~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/l2cap_sock.c

Version: ~ [ linux-5.15-rc5 ] ~ [ linux-5.14.11 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.72 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.152 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.210 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.250 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.286 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.288 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
  5    Copyright (C) 2010 Google Inc.
  6    Copyright (C) 2011 ProFUSION Embedded Systems
  7 
  8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  9 
 10    This program is free software; you can redistribute it and/or modify
 11    it under the terms of the GNU General Public License version 2 as
 12    published by the Free Software Foundation;
 13 
 14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 22 
 23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 25    SOFTWARE IS DISCLAIMED.
 26 */
 27 
 28 /* Bluetooth L2CAP sockets. */
 29 
 30 #include <linux/module.h>
 31 #include <linux/export.h>
 32 
 33 #include <net/bluetooth/bluetooth.h>
 34 #include <net/bluetooth/hci_core.h>
 35 #include <net/bluetooth/l2cap.h>
 36 
 37 #include "smp.h"
 38 
 39 bool enable_lecoc;
 40 
 41 static struct bt_sock_list l2cap_sk_list = {
 42         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
 43 };
 44 
 45 static const struct proto_ops l2cap_sock_ops;
 46 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
 47 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
 48                                      int proto, gfp_t prio);
 49 
 50 bool l2cap_is_socket(struct socket *sock)
 51 {
 52         return sock && sock->ops == &l2cap_sock_ops;
 53 }
 54 EXPORT_SYMBOL(l2cap_is_socket);
 55 
 56 static int l2cap_validate_bredr_psm(u16 psm)
 57 {
 58         /* PSM must be odd and lsb of upper byte must be 0 */
 59         if ((psm & 0x0101) != 0x0001)
 60                 return -EINVAL;
 61 
 62         /* Restrict usage of well-known PSMs */
 63         if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
 64                 return -EACCES;
 65 
 66         return 0;
 67 }
 68 
 69 static int l2cap_validate_le_psm(u16 psm)
 70 {
 71         /* Valid LE_PSM ranges are defined only until 0x00ff */
 72         if (psm > 0x00ff)
 73                 return -EINVAL;
 74 
 75         /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
 76         if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
 77                 return -EACCES;
 78 
 79         return 0;
 80 }
 81 
 82 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 83 {
 84         struct sock *sk = sock->sk;
 85         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 86         struct sockaddr_l2 la;
 87         int len, err = 0;
 88 
 89         BT_DBG("sk %p", sk);
 90 
 91         if (!addr || addr->sa_family != AF_BLUETOOTH)
 92                 return -EINVAL;
 93 
 94         memset(&la, 0, sizeof(la));
 95         len = min_t(unsigned int, sizeof(la), alen);
 96         memcpy(&la, addr, len);
 97 
 98         if (la.l2_cid && la.l2_psm)
 99                 return -EINVAL;
100 
101         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102                 return -EINVAL;
103 
104         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105                 if (!enable_lecoc && la.l2_psm)
106                         return -EINVAL;
107                 /* We only allow ATT user space socket */
108                 if (la.l2_cid &&
109                     la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
110                         return -EINVAL;
111         }
112 
113         lock_sock(sk);
114 
115         if (sk->sk_state != BT_OPEN) {
116                 err = -EBADFD;
117                 goto done;
118         }
119 
120         if (la.l2_psm) {
121                 __u16 psm = __le16_to_cpu(la.l2_psm);
122 
123                 if (la.l2_bdaddr_type == BDADDR_BREDR)
124                         err = l2cap_validate_bredr_psm(psm);
125                 else
126                         err = l2cap_validate_le_psm(psm);
127 
128                 if (err)
129                         goto done;
130         }
131 
132         if (la.l2_cid)
133                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
134         else
135                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
136 
137         if (err < 0)
138                 goto done;
139 
140         switch (chan->chan_type) {
141         case L2CAP_CHAN_CONN_LESS:
142                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
143                         chan->sec_level = BT_SECURITY_SDP;
144                 break;
145         case L2CAP_CHAN_CONN_ORIENTED:
146                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
147                     __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
148                         chan->sec_level = BT_SECURITY_SDP;
149                 break;
150         case L2CAP_CHAN_RAW:
151                 chan->sec_level = BT_SECURITY_SDP;
152                 break;
153         }
154 
155         bacpy(&chan->src, &la.l2_bdaddr);
156         chan->src_type = la.l2_bdaddr_type;
157 
158         if (chan->psm && bdaddr_type_is_le(chan->src_type))
159                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
160 
161         chan->state = BT_BOUND;
162         sk->sk_state = BT_BOUND;
163 
164 done:
165         release_sock(sk);
166         return err;
167 }
168 
169 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
170                               int alen, int flags)
171 {
172         struct sock *sk = sock->sk;
173         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
174         struct sockaddr_l2 la;
175         int len, err = 0;
176 
177         BT_DBG("sk %p", sk);
178 
179         if (!addr || alen < sizeof(addr->sa_family) ||
180             addr->sa_family != AF_BLUETOOTH)
181                 return -EINVAL;
182 
183         memset(&la, 0, sizeof(la));
184         len = min_t(unsigned int, sizeof(la), alen);
185         memcpy(&la, addr, len);
186 
187         if (la.l2_cid && la.l2_psm)
188                 return -EINVAL;
189 
190         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
191                 return -EINVAL;
192 
193         /* Check that the socket wasn't bound to something that
194          * conflicts with the address given to connect(). If chan->src
195          * is BDADDR_ANY it means bind() was never used, in which case
196          * chan->src_type and la.l2_bdaddr_type do not need to match.
197          */
198         if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
199             bdaddr_type_is_le(la.l2_bdaddr_type)) {
200                 /* Old user space versions will try to incorrectly bind
201                  * the ATT socket using BDADDR_BREDR. We need to accept
202                  * this and fix up the source address type only when
203                  * both the source CID and destination CID indicate
204                  * ATT. Anything else is an invalid combination.
205                  */
206                 if (chan->scid != L2CAP_CID_ATT ||
207                     la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
208                         return -EINVAL;
209 
210                 /* We don't have the hdev available here to make a
211                  * better decision on random vs public, but since all
212                  * user space versions that exhibit this issue anyway do
213                  * not support random local addresses assuming public
214                  * here is good enough.
215                  */
216                 chan->src_type = BDADDR_LE_PUBLIC;
217         }
218 
219         if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
220                 return -EINVAL;
221 
222         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
223                 if (!enable_lecoc && la.l2_psm)
224                         return -EINVAL;
225                 /* We only allow ATT user space socket */
226                 if (la.l2_cid &&
227                     la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
228                         return -EINVAL;
229         }
230 
231         if (chan->psm && bdaddr_type_is_le(chan->src_type))
232                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
233 
234         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
235                                  &la.l2_bdaddr, la.l2_bdaddr_type);
236         if (err)
237                 return err;
238 
239         lock_sock(sk);
240 
241         err = bt_sock_wait_state(sk, BT_CONNECTED,
242                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
243 
244         release_sock(sk);
245 
246         return err;
247 }
248 
249 static int l2cap_sock_listen(struct socket *sock, int backlog)
250 {
251         struct sock *sk = sock->sk;
252         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
253         int err = 0;
254 
255         BT_DBG("sk %p backlog %d", sk, backlog);
256 
257         lock_sock(sk);
258 
259         if (sk->sk_state != BT_BOUND) {
260                 err = -EBADFD;
261                 goto done;
262         }
263 
264         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
265                 err = -EINVAL;
266                 goto done;
267         }
268 
269         switch (chan->mode) {
270         case L2CAP_MODE_BASIC:
271         case L2CAP_MODE_LE_FLOWCTL:
272                 break;
273         case L2CAP_MODE_ERTM:
274         case L2CAP_MODE_STREAMING:
275                 if (!disable_ertm)
276                         break;
277                 /* fall through */
278         default:
279                 err = -ENOTSUPP;
280                 goto done;
281         }
282 
283         sk->sk_max_ack_backlog = backlog;
284         sk->sk_ack_backlog = 0;
285 
286         chan->state = BT_LISTEN;
287         sk->sk_state = BT_LISTEN;
288 
289 done:
290         release_sock(sk);
291         return err;
292 }
293 
294 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
295                              int flags)
296 {
297         DECLARE_WAITQUEUE(wait, current);
298         struct sock *sk = sock->sk, *nsk;
299         long timeo;
300         int err = 0;
301 
302         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
303 
304         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
305 
306         BT_DBG("sk %p timeo %ld", sk, timeo);
307 
308         /* Wait for an incoming connection. (wake-one). */
309         add_wait_queue_exclusive(sk_sleep(sk), &wait);
310         while (1) {
311                 set_current_state(TASK_INTERRUPTIBLE);
312 
313                 if (sk->sk_state != BT_LISTEN) {
314                         err = -EBADFD;
315                         break;
316                 }
317 
318                 nsk = bt_accept_dequeue(sk, newsock);
319                 if (nsk)
320                         break;
321 
322                 if (!timeo) {
323                         err = -EAGAIN;
324                         break;
325                 }
326 
327                 if (signal_pending(current)) {
328                         err = sock_intr_errno(timeo);
329                         break;
330                 }
331 
332                 release_sock(sk);
333                 timeo = schedule_timeout(timeo);
334                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
335         }
336         __set_current_state(TASK_RUNNING);
337         remove_wait_queue(sk_sleep(sk), &wait);
338 
339         if (err)
340                 goto done;
341 
342         newsock->state = SS_CONNECTED;
343 
344         BT_DBG("new socket %p", nsk);
345 
346 done:
347         release_sock(sk);
348         return err;
349 }
350 
351 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
352                               int *len, int peer)
353 {
354         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
355         struct sock *sk = sock->sk;
356         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
357 
358         BT_DBG("sock %p, sk %p", sock, sk);
359 
360         memset(la, 0, sizeof(struct sockaddr_l2));
361         addr->sa_family = AF_BLUETOOTH;
362         *len = sizeof(struct sockaddr_l2);
363 
364         if (peer) {
365                 la->l2_psm = chan->psm;
366                 bacpy(&la->l2_bdaddr, &chan->dst);
367                 la->l2_cid = cpu_to_le16(chan->dcid);
368                 la->l2_bdaddr_type = chan->dst_type;
369         } else {
370                 la->l2_psm = chan->sport;
371                 bacpy(&la->l2_bdaddr, &chan->src);
372                 la->l2_cid = cpu_to_le16(chan->scid);
373                 la->l2_bdaddr_type = chan->src_type;
374         }
375 
376         return 0;
377 }
378 
379 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
380                                      char __user *optval, int __user *optlen)
381 {
382         struct sock *sk = sock->sk;
383         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
384         struct l2cap_options opts;
385         struct l2cap_conninfo cinfo;
386         int len, err = 0;
387         u32 opt;
388 
389         BT_DBG("sk %p", sk);
390 
391         if (get_user(len, optlen))
392                 return -EFAULT;
393 
394         lock_sock(sk);
395 
396         switch (optname) {
397         case L2CAP_OPTIONS:
398                 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
399                  * legacy ATT code depends on getsockopt for
400                  * L2CAP_OPTIONS we need to let this pass.
401                  */
402                 if (bdaddr_type_is_le(chan->src_type) &&
403                     chan->scid != L2CAP_CID_ATT) {
404                         err = -EINVAL;
405                         break;
406                 }
407 
408                 memset(&opts, 0, sizeof(opts));
409                 opts.imtu     = chan->imtu;
410                 opts.omtu     = chan->omtu;
411                 opts.flush_to = chan->flush_to;
412                 opts.mode     = chan->mode;
413                 opts.fcs      = chan->fcs;
414                 opts.max_tx   = chan->max_tx;
415                 opts.txwin_size = chan->tx_win;
416 
417                 len = min_t(unsigned int, len, sizeof(opts));
418                 if (copy_to_user(optval, (char *) &opts, len))
419                         err = -EFAULT;
420 
421                 break;
422 
423         case L2CAP_LM:
424                 switch (chan->sec_level) {
425                 case BT_SECURITY_LOW:
426                         opt = L2CAP_LM_AUTH;
427                         break;
428                 case BT_SECURITY_MEDIUM:
429                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
430                         break;
431                 case BT_SECURITY_HIGH:
432                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
433                               L2CAP_LM_SECURE;
434                         break;
435                 default:
436                         opt = 0;
437                         break;
438                 }
439 
440                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
441                         opt |= L2CAP_LM_MASTER;
442 
443                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
444                         opt |= L2CAP_LM_RELIABLE;
445 
446                 if (put_user(opt, (u32 __user *) optval))
447                         err = -EFAULT;
448                 break;
449 
450         case L2CAP_CONNINFO:
451                 if (sk->sk_state != BT_CONNECTED &&
452                     !(sk->sk_state == BT_CONNECT2 &&
453                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
454                         err = -ENOTCONN;
455                         break;
456                 }
457 
458                 memset(&cinfo, 0, sizeof(cinfo));
459                 cinfo.hci_handle = chan->conn->hcon->handle;
460                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
461 
462                 len = min_t(unsigned int, len, sizeof(cinfo));
463                 if (copy_to_user(optval, (char *) &cinfo, len))
464                         err = -EFAULT;
465 
466                 break;
467 
468         default:
469                 err = -ENOPROTOOPT;
470                 break;
471         }
472 
473         release_sock(sk);
474         return err;
475 }
476 
477 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
478                                  char __user *optval, int __user *optlen)
479 {
480         struct sock *sk = sock->sk;
481         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
482         struct bt_security sec;
483         struct bt_power pwr;
484         int len, err = 0;
485 
486         BT_DBG("sk %p", sk);
487 
488         if (level == SOL_L2CAP)
489                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
490 
491         if (level != SOL_BLUETOOTH)
492                 return -ENOPROTOOPT;
493 
494         if (get_user(len, optlen))
495                 return -EFAULT;
496 
497         lock_sock(sk);
498 
499         switch (optname) {
500         case BT_SECURITY:
501                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
502                     chan->chan_type != L2CAP_CHAN_RAW) {
503                         err = -EINVAL;
504                         break;
505                 }
506 
507                 memset(&sec, 0, sizeof(sec));
508                 if (chan->conn) {
509                         sec.level = chan->conn->hcon->sec_level;
510 
511                         if (sk->sk_state == BT_CONNECTED)
512                                 sec.key_size = chan->conn->hcon->enc_key_size;
513                 } else {
514                         sec.level = chan->sec_level;
515                 }
516 
517                 len = min_t(unsigned int, len, sizeof(sec));
518                 if (copy_to_user(optval, (char *) &sec, len))
519                         err = -EFAULT;
520 
521                 break;
522 
523         case BT_DEFER_SETUP:
524                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
525                         err = -EINVAL;
526                         break;
527                 }
528 
529                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
530                              (u32 __user *) optval))
531                         err = -EFAULT;
532 
533                 break;
534 
535         case BT_FLUSHABLE:
536                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
537                              (u32 __user *) optval))
538                         err = -EFAULT;
539 
540                 break;
541 
542         case BT_POWER:
543                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
544                     && sk->sk_type != SOCK_RAW) {
545                         err = -EINVAL;
546                         break;
547                 }
548 
549                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
550 
551                 len = min_t(unsigned int, len, sizeof(pwr));
552                 if (copy_to_user(optval, (char *) &pwr, len))
553                         err = -EFAULT;
554 
555                 break;
556 
557         case BT_CHANNEL_POLICY:
558                 if (put_user(chan->chan_policy, (u32 __user *) optval))
559                         err = -EFAULT;
560                 break;
561 
562         case BT_SNDMTU:
563                 if (!enable_lecoc) {
564                         err = -EPROTONOSUPPORT;
565                         break;
566                 }
567 
568                 if (!bdaddr_type_is_le(chan->src_type)) {
569                         err = -EINVAL;
570                         break;
571                 }
572 
573                 if (sk->sk_state != BT_CONNECTED) {
574                         err = -ENOTCONN;
575                         break;
576                 }
577 
578                 if (put_user(chan->omtu, (u16 __user *) optval))
579                         err = -EFAULT;
580                 break;
581 
582         case BT_RCVMTU:
583                 if (!enable_lecoc) {
584                         err = -EPROTONOSUPPORT;
585                         break;
586                 }
587 
588                 if (!bdaddr_type_is_le(chan->src_type)) {
589                         err = -EINVAL;
590                         break;
591                 }
592 
593                 if (put_user(chan->imtu, (u16 __user *) optval))
594                         err = -EFAULT;
595                 break;
596 
597         default:
598                 err = -ENOPROTOOPT;
599                 break;
600         }
601 
602         release_sock(sk);
603         return err;
604 }
605 
606 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
607 {
608         switch (chan->scid) {
609         case L2CAP_CID_ATT:
610                 if (mtu < L2CAP_LE_MIN_MTU)
611                         return false;
612                 break;
613 
614         default:
615                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
616                         return false;
617         }
618 
619         return true;
620 }
621 
622 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
623                                      char __user *optval, unsigned int optlen)
624 {
625         struct sock *sk = sock->sk;
626         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
627         struct l2cap_options opts;
628         int len, err = 0;
629         u32 opt;
630 
631         BT_DBG("sk %p", sk);
632 
633         lock_sock(sk);
634 
635         switch (optname) {
636         case L2CAP_OPTIONS:
637                 if (bdaddr_type_is_le(chan->src_type)) {
638                         err = -EINVAL;
639                         break;
640                 }
641 
642                 if (sk->sk_state == BT_CONNECTED) {
643                         err = -EINVAL;
644                         break;
645                 }
646 
647                 opts.imtu     = chan->imtu;
648                 opts.omtu     = chan->omtu;
649                 opts.flush_to = chan->flush_to;
650                 opts.mode     = chan->mode;
651                 opts.fcs      = chan->fcs;
652                 opts.max_tx   = chan->max_tx;
653                 opts.txwin_size = chan->tx_win;
654 
655                 len = min_t(unsigned int, sizeof(opts), optlen);
656                 if (copy_from_user((char *) &opts, optval, len)) {
657                         err = -EFAULT;
658                         break;
659                 }
660 
661                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
662                         err = -EINVAL;
663                         break;
664                 }
665 
666                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
667                         err = -EINVAL;
668                         break;
669                 }
670 
671                 chan->mode = opts.mode;
672                 switch (chan->mode) {
673                 case L2CAP_MODE_LE_FLOWCTL:
674                         break;
675                 case L2CAP_MODE_BASIC:
676                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
677                         break;
678                 case L2CAP_MODE_ERTM:
679                 case L2CAP_MODE_STREAMING:
680                         if (!disable_ertm)
681                                 break;
682                         /* fall through */
683                 default:
684                         err = -EINVAL;
685                         break;
686                 }
687 
688                 chan->imtu = opts.imtu;
689                 chan->omtu = opts.omtu;
690                 chan->fcs  = opts.fcs;
691                 chan->max_tx = opts.max_tx;
692                 chan->tx_win = opts.txwin_size;
693                 chan->flush_to = opts.flush_to;
694                 break;
695 
696         case L2CAP_LM:
697                 if (get_user(opt, (u32 __user *) optval)) {
698                         err = -EFAULT;
699                         break;
700                 }
701 
702                 if (opt & L2CAP_LM_AUTH)
703                         chan->sec_level = BT_SECURITY_LOW;
704                 if (opt & L2CAP_LM_ENCRYPT)
705                         chan->sec_level = BT_SECURITY_MEDIUM;
706                 if (opt & L2CAP_LM_SECURE)
707                         chan->sec_level = BT_SECURITY_HIGH;
708 
709                 if (opt & L2CAP_LM_MASTER)
710                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
711                 else
712                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
713 
714                 if (opt & L2CAP_LM_RELIABLE)
715                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
716                 else
717                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
718                 break;
719 
720         default:
721                 err = -ENOPROTOOPT;
722                 break;
723         }
724 
725         release_sock(sk);
726         return err;
727 }
728 
729 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
730                                  char __user *optval, unsigned int optlen)
731 {
732         struct sock *sk = sock->sk;
733         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
734         struct bt_security sec;
735         struct bt_power pwr;
736         struct l2cap_conn *conn;
737         int len, err = 0;
738         u32 opt;
739 
740         BT_DBG("sk %p", sk);
741 
742         if (level == SOL_L2CAP)
743                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
744 
745         if (level != SOL_BLUETOOTH)
746                 return -ENOPROTOOPT;
747 
748         lock_sock(sk);
749 
750         switch (optname) {
751         case BT_SECURITY:
752                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
753                     chan->chan_type != L2CAP_CHAN_RAW) {
754                         err = -EINVAL;
755                         break;
756                 }
757 
758                 sec.level = BT_SECURITY_LOW;
759 
760                 len = min_t(unsigned int, sizeof(sec), optlen);
761                 if (copy_from_user((char *) &sec, optval, len)) {
762                         err = -EFAULT;
763                         break;
764                 }
765 
766                 if (sec.level < BT_SECURITY_LOW ||
767                     sec.level > BT_SECURITY_HIGH) {
768                         err = -EINVAL;
769                         break;
770                 }
771 
772                 chan->sec_level = sec.level;
773 
774                 if (!chan->conn)
775                         break;
776 
777                 conn = chan->conn;
778 
779                 /*change security for LE channels */
780                 if (chan->scid == L2CAP_CID_ATT) {
781                         if (smp_conn_security(conn->hcon, sec.level))
782                                 break;
783                         sk->sk_state = BT_CONFIG;
784                         chan->state = BT_CONFIG;
785 
786                 /* or for ACL link */
787                 } else if ((sk->sk_state == BT_CONNECT2 &&
788                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
789                            sk->sk_state == BT_CONNECTED) {
790                         if (!l2cap_chan_check_security(chan))
791                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
792                         else
793                                 sk->sk_state_change(sk);
794                 } else {
795                         err = -EINVAL;
796                 }
797                 break;
798 
799         case BT_DEFER_SETUP:
800                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
801                         err = -EINVAL;
802                         break;
803                 }
804 
805                 if (get_user(opt, (u32 __user *) optval)) {
806                         err = -EFAULT;
807                         break;
808                 }
809 
810                 if (opt) {
811                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
812                         set_bit(FLAG_DEFER_SETUP, &chan->flags);
813                 } else {
814                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
815                         clear_bit(FLAG_DEFER_SETUP, &chan->flags);
816                 }
817                 break;
818 
819         case BT_FLUSHABLE:
820                 if (get_user(opt, (u32 __user *) optval)) {
821                         err = -EFAULT;
822                         break;
823                 }
824 
825                 if (opt > BT_FLUSHABLE_ON) {
826                         err = -EINVAL;
827                         break;
828                 }
829 
830                 if (opt == BT_FLUSHABLE_OFF) {
831                         conn = chan->conn;
832                         /* proceed further only when we have l2cap_conn and
833                            No Flush support in the LM */
834                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
835                                 err = -EINVAL;
836                                 break;
837                         }
838                 }
839 
840                 if (opt)
841                         set_bit(FLAG_FLUSHABLE, &chan->flags);
842                 else
843                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
844                 break;
845 
846         case BT_POWER:
847                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
848                     chan->chan_type != L2CAP_CHAN_RAW) {
849                         err = -EINVAL;
850                         break;
851                 }
852 
853                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
854 
855                 len = min_t(unsigned int, sizeof(pwr), optlen);
856                 if (copy_from_user((char *) &pwr, optval, len)) {
857                         err = -EFAULT;
858                         break;
859                 }
860 
861                 if (pwr.force_active)
862                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
863                 else
864                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
865                 break;
866 
867         case BT_CHANNEL_POLICY:
868                 if (get_user(opt, (u32 __user *) optval)) {
869                         err = -EFAULT;
870                         break;
871                 }
872 
873                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
874                         err = -EINVAL;
875                         break;
876                 }
877 
878                 if (chan->mode != L2CAP_MODE_ERTM &&
879                     chan->mode != L2CAP_MODE_STREAMING) {
880                         err = -EOPNOTSUPP;
881                         break;
882                 }
883 
884                 chan->chan_policy = (u8) opt;
885 
886                 if (sk->sk_state == BT_CONNECTED &&
887                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
888                         l2cap_move_start(chan);
889 
890                 break;
891 
892         case BT_SNDMTU:
893                 if (!enable_lecoc) {
894                         err = -EPROTONOSUPPORT;
895                         break;
896                 }
897 
898                 if (!bdaddr_type_is_le(chan->src_type)) {
899                         err = -EINVAL;
900                         break;
901                 }
902 
903                 /* Setting is not supported as it's the remote side that
904                  * decides this.
905                  */
906                 err = -EPERM;
907                 break;
908 
909         case BT_RCVMTU:
910                 if (!enable_lecoc) {
911                         err = -EPROTONOSUPPORT;
912                         break;
913                 }
914 
915                 if (!bdaddr_type_is_le(chan->src_type)) {
916                         err = -EINVAL;
917                         break;
918                 }
919 
920                 if (sk->sk_state == BT_CONNECTED) {
921                         err = -EISCONN;
922                         break;
923                 }
924 
925                 if (get_user(opt, (u16 __user *) optval)) {
926                         err = -EFAULT;
927                         break;
928                 }
929 
930                 chan->imtu = opt;
931                 break;
932 
933         default:
934                 err = -ENOPROTOOPT;
935                 break;
936         }
937 
938         release_sock(sk);
939         return err;
940 }
941 
942 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
943                               struct msghdr *msg, size_t len)
944 {
945         struct sock *sk = sock->sk;
946         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
947         int err;
948 
949         BT_DBG("sock %p, sk %p", sock, sk);
950 
951         err = sock_error(sk);
952         if (err)
953                 return err;
954 
955         if (msg->msg_flags & MSG_OOB)
956                 return -EOPNOTSUPP;
957 
958         if (sk->sk_state != BT_CONNECTED)
959                 return -ENOTCONN;
960 
961         lock_sock(sk);
962         err = bt_sock_wait_ready(sk, msg->msg_flags);
963         release_sock(sk);
964         if (err)
965                 return err;
966 
967         l2cap_chan_lock(chan);
968         err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
969         l2cap_chan_unlock(chan);
970 
971         return err;
972 }
973 
974 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
975                               struct msghdr *msg, size_t len, int flags)
976 {
977         struct sock *sk = sock->sk;
978         struct l2cap_pinfo *pi = l2cap_pi(sk);
979         int err;
980 
981         lock_sock(sk);
982 
983         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
984                                                     &bt_sk(sk)->flags)) {
985                 if (bdaddr_type_is_le(pi->chan->src_type)) {
986                         sk->sk_state = BT_CONNECTED;
987                         pi->chan->state = BT_CONNECTED;
988                         __l2cap_le_connect_rsp_defer(pi->chan);
989                 } else {
990                         sk->sk_state = BT_CONFIG;
991                         pi->chan->state = BT_CONFIG;
992                         __l2cap_connect_rsp_defer(pi->chan);
993                 }
994 
995                 err = 0;
996                 goto done;
997         }
998 
999         release_sock(sk);
1000 
1001         if (sock->type == SOCK_STREAM)
1002                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1003         else
1004                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1005 
1006         if (pi->chan->mode != L2CAP_MODE_ERTM)
1007                 return err;
1008 
1009         /* Attempt to put pending rx data in the socket buffer */
1010 
1011         lock_sock(sk);
1012 
1013         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1014                 goto done;
1015 
1016         if (pi->rx_busy_skb) {
1017                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1018                         pi->rx_busy_skb = NULL;
1019                 else
1020                         goto done;
1021         }
1022 
1023         /* Restore data flow when half of the receive buffer is
1024          * available.  This avoids resending large numbers of
1025          * frames.
1026          */
1027         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1028                 l2cap_chan_busy(pi->chan, 0);
1029 
1030 done:
1031         release_sock(sk);
1032         return err;
1033 }
1034 
1035 /* Kill socket (only if zapped and orphan)
1036  * Must be called on unlocked socket.
1037  */
1038 static void l2cap_sock_kill(struct sock *sk)
1039 {
1040         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1041                 return;
1042 
1043         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1044 
1045         /* Kill poor orphan */
1046 
1047         l2cap_chan_put(l2cap_pi(sk)->chan);
1048         sock_set_flag(sk, SOCK_DEAD);
1049         sock_put(sk);
1050 }
1051 
1052 static int __l2cap_wait_ack(struct sock *sk)
1053 {
1054         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1055         DECLARE_WAITQUEUE(wait, current);
1056         int err = 0;
1057         int timeo = HZ/5;
1058 
1059         add_wait_queue(sk_sleep(sk), &wait);
1060         set_current_state(TASK_INTERRUPTIBLE);
1061         while (chan->unacked_frames > 0 && chan->conn) {
1062                 if (!timeo)
1063                         timeo = HZ/5;
1064 
1065                 if (signal_pending(current)) {
1066                         err = sock_intr_errno(timeo);
1067                         break;
1068                 }
1069 
1070                 release_sock(sk);
1071                 timeo = schedule_timeout(timeo);
1072                 lock_sock(sk);
1073                 set_current_state(TASK_INTERRUPTIBLE);
1074 
1075                 err = sock_error(sk);
1076                 if (err)
1077                         break;
1078         }
1079         set_current_state(TASK_RUNNING);
1080         remove_wait_queue(sk_sleep(sk), &wait);
1081         return err;
1082 }
1083 
1084 static int l2cap_sock_shutdown(struct socket *sock, int how)
1085 {
1086         struct sock *sk = sock->sk;
1087         struct l2cap_chan *chan;
1088         struct l2cap_conn *conn;
1089         int err = 0;
1090 
1091         BT_DBG("sock %p, sk %p", sock, sk);
1092 
1093         if (!sk)
1094                 return 0;
1095 
1096         chan = l2cap_pi(sk)->chan;
1097         conn = chan->conn;
1098 
1099         if (conn)
1100                 mutex_lock(&conn->chan_lock);
1101 
1102         l2cap_chan_lock(chan);
1103         lock_sock(sk);
1104 
1105         if (!sk->sk_shutdown) {
1106                 if (chan->mode == L2CAP_MODE_ERTM)
1107                         err = __l2cap_wait_ack(sk);
1108 
1109                 sk->sk_shutdown = SHUTDOWN_MASK;
1110 
1111                 release_sock(sk);
1112                 l2cap_chan_close(chan, 0);
1113                 lock_sock(sk);
1114 
1115                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1116                     !(current->flags & PF_EXITING))
1117                         err = bt_sock_wait_state(sk, BT_CLOSED,
1118                                                  sk->sk_lingertime);
1119         }
1120 
1121         if (!err && sk->sk_err)
1122                 err = -sk->sk_err;
1123 
1124         release_sock(sk);
1125         l2cap_chan_unlock(chan);
1126 
1127         if (conn)
1128                 mutex_unlock(&conn->chan_lock);
1129 
1130         return err;
1131 }
1132 
1133 static int l2cap_sock_release(struct socket *sock)
1134 {
1135         struct sock *sk = sock->sk;
1136         int err;
1137 
1138         BT_DBG("sock %p, sk %p", sock, sk);
1139 
1140         if (!sk)
1141                 return 0;
1142 
1143         bt_sock_unlink(&l2cap_sk_list, sk);
1144 
1145         err = l2cap_sock_shutdown(sock, 2);
1146 
1147         sock_orphan(sk);
1148         l2cap_sock_kill(sk);
1149         return err;
1150 }
1151 
1152 static void l2cap_sock_cleanup_listen(struct sock *parent)
1153 {
1154         struct sock *sk;
1155 
1156         BT_DBG("parent %p", parent);
1157 
1158         /* Close not yet accepted channels */
1159         while ((sk = bt_accept_dequeue(parent, NULL))) {
1160                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1161 
1162                 l2cap_chan_lock(chan);
1163                 __clear_chan_timer(chan);
1164                 l2cap_chan_close(chan, ECONNRESET);
1165                 l2cap_chan_unlock(chan);
1166 
1167                 l2cap_sock_kill(sk);
1168         }
1169 }
1170 
1171 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1172 {
1173         struct sock *sk, *parent = chan->data;
1174 
1175         lock_sock(parent);
1176 
1177         /* Check for backlog size */
1178         if (sk_acceptq_is_full(parent)) {
1179                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1180                 release_sock(parent);
1181                 return NULL;
1182         }
1183 
1184         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1185                               GFP_ATOMIC);
1186         if (!sk) {
1187                 release_sock(parent);
1188                 return NULL;
1189         }
1190 
1191         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1192 
1193         l2cap_sock_init(sk, parent);
1194 
1195         bt_accept_enqueue(parent, sk);
1196 
1197         release_sock(parent);
1198 
1199         return l2cap_pi(sk)->chan;
1200 }
1201 
1202 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1203 {
1204         struct sock *sk = chan->data;
1205         int err;
1206 
1207         lock_sock(sk);
1208 
1209         if (l2cap_pi(sk)->rx_busy_skb) {
1210                 err = -ENOMEM;
1211                 goto done;
1212         }
1213 
1214         err = sock_queue_rcv_skb(sk, skb);
1215 
1216         /* For ERTM, handle one skb that doesn't fit into the recv
1217          * buffer.  This is important to do because the data frames
1218          * have already been acked, so the skb cannot be discarded.
1219          *
1220          * Notify the l2cap core that the buffer is full, so the
1221          * LOCAL_BUSY state is entered and no more frames are
1222          * acked and reassembled until there is buffer space
1223          * available.
1224          */
1225         if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1226                 l2cap_pi(sk)->rx_busy_skb = skb;
1227                 l2cap_chan_busy(chan, 1);
1228                 err = 0;
1229         }
1230 
1231 done:
1232         release_sock(sk);
1233 
1234         return err;
1235 }
1236 
1237 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1238 {
1239         struct sock *sk = chan->data;
1240 
1241         l2cap_sock_kill(sk);
1242 }
1243 
1244 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1245 {
1246         struct sock *sk = chan->data;
1247         struct sock *parent;
1248 
1249         lock_sock(sk);
1250 
1251         parent = bt_sk(sk)->parent;
1252 
1253         sock_set_flag(sk, SOCK_ZAPPED);
1254 
1255         switch (chan->state) {
1256         case BT_OPEN:
1257         case BT_BOUND:
1258         case BT_CLOSED:
1259                 break;
1260         case BT_LISTEN:
1261                 l2cap_sock_cleanup_listen(sk);
1262                 sk->sk_state = BT_CLOSED;
1263                 chan->state = BT_CLOSED;
1264 
1265                 break;
1266         default:
1267                 sk->sk_state = BT_CLOSED;
1268                 chan->state = BT_CLOSED;
1269 
1270                 sk->sk_err = err;
1271 
1272                 if (parent) {
1273                         bt_accept_unlink(sk);
1274                         parent->sk_data_ready(parent, 0);
1275                 } else {
1276                         sk->sk_state_change(sk);
1277                 }
1278 
1279                 break;
1280         }
1281 
1282         release_sock(sk);
1283 }
1284 
1285 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1286                                        int err)
1287 {
1288         struct sock *sk = chan->data;
1289 
1290         sk->sk_state = state;
1291 
1292         if (err)
1293                 sk->sk_err = err;
1294 }
1295 
1296 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1297                                                unsigned long len, int nb)
1298 {
1299         struct sock *sk = chan->data;
1300         struct sk_buff *skb;
1301         int err;
1302 
1303         l2cap_chan_unlock(chan);
1304         skb = bt_skb_send_alloc(sk, len, nb, &err);
1305         l2cap_chan_lock(chan);
1306 
1307         if (!skb)
1308                 return ERR_PTR(err);
1309 
1310         bt_cb(skb)->chan = chan;
1311 
1312         return skb;
1313 }
1314 
1315 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1316 {
1317         struct sock *sk = chan->data;
1318         struct sock *parent;
1319 
1320         lock_sock(sk);
1321 
1322         parent = bt_sk(sk)->parent;
1323 
1324         BT_DBG("sk %p, parent %p", sk, parent);
1325 
1326         sk->sk_state = BT_CONNECTED;
1327         sk->sk_state_change(sk);
1328 
1329         if (parent)
1330                 parent->sk_data_ready(parent, 0);
1331 
1332         release_sock(sk);
1333 }
1334 
1335 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1336 {
1337         struct sock *parent, *sk = chan->data;
1338 
1339         lock_sock(sk);
1340 
1341         parent = bt_sk(sk)->parent;
1342         if (parent)
1343                 parent->sk_data_ready(parent, 0);
1344 
1345         release_sock(sk);
1346 }
1347 
1348 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1349 {
1350         struct sock *sk = chan->data;
1351 
1352         clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1353         sk->sk_state_change(sk);
1354 }
1355 
1356 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1357 {
1358         struct sock *sk = chan->data;
1359 
1360         lock_sock(sk);
1361         sk->sk_shutdown = SHUTDOWN_MASK;
1362         release_sock(sk);
1363 }
1364 
1365 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1366 {
1367         struct sock *sk = chan->data;
1368 
1369         return sk->sk_sndtimeo;
1370 }
1371 
1372 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1373 {
1374         struct sock *sk = chan->data;
1375 
1376         set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1377         sk->sk_state_change(sk);
1378 }
1379 
1380 static struct l2cap_ops l2cap_chan_ops = {
1381         .name           = "L2CAP Socket Interface",
1382         .new_connection = l2cap_sock_new_connection_cb,
1383         .recv           = l2cap_sock_recv_cb,
1384         .close          = l2cap_sock_close_cb,
1385         .teardown       = l2cap_sock_teardown_cb,
1386         .state_change   = l2cap_sock_state_change_cb,
1387         .ready          = l2cap_sock_ready_cb,
1388         .defer          = l2cap_sock_defer_cb,
1389         .resume         = l2cap_sock_resume_cb,
1390         .suspend        = l2cap_sock_suspend_cb,
1391         .set_shutdown   = l2cap_sock_set_shutdown_cb,
1392         .get_sndtimeo   = l2cap_sock_get_sndtimeo_cb,
1393         .alloc_skb      = l2cap_sock_alloc_skb_cb,
1394 };
1395 
1396 static void l2cap_sock_destruct(struct sock *sk)
1397 {
1398         BT_DBG("sk %p", sk);
1399 
1400         if (l2cap_pi(sk)->chan)
1401                 l2cap_chan_put(l2cap_pi(sk)->chan);
1402 
1403         if (l2cap_pi(sk)->rx_busy_skb) {
1404                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1405                 l2cap_pi(sk)->rx_busy_skb = NULL;
1406         }
1407 
1408         skb_queue_purge(&sk->sk_receive_queue);
1409         skb_queue_purge(&sk->sk_write_queue);
1410 }
1411 
1412 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1413                                int *msg_namelen)
1414 {
1415         DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1416 
1417         memset(la, 0, sizeof(struct sockaddr_l2));
1418         la->l2_family = AF_BLUETOOTH;
1419         la->l2_psm = bt_cb(skb)->psm;
1420         bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1421 
1422         *msg_namelen = sizeof(struct sockaddr_l2);
1423 }
1424 
1425 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1426 {
1427         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1428 
1429         BT_DBG("sk %p", sk);
1430 
1431         if (parent) {
1432                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1433 
1434                 sk->sk_type = parent->sk_type;
1435                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1436 
1437                 chan->chan_type = pchan->chan_type;
1438                 chan->imtu = pchan->imtu;
1439                 chan->omtu = pchan->omtu;
1440                 chan->conf_state = pchan->conf_state;
1441                 chan->mode = pchan->mode;
1442                 chan->fcs  = pchan->fcs;
1443                 chan->max_tx = pchan->max_tx;
1444                 chan->tx_win = pchan->tx_win;
1445                 chan->tx_win_max = pchan->tx_win_max;
1446                 chan->sec_level = pchan->sec_level;
1447                 chan->flags = pchan->flags;
1448                 chan->tx_credits = pchan->tx_credits;
1449                 chan->rx_credits = pchan->rx_credits;
1450 
1451                 security_sk_clone(parent, sk);
1452         } else {
1453                 switch (sk->sk_type) {
1454                 case SOCK_RAW:
1455                         chan->chan_type = L2CAP_CHAN_RAW;
1456                         break;
1457                 case SOCK_DGRAM:
1458                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1459                         bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1460                         break;
1461                 case SOCK_SEQPACKET:
1462                 case SOCK_STREAM:
1463                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1464                         break;
1465                 }
1466 
1467                 chan->imtu = L2CAP_DEFAULT_MTU;
1468                 chan->omtu = 0;
1469                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1470                         chan->mode = L2CAP_MODE_ERTM;
1471                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1472                 } else {
1473                         chan->mode = L2CAP_MODE_BASIC;
1474                 }
1475 
1476                 l2cap_chan_set_defaults(chan);
1477         }
1478 
1479         /* Default config options */
1480         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1481 
1482         chan->data = sk;
1483         chan->ops = &l2cap_chan_ops;
1484 }
1485 
1486 static struct proto l2cap_proto = {
1487         .name           = "L2CAP",
1488         .owner          = THIS_MODULE,
1489         .obj_size       = sizeof(struct l2cap_pinfo)
1490 };
1491 
1492 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1493                                      int proto, gfp_t prio)
1494 {
1495         struct sock *sk;
1496         struct l2cap_chan *chan;
1497 
1498         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1499         if (!sk)
1500                 return NULL;
1501 
1502         sock_init_data(sock, sk);
1503         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1504 
1505         sk->sk_destruct = l2cap_sock_destruct;
1506         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1507 
1508         sock_reset_flag(sk, SOCK_ZAPPED);
1509 
1510         sk->sk_protocol = proto;
1511         sk->sk_state = BT_OPEN;
1512 
1513         chan = l2cap_chan_create();
1514         if (!chan) {
1515                 sk_free(sk);
1516                 return NULL;
1517         }
1518 
1519         l2cap_chan_hold(chan);
1520 
1521         l2cap_pi(sk)->chan = chan;
1522 
1523         return sk;
1524 }
1525 
1526 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1527                              int kern)
1528 {
1529         struct sock *sk;
1530 
1531         BT_DBG("sock %p", sock);
1532 
1533         sock->state = SS_UNCONNECTED;
1534 
1535         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1536             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1537                 return -ESOCKTNOSUPPORT;
1538 
1539         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1540                 return -EPERM;
1541 
1542         sock->ops = &l2cap_sock_ops;
1543 
1544         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1545         if (!sk)
1546                 return -ENOMEM;
1547 
1548         l2cap_sock_init(sk, NULL);
1549         bt_sock_link(&l2cap_sk_list, sk);
1550         return 0;
1551 }
1552 
1553 static const struct proto_ops l2cap_sock_ops = {
1554         .family         = PF_BLUETOOTH,
1555         .owner          = THIS_MODULE,
1556         .release        = l2cap_sock_release,
1557         .bind           = l2cap_sock_bind,
1558         .connect        = l2cap_sock_connect,
1559         .listen         = l2cap_sock_listen,
1560         .accept         = l2cap_sock_accept,
1561         .getname        = l2cap_sock_getname,
1562         .sendmsg        = l2cap_sock_sendmsg,
1563         .recvmsg        = l2cap_sock_recvmsg,
1564         .poll           = bt_sock_poll,
1565         .ioctl          = bt_sock_ioctl,
1566         .mmap           = sock_no_mmap,
1567         .socketpair     = sock_no_socketpair,
1568         .shutdown       = l2cap_sock_shutdown,
1569         .setsockopt     = l2cap_sock_setsockopt,
1570         .getsockopt     = l2cap_sock_getsockopt
1571 };
1572 
1573 static const struct net_proto_family l2cap_sock_family_ops = {
1574         .family = PF_BLUETOOTH,
1575         .owner  = THIS_MODULE,
1576         .create = l2cap_sock_create,
1577 };
1578 
1579 int __init l2cap_init_sockets(void)
1580 {
1581         int err;
1582 
1583         err = proto_register(&l2cap_proto, 0);
1584         if (err < 0)
1585                 return err;
1586 
1587         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1588         if (err < 0) {
1589                 BT_ERR("L2CAP socket registration failed");
1590                 goto error;
1591         }
1592 
1593         err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1594                              NULL);
1595         if (err < 0) {
1596                 BT_ERR("Failed to create L2CAP proc file");
1597                 bt_sock_unregister(BTPROTO_L2CAP);
1598                 goto error;
1599         }
1600 
1601         BT_INFO("L2CAP socket layer initialized");
1602 
1603         return 0;
1604 
1605 error:
1606         proto_unregister(&l2cap_proto);
1607         return err;
1608 }
1609 
1610 void l2cap_cleanup_sockets(void)
1611 {
1612         bt_procfs_cleanup(&init_net, "l2cap");
1613         bt_sock_unregister(BTPROTO_L2CAP);
1614         proto_unregister(&l2cap_proto);
1615 }
1616 
1617 module_param(enable_lecoc, bool, 0644);
1618 MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC");
1619 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp