~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/l2cap_sock.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.11 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.84 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.154 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.201 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.201 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.77 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
  5    Copyright (C) 2010 Google Inc.
  6    Copyright (C) 2011 ProFUSION Embedded Systems
  7 
  8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  9 
 10    This program is free software; you can redistribute it and/or modify
 11    it under the terms of the GNU General Public License version 2 as
 12    published by the Free Software Foundation;
 13 
 14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 22 
 23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 25    SOFTWARE IS DISCLAIMED.
 26 */
 27 
 28 /* Bluetooth L2CAP sockets. */
 29 
 30 #include <linux/module.h>
 31 #include <linux/export.h>
 32 
 33 #include <net/bluetooth/bluetooth.h>
 34 #include <net/bluetooth/hci_core.h>
 35 #include <net/bluetooth/l2cap.h>
 36 
 37 #include "smp.h"
 38 
 39 static struct bt_sock_list l2cap_sk_list = {
 40         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
 41 };
 42 
 43 static const struct proto_ops l2cap_sock_ops;
 44 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
 45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
 46                                      int proto, gfp_t prio);
 47 
 48 bool l2cap_is_socket(struct socket *sock)
 49 {
 50         return sock && sock->ops == &l2cap_sock_ops;
 51 }
 52 EXPORT_SYMBOL(l2cap_is_socket);
 53 
 54 static int l2cap_validate_bredr_psm(u16 psm)
 55 {
 56         /* PSM must be odd and lsb of upper byte must be 0 */
 57         if ((psm & 0x0101) != 0x0001)
 58                 return -EINVAL;
 59 
 60         /* Restrict usage of well-known PSMs */
 61         if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
 62                 return -EACCES;
 63 
 64         return 0;
 65 }
 66 
 67 static int l2cap_validate_le_psm(u16 psm)
 68 {
 69         /* Valid LE_PSM ranges are defined only until 0x00ff */
 70         if (psm > 0x00ff)
 71                 return -EINVAL;
 72 
 73         /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
 74         if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
 75                 return -EACCES;
 76 
 77         return 0;
 78 }
 79 
 80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 81 {
 82         struct sock *sk = sock->sk;
 83         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 84         struct sockaddr_l2 la;
 85         int len, err = 0;
 86 
 87         BT_DBG("sk %p", sk);
 88 
 89         if (!addr || addr->sa_family != AF_BLUETOOTH)
 90                 return -EINVAL;
 91 
 92         memset(&la, 0, sizeof(la));
 93         len = min_t(unsigned int, sizeof(la), alen);
 94         memcpy(&la, addr, len);
 95 
 96         if (la.l2_cid && la.l2_psm)
 97                 return -EINVAL;
 98 
 99         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
100                 return -EINVAL;
101 
102         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
103                 /* We only allow ATT user space socket */
104                 if (la.l2_cid &&
105                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
106                         return -EINVAL;
107         }
108 
109         lock_sock(sk);
110 
111         if (sk->sk_state != BT_OPEN) {
112                 err = -EBADFD;
113                 goto done;
114         }
115 
116         if (la.l2_psm) {
117                 __u16 psm = __le16_to_cpu(la.l2_psm);
118 
119                 if (la.l2_bdaddr_type == BDADDR_BREDR)
120                         err = l2cap_validate_bredr_psm(psm);
121                 else
122                         err = l2cap_validate_le_psm(psm);
123 
124                 if (err)
125                         goto done;
126         }
127 
128         if (la.l2_cid)
129                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
130         else
131                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
132 
133         if (err < 0)
134                 goto done;
135 
136         switch (chan->chan_type) {
137         case L2CAP_CHAN_CONN_LESS:
138                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
139                         chan->sec_level = BT_SECURITY_SDP;
140                 break;
141         case L2CAP_CHAN_CONN_ORIENTED:
142                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
143                     __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
144                         chan->sec_level = BT_SECURITY_SDP;
145                 break;
146         case L2CAP_CHAN_RAW:
147                 chan->sec_level = BT_SECURITY_SDP;
148                 break;
149         case L2CAP_CHAN_FIXED:
150                 /* Fixed channels default to the L2CAP core not holding a
151                  * hci_conn reference for them. For fixed channels mapping to
152                  * L2CAP sockets we do want to hold a reference so set the
153                  * appropriate flag to request it.
154                  */
155                 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
156                 break;
157         }
158 
159         bacpy(&chan->src, &la.l2_bdaddr);
160         chan->src_type = la.l2_bdaddr_type;
161 
162         if (chan->psm && bdaddr_type_is_le(chan->src_type))
163                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
164 
165         chan->state = BT_BOUND;
166         sk->sk_state = BT_BOUND;
167 
168 done:
169         release_sock(sk);
170         return err;
171 }
172 
173 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
174                               int alen, int flags)
175 {
176         struct sock *sk = sock->sk;
177         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178         struct sockaddr_l2 la;
179         int len, err = 0;
180 
181         BT_DBG("sk %p", sk);
182 
183         if (!addr || alen < sizeof(addr->sa_family) ||
184             addr->sa_family != AF_BLUETOOTH)
185                 return -EINVAL;
186 
187         memset(&la, 0, sizeof(la));
188         len = min_t(unsigned int, sizeof(la), alen);
189         memcpy(&la, addr, len);
190 
191         if (la.l2_cid && la.l2_psm)
192                 return -EINVAL;
193 
194         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
195                 return -EINVAL;
196 
197         /* Check that the socket wasn't bound to something that
198          * conflicts with the address given to connect(). If chan->src
199          * is BDADDR_ANY it means bind() was never used, in which case
200          * chan->src_type and la.l2_bdaddr_type do not need to match.
201          */
202         if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203             bdaddr_type_is_le(la.l2_bdaddr_type)) {
204                 /* Old user space versions will try to incorrectly bind
205                  * the ATT socket using BDADDR_BREDR. We need to accept
206                  * this and fix up the source address type only when
207                  * both the source CID and destination CID indicate
208                  * ATT. Anything else is an invalid combination.
209                  */
210                 if (chan->scid != L2CAP_CID_ATT ||
211                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
212                         return -EINVAL;
213 
214                 /* We don't have the hdev available here to make a
215                  * better decision on random vs public, but since all
216                  * user space versions that exhibit this issue anyway do
217                  * not support random local addresses assuming public
218                  * here is good enough.
219                  */
220                 chan->src_type = BDADDR_LE_PUBLIC;
221         }
222 
223         if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
224                 return -EINVAL;
225 
226         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
227                 /* We only allow ATT user space socket */
228                 if (la.l2_cid &&
229                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
230                         return -EINVAL;
231         }
232 
233         if (chan->psm && bdaddr_type_is_le(chan->src_type))
234                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
235 
236         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
237                                  &la.l2_bdaddr, la.l2_bdaddr_type);
238         if (err)
239                 return err;
240 
241         lock_sock(sk);
242 
243         err = bt_sock_wait_state(sk, BT_CONNECTED,
244                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
245 
246         release_sock(sk);
247 
248         return err;
249 }
250 
251 static int l2cap_sock_listen(struct socket *sock, int backlog)
252 {
253         struct sock *sk = sock->sk;
254         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
255         int err = 0;
256 
257         BT_DBG("sk %p backlog %d", sk, backlog);
258 
259         lock_sock(sk);
260 
261         if (sk->sk_state != BT_BOUND) {
262                 err = -EBADFD;
263                 goto done;
264         }
265 
266         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
267                 err = -EINVAL;
268                 goto done;
269         }
270 
271         switch (chan->mode) {
272         case L2CAP_MODE_BASIC:
273         case L2CAP_MODE_LE_FLOWCTL:
274                 break;
275         case L2CAP_MODE_ERTM:
276         case L2CAP_MODE_STREAMING:
277                 if (!disable_ertm)
278                         break;
279                 /* fall through */
280         default:
281                 err = -EOPNOTSUPP;
282                 goto done;
283         }
284 
285         sk->sk_max_ack_backlog = backlog;
286         sk->sk_ack_backlog = 0;
287 
288         /* Listening channels need to use nested locking in order not to
289          * cause lockdep warnings when the created child channels end up
290          * being locked in the same thread as the parent channel.
291          */
292         atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
293 
294         chan->state = BT_LISTEN;
295         sk->sk_state = BT_LISTEN;
296 
297 done:
298         release_sock(sk);
299         return err;
300 }
301 
302 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
303                              int flags)
304 {
305         DECLARE_WAITQUEUE(wait, current);
306         struct sock *sk = sock->sk, *nsk;
307         long timeo;
308         int err = 0;
309 
310         lock_sock_nested(sk, L2CAP_NESTING_PARENT);
311 
312         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
313 
314         BT_DBG("sk %p timeo %ld", sk, timeo);
315 
316         /* Wait for an incoming connection. (wake-one). */
317         add_wait_queue_exclusive(sk_sleep(sk), &wait);
318         while (1) {
319                 set_current_state(TASK_INTERRUPTIBLE);
320 
321                 if (sk->sk_state != BT_LISTEN) {
322                         err = -EBADFD;
323                         break;
324                 }
325 
326                 nsk = bt_accept_dequeue(sk, newsock);
327                 if (nsk)
328                         break;
329 
330                 if (!timeo) {
331                         err = -EAGAIN;
332                         break;
333                 }
334 
335                 if (signal_pending(current)) {
336                         err = sock_intr_errno(timeo);
337                         break;
338                 }
339 
340                 release_sock(sk);
341                 timeo = schedule_timeout(timeo);
342                 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
343         }
344         __set_current_state(TASK_RUNNING);
345         remove_wait_queue(sk_sleep(sk), &wait);
346 
347         if (err)
348                 goto done;
349 
350         newsock->state = SS_CONNECTED;
351 
352         BT_DBG("new socket %p", nsk);
353 
354 done:
355         release_sock(sk);
356         return err;
357 }
358 
359 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
360                               int *len, int peer)
361 {
362         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
363         struct sock *sk = sock->sk;
364         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
365 
366         BT_DBG("sock %p, sk %p", sock, sk);
367 
368         if (peer && sk->sk_state != BT_CONNECTED &&
369             sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
370             sk->sk_state != BT_CONFIG)
371                 return -ENOTCONN;
372 
373         memset(la, 0, sizeof(struct sockaddr_l2));
374         addr->sa_family = AF_BLUETOOTH;
375         *len = sizeof(struct sockaddr_l2);
376 
377         la->l2_psm = chan->psm;
378 
379         if (peer) {
380                 bacpy(&la->l2_bdaddr, &chan->dst);
381                 la->l2_cid = cpu_to_le16(chan->dcid);
382                 la->l2_bdaddr_type = chan->dst_type;
383         } else {
384                 bacpy(&la->l2_bdaddr, &chan->src);
385                 la->l2_cid = cpu_to_le16(chan->scid);
386                 la->l2_bdaddr_type = chan->src_type;
387         }
388 
389         return 0;
390 }
391 
392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393                                      char __user *optval, int __user *optlen)
394 {
395         struct sock *sk = sock->sk;
396         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
397         struct l2cap_options opts;
398         struct l2cap_conninfo cinfo;
399         int len, err = 0;
400         u32 opt;
401 
402         BT_DBG("sk %p", sk);
403 
404         if (get_user(len, optlen))
405                 return -EFAULT;
406 
407         lock_sock(sk);
408 
409         switch (optname) {
410         case L2CAP_OPTIONS:
411                 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
412                  * legacy ATT code depends on getsockopt for
413                  * L2CAP_OPTIONS we need to let this pass.
