aa9c28 1472 GFP_ATOMIC, 0);
8a96f3cd
JT		 1473 if (!sk) {
1474 release_sock(parent);
80808e43 1475 return NULL;
8a96f3cd 1476 }
80808e43 1477
d22015aa
OP		 1478 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1479
80808e43
GP		 1480 l2cap_sock_init(sk, parent);
1481
c4f5627f 1482 bt_accept_enqueue(parent, sk, false);
644912e1 1483
8ffb9290
GP		 1484 release_sock(parent);
1485
80808e43
GP		 1486 return l2cap_pi(sk)->chan;
1487}
1488
80b98027 1489static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1490{
80b98027 1491 struct sock *sk = chan->data;
84b34d98 1492 int err;
e328140f 1493
6be36555
AE		 1494 lock_sock(sk);
1495
84b34d98 1496 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1497 err = -ENOMEM;
1498 goto done;
1499 }
e328140f 1500
dbb50887
DB		 1501 if (chan->mode != L2CAP_MODE_ERTM &&
1502 chan->mode != L2CAP_MODE_STREAMING) {
1503 /* Even if no filter is attached, we could potentially
1504 * get errors from security modules, etc.
1505 */
1506 err = sk_filter(sk, skb);
1507 if (err)
1508 goto done;
1509 }
1510
1511 err = __sock_queue_rcv_skb(sk, skb);
e328140f
MM		 1512
1513 /* For ERTM, handle one skb that doesn't fit into the recv
1514 * buffer. This is important to do because the data frames
1515 * have already been acked, so the skb cannot be discarded.
1516 *
1517 * Notify the l2cap core that the buffer is full, so the
1518 * LOCAL_BUSY state is entered and no more frames are
1519 * acked and reassembled until there is buffer space
1520 * available.
1521 */
84b34d98
MH		 1522 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1523 l2cap_pi(sk)->rx_busy_skb = skb;
1524 l2cap_chan_busy(chan, 1);
e328140f
MM		 1525 err = 0;
1526 }
23070494 1527
6be36555
AE		 1528done:
1529 release_sock(sk);
1530
e328140f 1531 return err;
23070494
GP		 1532}
1533
80b98027 1534static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1535{
80b98027 1536 struct sock *sk = chan->data;
ba3bd0ee 1537
ea4c054c
WS		 1538 if (!sk)
1539 return;
1540
ba3bd0ee
GP		 1541 l2cap_sock_kill(sk);
1542}
1543
c0df7f6e
AE		 1544static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1545{
1546 struct sock *sk = chan->data;
1547 struct sock *parent;
1548
ea4c054c
WS		 1549 if (!sk)
1550 return;
1551
49d11741
JH		 1552 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1553
3b2ab39e
JH		 1554 /* This callback can be called both for server (BT_LISTEN)
1555 * sockets as well as "normal" ones. To avoid lockdep warnings
1556 * with child socket locking (through l2cap_sock_cleanup_listen)
1557 * we need separation into separate nesting levels. The simplest
1558 * way to accomplish this is to inherit the nesting level used
1559 * for the channel.
1560 */
1561 lock_sock_nested(sk, atomic_read(&chan->nesting));
c0df7f6e
AE		 1562
1563 parent = bt_sk(sk)->parent;
1564
c0df7f6e
AE		 1565 switch (chan->state) {
1566 case BT_OPEN:
1567 case BT_BOUND:
1568 case BT_CLOSED:
1569 break;
1570 case BT_LISTEN:
1571 l2cap_sock_cleanup_listen(sk);
1572 sk->sk_state = BT_CLOSED;
1573 chan->state = BT_CLOSED;
1574
1575 break;
1576 default:
1577 sk->sk_state = BT_CLOSED;
1578 chan->state = BT_CLOSED;
1579
1580 sk->sk_err = err;
1581
1582 if (parent) {
1583 bt_accept_unlink(sk);
676d2369 1584 parent->sk_data_ready(parent);
c0df7f6e
AE		 1585 } else {
1586 sk->sk_state_change(sk);
1587 }
1588
1589 break;
1590 }
c0df7f6e 1591 release_sock(sk);
20ae4089
APS		 1592
1593 /* Only zap after cleanup to avoid use after free race */
1594 sock_set_flag(sk, SOCK_ZAPPED);
1595
c0df7f6e
AE		 1596}
1597
53f52121
GP		 1598static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1599 int err)
89bc500e 1600{
80b98027 1601 struct sock *sk = chan->data;
89bc500e
GP		 1602
1603 sk->sk_state = state;
53f52121
GP		 1604
1605 if (err)
1606 sk->sk_err = err;
89bc500e
GP		 1607}
1608
2f7719ce 1609static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
d9fbd02b 1610 unsigned long hdr_len,
90338947 1611 unsigned long len, int nb)
2f7719ce 1612{
0f2c6153 1613 struct sock *sk = chan->data;
90338947
GP		 1614 struct sk_buff *skb;
1615 int err;
1616
a6a5568c 1617 l2cap_chan_unlock(chan);
d9fbd02b 1618 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
a6a5568c
MM		 1619 l2cap_chan_lock(chan);
1620
90338947
GP		 1621 if (!skb)
1622 return ERR_PTR(err);
2f7719ce 1623
8d46321c
MH		 1624 skb->priority = sk->sk_priority;
1625
a4368ff3 1626 bt_cb(skb)->l2cap.chan = chan;
0e790c64 1627
90338947 1628 return skb;
2f7719ce
AE		 1629}
1630
54a59aa2
AE		 1631static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1632{
1633 struct sock *sk = chan->data;
1634 struct sock *parent;
1635
1636 lock_sock(sk);
1637
1638 parent = bt_sk(sk)->parent;
1639
1640 BT_DBG("sk %p, parent %p", sk, parent);
1641
1642 sk->sk_state = BT_CONNECTED;
1643 sk->sk_state_change(sk);
1644
1645 if (parent)
676d2369 1646 parent->sk_data_ready(parent);
54a59aa2
AE		 1647
1648 release_sock(sk);
1649}
1650
2dc4e510
GP		 1651static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1652{
acdcabf5
GP		 1653 struct sock *parent, *sk = chan->data;
1654
1655 lock_sock(sk);
2dc4e510 1656
acdcabf5 1657 parent = bt_sk(sk)->parent;
2dc4e510 1658 if (parent)
676d2369 1659 parent->sk_data_ready(parent);
acdcabf5
GP		 1660
1661 release_sock(sk);
2dc4e510
GP		 1662}
1663
d97c899b
MH		 1664static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1665{
1666 struct sock *sk = chan->data;
1667
d52deb17
JH		 1668 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1669 sk->sk_state = BT_CONNECTED;
1670 chan->state = BT_CONNECTED;
1671 }
1672
d97c899b
MH		 1673 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1674 sk->sk_state_change(sk);
1675}
1676
5ec1bbe5
GP		 1677static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1678{
1679 struct sock *sk = chan->data;
1680
1681 lock_sock(sk);
1682 sk->sk_shutdown = SHUTDOWN_MASK;
1683 release_sock(sk);
1684}
1685
8d836d71
GP		 1686static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1687{
1688 struct sock *sk = chan->data;
1689
1690 return sk->sk_sndtimeo;
1691}
1692
b48596d1
LAD		 1693static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1694{
1695 struct sock *sk = chan->data;
1696
1697 return sk->sk_peer_pid;
1698}
1699
837776f7
JH		 1700static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1701{
1702 struct sock *sk = chan->data;
1703
1704 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1705 sk->sk_state_change(sk);
1706}
1707
f1942564
LAD		 1708static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1709{
1710 struct sock *sk = chan->data;
1711
1712 switch (chan->mode) {
1713 case L2CAP_MODE_ERTM:
1714 case L2CAP_MODE_STREAMING:
1715 return sk_filter(sk, skb);
1716 }
1717
1718 return 0;
1719}
1720
67f86a45 1721static const struct l2cap_ops l2cap_chan_ops = {
0498878b
JR		 1722 .name = "L2CAP Socket Interface",
1723 .new_connection = l2cap_sock_new_connection_cb,
1724 .recv = l2cap_sock_recv_cb,
1725 .close = l2cap_sock_close_cb,
1726 .teardown = l2cap_sock_teardown_cb,
1727 .state_change = l2cap_sock_state_change_cb,
1728 .ready = l2cap_sock_ready_cb,
1729 .defer = l2cap_sock_defer_cb,
1730 .resume = l2cap_sock_resume_cb,
1731 .suspend = l2cap_sock_suspend_cb,
1732 .set_shutdown = l2cap_sock_set_shutdown_cb,
1733 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
b48596d1 1734 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
0498878b 1735 .alloc_skb = l2cap_sock_alloc_skb_cb,
f1942564 1736 .filter = l2cap_sock_filter,
80808e43
GP		 1737};
1738
bb58f747
GP		 1739static void l2cap_sock_destruct(struct sock *sk)
1740{
1741 BT_DBG("sk %p", sk);
1742
ea4c054c
WS		 1743 if (l2cap_pi(sk)->chan) {
1744 l2cap_pi(sk)->chan->data = NULL;
23d3a869 1745 l2cap_chan_put(l2cap_pi(sk)->chan);
ea4c054c 1746 }
84b34d98 1747
e328140f
MM		 1748 if (l2cap_pi(sk)->rx_busy_skb) {
1749 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1750 l2cap_pi(sk)->rx_busy_skb = NULL;
1751 }
1752
bb58f747
GP		 1753 skb_queue_purge(&sk->sk_receive_queue);
1754 skb_queue_purge(&sk->sk_write_queue);
1755}
1756
2edf870d
MH		 1757static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1758 int *msg_namelen)
1759{
342dfc30 1760 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1761
1762 memset(la, 0, sizeof(struct sockaddr_l2));
1763 la->l2_family = AF_BLUETOOTH;
a4368ff3
JH		 1764 la->l2_psm = bt_cb(skb)->l2cap.psm;
1765 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
2edf870d
MH		 1766
1767 *msg_namelen = sizeof(struct sockaddr_l2);
1768}
1769
80808e43 1770static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1771{
84b34d98 1772 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1773
1774 BT_DBG("sk %p", sk);
1775
1776 if (parent) {
b4450035
GP		 1777 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1778
bb58f747 1779 sk->sk_type = parent->sk_type;
c5daa683 1780 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1781
715ec005 1782 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1783 chan->imtu = pchan->imtu;
1784 chan->omtu = pchan->omtu;
b4450035 1785 chan->conf_state = pchan->conf_state;
0c1bc5c6 1786 chan->mode = pchan->mode;
47d1ec61
GP		 1787 chan->fcs = pchan->fcs;
1788 chan->max_tx = pchan->max_tx;
1789 chan->tx_win = pchan->tx_win;
6b3c7104 1790 chan->tx_win_max = pchan->tx_win_max;
4343478f 1791 chan->sec_level = pchan->sec_level;
d57b0e8b 1792 chan->flags = pchan->flags;
0cd75f7e
JH		 1793 chan->tx_credits = pchan->tx_credits;
1794 chan->rx_credits = pchan->rx_credits;
6230c9b4 1795
7a8e5a31
JH		 1796 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1797 chan->scid = pchan->scid;
1798 chan->dcid = pchan->scid;
1799 }
1800
6230c9b4 1801 security_sk_clone(parent, sk);
bb58f747 1802 } else {
715ec005
GP		 1803 switch (sk->sk_type) {
1804 case SOCK_RAW:
1805 chan->chan_type = L2CAP_CHAN_RAW;
1806 break;
1807 case SOCK_DGRAM:
1808 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1809 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1810 break;
1811 case SOCK_SEQPACKET:
1812 case SOCK_STREAM:
1813 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1814 break;
1815 }
1816
0c1bc5c6
GP		 1817 chan->imtu = L2CAP_DEFAULT_MTU;
1818 chan->omtu = 0;
bb58f747 1819 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1820 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1821 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1822 } else {
0c1bc5c6 1823 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1824 }
bd4b1653
AE		 1825
1826 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1827 }
1828
1829 /* Default config options */
0c1bc5c6 1830 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1831
1832 chan->data = sk;
1833 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1834}
1835
1836static struct proto l2cap_proto = {
1837 .name = "L2CAP",
1838 .owner = THIS_MODULE,
1839 .obj_size = sizeof(struct l2cap_pinfo)
1840};
1841
2d792818 1842static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 1843 int proto, gfp_t prio, int kern)
bb58f747
GP		 1844{
1845 struct sock *sk;
dc50a06d 1846 struct l2cap_chan *chan;
bb58f747 1847
11aa9c28 1848 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
bb58f747
GP		 1849 if (!sk)
1850 return NULL;
1851
1852 sock_init_data(sock, sk);
1853 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1854
1855 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1856 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1857
1858 sock_reset_flag(sk, SOCK_ZAPPED);
1859
1860 sk->sk_protocol = proto;
1861 sk->sk_state = BT_OPEN;
1862
eef1d9b6 1863 chan = l2cap_chan_create();
dc50a06d 1864 if (!chan) {
49dfbb91 1865 sk_free(sk);
dc50a06d
GP		 1866 return NULL;
1867 }
1868
61d6ef3e
MM		 1869 l2cap_chan_hold(chan);
1870
dc50a06d
GP		 1871 l2cap_pi(sk)->chan = chan;
1872
bb58f747
GP		 1873 return sk;
1874}
1875
1876static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1877 int kern)
1878{
1879 struct sock *sk;
1880
1881 BT_DBG("sock %p", sock);
1882
1883 sock->state = SS_UNCONNECTED;
1884
1885 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1886 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1887 return -ESOCKTNOSUPPORT;
1888
1889 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1890 return -EPERM;
1891
1892 sock->ops = &l2cap_sock_ops;
1893
11aa9c28 1894 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
bb58f747
GP		 1895 if (!sk)
1896 return -ENOMEM;
1897
1898 l2cap_sock_init(sk, NULL);
5b28d95c 1899 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1900 return 0;
1901}
1902
cf2f90f5 1903static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1904 .family = PF_BLUETOOTH,
1905 .owner = THIS_MODULE,
1906 .release = l2cap_sock_release,
1907 .bind = l2cap_sock_bind,
1908 .connect = l2cap_sock_connect,
1909 .listen = l2cap_sock_listen,
1910 .accept = l2cap_sock_accept,
1911 .getname = l2cap_sock_getname,
1912 .sendmsg = l2cap_sock_sendmsg,
1913 .recvmsg = l2cap_sock_recvmsg,
a11e1d43 1914 .poll = bt_sock_poll,
65390587 1915 .ioctl = bt_sock_ioctl,
c7cbdbf2 1916 .gettstamp = sock_gettstamp,
65390587
GP		 1917 .mmap = sock_no_mmap,
1918 .socketpair = sock_no_socketpair,
1919 .shutdown = l2cap_sock_shutdown,
1920 .setsockopt = l2cap_sock_setsockopt,
1921 .getsockopt = l2cap_sock_getsockopt
1922};
1923
bb58f747
GP		 1924static const struct net_proto_family l2cap_sock_family_ops = {
1925 .family = PF_BLUETOOTH,
1926 .owner = THIS_MODULE,
1927 .create = l2cap_sock_create,
1928};
1929
1930int __init l2cap_init_sockets(void)
1931{
e2174ca4 1932 int err;
bb58f747 1933
dd625558
MH		 1934 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1935
e2174ca4
GP		 1936 err = proto_register(&l2cap_proto, 0);
1937 if (err < 0)
1938 return err;
bb58f747 1939
e2174ca4 1940 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1941 if (err < 0) {
1942 BT_ERR("L2CAP socket registration failed");
e2174ca4 1943 goto error;
5b28d95c
MY		 1944 }
1945
b0316615 1946 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1947 NULL);
5b28d95c
MY		 1948 if (err < 0) {
1949 BT_ERR("Failed to create L2CAP proc file");
1950 bt_sock_unregister(BTPROTO_L2CAP);
1951 goto error;
1952 }
bb58f747 1953
e2174ca4 1954 BT_INFO("L2CAP socket layer initialized");
bb58f747 1955
e2174ca4 1956 return 0;
bb58f747
GP		 1957
1958error:
e2174ca4
GP		 1959 proto_unregister(&l2cap_proto);
1960 return err;
bb58f747
GP		 1961}
1962
1963void l2cap_cleanup_sockets(void)
1964{
5b28d95c 1965 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1966 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1967 proto_unregister(&l2cap_proto);
bb58f747 1968}
Ubuntu Jammy Linux kernel mirror