]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix BT_SECURITY socket option for fixed channels (ATT)
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 36
37#include "smp.h"
bb58f747 38
9149761a
JH		 39bool enable_lecoc;
40
5b28d95c
MY		 41static struct bt_sock_list l2cap_sk_list = {
42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43};
44
cf2f90f5 45static const struct proto_ops l2cap_sock_ops;
80808e43 46static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 47static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
48 int proto, gfp_t prio);
cf2f90f5 49
b3916db3
DH		 50bool l2cap_is_socket(struct socket *sock)
51{
52 return sock && sock->ops == &l2cap_sock_ops;
53}
54EXPORT_SYMBOL(l2cap_is_socket);
55
4946096d
JH		 56static int l2cap_validate_bredr_psm(u16 psm)
57{
58 /* PSM must be odd and lsb of upper byte must be 0 */
59 if ((psm & 0x0101) != 0x0001)
60 return -EINVAL;
61
62 /* Restrict usage of well-known PSMs */
63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
64 return -EACCES;
65
66 return 0;
67}
68
69static int l2cap_validate_le_psm(u16 psm)
70{
71 /* Valid LE_PSM ranges are defined only until 0x00ff */
72 if (psm > 0x00ff)
73 return -EINVAL;
74
75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
77 return -EACCES;
78
79 return 0;
80}
81
af6bcd82
GP		 82static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83{
84 struct sock *sk = sock->sk;
4343478f 85 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 86 struct sockaddr_l2 la;
87 int len, err = 0;
88
89 BT_DBG("sk %p", sk);
90
91 if (!addr || addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
21626e62
JH		 104 if (la.l2_cid) {
105 /* When the socket gets created it defaults to
106 * CHAN_CONN_ORIENTED, so we need to overwrite the
107 * default here.
108 */
109 chan->chan_type = L2CAP_CHAN_FIXED;
110 chan->omtu = L2CAP_DEFAULT_MTU;
111 }
112
bfe4655f 113 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
9149761a 114 if (!enable_lecoc && la.l2_psm)
bfe4655f
JH		 115 return -EINVAL;
116 /* We only allow ATT user space socket */
9149761a
JH		 117 if (la.l2_cid &&
118 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 119 return -EINVAL;
120 }
121
af6bcd82
GP		 122 lock_sock(sk);
123
124 if (sk->sk_state != BT_OPEN) {
125 err = -EBADFD;
126 goto done;
127 }
128
129 if (la.l2_psm) {
130 __u16 psm = __le16_to_cpu(la.l2_psm);
131
4946096d
JH		 132 if (la.l2_bdaddr_type == BDADDR_BREDR)
133 err = l2cap_validate_bredr_psm(psm);
134 else
135 err = l2cap_validate_le_psm(psm);
af6bcd82 136
4946096d 137 if (err)
af6bcd82 138 goto done;
af6bcd82
GP		 139 }
140
9e4425ff 141 if (la.l2_cid)
6e4aff10 142 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 143 else
144 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 145
9e4425ff
GP		 146 if (err < 0)
147 goto done;
af6bcd82 148
6a974b50 149 switch (chan->chan_type) {
3124b843
MH		 150 case L2CAP_CHAN_CONN_LESS:
151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
6a974b50
MH		 154 case L2CAP_CHAN_CONN_ORIENTED:
155 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
156 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
157 chan->sec_level = BT_SECURITY_SDP;
158 break;
cb6ca8e1
JH		 159 case L2CAP_CHAN_RAW:
160 chan->sec_level = BT_SECURITY_SDP;
161 break;
6a974b50 162 }
b62f328b 163
7eafc59e 164 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 165 chan->src_type = la.l2_bdaddr_type;
89bc500e 166
38319713 167 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 168 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 169
89bc500e 170 chan->state = BT_BOUND;
9e4425ff 171 sk->sk_state = BT_BOUND;
af6bcd82
GP		 172
173done:
174 release_sock(sk);
175 return err;
176}
177
2d792818
GP		 178static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
179 int alen, int flags)
4e34c50b
GP		 180{
181 struct sock *sk = sock->sk;
0c1bc5c6 182 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 183 struct sockaddr_l2 la;
184 int len, err = 0;
185
186 BT_DBG("sk %p", sk);
187
188 if (!addr || alen < sizeof(addr->sa_family) ||
189 addr->sa_family != AF_BLUETOOTH)
190 return -EINVAL;
191
192 memset(&la, 0, sizeof(la));
193 len = min_t(unsigned int, sizeof(la), alen);
194 memcpy(&la, addr, len);
195
acd7d370 196 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 197 return -EINVAL;
198
80c1a2e7
JH		 199 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
200 return -EINVAL;
201
eb622495
JH		 202 /* Check that the socket wasn't bound to something that
203 * conflicts with the address given to connect(). If chan->src
204 * is BDADDR_ANY it means bind() was never used, in which case
205 * chan->src_type and la.l2_bdaddr_type do not need to match.
206 */
207 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
208 bdaddr_type_is_le(la.l2_bdaddr_type)) {
209 /* Old user space versions will try to incorrectly bind
210 * the ATT socket using BDADDR_BREDR. We need to accept
211 * this and fix up the source address type only when
212 * both the source CID and destination CID indicate
213 * ATT. Anything else is an invalid combination.
214 */
215 if (chan->scid != L2CAP_CID_ATT ||
216 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
217 return -EINVAL;
218
219 /* We don't have the hdev available here to make a
220 * better decision on random vs public, but since all
221 * user space versions that exhibit this issue anyway do
222 * not support random local addresses assuming public
223 * here is good enough.