414                  */
415                 if (bdaddr_type_is_le(chan->src_type) &&
416                     chan->scid != L2CAP_CID_ATT) {
417                         err = -EINVAL;
418                         break;
419                 }
420 
421                 memset(&opts, 0, sizeof(opts));
422                 opts.imtu     = chan->imtu;
423                 opts.omtu     = chan->omtu;
424                 opts.flush_to = chan->flush_to;
425                 opts.mode     = chan->mode;
426                 opts.fcs      = chan->fcs;
427                 opts.max_tx   = chan->max_tx;
428                 opts.txwin_size = chan->tx_win;
429 
430                 len = min_t(unsigned int, len, sizeof(opts));
431                 if (copy_to_user(optval, (char *) &opts, len))
432                         err = -EFAULT;
433 
434                 break;
435 
436         case L2CAP_LM:
437                 switch (chan->sec_level) {
438                 case BT_SECURITY_LOW:
439                         opt = L2CAP_LM_AUTH;
440                         break;
441                 case BT_SECURITY_MEDIUM:
442                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
443                         break;
444                 case BT_SECURITY_HIGH:
445                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
446                               L2CAP_LM_SECURE;
447                         break;
448                 case BT_SECURITY_FIPS:
449                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450                               L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451                         break;
452                 default:
453                         opt = 0;
454                         break;
455                 }
456 
457                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
458                         opt |= L2CAP_LM_MASTER;
459 
460                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
461                         opt |= L2CAP_LM_RELIABLE;
462 
463                 if (put_user(opt, (u32 __user *) optval))
464                         err = -EFAULT;
465 
466                 break;
467 
468         case L2CAP_CONNINFO:
469                 if (sk->sk_state != BT_CONNECTED &&
470                     !(sk->sk_state == BT_CONNECT2 &&
471                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
472                         err = -ENOTCONN;
473                         break;
474                 }
475 
476                 memset(&cinfo, 0, sizeof(cinfo));
477                 cinfo.hci_handle = chan->conn->hcon->handle;
478                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
479 
480                 len = min_t(unsigned int, len, sizeof(cinfo));
481                 if (copy_to_user(optval, (char *) &cinfo, len))
482                         err = -EFAULT;
483 
484                 break;
485 
486         default:
487                 err = -ENOPROTOOPT;
488                 break;
489         }
490 
491         release_sock(sk);
492         return err;
493 }
494 
495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496                                  char __user *optval, int __user *optlen)
497 {
498         struct sock *sk = sock->sk;
499         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
500         struct bt_security sec;
501         struct bt_power pwr;
502         int len, err = 0;
503 
504         BT_DBG("sk %p", sk);
505 
506         if (level == SOL_L2CAP)
507                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
508 
509         if (level != SOL_BLUETOOTH)
510                 return -ENOPROTOOPT;
511 
512         if (get_user(len, optlen))
513                 return -EFAULT;
514 
515         lock_sock(sk);
516 
517         switch (optname) {
518         case BT_SECURITY:
519                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
520                     chan->chan_type != L2CAP_CHAN_FIXED &&
521                     chan->chan_type != L2CAP_CHAN_RAW) {
522                         err = -EINVAL;
523                         break;
524                 }
525 
526                 memset(&sec, 0, sizeof(sec));
527                 if (chan->conn) {
528                         sec.level = chan->conn->hcon->sec_level;
529 
530                         if (sk->sk_state == BT_CONNECTED)
531                                 sec.key_size = chan->conn->hcon->enc_key_size;
532                 } else {
533                         sec.level = chan->sec_level;
534                 }
535 
536                 len = min_t(unsigned int, len, sizeof(sec));
537                 if (copy_to_user(optval, (char *) &sec, len))
538                         err = -EFAULT;
539 
540                 break;
541 
542         case BT_DEFER_SETUP:
543                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
544                         err = -EINVAL;
545                         break;
546                 }
547 
548                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549                              (u32 __user *) optval))
550                         err = -EFAULT;
551 
552                 break;
553 
554         case BT_FLUSHABLE:
555                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
556                              (u32 __user *) optval))
557                         err = -EFAULT;
558 
559                 break;
560 
561         case BT_POWER:
562                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
563                     && sk->sk_type != SOCK_RAW) {
564                         err = -EINVAL;
565                         break;
566                 }
567 
568                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
569 
570                 len = min_t(unsigned int, len, sizeof(pwr));
571                 if (copy_to_user(optval, (char *) &pwr, len))
572                         err = -EFAULT;
573 
574                 break;
575 
576         case BT_CHANNEL_POLICY:
577                 if (put_user(chan->chan_policy, (u32 __user *) optval))
578                         err = -EFAULT;
579                 break;
580 
581         case BT_SNDMTU:
582                 if (!bdaddr_type_is_le(chan->src_type)) {
583                         err = -EINVAL;
584                         break;
585                 }
586 
587                 if (sk->sk_state != BT_CONNECTED) {
588                         err = -ENOTCONN;
589                         break;
590                 }
591 
592                 if (put_user(chan->omtu, (u16 __user *) optval))
593                         err = -EFAULT;
594                 break;
595 
596         case BT_RCVMTU:
597                 if (!bdaddr_type_is_le(chan->src_type)) {
598                         err = -EINVAL;
599                         break;
600                 }
601 
602                 if (put_user(chan->imtu, (u16 __user *) optval))
603                         err = -EFAULT;
604                 break;
605 
606         default:
607                 err = -ENOPROTOOPT;
608                 break;
609         }
610 
611         release_sock(sk);
612         return err;
613 }
614 
615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
616 {
617         switch (chan->scid) {
618         case L2CAP_CID_ATT:
619                 if (mtu < L2CAP_LE_MIN_MTU)
620                         return false;
621                 break;
622 
