]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
174cd4b1 32#include <linux/sched/signal.h>
6230c9b4 33
bb58f747 34#include <net/bluetooth/bluetooth.h>
33575df7 35#include <net/bluetooth/hci_core.h>
bb58f747 36#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 37
38#include "smp.h"
bb58f747 39
5b28d95c
MY		 40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
cf2f90f5 44static const struct proto_ops l2cap_sock_ops;
80808e43 45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818 46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 47 int proto, gfp_t prio, int kern);
cf2f90f5 48
b3916db3
DH		 49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
4946096d
JH		 55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
114f9f1e 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
114f9f1e 71 if (psm > L2CAP_PSM_LE_DYN_END)
4946096d
JH		 72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
114f9f1e 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 76 return -EACCES;
77
78 return 0;
79}
80
af6bcd82
GP		 81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
4343478f 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
d2ecfa76
MJ		 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
af6bcd82
GP		 92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
bfe4655f 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 105 /* We only allow ATT user space socket */
9149761a 106 if (la.l2_cid &&
dcf4adbf 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 108 return -EINVAL;
109 }
110
af6bcd82
GP		 111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
4946096d
JH		 121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
af6bcd82 125
4946096d 126 if (err)
af6bcd82 127 goto done;
af6bcd82
GP		 128 }
129
a2342c5f
JH		 130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
9e4425ff 133 if (la.l2_cid)
6e4aff10 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 137
9e4425ff
GP		 138 if (err < 0)
139 goto done;
af6bcd82 140
6a974b50 141 switch (chan->chan_type) {
3124b843
MH		 142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
6a974b50
MH		 146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
cb6ca8e1
JH		 151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
c16900cf
JH		 154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
6a974b50 162 }
b62f328b 163
38319713 164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 166
89bc500e 167 chan->state = BT_BOUND;
9e4425ff 168 sk->sk_state = BT_BOUND;
af6bcd82
GP		 169
170done:
171 release_sock(sk);
172 return err;
173}
174
2d792818
GP		 175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
4e34c50b
GP		 177{
178 struct sock *sk = sock->sk;
0c1bc5c6 179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
d2ecfa76 185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
4e34c50b
GP		 186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
acd7d370 193 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 194 return -EINVAL;
195
80c1a2e7
JH		 196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
eb622495
JH		 199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 */
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
211 */
212 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 214 return -EINVAL;
215
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
221 */
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
1f209383
JH		 224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
bfe4655f 228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 229 /* We only allow ATT user space socket */
9149761a 230 if (la.l2_cid &&
dcf4adbf 231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 232 return -EINVAL;
233 }
234
38319713 235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 237
6e4aff10 238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 239 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 240 if (err)
b3fb611e 241 return err;
4e34c50b 242
6be36555
AE		 243 lock_sock(sk);
244
4e34c50b 245 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 246 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 247
248 release_sock(sk);
249
4e34c50b
GP		 250 return err;
251}
252
af6bcd82
GP		 253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
0c1bc5c6 256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
6b3af733 263 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 264 err = -EBADFD;
265 goto done;
266 }
267
6b3af733
MH		 268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
0c1bc5c6 273 switch (chan->mode) {
af6bcd82 274 case L2CAP_MODE_BASIC:
38319713 275 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281 /* fall through */
282 default:
beb19e4c 283 err = -EOPNOTSUPP;
af6bcd82
GP		 284 goto done;
285 }
286
af6bcd82
GP		 287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
89bc500e 289
abe84903
JH		 290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
293 */
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
89bc500e 296 chan->state = BT_LISTEN;
af6bcd82
GP		 297 sk->sk_state = BT_LISTEN;
298
299done:
300 release_sock(sk);
301 return err;
302}
303
2d792818 304static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
cdfbabfb 305 int flags, bool kern)
c47b7c72 306{
dfb2fae7 307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
c47b7c72
GP		 308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
3b2ab39e 312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 313
c47b7c72
GP		 314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 320 while (1) {
f9a3c20a
PH		 321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
c47b7c72
GP		 323 break;
324 }
325
f9a3c20a
PH		 326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
c47b7c72 329
f9a3c20a
PH		 330 if (!timeo) {
331 err = -EAGAIN;
c47b7c72
GP		 332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
f9a3c20a
PH		 339
340 release_sock(sk);
dfb2fae7
PH		 341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
3b2ab39e 344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 345 }
c47b7c72
GP		 346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
2d792818
GP		 360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int *len, int peer)
d7175d55
GP		 362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
0c1bc5c6 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
e8b1ab9e 369 if (peer && sk->sk_state != BT_CONNECTED &&
bf19d51b
JH		 370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
b783fbc3
JH		 372 return -ENOTCONN;
373
792039c7 374 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 375 addr->sa_family = AF_BLUETOOTH;
376 *len = sizeof(struct sockaddr_l2);
377
d7e5e76b
JH		 378 la->l2_psm = chan->psm;
379
d7175d55 380 if (peer) {
7eafc59e 381 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 382 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 383 la->l2_bdaddr_type = chan->dst_type;
d7175d55 384 } else {
7eafc59e 385 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 386 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 387 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 388 }
389
390 return 0;
391}
392
2d792818
GP		 393static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
394 char __user *optval, int __user *optlen)
99f4808d
GP		 395{
396 struct sock *sk = sock->sk;
4343478f 397 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 398 struct l2cap_options opts;
399 struct l2cap_conninfo cinfo;
400 int len, err = 0;
401 u32 opt;
402
403 BT_DBG("sk %p", sk);
404
405 if (get_user(len, optlen))
406 return -EFAULT;
407
408 lock_sock(sk);
409
410 switch (optname) {
411 case L2CAP_OPTIONS:
64b4f8dc
JH		 412 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
413 * legacy ATT code depends on getsockopt for
414 * L2CAP_OPTIONS we need to let this pass.
415 */
416 if (bdaddr_type_is_le(chan->src_type) &&
417 chan->scid != L2CAP_CID_ATT) {
418 err = -EINVAL;
419 break;
420 }
421
e3fb592b 422 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 423 opts.imtu = chan->imtu;
424 opts.omtu = chan->omtu;
425 opts.flush_to = chan->flush_to;
426 opts.mode = chan->mode;
47d1ec61
GP		 427 opts.fcs = chan->fcs;
428 opts.max_tx = chan->max_tx;
6327eb98 429 opts.txwin_size = chan->tx_win;
99f4808d
GP		 430
431 len = min_t(unsigned int, len, sizeof(opts));
432 if (copy_to_user(optval, (char *) &opts, len))
433 err = -EFAULT;
434
435 break;
436
437 case L2CAP_LM:
4343478f 438 switch (chan->sec_level) {
99f4808d
GP		 439 case BT_SECURITY_LOW:
440 opt = L2CAP_LM_AUTH;
441 break;
442 case BT_SECURITY_MEDIUM:
443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
444 break;
445 case BT_SECURITY_HIGH:
446 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 447 L2CAP_LM_SECURE;
99f4808d 448 break;
7d513e92
MH		 449 case BT_SECURITY_FIPS:
450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
451 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
452 break;
99f4808d
GP		 453 default:
454 opt = 0;
455 break;
456 }
457
43bd0f32 458 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 459 opt |= L2CAP_LM_MASTER;
460
ecf61bdb 461 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 462 opt |= L2CAP_LM_RELIABLE;
463
464 if (put_user(opt, (u32 __user *) optval))
465 err = -EFAULT;
7d513e92 466
99f4808d
GP		 467 break;
468
469 case L2CAP_CONNINFO:
470 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 471 !(sk->sk_state == BT_CONNECT2 &&
472 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 473 err = -ENOTCONN;
474 break;
475 }
476
8d03e971 477 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 478 cinfo.hci_handle = chan->conn->hcon->handle;
479 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 480
481 len = min_t(unsigned int, len, sizeof(cinfo));
482 if (copy_to_user(optval, (char *) &cinfo, len))
483 err = -EFAULT;
484
485 break;
486
487 default:
488 err = -ENOPROTOOPT;
489 break;
490 }
491
492 release_sock(sk);
493 return err;
494}
495
2d792818
GP		 496static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
497 char __user *optval, int __user *optlen)
99f4808d
GP		 498{
499 struct sock *sk = sock->sk;
4343478f 500 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 501 struct bt_security sec;
14b12d0b 502 struct bt_power pwr;
99f4808d
GP		 503 int len, err = 0;
504
505 BT_DBG("sk %p", sk);
506
507 if (level == SOL_L2CAP)
508 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509
510 if (level != SOL_BLUETOOTH)
511 return -ENOPROTOOPT;
512
513 if (get_user(len, optlen))
514 return -EFAULT;
515
516 lock_sock(sk);
517
518 switch (optname) {
519 case BT_SECURITY:
715ec005 520 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 521 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 522 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 523 err = -EINVAL;
524 break;
525 }
526
8f360119 527 memset(&sec, 0, sizeof(sec));
85e34368 528 if (chan->conn) {
c6585a4d 529 sec.level = chan->conn->hcon->sec_level;
99f4808d 530
85e34368
AE		 531 if (sk->sk_state == BT_CONNECTED)
532 sec.key_size = chan->conn->hcon->enc_key_size;
533 } else {
534 sec.level = chan->sec_level;
535 }
8f360119 536
99f4808d
GP		 537 len = min_t(unsigned int, len, sizeof(sec));
538 if (copy_to_user(optval, (char *) &sec, len))
539 err = -EFAULT;
540
541 break;
542
543 case BT_DEFER_SETUP:
544 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
545 err = -EINVAL;
546 break;
547 }
548
c5daa683
GP		 549 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
550 (u32 __user *) optval))
99f4808d
GP		 551 err = -EFAULT;
552
553 break;
554
555 case BT_FLUSHABLE:
d57b0e8b 556 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 557 (u32 __user *) optval))
99f4808d
GP		 558 err = -EFAULT;
559
560 break;
561
14b12d0b
JG		 562 case BT_POWER:
563 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 564 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 565 err = -EINVAL;
566 break;
567 }
568
15770b1a 569 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 570
571 len = min_t(unsigned int, len, sizeof(pwr));
572 if (copy_to_user(optval, (char *) &pwr, len))
573 err = -EFAULT;
574
575 break;
576
2ea66482 577 case BT_CHANNEL_POLICY:
2ea66482
MM		 578 if (put_user(chan->chan_policy, (u32 __user *) optval))
579 err = -EFAULT;
580 break;
581
1f435424 582 case BT_SNDMTU:
1f435424
JH		 583 if (!bdaddr_type_is_le(chan->src_type)) {
584 err = -EINVAL;
585 break;
586 }
587
588 if (sk->sk_state != BT_CONNECTED) {
589 err = -ENOTCONN;
590 break;
591 }
592
593 if (put_user(chan->omtu, (u16 __user *) optval))
594 err = -EFAULT;
595 break;
596
597 case BT_RCVMTU:
1f435424
JH		 598 if (!bdaddr_type_is_le(chan->src_type)) {
599 err = -EINVAL;
600 break;
601 }
602
603 if (put_user(chan->imtu, (u16 __user *) optval))
604 err = -EFAULT;
605 break;
606
99f4808d
GP		 607 default:
608 err = -ENOPROTOOPT;
609 break;
610 }
611
612 release_sock(sk);
613 return err;
614}
615
682877c3
AG		 616static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
617{
618 switch (chan->scid) {
073d1cf3 619 case L2CAP_CID_ATT:
8c3a4f00 620 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 621 return false;
622 break;
623
624 default:
625 if (mtu < L2CAP_DEFAULT_MIN_MTU)
626 return false;
627 }
628
629 return true;
630}
631
2d792818
GP		 632static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
633 char __user *optval, unsigned int optlen)
33575df7
GP		 634{
635 struct sock *sk = sock->sk;
b4450035 636 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 637 struct l2cap_options opts;
638 int len, err = 0;
639 u32 opt;
640
641 BT_DBG("sk %p", sk);
642
643 lock_sock(sk);
644
645 switch (optname) {
646 case L2CAP_OPTIONS:
64b4f8dc
JH		 647 if (bdaddr_type_is_le(chan->src_type)) {
648 err = -EINVAL;
649 break;
650 }
651
33575df7
GP		 652 if (sk->sk_state == BT_CONNECTED) {
653 err = -EINVAL;
654 break;
655 }
656
0c1bc5c6
GP		 657 opts.imtu = chan->imtu;
658 opts.omtu = chan->omtu;
659 opts.flush_to = chan->flush_to;
660 opts.mode = chan->mode;
47d1ec61
GP		 661 opts.fcs = chan->fcs;
662 opts.max_tx = chan->max_tx;
6327eb98 663 opts.txwin_size = chan->tx_win;
33575df7
GP		 664
665 len = min_t(unsigned int, sizeof(opts), optlen);
666 if (copy_from_user((char *) &opts, optval, len)) {
667 err = -EFAULT;
668 break;
669 }
670
6327eb98 671 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 672 err = -EINVAL;
673 break;
674 }
675
682877c3
AG		 676 if (!l2cap_valid_mtu(chan, opts.imtu)) {
677 err = -EINVAL;
678 break;
679 }
680
0c1bc5c6
GP		 681 chan->mode = opts.mode;
682 switch (chan->mode) {
38319713
JH		 683 case L2CAP_MODE_LE_FLOWCTL:
684 break;
33575df7 685 case L2CAP_MODE_BASIC:
c1360a1c 686 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 687 break;
688 case L2CAP_MODE_ERTM:
689 case L2CAP_MODE_STREAMING:
690 if (!disable_ertm)
691 break;
692 /* fall through */
693 default:
694 err = -EINVAL;
695 break;
696 }
697
0c1bc5c6
GP		 698 chan->imtu = opts.imtu;
699 chan->omtu = opts.omtu;
47d1ec61
GP		 700 chan->fcs = opts.fcs;
701 chan->max_tx = opts.max_tx;
6327eb98 702 chan->tx_win = opts.txwin_size;
12d59781 703 chan->flush_to = opts.flush_to;
33575df7
GP		 704 break;
705
706 case L2CAP_LM:
707 if (get_user(opt, (u32 __user *) optval)) {
708 err = -EFAULT;
709 break;
710 }
711
7d513e92
MH		 712 if (opt & L2CAP_LM_FIPS) {
713 err = -EINVAL;
714 break;
715 }
716
33575df7 717 if (opt & L2CAP_LM_AUTH)
4343478f 718 chan->sec_level = BT_SECURITY_LOW;
33575df7 719 if (opt & L2CAP_LM_ENCRYPT)
4343478f 720 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 721 if (opt & L2CAP_LM_SECURE)
4343478f 722 chan->sec_level = BT_SECURITY_HIGH;
33575df7 723
43bd0f32
AE		 724 if (opt & L2CAP_LM_MASTER)
725 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
726 else
727 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 728
729 if (opt & L2CAP_LM_RELIABLE)
730 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 else
732 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 733 break;
734
735 default:
736 err = -ENOPROTOOPT;
737 break;
738 }
739
740 release_sock(sk);
741 return err;
742}
743
2d792818
GP		 744static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
745 char __user *optval, unsigned int optlen)
33575df7
GP		 746{
747 struct sock *sk = sock->sk;
4343478f 748 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 749 struct bt_security sec;
14b12d0b 750 struct bt_power pwr;
f1cb9af5 751 struct l2cap_conn *conn;
33575df7
GP		 752 int len, err = 0;
753 u32 opt;
754
755 BT_DBG("sk %p", sk);
756
757 if (level == SOL_L2CAP)
758 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
759
760 if (level != SOL_BLUETOOTH)
761 return -ENOPROTOOPT;
762
763 lock_sock(sk);
764
765 switch (optname) {
766 case BT_SECURITY:
715ec005 767 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 768 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 769 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 770 err = -EINVAL;
771 break;
772 }
773
774 sec.level = BT_SECURITY_LOW;
775
776 len = min_t(unsigned int, sizeof(sec), optlen);
777 if (copy_from_user((char *) &sec, optval, len)) {
778 err = -EFAULT;
779 break;
780 }
781
782 if (sec.level < BT_SECURITY_LOW ||
a164cee1 783 sec.level > BT_SECURITY_FIPS) {
33575df7
GP		 784 err = -EINVAL;
785 break;
786 }
787
4343478f 788 chan->sec_level = sec.level;
f1cb9af5 789
0bee1d60
GP		 790 if (!chan->conn)
791 break;
792
f1cb9af5 793 conn = chan->conn;
0bee1d60
GP		 794
795 /*change security for LE channels */
073d1cf3 796 if (chan->scid == L2CAP_CID_ATT) {
cc110922 797 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 798 break;
d52deb17 799 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
f1cb9af5 800 sk->sk_state = BT_CONFIG;
3542b854 801 chan->state = BT_CONFIG;
0bee1d60 802
a7d7723a
GP		 803 /* or for ACL link */
804 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 805 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a 806 sk->sk_state == BT_CONNECTED) {
e7cafc45 807 if (!l2cap_chan_check_security(chan, true))
c5daa683 808 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 809 else
810 sk->sk_state_change(sk);
0bee1d60
GP		 811 } else {
812 err = -EINVAL;
f1cb9af5 813 }
33575df7
GP		 814 break;
815
816 case BT_DEFER_SETUP:
817 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
818 err = -EINVAL;
819 break;
820 }
821
822 if (get_user(opt, (u32 __user *) optval)) {
823 err = -EFAULT;
824 break;
825 }
826
bdc25783 827 if (opt) {
c5daa683 828 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 829 set_bit(FLAG_DEFER_SETUP, &chan->flags);
830 } else {
c5daa683 831 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 832 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
833 }
33575df7
GP		 834 break;
835
836 case BT_FLUSHABLE:
837 if (get_user(opt, (u32 __user *) optval)) {
838 err = -EFAULT;
839 break;
840 }
841
842 if (opt > BT_FLUSHABLE_ON) {
843 err = -EINVAL;
844 break;
845 }
846
847 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 848 conn = chan->conn;
25985edc 849 /* proceed further only when we have l2cap_conn and
33575df7
GP		 850 No Flush support in the LM */
851 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
852 err = -EINVAL;
853 break;
854 }
855 }
856
d57b0e8b
AE		 857 if (opt)
858 set_bit(FLAG_FLUSHABLE, &chan->flags);
859 else
860 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 861 break;
862
14b12d0b
JG		 863 case BT_POWER:
864 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 865 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 866 err = -EINVAL;
867 break;
868 }
869
870 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
871
872 len = min_t(unsigned int, sizeof(pwr), optlen);
873 if (copy_from_user((char *) &pwr, optval, len)) {
874 err = -EFAULT;
875 break;
876 }
15770b1a
AE		 877
878 if (pwr.force_active)
879 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 else
881 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 882 break;
883
2ea66482 884 case BT_CHANNEL_POLICY:
2ea66482
MM		 885 if (get_user(opt, (u32 __user *) optval)) {
886 err = -EFAULT;
887 break;
888 }
889
890 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
891 err = -EINVAL;
892 break;
893 }
894
895 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 896 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 897 err = -EOPNOTSUPP;
898 break;
899 }
900
901 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 902
903 if (sk->sk_state == BT_CONNECTED &&
904 chan->move_role == L2CAP_MOVE_ROLE_NONE)
905 l2cap_move_start(chan);
906
14b12d0b
JG		 907 break;
908
1f435424 909 case BT_SNDMTU:
1f435424
JH		 910 if (!bdaddr_type_is_le(chan->src_type)) {
911 err = -EINVAL;
912 break;
913 }
914
915 /* Setting is not supported as it's the remote side that
916 * decides this.
917 */
918 err = -EPERM;
919 break;
920
921 case BT_RCVMTU:
1f435424
JH		 922 if (!bdaddr_type_is_le(chan->src_type)) {
923 err = -EINVAL;
924 break;
925 }
926
927 if (sk->sk_state == BT_CONNECTED) {
928 err = -EISCONN;
929 break;
930 }
931
23bc6ab0 932 if (get_user(opt, (u16 __user *) optval)) {
1f435424
JH		 933 err = -EFAULT;
934 break;
935 }
936
937 chan->imtu = opt;
938 break;
939
33575df7
GP		 940 default:
941 err = -ENOPROTOOPT;
942 break;
943 }
944
945 release_sock(sk);
946 return err;
947}
fd83ccdb 948
1b784140
YX		 949static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
950 size_t len)
fd83ccdb
GP		 951{
952 struct sock *sk = sock->sk;
0c1bc5c6 953 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 954 int err;
955
956 BT_DBG("sock %p, sk %p", sock, sk);
957
958 err = sock_error(sk);
959 if (err)
960 return err;
961
962 if (msg->msg_flags & MSG_OOB)
963 return -EOPNOTSUPP;
964
a6a5568c 965 if (sk->sk_state != BT_CONNECTED)
9a91a04a 966 return -ENOTCONN;
fd83ccdb 967
e793dcf0
JH		 968 lock_sock(sk);
969 err = bt_sock_wait_ready(sk, msg->msg_flags);
970 release_sock(sk);
971 if (err)
972 return err;
973
a6a5568c 974 l2cap_chan_lock(chan);
8d46321c 975 err = l2cap_chan_send(chan, msg, len);
a6a5568c 976 l2cap_chan_unlock(chan);
fd83ccdb 977
fd83ccdb
GP		 978 return err;
979}
33575df7 980
1b784140
YX		 981static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
982 size_t len, int flags)
68983259
GP		 983{
984 struct sock *sk = sock->sk;
e328140f
MM		 985 struct l2cap_pinfo *pi = l2cap_pi(sk);
986 int err;
68983259
GP		 987
988 lock_sock(sk);
989
c5daa683
GP		 990 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
991 &bt_sk(sk)->flags)) {
38319713
JH		 992 if (bdaddr_type_is_le(pi->chan->src_type)) {
993 sk->sk_state = BT_CONNECTED;
994 pi->chan->state = BT_CONNECTED;
995 __l2cap_le_connect_rsp_defer(pi->chan);
996 } else {
997 sk->sk_state = BT_CONFIG;
998 pi->chan->state = BT_CONFIG;
999 __l2cap_connect_rsp_defer(pi->chan);
1000 }
8c1d787b 1001
970871bc
JH		 1002 err = 0;
1003 goto done;
68983259
GP		 1004 }
1005
1006 release_sock(sk);
1007
1008 if (sock->type == SOCK_STREAM)
1b784140 1009 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
e328140f 1010 else
1b784140 1011 err = bt_sock_recvmsg(sock, msg, len, flags);
e328140f
MM		 1012
1013 if (pi->chan->mode != L2CAP_MODE_ERTM)
1014 return err;
1015
1016 /* Attempt to put pending rx data in the socket buffer */
1017
1018 lock_sock(sk);
1019
1020 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1021 goto done;
1022
1023 if (pi->rx_busy_skb) {
dbb50887 1024 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
e328140f
MM		 1025 pi->rx_busy_skb = NULL;
1026 else
1027 goto done;
1028 }
1029
1030 /* Restore data flow when half of the receive buffer is
1031 * available. This avoids resending large numbers of
1032 * frames.
1033 */
1034 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1035 l2cap_chan_busy(pi->chan, 0);
68983259 1036
e328140f
MM		 1037done:
1038 release_sock(sk);
1039 return err;
68983259
GP		 1040}
1041
05fc1576
GP		 1042/* Kill socket (only if zapped and orphan)
1043 * Must be called on unlocked socket.
1044 */
ba3bd0ee 1045static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1046{
1047 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1048 return;
1049
e05dcc32 1050 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1051
1052 /* Kill poor orphan */
6ff5abbf 1053
4af66c69 1054 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1055 sock_set_flag(sk, SOCK_DEAD);
1056 sock_put(sk);
1057}
1058
f65468f6 1059static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
dc25306b 1060{
dc25306b
GP		 1061 DECLARE_WAITQUEUE(wait, current);
1062 int err = 0;
cb02a255 1063 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
e432c72c
DJ		 1064 /* Timeout to prevent infinite loop */
1065 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
dc25306b
GP		 1066
1067 add_wait_queue(sk_sleep(sk), &wait);
1068 set_current_state(TASK_INTERRUPTIBLE);
f65468f6 1069 do {
e432c72c
DJ		 1070 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1071 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1072 jiffies_to_msecs(timeout - jiffies));
451e4c6c 1073
dc25306b 1074 if (!timeo)
cb02a255 1075 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
dc25306b
GP		 1076
1077 if (signal_pending(current)) {
1078 err = sock_intr_errno(timeo);
1079 break;
1080 }
1081
1082 release_sock(sk);
1083 timeo = schedule_timeout(timeo);
1084 lock_sock(sk);
1085 set_current_state(TASK_INTERRUPTIBLE);
1086
1087 err = sock_error(sk);
1088 if (err)
1089 break;
f65468f6 1090
e432c72c
DJ		 1091 if (time_after(jiffies, timeout)) {
1092 err = -ENOLINK;
1093 break;
1094 }
1095
f65468f6
DJ		 1096 } while (chan->unacked_frames > 0 &&
1097 chan->state == BT_CONNECTED);
1098
dc25306b
GP		 1099 set_current_state(TASK_RUNNING);
1100 remove_wait_queue(sk_sleep(sk), &wait);
1101 return err;
1102}
1103
dcba0dba
GP		 1104static int l2cap_sock_shutdown(struct socket *sock, int how)
1105{
1106 struct sock *sk = sock->sk;
7ddb6e0f 1107 struct l2cap_chan *chan;
3df91ea2 1108 struct l2cap_conn *conn;
dcba0dba
GP		 1109 int err = 0;
1110
1111 BT_DBG("sock %p, sk %p", sock, sk);
1112
1113 if (!sk)
1114 return 0;
1115
04ba72e6
DJ		 1116 lock_sock(sk);
1117
e7456437
DJ		 1118 if (sk->sk_shutdown)
1119 goto shutdown_already;
1120
1121 BT_DBG("Handling sock shutdown");
1122
2baea85d
DJ		 1123 /* prevent sk structure from being freed whilst unlocked */
1124 sock_hold(sk);
1125
7ddb6e0f 1126 chan = l2cap_pi(sk)->chan;
2baea85d
DJ		 1127 /* prevent chan structure from being freed whilst unlocked */
1128 l2cap_chan_hold(chan);
3df91ea2 1129
49d11741
JH		 1130 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1131
e7456437
DJ		 1132 if (chan->mode == L2CAP_MODE_ERTM &&
1133 chan->unacked_frames > 0 &&
9f7378a9 1134 chan->state == BT_CONNECTED) {
e7456437 1135 err = __l2cap_wait_ack(sk, chan);
dcba0dba 1136
9f7378a9
DJ		 1137 /* After waiting for ACKs, check whether shutdown
1138 * has already been actioned to close the L2CAP
1139 * link such as by l2cap_disconnection_req().
1140 */
1141 if (sk->sk_shutdown)
1142 goto has_shutdown;
1143 }
1144
e7456437 1145 sk->sk_shutdown = SHUTDOWN_MASK;
e7456437 1146 release_sock(sk);
04ba72e6
DJ		 1147
1148 l2cap_chan_lock(chan);
1149 conn = chan->conn;
1150 if (conn)
1151 /* prevent conn structure from being freed */
1152 l2cap_conn_get(conn);
1153 l2cap_chan_unlock(chan);
1154
1155 if (conn)
1156 /* mutex lock must be taken before l2cap_chan_lock() */
1157 mutex_lock(&conn->chan_lock);
1158
1159 l2cap_chan_lock(chan);
e7456437 1160 l2cap_chan_close(chan, 0);
04ba72e6
DJ		 1161 l2cap_chan_unlock(chan);
1162
1163 if (conn) {
1164 mutex_unlock(&conn->chan_lock);
1165 l2cap_conn_put(conn);
1166 }
1167
e7456437 1168 lock_sock(sk);
dcba0dba 1169
e7456437
DJ		 1170 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1171 !(current->flags & PF_EXITING))
1172 err = bt_sock_wait_state(sk, BT_CLOSED,
1173 sk->sk_lingertime);
dcba0dba 1174
9f7378a9 1175has_shutdown:
04ba72e6
DJ		 1176 l2cap_chan_put(chan);
1177 sock_put(sk);
1178
1179shutdown_already:
dcba0dba
GP		 1180 if (!err && sk->sk_err)
1181 err = -sk->sk_err;
1182
1183 release_sock(sk);
3df91ea2 1184
04ba72e6 1185 BT_DBG("Sock shutdown complete err: %d", err);
451e4c6c 1186
dcba0dba
GP		 1187 return err;
1188}
1189
554f05bb
GP		 1190static int l2cap_sock_release(struct socket *sock)
1191{
1192 struct sock *sk = sock->sk;
1193 int err;
1194
1195 BT_DBG("sock %p, sk %p", sock, sk);
1196
1197 if (!sk)
1198 return 0;
1199
5b28d95c
MY		 1200 bt_sock_unlink(&l2cap_sk_list, sk);
1201
554f05bb
GP		 1202 err = l2cap_sock_shutdown(sock, 2);
1203
1204 sock_orphan(sk);
1205 l2cap_sock_kill(sk);
1206 return err;
1207}
1208
c0df7f6e
AE		 1209static void l2cap_sock_cleanup_listen(struct sock *parent)
1210{
1211 struct sock *sk;
1212
49d11741
JH		 1213 BT_DBG("parent %p state %s", parent,
1214 state_to_string(parent->sk_state));
c0df7f6e
AE		 1215
1216 /* Close not yet accepted channels */
1217 while ((sk = bt_accept_dequeue(parent, NULL))) {
1218 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1219
49d11741
JH		 1220 BT_DBG("child chan %p state %s", chan,
1221 state_to_string(chan->state));
1222
c0df7f6e
AE		 1223 l2cap_chan_lock(chan);
1224 __clear_chan_timer(chan);
1225 l2cap_chan_close(chan, ECONNRESET);
1226 l2cap_chan_unlock(chan);
1227
1228 l2cap_sock_kill(sk);
1229 }
1230}
1231
80b98027 1232static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1233{
80b98027 1234 struct sock *sk, *parent = chan->data;
80808e43 1235
8ffb9290
GP		 1236 lock_sock(parent);
1237
53826692
GP		 1238 /* Check for backlog size */
1239 if (sk_acceptq_is_full(parent)) {
1240 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1241 release_sock(parent);
53826692
GP		 1242 return NULL;
1243 }
1244
80808e43 1245 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
11aa9c28 1246 GFP_ATOMIC, 0);
8a96f3cd
JT		 1247 if (!sk) {
1248 release_sock(parent);
80808e43 1249 return NULL;
8a96f3cd 1250 }
80808e43 1251
d22015aa
OP		 1252 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1253
80808e43
GP		 1254 l2cap_sock_init(sk, parent);
1255
644912e1
GP		 1256 bt_accept_enqueue(parent, sk);
1257
8ffb9290
GP		 1258 release_sock(parent);
1259
80808e43
GP		 1260 return l2cap_pi(sk)->chan;
1261}
1262
80b98027 1263static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1264{
80b98027 1265 struct sock *sk = chan->data;
84b34d98 1266 int err;
e328140f 1267
6be36555
AE		 1268 lock_sock(sk);
1269
84b34d98 1270 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1271 err = -ENOMEM;
1272 goto done;
1273 }
e328140f 1274
dbb50887
DB		 1275 if (chan->mode != L2CAP_MODE_ERTM &&
1276 chan->mode != L2CAP_MODE_STREAMING) {
1277 /* Even if no filter is attached, we could potentially
1278 * get errors from security modules, etc.
1279 */
1280 err = sk_filter(sk, skb);
1281 if (err)
1282 goto done;
1283 }
1284
1285 err = __sock_queue_rcv_skb(sk, skb);
e328140f
MM		 1286
1287 /* For ERTM, handle one skb that doesn't fit into the recv
1288 * buffer. This is important to do because the data frames
1289 * have already been acked, so the skb cannot be discarded.
1290 *
1291 * Notify the l2cap core that the buffer is full, so the
1292 * LOCAL_BUSY state is entered and no more frames are
1293 * acked and reassembled until there is buffer space
1294 * available.
1295 */
84b34d98
MH		 1296 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1297 l2cap_pi(sk)->rx_busy_skb = skb;
1298 l2cap_chan_busy(chan, 1);
e328140f
MM		 1299 err = 0;
1300 }
23070494 1301
6be36555
AE		 1302done:
1303 release_sock(sk);
1304
e328140f 1305 return err;
23070494
GP		 1306}
1307
80b98027 1308static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1309{
80b98027 1310 struct sock *sk = chan->data;
ba3bd0ee
GP		 1311
1312 l2cap_sock_kill(sk);
1313}
1314
c0df7f6e
AE		 1315static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1316{
1317 struct sock *sk = chan->data;
1318 struct sock *parent;
1319
49d11741
JH		 1320 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1321
3b2ab39e
JH		 1322 /* This callback can be called both for server (BT_LISTEN)
1323 * sockets as well as "normal" ones. To avoid lockdep warnings
1324 * with child socket locking (through l2cap_sock_cleanup_listen)
1325 * we need separation into separate nesting levels. The simplest
1326 * way to accomplish this is to inherit the nesting level used
1327 * for the channel.
1328 */
1329 lock_sock_nested(sk, atomic_read(&chan->nesting));
c0df7f6e
AE		 1330
1331 parent = bt_sk(sk)->parent;
1332
1333 sock_set_flag(sk, SOCK_ZAPPED);
1334
1335 switch (chan->state) {
1336 case BT_OPEN:
1337 case BT_BOUND:
1338 case BT_CLOSED:
1339 break;
1340 case BT_LISTEN:
1341 l2cap_sock_cleanup_listen(sk);
1342 sk->sk_state = BT_CLOSED;
1343 chan->state = BT_CLOSED;
1344
1345 break;
1346 default:
1347 sk->sk_state = BT_CLOSED;
1348 chan->state = BT_CLOSED;
1349
1350 sk->sk_err = err;
1351
1352 if (parent) {
1353 bt_accept_unlink(sk);
676d2369 1354 parent->sk_data_ready(parent);
c0df7f6e
AE		 1355 } else {
1356 sk->sk_state_change(sk);
1357 }
1358
1359 break;
1360 }
1361
1362 release_sock(sk);
1363}
1364
53f52121
GP		 1365static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1366 int err)
89bc500e 1367{
80b98027 1368 struct sock *sk = chan->data;
89bc500e
GP		 1369
1370 sk->sk_state = state;
53f52121
GP		 1371
1372 if (err)
1373 sk->sk_err = err;
89bc500e
GP		 1374}
1375
2f7719ce 1376static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
d9fbd02b 1377 unsigned long hdr_len,
90338947 1378 unsigned long len, int nb)
2f7719ce 1379{
0f2c6153 1380 struct sock *sk = chan->data;
90338947
GP		 1381 struct sk_buff *skb;
1382 int err;
1383
a6a5568c 1384 l2cap_chan_unlock(chan);
d9fbd02b 1385 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
a6a5568c
MM		 1386 l2cap_chan_lock(chan);
1387
90338947
GP		 1388 if (!skb)
1389 return ERR_PTR(err);
2f7719ce 1390
8d46321c
MH		 1391 skb->priority = sk->sk_priority;
1392
a4368ff3 1393 bt_cb(skb)->l2cap.chan = chan;
0e790c64 1394
90338947 1395 return skb;
2f7719ce
AE		 1396}
1397
54a59aa2
AE		 1398static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1399{
1400 struct sock *sk = chan->data;
1401 struct sock *parent;
1402
1403 lock_sock(sk);
1404
1405 parent = bt_sk(sk)->parent;
1406
1407 BT_DBG("sk %p, parent %p", sk, parent);
1408
1409 sk->sk_state = BT_CONNECTED;
1410 sk->sk_state_change(sk);
1411
1412 if (parent)
676d2369 1413 parent->sk_data_ready(parent);
54a59aa2
AE		 1414
1415 release_sock(sk);
1416}
1417
2dc4e510
GP		 1418static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1419{
acdcabf5
GP		 1420 struct sock *parent, *sk = chan->data;
1421
1422 lock_sock(sk);
2dc4e510 1423
acdcabf5 1424 parent = bt_sk(sk)->parent;
2dc4e510 1425 if (parent)
676d2369 1426 parent->sk_data_ready(parent);
acdcabf5
GP		 1427
1428 release_sock(sk);
2dc4e510
GP		 1429}
1430
d97c899b
MH		 1431static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1432{
1433 struct sock *sk = chan->data;
1434
d52deb17
JH		 1435 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1436 sk->sk_state = BT_CONNECTED;
1437 chan->state = BT_CONNECTED;
1438 }
1439
d97c899b
MH		 1440 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1441 sk->sk_state_change(sk);
1442}
1443
5ec1bbe5
GP		 1444static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1445{
1446 struct sock *sk = chan->data;
1447
1448 lock_sock(sk);
1449 sk->sk_shutdown = SHUTDOWN_MASK;
1450 release_sock(sk);
1451}
1452
8d836d71
GP		 1453static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1454{
1455 struct sock *sk = chan->data;
1456
1457 return sk->sk_sndtimeo;
1458}
1459
837776f7
JH		 1460static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1461{
1462 struct sock *sk = chan->data;
1463
1464 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1465 sk->sk_state_change(sk);
1466}
1467
67f86a45 1468static const struct l2cap_ops l2cap_chan_ops = {
0498878b
JR		 1469 .name = "L2CAP Socket Interface",
1470 .new_connection = l2cap_sock_new_connection_cb,
1471 .recv = l2cap_sock_recv_cb,
1472 .close = l2cap_sock_close_cb,
1473 .teardown = l2cap_sock_teardown_cb,
1474 .state_change = l2cap_sock_state_change_cb,
1475 .ready = l2cap_sock_ready_cb,
1476 .defer = l2cap_sock_defer_cb,
1477 .resume = l2cap_sock_resume_cb,
1478 .suspend = l2cap_sock_suspend_cb,
1479 .set_shutdown = l2cap_sock_set_shutdown_cb,
1480 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1481 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1482};
1483
bb58f747
GP		 1484static void l2cap_sock_destruct(struct sock *sk)
1485{
1486 BT_DBG("sk %p", sk);
1487
23d3a869
SL		 1488 if (l2cap_pi(sk)->chan)
1489 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1490
e328140f
MM		 1491 if (l2cap_pi(sk)->rx_busy_skb) {
1492 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1493 l2cap_pi(sk)->rx_busy_skb = NULL;
1494 }
1495
bb58f747
GP		 1496 skb_queue_purge(&sk->sk_receive_queue);
1497 skb_queue_purge(&sk->sk_write_queue);
1498}
1499
2edf870d
MH		 1500static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1501 int *msg_namelen)
1502{
342dfc30 1503 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1504
1505 memset(la, 0, sizeof(struct sockaddr_l2));
1506 la->l2_family = AF_BLUETOOTH;
a4368ff3
JH		 1507 la->l2_psm = bt_cb(skb)->l2cap.psm;
1508 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
2edf870d
MH		 1509
1510 *msg_namelen = sizeof(struct sockaddr_l2);
1511}
1512
80808e43 1513static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1514{
84b34d98 1515 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1516
1517 BT_DBG("sk %p", sk);
1518
1519 if (parent) {
b4450035
GP		 1520 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1521
bb58f747 1522 sk->sk_type = parent->sk_type;
c5daa683 1523 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1524
715ec005 1525 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1526 chan->imtu = pchan->imtu;
1527 chan->omtu = pchan->omtu;
b4450035 1528 chan->conf_state = pchan->conf_state;
0c1bc5c6 1529 chan->mode = pchan->mode;
47d1ec61
GP		 1530 chan->fcs = pchan->fcs;
1531 chan->max_tx = pchan->max_tx;
1532 chan->tx_win = pchan->tx_win;
6b3c7104 1533 chan->tx_win_max = pchan->tx_win_max;
4343478f 1534 chan->sec_level = pchan->sec_level;
d57b0e8b 1535 chan->flags = pchan->flags;
0cd75f7e
JH		 1536 chan->tx_credits = pchan->tx_credits;
1537 chan->rx_credits = pchan->rx_credits;
6230c9b4 1538
7a8e5a31
JH		 1539 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1540 chan->scid = pchan->scid;
1541 chan->dcid = pchan->scid;
1542 }
1543
6230c9b4 1544 security_sk_clone(parent, sk);
bb58f747 1545 } else {
715ec005
GP		 1546 switch (sk->sk_type) {
1547 case SOCK_RAW:
1548 chan->chan_type = L2CAP_CHAN_RAW;
1549 break;
1550 case SOCK_DGRAM:
1551 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1552 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1553 break;
1554 case SOCK_SEQPACKET:
1555 case SOCK_STREAM:
1556 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1557 break;
1558 }
1559
0c1bc5c6
GP		 1560 chan->imtu = L2CAP_DEFAULT_MTU;
1561 chan->omtu = 0;
bb58f747 1562 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1563 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1564 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1565 } else {
0c1bc5c6 1566 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1567 }
bd4b1653
AE		 1568
1569 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1570 }
1571
1572 /* Default config options */
0c1bc5c6 1573 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1574
1575 chan->data = sk;
1576 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1577}
1578
1579static struct proto l2cap_proto = {
1580 .name = "L2CAP",
1581 .owner = THIS_MODULE,
1582 .obj_size = sizeof(struct l2cap_pinfo)
1583};
1584
2d792818 1585static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 1586 int proto, gfp_t prio, int kern)
bb58f747
GP		 1587{
1588 struct sock *sk;
dc50a06d 1589 struct l2cap_chan *chan;
bb58f747 1590
11aa9c28 1591 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
bb58f747
GP		 1592 if (!sk)
1593 return NULL;
1594
1595 sock_init_data(sock, sk);
1596 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1597
1598 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1599 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1600
1601 sock_reset_flag(sk, SOCK_ZAPPED);
1602
1603 sk->sk_protocol = proto;
1604 sk->sk_state = BT_OPEN;
1605
eef1d9b6 1606 chan = l2cap_chan_create();
dc50a06d 1607 if (!chan) {
49dfbb91 1608 sk_free(sk);
dc50a06d
GP		 1609 return NULL;
1610 }
1611
61d6ef3e
MM		 1612 l2cap_chan_hold(chan);
1613
dc50a06d
GP		 1614 l2cap_pi(sk)->chan = chan;
1615
bb58f747
GP		 1616 return sk;
1617}
1618
1619static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1620 int kern)
1621{
1622 struct sock *sk;
1623
1624 BT_DBG("sock %p", sock);
1625
1626 sock->state = SS_UNCONNECTED;
1627
1628 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1629 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1630 return -ESOCKTNOSUPPORT;
1631
1632 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1633 return -EPERM;
1634
1635 sock->ops = &l2cap_sock_ops;
1636
11aa9c28 1637 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
bb58f747
GP		 1638 if (!sk)
1639 return -ENOMEM;
1640
1641 l2cap_sock_init(sk, NULL);
5b28d95c 1642 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1643 return 0;
1644}
1645
cf2f90f5 1646static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1647 .family = PF_BLUETOOTH,
1648 .owner = THIS_MODULE,
1649 .release = l2cap_sock_release,
1650 .bind = l2cap_sock_bind,
1651 .connect = l2cap_sock_connect,
1652 .listen = l2cap_sock_listen,
1653 .accept = l2cap_sock_accept,
1654 .getname = l2cap_sock_getname,
1655 .sendmsg = l2cap_sock_sendmsg,
1656 .recvmsg = l2cap_sock_recvmsg,
1657 .poll = bt_sock_poll,
1658 .ioctl = bt_sock_ioctl,
1659 .mmap = sock_no_mmap,
1660 .socketpair = sock_no_socketpair,
1661 .shutdown = l2cap_sock_shutdown,
1662 .setsockopt = l2cap_sock_setsockopt,
1663 .getsockopt = l2cap_sock_getsockopt
1664};
1665
bb58f747
GP		 1666static const struct net_proto_family l2cap_sock_family_ops = {
1667 .family = PF_BLUETOOTH,
1668 .owner = THIS_MODULE,
1669 .create = l2cap_sock_create,
1670};
1671
1672int __init l2cap_init_sockets(void)
1673{
e2174ca4 1674 int err;
bb58f747 1675
dd625558
MH		 1676 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1677
e2174ca4
GP		 1678 err = proto_register(&l2cap_proto, 0);
1679 if (err < 0)
1680 return err;
bb58f747 1681
e2174ca4 1682 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1683 if (err < 0) {
1684 BT_ERR("L2CAP socket registration failed");
e2174ca4 1685 goto error;
5b28d95c
MY		 1686 }
1687
b0316615 1688 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1689 NULL);
5b28d95c
MY		 1690 if (err < 0) {
1691 BT_ERR("Failed to create L2CAP proc file");
1692 bt_sock_unregister(BTPROTO_L2CAP);
1693 goto error;
1694 }
bb58f747 1695
e2174ca4 1696 BT_INFO("L2CAP socket layer initialized");
bb58f747 1697
e2174ca4 1698 return 0;
bb58f747
GP		 1699
1700error:
e2174ca4
GP		 1701 proto_unregister(&l2cap_proto);
1702 return err;
bb58f747
GP		 1703}
1704
1705void l2cap_cleanup_sockets(void)
1706{
5b28d95c 1707 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1708 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1709 proto_unregister(&l2cap_proto);
bb58f747 1710}
Ubuntu Artful kernel mirror