224 */
225 chan->src_type = BDADDR_LE_PUBLIC;
226 }
1f209383
JH		 227
228 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
229 return -EINVAL;
230
bfe4655f 231 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
9149761a 232 if (!enable_lecoc && la.l2_psm)
bfe4655f
JH		 233 return -EINVAL;
234 /* We only allow ATT user space socket */
9149761a
JH		 235 if (la.l2_cid &&
236 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 237 return -EINVAL;
238 }
239
38319713 240 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 241 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 242
6e4aff10 243 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 244 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 245 if (err)
b3fb611e 246 return err;
4e34c50b 247
6be36555
AE		 248 lock_sock(sk);
249
4e34c50b 250 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 251 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 252
253 release_sock(sk);
254
4e34c50b
GP		 255 return err;
256}
257
af6bcd82
GP		 258static int l2cap_sock_listen(struct socket *sock, int backlog)
259{
260 struct sock *sk = sock->sk;
0c1bc5c6 261 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 262 int err = 0;
263
264 BT_DBG("sk %p backlog %d", sk, backlog);
265
266 lock_sock(sk);
267
6b3af733 268 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 269 err = -EBADFD;
270 goto done;
271 }
272
6b3af733
MH		 273 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
274 err = -EINVAL;
275 goto done;
276 }
277
0c1bc5c6 278 switch (chan->mode) {
af6bcd82 279 case L2CAP_MODE_BASIC:
38319713 280 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 281 break;
282 case L2CAP_MODE_ERTM:
283 case L2CAP_MODE_STREAMING:
284 if (!disable_ertm)
285 break;
286 /* fall through */
287 default:
288 err = -ENOTSUPP;
289 goto done;
290 }
291
af6bcd82
GP		 292 sk->sk_max_ack_backlog = backlog;
293 sk->sk_ack_backlog = 0;
89bc500e
GP		 294
295 chan->state = BT_LISTEN;
af6bcd82
GP		 296 sk->sk_state = BT_LISTEN;
297
298done:
299 release_sock(sk);
300 return err;
301}
302
2d792818
GP		 303static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
304 int flags)
c47b7c72
GP		 305{
306 DECLARE_WAITQUEUE(wait, current);
307 struct sock *sk = sock->sk, *nsk;
308 long timeo;
309 int err = 0;
310
311 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
312
c47b7c72
GP		 313 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
314
315 BT_DBG("sk %p timeo %ld", sk, timeo);
316
317 /* Wait for an incoming connection. (wake-one). */
318 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 319 while (1) {
c47b7c72 320 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 321
322 if (sk->sk_state != BT_LISTEN) {
323 err = -EBADFD;
c47b7c72
GP		 324 break;
325 }
326
f9a3c20a
PH		 327 nsk = bt_accept_dequeue(sk, newsock);
328 if (nsk)
329 break;
c47b7c72 330
f9a3c20a
PH		 331 if (!timeo) {
332 err = -EAGAIN;
c47b7c72
GP		 333 break;
334 }
335
336 if (signal_pending(current)) {
337 err = sock_intr_errno(timeo);
338 break;
339 }
f9a3c20a
PH		 340
341 release_sock(sk);
342 timeo = schedule_timeout(timeo);
343 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 344 }
f9a3c20a 345 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
2d792818
GP		 360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int *len, int peer)
d7175d55
GP		 362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
0c1bc5c6 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
792039c7 369 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 370 addr->sa_family = AF_BLUETOOTH;
371 *len = sizeof(struct sockaddr_l2);
372
373 if (peer) {
fe4128e0 374 la->l2_psm = chan->psm;
7eafc59e 375 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 376 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 377 la->l2_bdaddr_type = chan->dst_type;
d7175d55 378 } else {
0c1bc5c6 379 la->l2_psm = chan->sport;
7eafc59e 380 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 381 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 382 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 383 }
384
385 return 0;
386}
387
2d792818
GP		 388static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
389 char __user *optval, int __user *optlen)
99f4808d
GP		 390{
391 struct sock *sk = sock->sk;
4343478f 392 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 393 struct l2cap_options opts;
394 struct l2cap_conninfo cinfo;
395 int len, err = 0;
396 u32 opt;
397
398 BT_DBG("sk %p", sk);
399
400 if (get_user(len, optlen))
401 return -EFAULT;
402
403 lock_sock(sk);
404
405 switch (optname) {
406 case L2CAP_OPTIONS:
64b4f8dc
JH		 407 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
408 * legacy ATT code depends on getsockopt for
409 * L2CAP_OPTIONS we need to let this pass.
410 */
411 if (bdaddr_type_is_le(chan->src_type) &&
412 chan->scid != L2CAP_CID_ATT) {
413 err = -EINVAL;
414 break;
415 }
416
e3fb592b 417 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 418 opts.imtu = chan->imtu;
419 opts.omtu = chan->omtu;
420 opts.flush_to = chan->flush_to;
421 opts.mode = chan->mode;
47d1ec61
GP		 422 opts.fcs = chan->fcs;
423 opts.max_tx = chan->max_tx;
6327eb98 424 opts.txwin_size = chan->tx_win;
99f4808d
GP		 425
426 len = min_t(unsigned int, len, sizeof(opts));
427 if (copy_to_user(optval, (char *) &opts, len))
428 err = -EFAULT;
429
430 break;
431
432 case L2CAP_LM:
4343478f 433 switch (chan->sec_level) {
99f4808d
GP		 434 case BT_SECURITY_LOW:
435 opt = L2CAP_LM_AUTH;
436 break;
437 case BT_SECURITY_MEDIUM:
438 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
439 break;
440 case BT_SECURITY_HIGH:
441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 442 L2CAP_LM_SECURE;
99f4808d 443 break;
7d513e92
MH		 444 case BT_SECURITY_FIPS:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
446 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
447 break;
99f4808d
GP		 448 default:
449 opt = 0;
450 break;
451 }
452
43bd0f32 453 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 454 opt |= L2CAP_LM_MASTER;
455
ecf61bdb 456 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 457 opt |= L2CAP_LM_RELIABLE;
458
459 if (put_user(opt, (u32 __user *) optval))
460 err = -EFAULT;
7d513e92 461
99f4808d
GP		 462 break;
463
464 case L2CAP_CONNINFO:
465 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 466 !(sk->sk_state == BT_CONNECT2 &&
467 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 468 err = -ENOTCONN;
469 break;
470 }
471
8d03e971 472 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 473 cinfo.hci_handle = chan->conn->hcon->handle;
474 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 475
476 len = min_t(unsigned int, len, sizeof(cinfo));
477 if (copy_to_user(optval, (char *) &cinfo, len))
478 err = -EFAULT;
479
480 break;
481
482 default:
483 err = -ENOPROTOOPT;
484 break;
485 }
486
487 release_sock(sk);
488 return err;
489}
490
2d792818
GP		 491static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
492 char __user *optval, int __user *optlen)
99f4808d
GP		 493{
494 struct sock *sk = sock->sk;
4343478f 495 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 496 struct bt_security sec;
14b12d0b 497 struct bt_power pwr;
99f4808d
GP		 498 int len, err = 0;
499
500 BT_DBG("sk %p", sk);
501
502 if (level == SOL_L2CAP)
503 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
504
505 if (level != SOL_BLUETOOTH)
506 return -ENOPROTOOPT;
507
508 if (get_user(len, optlen))
509 return -EFAULT;
510
511 lock_sock(sk);
512
513 switch (optname) {
514 case BT_SECURITY:
715ec005 515 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 516 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 517 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 518 err = -EINVAL;
519 break;
520 }
521
8f360119 522 memset(&sec, 0, sizeof(sec));
85e34368 523 if (chan->conn) {
c6585a4d 524 sec.level = chan->conn->hcon->sec_level;
99f4808d 525
85e34368
AE		 526 if (sk->sk_state == BT_CONNECTED)
527 sec.key_size = chan->conn->hcon->enc_key_size;
528 } else {
529 sec.level = chan->sec_level;
530 }
8f360119 531
99f4808d
GP		 532 len = min_t(unsigned int, len, sizeof(sec));
533 if (copy_to_user(optval, (char *) &sec, len))
534 err = -EFAULT;
535
536 break;
537
538 case BT_DEFER_SETUP:
539 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
540 err = -EINVAL;
541 break;
542 }
543
c5daa683
GP		 544 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
545 (u32 __user *) optval))
99f4808d
GP		 546 err = -EFAULT;
547
548 break;
549
550 case BT_FLUSHABLE:
d57b0e8b 551 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 552 (u32 __user *) optval))
99f4808d
GP		 553 err = -EFAULT;
554
555 break;
556
14b12d0b
JG		 557 case BT_POWER:
558 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 559 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 560 err = -EINVAL;
561 break;
562 }
563
15770b1a 564 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 565
566 len = min_t(unsigned int, len, sizeof(pwr));
567 if (copy_to_user(optval, (char *) &pwr, len))
568 err = -EFAULT;
569
570 break;
571
2ea66482 572 case BT_CHANNEL_POLICY:
2ea66482
MM		 573 if (put_user(chan->chan_policy, (u32 __user *) optval))
574 err = -EFAULT;
575 break;
576
1f435424
JH		 577 case BT_SNDMTU:
578 if (!enable_lecoc) {
579 err = -EPROTONOSUPPORT;
580 break;
581 }
582
583 if (!bdaddr_type_is_le(chan->src_type)) {
584 err = -EINVAL;
585 break;
586 }
587
588 if (sk->sk_state != BT_CONNECTED) {
589 err = -ENOTCONN;
590 break;
591 }
592
593 if (put_user(chan->omtu, (u16 __user *) optval))
594 err = -EFAULT;
595 break;
596
597 case BT_RCVMTU:
598 if (!enable_lecoc) {
599 err = -EPROTONOSUPPORT;
600 break;
601 }
602
603 if (!bdaddr_type_is_le(chan->src_type)) {
604 err = -EINVAL;
605 break;
606 }
607
608 if (put_user(chan->imtu, (u16 __user *) optval))
609 err = -EFAULT;
610 break;
611
99f4808d
GP		 612 default:
613 err = -ENOPROTOOPT;
614 break;
615 }
616
617 release_sock(sk);
618 return err;
619}
620
682877c3
AG		 621static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
622{
623 switch (chan->scid) {
073d1cf3 624 case L2CAP_CID_ATT:
8c3a4f00 625 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 626 return false;
627 break;
628
629 default:
630 if (mtu < L2CAP_DEFAULT_MIN_MTU)
631 return false;
632 }
633
634 return true;
635}
636
2d792818
GP		 637static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
638 char __user *optval, unsigned int optlen)
33575df7
GP		 639{
640 struct sock *sk = sock->sk;
b4450035 641 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 642 struct l2cap_options opts;
643 int len, err = 0;
644 u32 opt;
645
646 BT_DBG("sk %p", sk);
647
648 lock_sock(sk);
649
650 switch (optname) {
651 case L2CAP_OPTIONS:
64b4f8dc
JH		 652 if (bdaddr_type_is_le(chan->src_type)) {
653 err = -EINVAL;
654 break;
655 }
656
33575df7
GP		 657 if (sk->sk_state == BT_CONNECTED) {
658 err = -EINVAL;
659 break;
660 }
661
0c1bc5c6
GP		 662 opts.imtu = chan->imtu;
663 opts.omtu = chan->omtu;
664 opts.flush_to = chan->flush_to;
665 opts.mode = chan->mode;
47d1ec61
GP		 666 opts.fcs = chan->fcs;
667 opts.max_tx = chan->max_tx;
6327eb98 668 opts.txwin_size = chan->tx_win;
33575df7
GP		 669
670 len = min_t(unsigned int, sizeof(opts), optlen);
671 if (copy_from_user((char *) &opts, optval, len)) {
672 err = -EFAULT;
673 break;
674 }
675
6327eb98 676 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 677 err = -EINVAL;
678 break;
679 }
680
682877c3
AG		 681 if (!l2cap_valid_mtu(chan, opts.imtu)) {
682 err = -EINVAL;
683 break;
684 }
685
0c1bc5c6
GP		 686 chan->mode = opts.mode;
687 switch (chan->mode) {
38319713
JH		 688 case L2CAP_MODE_LE_FLOWCTL:
689 break;
33575df7 690 case L2CAP_MODE_BASIC:
c1360a1c 691 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 692 break;
693 case L2CAP_MODE_ERTM:
694 case L2CAP_MODE_STREAMING:
695 if (!disable_ertm)
696 break;
697 /* fall through */
698 default:
699 err = -EINVAL;
700 break;
701 }
702
0c1bc5c6
GP		 703 chan->imtu = opts.imtu;
704 chan->omtu = opts.omtu;
47d1ec61
GP		 705 chan->fcs = opts.fcs;
706 chan->max_tx = opts.max_tx;
6327eb98 707 chan->tx_win = opts.txwin_size;
12d59781 708 chan->flush_to = opts.flush_to;
33575df7
GP		 709 break;
710
711 case L2CAP_LM:
712 if (get_user(opt, (u32 __user *) optval)) {
713 err = -EFAULT;
714 break;
715 }
716
7d513e92
MH		 717 if (opt & L2CAP_LM_FIPS) {
718 err = -EINVAL;
719 break;
720 }
721
33575df7 722 if (opt & L2CAP_LM_AUTH)
4343478f 723 chan->sec_level = BT_SECURITY_LOW;
33575df7 724 if (opt & L2CAP_LM_ENCRYPT)
4343478f 725 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 726 if (opt & L2CAP_LM_SECURE)
4343478f 727 chan->sec_level = BT_SECURITY_HIGH;
33575df7 728
43bd0f32
AE		 729 if (opt & L2CAP_LM_MASTER)
730 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
731 else
732 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 733
734 if (opt & L2CAP_LM_RELIABLE)
735 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
736 else
737 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 738 break;
739
740 default:
741 err = -ENOPROTOOPT;
742 break;
743 }
744
745 release_sock(sk);
746 return err;
747}
748
2d792818
GP		 749static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
750 char __user *optval, unsigned int optlen)
33575df7
GP		 751{
752 struct sock *sk = sock->sk;
4343478f 753 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 754 struct bt_security sec;
14b12d0b 755 struct bt_power pwr;
f1cb9af5 756 struct l2cap_conn *conn;
33575df7
GP		 757 int len, err = 0;
758 u32 opt;
759
760 BT_DBG("sk %p", sk);
761
762 if (level == SOL_L2CAP)
763 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
764
765 if (level != SOL_BLUETOOTH)
766 return -ENOPROTOOPT;
767
768 lock_sock(sk);
769
770 switch (optname) {
771 case BT_SECURITY:
715ec005 772 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 773 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 774 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 775 err = -EINVAL;
776 break;
777 }
778
779 sec.level = BT_SECURITY_LOW;
780
781 len = min_t(unsigned int, sizeof(sec), optlen);
782 if (copy_from_user((char *) &sec, optval, len)) {
783 err = -EFAULT;
784 break;
785 }
786
787 if (sec.level < BT_SECURITY_LOW ||
2d792818 788 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 789 err = -EINVAL;
790 break;
791 }
792
4343478f 793 chan->sec_level = sec.level;
f1cb9af5 794
0bee1d60
GP		 795 if (!chan->conn)
796 break;
797
f1cb9af5 798 conn = chan->conn;
0bee1d60
GP		 799
800 /*change security for LE channels */
073d1cf3 801 if (chan->scid == L2CAP_CID_ATT) {
f1cb9af5
VCG		 802 if (!conn->hcon->out) {
803 err = -EINVAL;
804 break;
805 }
806
cc110922 807 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 808 break;
f1cb9af5 809 sk->sk_state = BT_CONFIG;
3542b854 810 chan->state = BT_CONFIG;
0bee1d60 811
a7d7723a
GP		 812 /* or for ACL link */
813 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 814 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 815 sk->sk_state == BT_CONNECTED) {
816 if (!l2cap_chan_check_security(chan))
c5daa683 817 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 818 else
819 sk->sk_state_change(sk);
0bee1d60
GP		 820 } else {
821 err = -EINVAL;
f1cb9af5 822 }
33575df7
GP		 823 break;
824
825 case BT_DEFER_SETUP:
826 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
827 err = -EINVAL;
828 break;
829 }
830
831 if (get_user(opt, (u32 __user *) optval)) {
832 err = -EFAULT;
833 break;
834 }
835
bdc25783 836 if (opt) {
c5daa683 837 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 838 set_bit(FLAG_DEFER_SETUP, &chan->flags);
839 } else {
c5daa683 840 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 841 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
842 }
33575df7
GP		 843 break;
844
845 case BT_FLUSHABLE:
846 if (get_user(opt, (u32 __user *) optval)) {
847 err = -EFAULT;
848 break;
849 }
850
851 if (opt > BT_FLUSHABLE_ON) {
852 err = -EINVAL;
853 break;
854 }
855
856 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 857 conn = chan->conn;
25985edc 858 /* proceed further only when we have l2cap_conn and
33575df7
GP		 859 No Flush support in the LM */
860 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
861 err = -EINVAL;
862 break;
863 }
864 }
865
d57b0e8b
AE		 866 if (opt)
867 set_bit(FLAG_FLUSHABLE, &chan->flags);
868 else
869 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 870 break;
871
14b12d0b
JG		 872 case BT_POWER:
873 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 874 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 875 err = -EINVAL;
876 break;
877 }
878
879 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
880
881 len = min_t(unsigned int, sizeof(pwr), optlen);
882 if (copy_from_user((char *) &pwr, optval, len)) {
883 err = -EFAULT;
884 break;
885 }
15770b1a
AE		 886
887 if (pwr.force_active)
888 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
889 else
890 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 891 break;
892
2ea66482 893 case BT_CHANNEL_POLICY:
2ea66482
MM		 894 if (get_user(opt, (u32 __user *) optval)) {
895 err = -EFAULT;
896 break;
897 }
898
899 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
900 err = -EINVAL;
901 break;
902 }
903
904 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 905 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 906 err = -EOPNOTSUPP;
907 break;
908 }
909
910 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 911
912 if (sk->sk_state == BT_CONNECTED &&
913 chan->move_role == L2CAP_MOVE_ROLE_NONE)
914 l2cap_move_start(chan);
915
14b12d0b
JG		 916 break;
917
1f435424
JH		 918 case BT_SNDMTU:
919 if (!enable_lecoc) {
920 err = -EPROTONOSUPPORT;
921 break;
922 }
923
924 if (!bdaddr_type_is_le(chan->src_type)) {
925 err = -EINVAL;
926 break;
927 }
928
929 /* Setting is not supported as it's the remote side that
930 * decides this.
931 */
932 err = -EPERM;
933 break;
934
935 case BT_RCVMTU:
936 if (!enable_lecoc) {
937 err = -EPROTONOSUPPORT;
938 break;
939 }
940
941 if (!bdaddr_type_is_le(chan->src_type)) {
942 err = -EINVAL;
943 break;
944 }
945
946 if (sk->sk_state == BT_CONNECTED) {
947 err = -EISCONN;
948 break;
949 }
950
951 if (get_user(opt, (u32 __user *) optval)) {
952 err = -EFAULT;
953 break;
954 }
955
956 chan->imtu = opt;
957 break;
958
33575df7
GP		 959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 release_sock(sk);
965 return err;
966}
fd83ccdb 967
2d792818
GP		 968static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
969 struct msghdr *msg, size_t len)
fd83ccdb
GP		 970{
971 struct sock *sk = sock->sk;
0c1bc5c6 972 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 973 int err;
974
975 BT_DBG("sock %p, sk %p", sock, sk);
976
977 err = sock_error(sk);
978 if (err)
979 return err;
980
981 if (msg->msg_flags & MSG_OOB)
982 return -EOPNOTSUPP;
983
a6a5568c 984 if (sk->sk_state != BT_CONNECTED)
9a91a04a 985 return -ENOTCONN;
fd83ccdb 986
e793dcf0
JH		 987 lock_sock(sk);
988 err = bt_sock_wait_ready(sk, msg->msg_flags);
989 release_sock(sk);
990 if (err)
991 return err;
992
a6a5568c 993 l2cap_chan_lock(chan);
5e59b791 994 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 995 l2cap_chan_unlock(chan);
fd83ccdb 996
fd83ccdb
GP		 997 return err;
998}
33575df7 999
2d792818
GP		 1000static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1001 struct msghdr *msg, size_t len, int flags)
68983259
GP		 1002{
1003 struct sock *sk = sock->sk;
e328140f
MM		 1004 struct l2cap_pinfo *pi = l2cap_pi(sk);
1005 int err;
68983259
GP		 1006
1007 lock_sock(sk);
1008
c5daa683
GP		 1009 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1010 &bt_sk(sk)->flags)) {
38319713
JH		 1011 if (bdaddr_type_is_le(pi->chan->src_type)) {
1012 sk->sk_state = BT_CONNECTED;
1013 pi->chan->state = BT_CONNECTED;
1014 __l2cap_le_connect_rsp_defer(pi->chan);
1015 } else {
1016 sk->sk_state = BT_CONFIG;
1017 pi->chan->state = BT_CONFIG;
1018 __l2cap_connect_rsp_defer(pi->chan);
1019 }
8c1d787b 1020
970871bc
JH		 1021 err = 0;
1022 goto done;
68983259
GP		 1023 }
1024
1025 release_sock(sk);
1026
1027 if (sock->type == SOCK_STREAM)
e328140f
MM		 1028 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1029 else
1030 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1031
1032 if (pi->chan->mode != L2CAP_MODE_ERTM)
1033 return err;
1034
1035 /* Attempt to put pending rx data in the socket buffer */
1036
1037 lock_sock(sk);
1038
1039 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1040 goto done;
1041
1042 if (pi->rx_busy_skb) {
1043 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1044 pi->rx_busy_skb = NULL;
1045 else
1046 goto done;
1047 }
1048
1049 /* Restore data flow when half of the receive buffer is
1050 * available. This avoids resending large numbers of
1051 * frames.
1052 */
1053 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1054 l2cap_chan_busy(pi->chan, 0);
68983259 1055
e328140f
MM		 1056done:
1057 release_sock(sk);
1058 return err;
68983259
GP		 1059}
1060
05fc1576
GP		 1061/* Kill socket (only if zapped and orphan)
1062 * Must be called on unlocked socket.
1063 */
ba3bd0ee 1064static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1065{
1066 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1067 return;
1068
e05dcc32 1069 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1070
1071 /* Kill poor orphan */
6ff5abbf 1072
4af66c69 1073 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1074 sock_set_flag(sk, SOCK_DEAD);
1075 sock_put(sk);
1076}
1077
dc25306b
GP		 1078static int __l2cap_wait_ack(struct sock *sk)
1079{
1080 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1081 DECLARE_WAITQUEUE(wait, current);
1082 int err = 0;
1083 int timeo = HZ/5;
1084
1085 add_wait_queue(sk_sleep(sk), &wait);
1086 set_current_state(TASK_INTERRUPTIBLE);
1087 while (chan->unacked_frames > 0 && chan->conn) {
1088 if (!timeo)
1089 timeo = HZ/5;
1090
1091 if (signal_pending(current)) {
1092 err = sock_intr_errno(timeo);
1093 break;
1094 }
1095
1096 release_sock(sk);
1097 timeo = schedule_timeout(timeo);
1098 lock_sock(sk);
1099 set_current_state(TASK_INTERRUPTIBLE);
1100
1101 err = sock_error(sk);
1102 if (err)
1103 break;
1104 }
1105 set_current_state(TASK_RUNNING);
1106 remove_wait_queue(sk_sleep(sk), &wait);
1107 return err;
1108}
1109
dcba0dba
GP		 1110static int l2cap_sock_shutdown(struct socket *sock, int how)
1111{
1112 struct sock *sk = sock->sk;
7ddb6e0f 1113 struct l2cap_chan *chan;
3df91ea2 1114 struct l2cap_conn *conn;
dcba0dba
GP		 1115 int err = 0;
1116
1117 BT_DBG("sock %p, sk %p", sock, sk);
1118
1119 if (!sk)
1120 return 0;
1121
7ddb6e0f 1122 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 1123 conn = chan->conn;
1124
1125 if (conn)
1126 mutex_lock(&conn->chan_lock);
7ddb6e0f 1127
6be36555 1128 l2cap_chan_lock(chan);
dcba0dba 1129 lock_sock(sk);
6be36555 1130
dcba0dba 1131 if (!sk->sk_shutdown) {
0c1bc5c6 1132 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 1133 err = __l2cap_wait_ack(sk);
1134
1135 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 1136
6be36555 1137 release_sock(sk);
0f852724 1138 l2cap_chan_close(chan, 0);
6be36555 1139 lock_sock(sk);
dcba0dba
GP		 1140
1141 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1142 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 1143 sk->sk_lingertime);
dcba0dba
GP		 1144 }
1145
1146 if (!err && sk->sk_err)
1147 err = -sk->sk_err;
1148
1149 release_sock(sk);
6be36555 1150 l2cap_chan_unlock(chan);
3df91ea2
AE		 1151
1152 if (conn)
1153 mutex_unlock(&conn->chan_lock);
1154
dcba0dba
GP		 1155 return err;
1156}
1157
554f05bb
GP		 1158static int l2cap_sock_release(struct socket *sock)
1159{
1160 struct sock *sk = sock->sk;
1161 int err;
1162
1163 BT_DBG("sock %p, sk %p", sock, sk);
1164
1165 if (!sk)
1166 return 0;
1167
5b28d95c
MY		 1168 bt_sock_unlink(&l2cap_sk_list, sk);
1169
554f05bb
GP		 1170 err = l2cap_sock_shutdown(sock, 2);
1171
1172 sock_orphan(sk);
1173 l2cap_sock_kill(sk);
1174 return err;
1175}
1176
c0df7f6e
AE		 1177static void l2cap_sock_cleanup_listen(struct sock *parent)
1178{
1179 struct sock *sk;
1180
1181 BT_DBG("parent %p", parent);
1182
1183 /* Close not yet accepted channels */
1184 while ((sk = bt_accept_dequeue(parent, NULL))) {
1185 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1186
1187 l2cap_chan_lock(chan);
1188 __clear_chan_timer(chan);
1189 l2cap_chan_close(chan, ECONNRESET);
1190 l2cap_chan_unlock(chan);
1191
1192 l2cap_sock_kill(sk);
1193 }
1194}
1195
80b98027 1196static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1197{
80b98027 1198 struct sock *sk, *parent = chan->data;
80808e43 1199
8ffb9290
GP		 1200 lock_sock(parent);
1201
53826692
GP		 1202 /* Check for backlog size */
1203 if (sk_acceptq_is_full(parent)) {
1204 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1205 return NULL;
1206 }
1207
80808e43 1208 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 1209 GFP_ATOMIC);
80808e43
GP		 1210 if (!sk)
1211 return NULL;
1212
d22015aa
OP		 1213 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1214
80808e43
GP		 1215 l2cap_sock_init(sk, parent);
1216
644912e1
GP		 1217 bt_accept_enqueue(parent, sk);
1218
8ffb9290
GP		 1219 release_sock(parent);
1220
80808e43
GP		 1221 return l2cap_pi(sk)->chan;
1222}
1223
80b98027 1224static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1225{
80b98027 1226 struct sock *sk = chan->data;
84b34d98 1227 int err;
e328140f 1228
6be36555
AE		 1229 lock_sock(sk);
1230
84b34d98 1231 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1232 err = -ENOMEM;
1233 goto done;
1234 }
e328140f
MM		 1235
1236 err = sock_queue_rcv_skb(sk, skb);
1237
1238 /* For ERTM, handle one skb that doesn't fit into the recv
1239 * buffer. This is important to do because the data frames
1240 * have already been acked, so the skb cannot be discarded.
1241 *
1242 * Notify the l2cap core that the buffer is full, so the
1243 * LOCAL_BUSY state is entered and no more frames are
1244 * acked and reassembled until there is buffer space
1245 * available.
1246 */
84b34d98
MH		 1247 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1248 l2cap_pi(sk)->rx_busy_skb = skb;
1249 l2cap_chan_busy(chan, 1);
e328140f
MM		 1250 err = 0;
1251 }
23070494 1252
6be36555
AE		 1253done:
1254 release_sock(sk);
1255
e328140f 1256 return err;
23070494
GP		 1257}
1258
80b98027 1259static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1260{
80b98027 1261 struct sock *sk = chan->data;
ba3bd0ee
GP		 1262
1263 l2cap_sock_kill(sk);
1264}
1265
c0df7f6e
AE		 1266static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1267{
1268 struct sock *sk = chan->data;
1269 struct sock *parent;
1270
1271 lock_sock(sk);
1272
1273 parent = bt_sk(sk)->parent;
1274
1275 sock_set_flag(sk, SOCK_ZAPPED);
1276
1277 switch (chan->state) {
1278 case BT_OPEN:
1279 case BT_BOUND:
1280 case BT_CLOSED:
1281 break;
1282 case BT_LISTEN:
1283 l2cap_sock_cleanup_listen(sk);
1284 sk->sk_state = BT_CLOSED;
1285 chan->state = BT_CLOSED;
1286
1287 break;
1288 default:
1289 sk->sk_state = BT_CLOSED;
1290 chan->state = BT_CLOSED;
1291
1292 sk->sk_err = err;
1293
1294 if (parent) {
1295 bt_accept_unlink(sk);
1296 parent->sk_data_ready(parent, 0);
1297 } else {
1298 sk->sk_state_change(sk);
1299 }
1300
1301 break;
1302 }
1303
1304 release_sock(sk);
1305}
1306
53f52121
GP		 1307static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1308 int err)
89bc500e 1309{
80b98027 1310 struct sock *sk = chan->data;
89bc500e
GP		 1311
1312 sk->sk_state = state;
53f52121
GP		 1313
1314 if (err)
1315 sk->sk_err = err;
89bc500e
GP		 1316}
1317
2f7719ce 1318static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1319 unsigned long len, int nb)
2f7719ce 1320{
0f2c6153 1321 struct sock *sk = chan->data;
90338947
GP		 1322 struct sk_buff *skb;
1323 int err;
1324
a6a5568c 1325 l2cap_chan_unlock(chan);
0f2c6153 1326 skb = bt_skb_send_alloc(sk, len, nb, &err);
a6a5568c
MM		 1327 l2cap_chan_lock(chan);
1328
90338947
GP		 1329 if (!skb)
1330 return ERR_PTR(err);
2f7719ce 1331
0e790c64
GP		 1332 bt_cb(skb)->chan = chan;
1333
90338947 1334 return skb;
2f7719ce
AE		 1335}
1336
54a59aa2
AE		 1337static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1338{
1339 struct sock *sk = chan->data;
1340 struct sock *parent;
1341
1342 lock_sock(sk);
1343
1344 parent = bt_sk(sk)->parent;
1345
1346 BT_DBG("sk %p, parent %p", sk, parent);
1347
1348 sk->sk_state = BT_CONNECTED;
1349 sk->sk_state_change(sk);
1350
1351 if (parent)
1352 parent->sk_data_ready(parent, 0);
1353
1354 release_sock(sk);
1355}
1356
2dc4e510
GP		 1357static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1358{
acdcabf5
GP		 1359 struct sock *parent, *sk = chan->data;
1360
1361 lock_sock(sk);
2dc4e510 1362
acdcabf5 1363 parent = bt_sk(sk)->parent;
2dc4e510
GP		 1364 if (parent)
1365 parent->sk_data_ready(parent, 0);
acdcabf5
GP		 1366
1367 release_sock(sk);
2dc4e510
GP		 1368}
1369
d97c899b
MH		 1370static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1371{
1372 struct sock *sk = chan->data;
1373
1374 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1375 sk->sk_state_change(sk);
1376}
1377
5ec1bbe5
GP		 1378static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1379{
1380 struct sock *sk = chan->data;
1381
1382 lock_sock(sk);
1383 sk->sk_shutdown = SHUTDOWN_MASK;
1384 release_sock(sk);
1385}
1386
8d836d71
GP		 1387static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1388{
1389 struct sock *sk = chan->data;
1390
1391 return sk->sk_sndtimeo;
1392}
1393
837776f7
JH		 1394static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1395{
1396 struct sock *sk = chan->data;
1397
1398 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1399 sk->sk_state_change(sk);
1400}
1401
80808e43
GP		 1402static struct l2cap_ops l2cap_chan_ops = {
1403 .name = "L2CAP Socket Interface",
1404 .new_connection = l2cap_sock_new_connection_cb,
23070494 1405 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1406 .close = l2cap_sock_close_cb,
c0df7f6e 1407 .teardown = l2cap_sock_teardown_cb,
89bc500e 1408 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1409 .ready = l2cap_sock_ready_cb,
2dc4e510 1410 .defer = l2cap_sock_defer_cb,
d97c899b 1411 .resume = l2cap_sock_resume_cb,
837776f7 1412 .suspend = l2cap_sock_suspend_cb,
5ec1bbe5 1413 .set_shutdown = l2cap_sock_set_shutdown_cb,
8d836d71 1414 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
2f7719ce 1415 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1416};
1417
bb58f747
GP		 1418static void l2cap_sock_destruct(struct sock *sk)
1419{
1420 BT_DBG("sk %p", sk);
1421
23d3a869
SL		 1422 if (l2cap_pi(sk)->chan)
1423 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1424
e328140f
MM		 1425 if (l2cap_pi(sk)->rx_busy_skb) {
1426 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1427 l2cap_pi(sk)->rx_busy_skb = NULL;
1428 }
1429
bb58f747
GP		 1430 skb_queue_purge(&sk->sk_receive_queue);
1431 skb_queue_purge(&sk->sk_write_queue);
1432}
1433
2edf870d
MH		 1434static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1435 int *msg_namelen)
1436{
342dfc30 1437 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1438
1439 memset(la, 0, sizeof(struct sockaddr_l2));
1440 la->l2_family = AF_BLUETOOTH;
1441 la->l2_psm = bt_cb(skb)->psm;
1442 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1443
1444 *msg_namelen = sizeof(struct sockaddr_l2);
1445}
1446
80808e43 1447static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1448{
84b34d98 1449 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1450
1451 BT_DBG("sk %p", sk);
1452
1453 if (parent) {
b4450035
GP		 1454 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1455
bb58f747 1456 sk->sk_type = parent->sk_type;
c5daa683 1457 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1458
715ec005 1459 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1460 chan->imtu = pchan->imtu;
1461 chan->omtu = pchan->omtu;
b4450035 1462 chan->conf_state = pchan->conf_state;
0c1bc5c6 1463 chan->mode = pchan->mode;
47d1ec61
GP		 1464 chan->fcs = pchan->fcs;
1465 chan->max_tx = pchan->max_tx;
1466 chan->tx_win = pchan->tx_win;
6b3c7104 1467 chan->tx_win_max = pchan->tx_win_max;
4343478f 1468 chan->sec_level = pchan->sec_level;
d57b0e8b 1469 chan->flags = pchan->flags;
0cd75f7e
JH		 1470 chan->tx_credits = pchan->tx_credits;
1471 chan->rx_credits = pchan->rx_credits;
6230c9b4
PM		 1472
1473 security_sk_clone(parent, sk);
bb58f747 1474 } else {
715ec005
GP		 1475 switch (sk->sk_type) {
1476 case SOCK_RAW:
1477 chan->chan_type = L2CAP_CHAN_RAW;
1478 break;
1479 case SOCK_DGRAM:
1480 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1481 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1482 break;
1483 case SOCK_SEQPACKET:
1484 case SOCK_STREAM:
1485 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1486 break;
1487 }
1488
0c1bc5c6
GP		 1489 chan->imtu = L2CAP_DEFAULT_MTU;
1490 chan->omtu = 0;
bb58f747 1491 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1492 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1493 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1494 } else {
0c1bc5c6 1495 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1496 }
bd4b1653
AE		 1497
1498 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1499 }
1500
1501 /* Default config options */
0c1bc5c6 1502 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1503
1504 chan->data = sk;
1505 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1506}
1507
1508static struct proto l2cap_proto = {
1509 .name = "L2CAP",
1510 .owner = THIS_MODULE,
1511 .obj_size = sizeof(struct l2cap_pinfo)
1512};
1513
2d792818
GP		 1514static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1515 int proto, gfp_t prio)
bb58f747
GP		 1516{
1517 struct sock *sk;
dc50a06d 1518 struct l2cap_chan *chan;
bb58f747
GP		 1519
1520 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1521 if (!sk)
1522 return NULL;
1523
1524 sock_init_data(sock, sk);
1525 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1526
1527 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1528 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1529
1530 sock_reset_flag(sk, SOCK_ZAPPED);
1531
1532 sk->sk_protocol = proto;
1533 sk->sk_state = BT_OPEN;
1534
eef1d9b6 1535 chan = l2cap_chan_create();
dc50a06d 1536 if (!chan) {
49dfbb91 1537 sk_free(sk);
dc50a06d
GP		 1538 return NULL;
1539 }
1540
61d6ef3e
MM		 1541 l2cap_chan_hold(chan);
1542
dc50a06d
GP		 1543 l2cap_pi(sk)->chan = chan;
1544
bb58f747
GP		 1545 return sk;
1546}
1547
1548static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1549 int kern)
1550{
1551 struct sock *sk;
1552
1553 BT_DBG("sock %p", sock);
1554
1555 sock->state = SS_UNCONNECTED;
1556
1557 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1558 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1559 return -ESOCKTNOSUPPORT;
1560
1561 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1562 return -EPERM;
1563
1564 sock->ops = &l2cap_sock_ops;
1565
1566 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1567 if (!sk)
1568 return -ENOMEM;
1569
1570 l2cap_sock_init(sk, NULL);
5b28d95c 1571 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1572 return 0;
1573}
1574
cf2f90f5 1575static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1576 .family = PF_BLUETOOTH,
1577 .owner = THIS_MODULE,
1578 .release = l2cap_sock_release,
1579 .bind = l2cap_sock_bind,
1580 .connect = l2cap_sock_connect,
1581 .listen = l2cap_sock_listen,
1582 .accept = l2cap_sock_accept,
1583 .getname = l2cap_sock_getname,
1584 .sendmsg = l2cap_sock_sendmsg,
1585 .recvmsg = l2cap_sock_recvmsg,
1586 .poll = bt_sock_poll,
1587 .ioctl = bt_sock_ioctl,
1588 .mmap = sock_no_mmap,
1589 .socketpair = sock_no_socketpair,
1590 .shutdown = l2cap_sock_shutdown,
1591 .setsockopt = l2cap_sock_setsockopt,
1592 .getsockopt = l2cap_sock_getsockopt
1593};
1594
bb58f747
GP		 1595static const struct net_proto_family l2cap_sock_family_ops = {
1596 .family = PF_BLUETOOTH,
1597 .owner = THIS_MODULE,
1598 .create = l2cap_sock_create,
1599};
1600
1601int __init l2cap_init_sockets(void)
1602{
e2174ca4 1603 int err;
bb58f747 1604
e2174ca4
GP		 1605 err = proto_register(&l2cap_proto, 0);
1606 if (err < 0)
1607 return err;
bb58f747 1608
e2174ca4 1609 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1610 if (err < 0) {
1611 BT_ERR("L2CAP socket registration failed");
e2174ca4 1612 goto error;
5b28d95c
MY		 1613 }
1614
b0316615 1615 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1616 NULL);
5b28d95c
MY		 1617 if (err < 0) {
1618 BT_ERR("Failed to create L2CAP proc file");
1619 bt_sock_unregister(BTPROTO_L2CAP);
1620 goto error;
1621 }
bb58f747 1622
e2174ca4 1623 BT_INFO("L2CAP socket layer initialized");
bb58f747 1624
e2174ca4 1625 return 0;
bb58f747
GP		 1626
1627error:
e2174ca4
GP		 1628 proto_unregister(&l2cap_proto);
1629 return err;
bb58f747
GP		 1630}
1631
1632void l2cap_cleanup_sockets(void)
1633{
5b28d95c 1634 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1635 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1636 proto_unregister(&l2cap_proto);
bb58f747 1637}
9149761a
JH		 1638
1639module_param(enable_lecoc, bool, 0644);
1640MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC");
Ubuntu Jammy Linux kernel mirror