623         default:
624                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
625                         return false;
626         }
627 
628         return true;
629 }
630 
631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632                                      char __user *optval, unsigned int optlen)
633 {
634         struct sock *sk = sock->sk;
635         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
636         struct l2cap_options opts;
637         int len, err = 0;
638         u32 opt;
639 
640         BT_DBG("sk %p", sk);
641 
642         lock_sock(sk);
643 
644         switch (optname) {
645         case L2CAP_OPTIONS:
646                 if (bdaddr_type_is_le(chan->src_type)) {
647                         err = -EINVAL;
648                         break;
649                 }
650 
651                 if (sk->sk_state == BT_CONNECTED) {
652                         err = -EINVAL;
653                         break;
654                 }
655 
656                 opts.imtu     = chan->imtu;
657                 opts.omtu     = chan->omtu;
658                 opts.flush_to = chan->flush_to;
659                 opts.mode     = chan->mode;
660                 opts.fcs      = chan->fcs;
661                 opts.max_tx   = chan->max_tx;
662                 opts.txwin_size = chan->tx_win;
663 
664                 len = min_t(unsigned int, sizeof(opts), optlen);
665                 if (copy_from_user((char *) &opts, optval, len)) {
666                         err = -EFAULT;
667                         break;
668                 }
669 
670                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
671                         err = -EINVAL;
672                         break;
673                 }
674 
675                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
676                         err = -EINVAL;
677                         break;
678                 }
679 
680                 chan->mode = opts.mode;
681                 switch (chan->mode) {
682                 case L2CAP_MODE_LE_FLOWCTL:
683                         break;
684                 case L2CAP_MODE_BASIC:
685                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
686                         break;
687                 case L2CAP_MODE_ERTM:
688                 case L2CAP_MODE_STREAMING:
689                         if (!disable_ertm)
690                                 break;
691                         /* fall through */
692                 default:
693                         err = -EINVAL;
694                         break;
695                 }
696 
697                 chan->imtu = opts.imtu;
698                 chan->omtu = opts.omtu;
699                 chan->fcs  = opts.fcs;
700                 chan->max_tx = opts.max_tx;
701                 chan->tx_win = opts.txwin_size;
702                 chan->flush_to = opts.flush_to;
703                 break;
704 
705         case L2CAP_LM:
706                 if (get_user(opt, (u32 __user *) optval)) {
707                         err = -EFAULT;
708                         break;
709                 }
710 
711                 if (opt & L2CAP_LM_FIPS) {
712                         err = -EINVAL;
713                         break;
714                 }
715 
716                 if (opt & L2CAP_LM_AUTH)
717                         chan->sec_level = BT_SECURITY_LOW;
718                 if (opt & L2CAP_LM_ENCRYPT)
719                         chan->sec_level = BT_SECURITY_MEDIUM;
720                 if (opt & L2CAP_LM_SECURE)
721                         chan->sec_level = BT_SECURITY_HIGH;
722 
723                 if (opt & L2CAP_LM_MASTER)
724                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
725                 else
726                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
727 
728                 if (opt & L2CAP_LM_RELIABLE)
729                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
730                 else
731                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
732                 break;
733 
734         default:
735                 err = -ENOPROTOOPT;
736                 break;
737         }
738 
739         release_sock(sk);
740         return err;
741 }
742 
743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744                                  char __user *optval, unsigned int optlen)
745 {
746         struct sock *sk = sock->sk;
747         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
748         struct bt_security sec;
749         struct bt_power pwr;
750         struct l2cap_conn *conn;
751         int len, err = 0;
752         u32 opt;
753 
754         BT_DBG("sk %p", sk);
755 
756         if (level == SOL_L2CAP)
757                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
758 
759         if (level != SOL_BLUETOOTH)
760                 return -ENOPROTOOPT;
761 
762         lock_sock(sk);
763 
764         switch (optname) {
765         case BT_SECURITY:
766                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
767                     chan->chan_type != L2CAP_CHAN_FIXED &&
768                     chan->chan_type != L2CAP_CHAN_RAW) {
769                         err = -EINVAL;
770                         break;
771                 }
772 
773                 sec.level = BT_SECURITY_LOW;
774 
775                 len = min_t(unsigned int, sizeof(sec), optlen);
776                 if (copy_from_user((char *) &sec, optval, len)) {
777                         err = -EFAULT;
778                         break;
779                 }
780 
781                 if (sec.level < BT_SECURITY_LOW ||
782                     sec.level > BT_SECURITY_HIGH) {
783                         err = -EINVAL;
784                         break;
785                 }
786 
787                 chan->sec_level = sec.level;
788 
789                 if (!chan->conn)
790                         break;
791 
792                 conn = chan->conn;
793 
794                 /*change security for LE channels */
795                 if (chan->scid == L2CAP_CID_ATT) {
796                         if (smp_conn_security(conn->hcon, sec.level))
797                                 break;
798                         set_bit(FLAG_PENDING_SECURITY, &chan->flags);
799                         sk->sk_state = BT_CONFIG;
800                         chan->state = BT_CONFIG;
801 
802                 /* or for ACL link */
803                 } else if ((sk->sk_state == BT_CONNECT2 &&
804                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
805                            sk->sk_state == BT_CONNECTED) {
806                         if (!l2cap_chan_check_security(chan, true))
807                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
808                         else
809                                 sk->sk_state_change(sk);
810                 } else {
811                         err = -EINVAL;
812                 }
813                 break;
814 
815         case BT_DEFER_SETUP:
816                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
817                         err = -EINVAL;
818                         break;
819                 }
820 
821                 if (get_user(opt, (u32 __user *) optval)) {
822                         err = -EFAULT;
823                         break;
824                 }
825 
826                 if (opt) {
827                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
828                         set_bit(FLAG_DEFER_SETUP, &chan->flags);
829                 } else {
830                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
831                         clear_bit(FLAG_DEFER_SETUP, &chan->flags);
832                 }
833                 break;
834 
835         case BT_FLUSHABLE:
836                 if (get_user(opt, (u32 __user *) optval)) {
837                         err = -EFAULT;
838                         break;
839                 }
840 
841                 if (opt > BT_FLUSHABLE_ON) {
842                         err = -EINVAL;
843                         break;
844                 }
845 
846                 if (opt == BT_FLUSHABLE_OFF) {
847                         conn = chan->conn;
848                         /* proceed further only when we have l2cap_conn and
849                            No Flush support in the LM */
850                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
851                                 err = -EINVAL;
852                                 break;
853                         }
854                 }
855 
856                 if (opt)
857                         set_bit(FLAG_FLUSHABLE, &chan->flags);
858                 else
859                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
860                 break;
861 
862         case BT_POWER:
863                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
864                     chan->chan_type != L2CAP_CHAN_RAW) {
865                         err = -EINVAL;
866                         break;
867                 }
868 
869                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
870 
871                 len = min_t(unsigned int, sizeof(pwr), optlen);
872                 if (copy_from_user((char *) &pwr, optval, len)) {
873                         err = -EFAULT;
874                         break;
875                 }
876 
877                 if (pwr.force_active)
878                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
879                 else
880                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
881                 break;
882 
883         case BT_CHANNEL_POLICY:
884                 if (get_user(opt, (u32 __user *) optval)) {
885                         err = -EFAULT;
886                         break;
887                 }
888 
889                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
890                         err = -EINVAL;
891                         break;
892                 }
893 
894                 if (chan->mode != L2CAP_MODE_ERTM &&
895                     chan->mode != L2CAP_MODE_STREAMING) {
896                         err = -EOPNOTSUPP;
897                         break;
898                 }
899 
900                 chan->chan_policy = (u8) opt;
901 
902                 if (sk->sk_state == BT_CONNECTED &&
903                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
904                         l2cap_move_start(chan);
905 
906                 break;
907 
908         case BT_SNDMTU:
909                 if (!bdaddr_type_is_le(chan->src_type)) {
910                         err = -EINVAL;
911                         break;
912                 }
913 
914                 /* Setting is not supported as it's the remote side that
915                  * decides this.
916                  */
917                 err = -EPERM;
918                 break;
919 
920         case BT_RCVMTU:
921                 if (!bdaddr_type_is_le(chan->src_type)) {
922                         err = -EINVAL;
923                         break;
924                 }
925 
926                 if (sk->sk_state == BT_CONNECTED) {
927                         err = -EISCONN;
928                         break;
929                 }
930 
931                 if (get_user(opt, (u32 __user *) optval)) {
932                         err = -EFAULT;
933                         break;
934                 }
935 
936                 chan->imtu = opt;
937                 break;
938 
939         default:
940                 err = -ENOPROTOOPT;
941                 break;
942         }
943 
944         release_sock(sk);
945         return err;
946 }
947 
948 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
949                               struct msghdr *msg, size_t len)
950 {
951         struct sock *sk = sock->sk;
952         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
953         int err;
954 
955         BT_DBG("sock %p, sk %p", sock, sk);
956 
957         err = sock_error(sk);
958         if (err)
959                 return err;
960 
961         if (msg->msg_flags & MSG_OOB)
962                 return -EOPNOTSUPP;
963 
964         if (sk->sk_state != BT_CONNECTED)
965                 return -ENOTCONN;
966 
967         lock_sock(sk);
968         err = bt_sock_wait_ready(sk, msg->msg_flags);
969         release_sock(sk);
970         if (err)
971                 return err;
972 
973         l2cap_chan_lock(chan);
974         err = l2cap_chan_send(chan, msg, len);
975         l2cap_chan_unlock(chan);
976 
977         return err;
978 }
979 
980 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
981                               struct msghdr *msg, size_t len, int flags)
982 {
983         struct sock *sk = sock->sk;
984         struct l2cap_pinfo *pi = l2cap_pi(sk);
985         int err;
986 
987         lock_sock(sk);
988 
989         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
990                                                     &bt_sk(sk)->flags)) {
991                 if (bdaddr_type_is_le(pi->chan->src_type)) {
992                         sk->sk_state = BT_CONNECTED;
993                         pi->chan->state = BT_CONNECTED;
994                         __l2cap_le_connect_rsp_defer(pi->chan);
995                 } else {
996                         sk->sk_state = BT_CONFIG;
997                         pi->chan->state = BT_CONFIG;
998                         __l2cap_connect_rsp_defer(pi->chan);
999                 }
1000 
1001                 err = 0;
1002                 goto done;
1003         }
1004 
1005         release_sock(sk);
1006 
1007         if (sock->type == SOCK_STREAM)
1008                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1009         else
1010                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1011 
1012         if (pi->chan->mode != L2CAP_MODE_ERTM)
1013                 return err;
1014 
1015         /* Attempt to put pending rx data in the socket buffer */
1016 
1017         lock_sock(sk);
1018 
1019         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1020                 goto done;
1021 
1022         if (pi->rx_busy_skb) {
1023                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1024                         pi->rx_busy_skb = NULL;
1025                 else
1026                         goto done;
1027         }
1028 
1029         /* Restore data flow when half of the receive buffer is
1030          * available.  This avoids resending large numbers of
1031          * frames.
1032          */
1033         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1034                 l2cap_chan_busy(pi->chan, 0);
1035 
1036 done:
1037         release_sock(sk);
1038         return err;
1039 }
1040 
1041 /* Kill socket (only if zapped and orphan)
1042  * Must be called on unlocked socket.
1043  */
1044 static void l2cap_sock_kill(struct sock *sk)
1045 {
1046         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1047                 return;
1048 
1049         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1050 
1051         /* Kill poor orphan */
1052 
1053         l2cap_chan_put(l2cap_pi(sk)->chan);
1054         sock_set_flag(sk, SOCK_DEAD);
1055         sock_put(sk);
1056 }
1057 
1058 static int __l2cap_wait_ack(struct sock *sk)
1059 {
1060         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1061         DECLARE_WAITQUEUE(wait, current);
1062         int err = 0;
1063         int timeo = HZ/5;
1064 
1065         add_wait_queue(sk_sleep(sk), &wait);
1066         set_current_state(TASK_INTERRUPTIBLE);
1067         while (chan->unacked_frames > 0 && chan->conn) {
1068                 if (!timeo)
1069                         timeo = HZ/5;
1070 
1071                 if (signal_pending(current)) {
1072                         err = sock_intr_errno(timeo);
1073                         break;
1074                 }
1075 
1076                 release_sock(sk);
1077                 timeo = schedule_timeout(timeo);
1078                 lock_sock(sk);
1079                 set_current_state(TASK_INTERRUPTIBLE);
1080 
1081                 err = sock_error(sk);
1082                 if (err)
1083                         break;
1084         }
1085         set_current_state(TASK_RUNNING);
1086         remove_wait_queue(sk_sleep(sk), &wait);
1087         return err;
1088 }
1089 
1090 static int l2cap_sock_shutdown(struct socket *sock, int how)
1091 {
1092         struct sock *sk = sock->sk;
1093         struct l2cap_chan *chan;
1094         struct l2cap_conn *conn;
1095         int err = 0;
1096 
1097         BT_DBG("sock %p, sk %p", sock, sk);
1098 
1099         if (!sk)
1100                 return 0;
1101 
1102         chan = l2cap_pi(sk)->chan;
1103         conn = chan->conn;
1104 
1105         BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1106 
1107         if (conn)
1108                 mutex_lock(&conn->chan_lock);
1109 
1110         l2cap_chan_lock(chan);
1111         lock_sock(sk);
1112 
1113         if (!sk->sk_shutdown) {
1114                 if (chan->mode == L2CAP_MODE_ERTM)
1115                         err = __l2cap_wait_ack(sk);
1116 
1117                 sk->sk_shutdown = SHUTDOWN_MASK;
1118 
1119                 release_sock(sk);
1120                 l2cap_chan_close(chan, 0);
1121                 lock_sock(sk);
1122 
1123                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1124                     !(current->flags & PF_EXITING))
1125                         err = bt_sock_wait_state(sk, BT_CLOSED,
1126                                                  sk->sk_lingertime);
1127         }
1128 
1129         if (!err && sk->sk_err)
1130                 err = -sk->sk_err;
1131 
1132         release_sock(sk);
1133         l2cap_chan_unlock(chan);
1134 
1135         if (conn)
1136                 mutex_unlock(&conn->chan_lock);
1137 
1138         return err;
1139 }
1140 
1141 static int l2cap_sock_release(struct socket *sock)
1142 {
1143         struct sock *sk = sock->sk;
1144         int err;
1145 
1146         BT_DBG("sock %p, sk %p", sock, sk);
1147 
1148         if (!sk)
1149                 return 0;
1150 
1151         bt_sock_unlink(&l2cap_sk_list, sk);
1152 
1153         err = l2cap_sock_shutdown(sock, 2);
1154 
1155         sock_orphan(sk);
1156         l2cap_sock_kill(sk);
1157         return err;
1158 }
1159 
1160 static void l2cap_sock_cleanup_listen(struct sock *parent)
1161 {
1162         struct sock *sk;
1163 
1164         BT_DBG("parent %p state %s", parent,
1165                state_to_string(parent->sk_state));
1166 
1167         /* Close not yet accepted channels */
1168         while ((sk = bt_accept_dequeue(parent, NULL))) {
1169                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1170 
1171                 BT_DBG("child chan %p state %s", chan,
1172                        state_to_string(chan->state));
1173 
1174                 l2cap_chan_lock(chan);
1175                 __clear_chan_timer(chan);
1176                 l2cap_chan_close(chan, ECONNRESET);
1177                 l2cap_chan_unlock(chan);
1178 
1179                 l2cap_sock_kill(sk);
1180         }
1181 }
1182 
1183 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1184 {
1185         struct sock *sk, *parent = chan->data;
1186 
1187         lock_sock(parent);
1188 
1189         /* Check for backlog size */
1190         if (sk_acceptq_is_full(parent)) {
1191                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1192                 release_sock(parent);
1193                 return NULL;
1194         }
1195 
1196         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1197                               GFP_ATOMIC);
1198         if (!sk) {
1199                 release_sock(parent);
1200                 return NULL;
1201         }
1202 
1203         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1204 
1205         l2cap_sock_init(sk, parent);
1206 
1207         bt_accept_enqueue(parent, sk);
1208 
1209         release_sock(parent);
1210 
1211         return l2cap_pi(sk)->chan;
1212 }
1213 
1214 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1215 {
1216         struct sock *sk = chan->data;
1217         int err;
1218 
1219         lock_sock(sk);
1220 
1221         if (l2cap_pi(sk)->rx_busy_skb) {
1222                 err = -ENOMEM;
1223                 goto done;
1224         }
1225 
1226         err = sock_queue_rcv_skb(sk, skb);
1227 
1228         /* For ERTM, handle one skb that doesn't fit into the recv
1229          * buffer.  This is important to do because the data frames
1230          * have already been acked, so the skb cannot be discarded.
1231          *
1232          * Notify the l2cap core that the buffer is full, so the
1233          * LOCAL_BUSY state is entered and no more frames are
1234          * acked and reassembled until there is buffer space
1235          * available.
1236          */
1237         if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1238                 l2cap_pi(sk)->rx_busy_skb = skb;
1239                 l2cap_chan_busy(chan, 1);
1240                 err = 0;
1241         }
1242 
1243 done:
1244         release_sock(sk);
1245 
1246         return err;
1247 }
1248 
1249 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1250 {
1251         struct sock *sk = chan->data;
1252 
1253         l2cap_sock_kill(sk);
1254 }
1255 
1256 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1257 {
1258         struct sock *sk = chan->data;
1259         struct sock *parent;
1260 
1261         BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1262 
1263         /* This callback can be called both for server (BT_LISTEN)
1264          * sockets as well as "normal" ones. To avoid lockdep warnings
1265          * with child socket locking (through l2cap_sock_cleanup_listen)
1266          * we need separation into separate nesting levels. The simplest
1267          * way to accomplish this is to inherit the nesting level used
1268          * for the channel.
1269          */
1270         lock_sock_nested(sk, atomic_read(&chan->nesting));
1271 
1272         parent = bt_sk(sk)->parent;
1273 
1274         sock_set_flag(sk, SOCK_ZAPPED);
1275 
1276         switch (chan->state) {
1277         case BT_OPEN:
1278         case BT_BOUND:
1279         case BT_CLOSED:
1280                 break;
1281         case BT_LISTEN:
1282                 l2cap_sock_cleanup_listen(sk);
1283                 sk->sk_state = BT_CLOSED;
1284                 chan->state = BT_CLOSED;
1285 
1286                 break;
1287         default:
1288                 sk->sk_state = BT_CLOSED;
1289                 chan->state = BT_CLOSED;
1290 
1291                 sk->sk_err = err;
1292 
1293                 if (parent) {
1294                         bt_accept_unlink(sk);
1295                         parent->sk_data_ready(parent);
1296                 } else {
1297                         sk->sk_state_change(sk);
1298                 }
1299 
1300                 break;
1301         }
1302 
1303         release_sock(sk);
1304 }
1305 
1306 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1307                                        int err)
1308 {
1309         struct sock *sk = chan->data;
1310 
1311         sk->sk_state = state;
1312 
1313         if (err)
1314                 sk->sk_err = err;
1315 }
1316 
1317 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1318                                                unsigned long hdr_len,
1319                                                unsigned long len, int nb)
1320 {
1321         struct sock *sk = chan->data;
1322         struct sk_buff *skb;
1323         int err;
1324 
1325         l2cap_chan_unlock(chan);
1326         skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1327         l2cap_chan_lock(chan);
1328 
1329         if (!skb)
1330                 return ERR_PTR(err);
1331 
1332         skb->priority = sk->sk_priority;
1333 
1334         bt_cb(skb)->chan = chan;
1335 
1336         return skb;
1337 }
1338 
1339 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1340 {
1341         struct sock *sk = chan->data;
1342         struct sock *parent;
1343 
1344         lock_sock(sk);
1345 
1346         parent = bt_sk(sk)->parent;
1347 
1348         BT_DBG("sk %p, parent %p", sk, parent);
1349 
1350         sk->sk_state = BT_CONNECTED;
1351         sk->sk_state_change(sk);
1352 
1353         if (parent)
1354                 parent->sk_data_ready(parent);
1355 
1356         release_sock(sk);
1357 }
1358 
1359 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1360 {
1361         struct sock *parent, *sk = chan->data;
1362 
1363         lock_sock(sk);
1364 
1365         parent = bt_sk(sk)->parent;
1366         if (parent)
1367                 parent->sk_data_ready(parent);
1368 
1369         release_sock(sk);
1370 }
1371 
1372 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1373 {
1374         struct sock *sk = chan->data;
1375 
1376         if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1377                 sk->sk_state = BT_CONNECTED;
1378                 chan->state = BT_CONNECTED;
1379         }
1380 
1381         clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1382         sk->sk_state_change(sk);
1383 }
1384 
1385 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1386 {
1387         struct sock *sk = chan->data;
1388 
1389         lock_sock(sk);
1390         sk->sk_shutdown = SHUTDOWN_MASK;
1391         release_sock(sk);
1392 }
1393 
1394 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1395 {
1396         struct sock *sk = chan->data;
1397 
1398         return sk->sk_sndtimeo;
1399 }
1400 
1401 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1402 {
1403         struct sock *sk = chan->data;
1404 
1405         set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1406         sk->sk_state_change(sk);
1407 }
1408 
1409 static const struct l2cap_ops l2cap_chan_ops = {
1410         .name                   = "L2CAP Socket Interface",
1411         .new_connection         = l2cap_sock_new_connection_cb,
1412         .recv                   = l2cap_sock_recv_cb,
1413         .close                  = l2cap_sock_close_cb,
1414         .teardown               = l2cap_sock_teardown_cb,
1415         .state_change           = l2cap_sock_state_change_cb,
1416         .ready                  = l2cap_sock_ready_cb,
1417         .defer                  = l2cap_sock_defer_cb,
1418         .resume                 = l2cap_sock_resume_cb,
1419         .suspend                = l2cap_sock_suspend_cb,
1420         .set_shutdown           = l2cap_sock_set_shutdown_cb,
1421         .get_sndtimeo           = l2cap_sock_get_sndtimeo_cb,
1422         .alloc_skb              = l2cap_sock_alloc_skb_cb,
1423 };
1424 
1425 static void l2cap_sock_destruct(struct sock *sk)
1426 {
1427         BT_DBG("sk %p", sk);
1428 
1429         if (l2cap_pi(sk)->chan)
1430                 l2cap_chan_put(l2cap_pi(sk)->chan);
1431 
1432         if (l2cap_pi(sk)->rx_busy_skb) {
1433                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1434                 l2cap_pi(sk)->rx_busy_skb = NULL;
1435         }
1436 
1437         skb_queue_purge(&sk->sk_receive_queue);
1438         skb_queue_purge(&sk->sk_write_queue);
1439 }
1440 
1441 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1442                                int *msg_namelen)
1443 {
1444         DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1445 
1446         memset(la, 0, sizeof(struct sockaddr_l2));
1447         la->l2_family = AF_BLUETOOTH;
1448         la->l2_psm = bt_cb(skb)->psm;
1449         bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1450 
1451         *msg_namelen = sizeof(struct sockaddr_l2);
1452 }
1453 
1454 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1455 {
1456         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1457 
1458         BT_DBG("sk %p", sk);
1459 
1460         if (parent) {
1461                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1462 
1463                 sk->sk_type = parent->sk_type;
1464                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1465 
1466                 chan->chan_type = pchan->chan_type;
1467                 chan->imtu = pchan->imtu;
1468                 chan->omtu = pchan->omtu;
1469                 chan->conf_state = pchan->conf_state;
1470                 chan->mode = pchan->mode;
1471                 chan->fcs  = pchan->fcs;
1472                 chan->max_tx = pchan->max_tx;
1473                 chan->tx_win = pchan->tx_win;
1474                 chan->tx_win_max = pchan->tx_win_max;
1475                 chan->sec_level = pchan->sec_level;
1476                 chan->flags = pchan->flags;
1477                 chan->tx_credits = pchan->tx_credits;
1478                 chan->rx_credits = pchan->rx_credits;
1479 
1480                 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1481                         chan->scid = pchan->scid;
1482                         chan->dcid = pchan->scid;
1483                 }
1484 
1485                 security_sk_clone(parent, sk);
1486         } else {
1487                 switch (sk->sk_type) {
1488                 case SOCK_RAW:
1489                         chan->chan_type = L2CAP_CHAN_RAW;
1490                         break;
1491                 case SOCK_DGRAM:
1492                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1493                         bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1494                         break;
1495                 case SOCK_SEQPACKET:
1496                 case SOCK_STREAM:
1497                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1498                         break;
1499                 }
1500 
1501                 chan->imtu = L2CAP_DEFAULT_MTU;
1502                 chan->omtu = 0;
1503                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1504                         chan->mode = L2CAP_MODE_ERTM;
1505                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1506                 } else {
1507                         chan->mode = L2CAP_MODE_BASIC;
1508                 }
1509 
1510                 l2cap_chan_set_defaults(chan);
1511         }
1512 
1513         /* Default config options */
1514         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1515 
1516         chan->data = sk;
1517         chan->ops = &l2cap_chan_ops;
1518 }
1519 
1520 static struct proto l2cap_proto = {
1521         .name           = "L2CAP",
1522         .owner          = THIS_MODULE,
1523         .obj_size       = sizeof(struct l2cap_pinfo)
1524 };
1525 
1526 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1527                                      int proto, gfp_t prio)
1528 {
1529         struct sock *sk;
1530         struct l2cap_chan *chan;
1531 
1532         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1533         if (!sk)
1534                 return NULL;
1535 
1536         sock_init_data(sock, sk);
1537         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1538 
1539         sk->sk_destruct = l2cap_sock_destruct;
1540         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1541 
1542         sock_reset_flag(sk, SOCK_ZAPPED);
1543 
1544         sk->sk_protocol = proto;
1545         sk->sk_state = BT_OPEN;
1546 
1547         chan = l2cap_chan_create();
1548         if (!chan) {
1549                 sk_free(sk);
1550                 return NULL;
1551         }
1552 
1553         l2cap_chan_hold(chan);
1554 
1555         l2cap_pi(sk)->chan = chan;
1556 
1557         return sk;
1558 }
1559 
1560 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1561                              int kern)
1562 {
1563         struct sock *sk;
1564 
1565         BT_DBG("sock %p", sock);
1566 
1567         sock->state = SS_UNCONNECTED;
1568 
1569         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1570             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1571                 return -ESOCKTNOSUPPORT;
1572 
1573         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1574                 return -EPERM;
1575 
1576         sock->ops = &l2cap_sock_ops;
1577 
1578         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1579         if (!sk)
1580                 return -ENOMEM;
1581 
1582         l2cap_sock_init(sk, NULL);
1583         bt_sock_link(&l2cap_sk_list, sk);
1584         return 0;
1585 }
1586 
1587 static const struct proto_ops l2cap_sock_ops = {
1588         .family         = PF_BLUETOOTH,
1589         .owner          = THIS_MODULE,
1590         .release        = l2cap_sock_release,
1591         .bind           = l2cap_sock_bind,
1592         .connect        = l2cap_sock_connect,
1593         .listen         = l2cap_sock_listen,
1594         .accept         = l2cap_sock_accept,
1595         .getname        = l2cap_sock_getname,
1596         .sendmsg        = l2cap_sock_sendmsg,
1597         .recvmsg        = l2cap_sock_recvmsg,
1598         .poll           = bt_sock_poll,
1599         .ioctl          = bt_sock_ioctl,
1600         .mmap           = sock_no_mmap,
1601         .socketpair     = sock_no_socketpair,
1602         .shutdown       = l2cap_sock_shutdown,
1603         .setsockopt     = l2cap_sock_setsockopt,
1604         .getsockopt     = l2cap_sock_getsockopt
1605 };
1606 
1607 static const struct net_proto_family l2cap_sock_family_ops = {
1608         .family = PF_BLUETOOTH,
1609         .owner  = THIS_MODULE,
1610         .create = l2cap_sock_create,
1611 };
1612 
1613 int __init l2cap_init_sockets(void)
1614 {
1615         int err;
1616 
1617         err = proto_register(&l2cap_proto, 0);
1618         if (err < 0)
1619                 return err;
1620 
1621         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1622         if (err < 0) {
1623                 BT_ERR("L2CAP socket registration failed");
1624                 goto error;
1625         }
1626 
1627         err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1628                              NULL);
1629         if (err < 0) {
1630                 BT_ERR("Failed to create L2CAP proc file");
1631                 bt_sock_unregister(BTPROTO_L2CAP);
1632                 goto error;
1633         }
1634 
1635         BT_INFO("L2CAP socket layer initialized");
1636 
1637         return 0;
1638 
1639 error:
1640         proto_unregister(&l2cap_proto);
1641         return err;
1642 }
1643 
1644 void l2cap_cleanup_sockets(void)
1645 {
1646         bt_procfs_cleanup(&init_net, "l2cap");
1647         bt_sock_unregister(BTPROTO_L2CAP);
1648         proto_unregister(&l2cap_proto);
1649 }
1650 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp