~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/l2cap_sock.c

Version: ~ [ linux-5.4-rc3 ] ~ [ linux-5.3.6 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.79 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.149 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.196 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.196 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.75 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
  5    Copyright (C) 2010 Google Inc.
  6    Copyright (C) 2011 ProFUSION Embedded Systems
  7 
  8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  9 
 10    This program is free software; you can redistribute it and/or modify
 11    it under the terms of the GNU General Public License version 2 as
 12    published by the Free Software Foundation;
 13 
 14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 22 
 23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 25    SOFTWARE IS DISCLAIMED.
 26 */
 27 
 28 /* Bluetooth L2CAP sockets. */
 29 
 30 #include <linux/module.h>
 31 #include <linux/export.h>
 32 #include <linux/sched/signal.h>
 33 
 34 #include <net/bluetooth/bluetooth.h>
 35 #include <net/bluetooth/hci_core.h>
 36 #include <net/bluetooth/l2cap.h>
 37 
 38 #include "smp.h"
 39 
 40 static struct bt_sock_list l2cap_sk_list = {
 41         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
 42 };
 43 
 44 static const struct proto_ops l2cap_sock_ops;
 45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
 46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
 47                                      int proto, gfp_t prio, int kern);
 48 
 49 bool l2cap_is_socket(struct socket *sock)
 50 {
 51         return sock && sock->ops == &l2cap_sock_ops;
 52 }
 53 EXPORT_SYMBOL(l2cap_is_socket);
 54 
 55 static int l2cap_validate_bredr_psm(u16 psm)
 56 {
 57         /* PSM must be odd and lsb of upper byte must be 0 */
 58         if ((psm & 0x0101) != 0x0001)
 59                 return -EINVAL;
 60 
 61         /* Restrict usage of well-known PSMs */
 62         if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
 63                 return -EACCES;
 64 
 65         return 0;
 66 }
 67 
 68 static int l2cap_validate_le_psm(u16 psm)
 69 {
 70         /* Valid LE_PSM ranges are defined only until 0x00ff */
 71         if (psm > L2CAP_PSM_LE_DYN_END)
 72                 return -EINVAL;
 73 
 74         /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
 75         if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
 76                 return -EACCES;
 77 
 78         return 0;
 79 }
 80 
 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 82 {
 83         struct sock *sk = sock->sk;
 84         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 85         struct sockaddr_l2 la;
 86         int len, err = 0;
 87 
 88         BT_DBG("sk %p", sk);
 89 
 90         if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
 91             addr->sa_family != AF_BLUETOOTH)
 92                 return -EINVAL;
 93 
 94         memset(&la, 0, sizeof(la));
 95         len = min_t(unsigned int, sizeof(la), alen);
 96         memcpy(&la, addr, len);
 97 
 98         if (la.l2_cid && la.l2_psm)
 99                 return -EINVAL;
100 
101         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102                 return -EINVAL;
103 
104         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105                 /* We only allow ATT user space socket */
106                 if (la.l2_cid &&
107                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108                         return -EINVAL;
109         }
110 
111         lock_sock(sk);
112 
113         if (sk->sk_state != BT_OPEN) {
114                 err = -EBADFD;
115                 goto done;
116         }
117 
118         if (la.l2_psm) {
119                 __u16 psm = __le16_to_cpu(la.l2_psm);
120 
121                 if (la.l2_bdaddr_type == BDADDR_BREDR)
122                         err = l2cap_validate_bredr_psm(psm);
123                 else
124                         err = l2cap_validate_le_psm(psm);
125 
126                 if (err)
127                         goto done;
128         }
129 
130         bacpy(&chan->src, &la.l2_bdaddr);
131         chan->src_type = la.l2_bdaddr_type;
132 
133         if (la.l2_cid)
134                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135         else
136                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137 
138         if (err < 0)
139                 goto done;
140 
141         switch (chan->chan_type) {
142         case L2CAP_CHAN_CONN_LESS:
143                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144                         chan->sec_level = BT_SECURITY_SDP;
145                 break;
146         case L2CAP_CHAN_CONN_ORIENTED:
147                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148                     __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149                         chan->sec_level = BT_SECURITY_SDP;
150                 break;
151         case L2CAP_CHAN_RAW:
152                 chan->sec_level = BT_SECURITY_SDP;
153                 break;
154         case L2CAP_CHAN_FIXED:
155                 /* Fixed channels default to the L2CAP core not holding a
156                  * hci_conn reference for them. For fixed channels mapping to
157                  * L2CAP sockets we do want to hold a reference so set the
158                  * appropriate flag to request it.
159                  */
160                 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161                 break;
162         }
163 
164         if (chan->psm && bdaddr_type_is_le(chan->src_type))
165                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166 
167         chan->state = BT_BOUND;
168         sk->sk_state = BT_BOUND;
169 
170 done:
171         release_sock(sk);
172         return err;
173 }
174 
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176                               int alen, int flags)
177 {
178         struct sock *sk = sock->sk;
179         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180         struct sockaddr_l2 la;
181         int len, err = 0;
182 
183         BT_DBG("sk %p", sk);
184 
185         if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186             addr->sa_family != AF_BLUETOOTH)
187                 return -EINVAL;
188 
189         memset(&la, 0, sizeof(la));
190         len = min_t(unsigned int, sizeof(la), alen);
191         memcpy(&la, addr, len);
192 
193         if (la.l2_cid && la.l2_psm)
194                 return -EINVAL;
195 
196         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197                 return -EINVAL;
198 
199         /* Check that the socket wasn't bound to something that
200          * conflicts with the address given to connect(). If chan->src
201          * is BDADDR_ANY it means bind() was never used, in which case
202          * chan->src_type and la.l2_bdaddr_type do not need to match.
203          */
204         if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205             bdaddr_type_is_le(la.l2_bdaddr_type)) {
206                 /* Old user space versions will try to incorrectly bind
207                  * the ATT socket using BDADDR_BREDR. We need to accept
208                  * this and fix up the source address type only when
209                  * both the source CID and destination CID indicate
210                  * ATT. Anything else is an invalid combination.
211                  */
212                 if (chan->scid != L2CAP_CID_ATT ||
213                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214                         return -EINVAL;
215 
216                 /* We don't have the hdev available here to make a
217                  * better decision on random vs public, but since all
218                  * user space versions that exhibit this issue anyway do
219                  * not support random local addresses assuming public
220                  * here is good enough.
221                  */
222                 chan->src_type = BDADDR_LE_PUBLIC;
223         }
224 
225         if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226                 return -EINVAL;
227 
228         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229                 /* We only allow ATT user space socket */
230                 if (la.l2_cid &&
231                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232                         return -EINVAL;
233         }
234 
235         if (chan->psm && bdaddr_type_is_le(chan->src_type))
236                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237 
238         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239                                  &la.l2_bdaddr, la.l2_bdaddr_type);
240         if (err)
241                 return err;
242 
243         lock_sock(sk);
244 
245         err = bt_sock_wait_state(sk, BT_CONNECTED,
246                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
247 
248         release_sock(sk);
249 
250         return err;
251 }
252 
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
254 {
255         struct sock *sk = sock->sk;
256         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257         int err = 0;
258 
259         BT_DBG("sk %p backlog %d", sk, backlog);
260 
261         lock_sock(sk);
262 
263         if (sk->sk_state != BT_BOUND) {
264                 err = -EBADFD;
265                 goto done;
266         }
267 
268         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269                 err = -EINVAL;
270                 goto done;
271         }
272 
273         switch (chan->mode) {
274         case L2CAP_MODE_BASIC:
275         case L2CAP_MODE_LE_FLOWCTL:
276                 break;
277         case L2CAP_MODE_ERTM:
278         case L2CAP_MODE_STREAMING:
279                 if (!disable_ertm)
280                         break;
281                 /* fall through */
282         default:
283                 err = -EOPNOTSUPP;
284                 goto done;
285         }
286 
287         sk->sk_max_ack_backlog = backlog;
288         sk->sk_ack_backlog = 0;
289 
290         /* Listening channels need to use nested locking in order not to
291          * cause lockdep warnings when the created child channels end up
292          * being locked in the same thread as the parent channel.
293          */
294         atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295 
296         chan->state = BT_LISTEN;
297         sk->sk_state = BT_LISTEN;
298 
299 done:
300         release_sock(sk);
301         return err;
302 }
303 
304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305                              int flags, bool kern)
306 {
307         DEFINE_WAIT_FUNC(wait, woken_wake_function);
308         struct sock *sk = sock->sk, *nsk;
309         long timeo;
310         int err = 0;
311 
312         lock_sock_nested(sk, L2CAP_NESTING_PARENT);
313 
314         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315 
316         BT_DBG("sk %p timeo %ld", sk, timeo);
317 
318         /* Wait for an incoming connection. (wake-one). */
319         add_wait_queue_exclusive(sk_sleep(sk), &wait);
320         while (1) {
321                 if (sk->sk_state != BT_LISTEN) {
322                         err = -EBADFD;
323                         break;
324                 }
325 
326                 nsk = bt_accept_dequeue(sk, newsock);
327                 if (nsk)
328                         break;
329 
330                 if (!timeo) {
331                         err = -EAGAIN;
332                         break;
333                 }
334 
335                 if (signal_pending(current)) {
336                         err = sock_intr_errno(timeo);
337                         break;
338                 }
339 
340                 release_sock(sk);
341 
342                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343 
344                 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
345         }
346         remove_wait_queue(sk_sleep(sk), &wait);
347 
348         if (err)
349                 goto done;
350 
351         newsock->state = SS_CONNECTED;
352 
353         BT_DBG("new socket %p", nsk);
354 
355 done:
356         release_sock(sk);
357         return err;
358 }
359 
360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361                               int *len, int peer)
362 {
363         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364         struct sock *sk = sock->sk;
365         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366 
367         BT_DBG("sock %p, sk %p", sock, sk);
368 
369         if (peer && sk->sk_state != BT_CONNECTED &&
370             sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371             sk->sk_state != BT_CONFIG)
372                 return -ENOTCONN;
373 
374         memset(la, 0, sizeof(struct sockaddr_l2));
375         addr->sa_family = AF_BLUETOOTH;
376         *len = sizeof(struct sockaddr_l2);
377 
378         la->l2_psm = chan->psm;
379 
380         if (peer) {
381                 bacpy(&la->l2_bdaddr, &chan->dst);
382                 la->l2_cid = cpu_to_le16(chan->dcid);
383                 la->l2_bdaddr_type = chan->dst_type;
384         } else {
385                 bacpy(&la->l2_bdaddr, &chan->src);
386                 la->l2_cid = cpu_to_le16(chan->scid);
387                 la->l2_bdaddr_type = chan->src_type;
388         }
389 
390         return 0;
391 }
392 
393 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
394                                      char __user *optval, int __user *optlen)
395 {
396         struct sock *sk = sock->sk;
397         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
398         struct l2cap_options opts;
399         struct l2cap_conninfo cinfo;
400         int len, err = 0;
401         u32 opt;
402 
403         BT_DBG("sk %p", sk);
404 
405         if (get_user(len, optlen))
406                 return -EFAULT;
407 
408         lock_sock(sk);
409 
410         switch (optname) {
411         case L2CAP_OPTIONS:
412                 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
413                  * legacy ATT code depends on getsockopt for
414                  * L2CAP_OPTIONS we need to let this pass.
415                  */
416                 if (bdaddr_type_is_le(chan->src_type) &&
417                     chan->scid != L2CAP_CID_ATT) {
418                         err = -EINVAL;
419                         break;
420                 }
421 
422                 memset(&opts, 0, sizeof(opts));
423                 opts.imtu     = chan->imtu;
424                 opts.omtu     = chan->omtu;
425                 opts.flush_to = chan->flush_to;
426                 opts.mode     = chan->mode;
427                 opts.fcs      = chan->fcs;
428                 opts.max_tx   = chan->max_tx;
429                 opts.txwin_size = chan->tx_win;
430 
431                 len = min_t(unsigned int, len, sizeof(opts));
432                 if (copy_to_user(optval, (char *) &opts, len))
433                         err = -EFAULT;
434 
435                 break;
436 
437         case L2CAP_LM:
438                 switch (chan->sec_level) {
439                 case BT_SECURITY_LOW:
440                         opt = L2CAP_LM_AUTH;
441                         break;
442                 case BT_SECURITY_MEDIUM:
443                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
444                         break;
445                 case BT_SECURITY_HIGH:
446                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
447                               L2CAP_LM_SECURE;
448                         break;
449                 case BT_SECURITY_FIPS:
450                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
451                               L2CAP_LM_SECURE | L2CAP_LM_FIPS;
452                         break;
453                 default:
454                         opt = 0;
455                         break;
456                 }
457 
458                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
459                         opt |= L2CAP_LM_MASTER;
460 
461                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
462                         opt |= L2CAP_LM_RELIABLE;
463 
464                 if (put_user(opt, (u32 __user *) optval))
465                         err = -EFAULT;
466 
467                 break;
468 
469         case L2CAP_CONNINFO:
470                 if (sk->sk_state != BT_CONNECTED &&
471                     !(sk->sk_state == BT_CONNECT2 &&
472                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
473                         err = -ENOTCONN;
474                         break;
475                 }
476 
477                 memset(&cinfo, 0, sizeof(cinfo));
478                 cinfo.hci_handle = chan->conn->hcon->handle;
479                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
480 
481                 len = min_t(unsigned int, len, sizeof(cinfo));
482                 if (copy_to_user(optval, (char *) &cinfo, len))
483                         err = -EFAULT;
484 
485                 break;
486 
487         default:
488                 err = -ENOPROTOOPT;
489                 break;
490         }
491 
492         release_sock(sk);
493         return err;
494 }
495 
496 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
497                                  char __user *optval, int __user *optlen)
498 {
499         struct sock *sk = sock->sk;
500         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
501         struct bt_security sec;
502         struct bt_power pwr;
503         int len, err = 0;
504 
505         BT_DBG("sk %p", sk);
506 
507         if (level == SOL_L2CAP)
508                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509 
510         if (level != SOL_BLUETOOTH)
511                 return -ENOPROTOOPT;
512 
513         if (get_user(len, optlen))
514                 return -EFAULT;
515 
516         lock_sock(sk);
517 
518         switch (optname) {
519         case BT_SECURITY:
520                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
521                     chan->chan_type != L2CAP_CHAN_FIXED &&
522                     chan->chan_type != L2CAP_CHAN_RAW) {
523                         err = -EINVAL;
524                         break;
525                 }
526 
527                 memset(&sec, 0, sizeof(sec));
528                 if (chan->conn) {
529                         sec.level = chan->conn->hcon->sec_level;
530 
531                         if (sk->sk_state == BT_CONNECTED)
532                                 sec.key_size = chan->conn->hcon->enc_key_size;
533                 } else {
534                         sec.level = chan->sec_level;
535                 }
536 
537                 len = min_t(unsigned int, len, sizeof(sec));
538                 if (copy_to_user(optval, (char *) &sec, len))
539                         err = -EFAULT;
540 
541                 break;
542 
543         case BT_DEFER_SETUP:
544                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
545                         err = -EINVAL;
546                         break;
547                 }
548 
549                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
550                              (u32 __user *) optval))
551                         err = -EFAULT;
552 
553                 break;
554 
555         case BT_FLUSHABLE:
556                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
557                              (u32 __user *) optval))
558                         err = -EFAULT;
559 
560                 break;
561 
562         case BT_POWER:
563                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
564                     && sk->sk_type != SOCK_RAW) {
565                         err = -EINVAL;
566                         break;
567                 }
568 
569                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
570 
571                 len = min_t(unsigned int, len, sizeof(pwr));
572                 if (copy_to_user(optval, (char *) &pwr, len))
573                         err = -EFAULT;
574 
575                 break;
576 
577         case BT_CHANNEL_POLICY:
578                 if (put_user(chan->chan_policy, (u32 __user *) optval))
579                         err = -EFAULT;
580                 break;
581 
582         case BT_SNDMTU:
583                 if (!bdaddr_type_is_le(chan->src_type)) {
584                         err = -EINVAL;
585                         break;
586                 }
587 
588                 if (sk->sk_state != BT_CONNECTED) {
589                         err = -ENOTCONN;
590                         break;
591                 }
592 
593                 if (put_user(chan->omtu, (u16 __user *) optval))
594                         err = -EFAULT;
595                 break;
596 
597         case BT_RCVMTU:
598                 if (!bdaddr_type_is_le(chan->src_type)) {
599                         err = -EINVAL;
600                         break;
601                 }
602 
603                 if (put_user(chan->imtu, (u16 __user *) optval))
604                         err = -EFAULT;
605                 break;
606 
607         default:
608                 err = -ENOPROTOOPT;
609                 break;
610         }
611 
612         release_sock(sk);
613         return err;
614 }
615 
616 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
617 {
618         switch (chan->scid) {
619         case L2CAP_CID_ATT:
620                 if (mtu < L2CAP_LE_MIN_MTU)
621                         return false;
622                 break;
623 
624         default:
625                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
626                         return false;
627         }
628 
629         return true;
630 }
631 
632 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
633                                      char __user *optval, unsigned int optlen)
634 {
635         struct sock *sk = sock->sk;
636         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
637         struct l2cap_options opts;
638         int len, err = 0;
639         u32 opt;
640 
641         BT_DBG("sk %p", sk);
642 
643         lock_sock(sk);
644 
645         switch (optname) {
646         case L2CAP_OPTIONS:
647                 if (bdaddr_type_is_le(chan->src_type)) {
648                         err = -EINVAL;
649                         break;
650                 }
651 
652                 if (sk->sk_state == BT_CONNECTED) {
653                         err = -EINVAL;
654                         break;
655                 }
656 
657                 opts.imtu     = chan->imtu;
658                 opts.omtu     = chan->omtu;
659                 opts.flush_to = chan->flush_to;
660                 opts.mode     = chan->mode;
661                 opts.fcs      = chan->fcs;
662                 opts.max_tx   = chan->max_tx;
663                 opts.txwin_size = chan->tx_win;
664 
665                 len = min_t(unsigned int, sizeof(opts), optlen);
666                 if (copy_from_user((char *) &opts, optval, len)) {
667                         err = -EFAULT;
668                         break;
669                 }
670 
671                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
672                         err = -EINVAL;
673                         break;
674                 }
675 
676                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
677                         err = -EINVAL;
678                         break;
679                 }
680 
681                 chan->mode = opts.mode;
682                 switch (chan->mode) {
683                 case L2CAP_MODE_LE_FLOWCTL:
684                         break;
685                 case L2CAP_MODE_BASIC:
686                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
687                         break;
688                 case L2CAP_MODE_ERTM:
689                 case L2CAP_MODE_STREAMING:
690                         if (!disable_ertm)
691                                 break;
692                         /* fall through */
693                 default:
694                         err = -EINVAL;
695                         break;
696                 }
697 
698                 chan->imtu = opts.imtu;
699                 chan->omtu = opts.omtu;
700                 chan->fcs  = opts.fcs;
701                 chan->max_tx = opts.max_tx;
702                 chan->tx_win = opts.txwin_size;
703                 chan->flush_to = opts.flush_to;
704                 break;
705 
706         case L2CAP_LM:
707                 if (get_user(opt, (u32 __user *) optval)) {
708                         err = -EFAULT;
709                         break;
710                 }
711 
712                 if (opt & L2CAP_LM_FIPS) {
713                         err = -EINVAL;
714                         break;
715                 }
716 
717                 if (opt & L2CAP_LM_AUTH)
718                         chan->sec_level = BT_SECURITY_LOW;
719                 if (opt & L2CAP_LM_ENCRYPT)
720                         chan->sec_level = BT_SECURITY_MEDIUM;
721                 if (opt & L2CAP_LM_SECURE)
722                         chan->sec_level = BT_SECURITY_HIGH;
723 
724                 if (opt & L2CAP_LM_MASTER)
725                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
726                 else
727                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
728 
729                 if (opt & L2CAP_LM_RELIABLE)
730                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731                 else
732                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
733                 break;
734 
735         default:
736                 err = -ENOPROTOOPT;
737                 break;
738         }
739 
740         release_sock(sk);
741         return err;
742 }
743 
744 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
745                                  char __user *optval, unsigned int optlen)
746 {
747         struct sock *sk = sock->sk;
748         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
749         struct bt_security sec;
750         struct bt_power pwr;
751         struct l2cap_conn *conn;
752         int len, err = 0;
753         u32 opt;
754 
755         BT_DBG("sk %p", sk);
756 
757         if (level == SOL_L2CAP)
758                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
759 
760         if (level != SOL_BLUETOOTH)
761                 return -ENOPROTOOPT;
762 
763         lock_sock(sk);
764 
765         switch (optname) {
766         case BT_SECURITY:
767                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
768                     chan->chan_type != L2CAP_CHAN_FIXED &&
769                     chan->chan_type != L2CAP_CHAN_RAW) {
770                         err = -EINVAL;
771                         break;
772                 }
773 
774                 sec.level = BT_SECURITY_LOW;
775 
776                 len = min_t(unsigned int, sizeof(sec), optlen);
777                 if (copy_from_user((char *) &sec, optval, len)) {
778                         err = -EFAULT;
779                         break;
780                 }
781 
782                 if (sec.level < BT_SECURITY_LOW ||
783                     sec.level > BT_SECURITY_FIPS) {
784                         err = -EINVAL;
785                         break;
786                 }
787 
788                 chan->sec_level = sec.level;
789 
790                 if (!chan->conn)
791                         break;
792 
793                 conn = chan->conn;
794 
795                 /*change security for LE channels */
796                 if (chan->scid == L2CAP_CID_ATT) {
797                         if (smp_conn_security(conn->hcon, sec.level))
798                                 break;
799                         set_bit(FLAG_PENDING_SECURITY, &chan->flags);
800                         sk->sk_state = BT_CONFIG;
801                         chan->state = BT_CONFIG;
802 
803                 /* or for ACL link */
804                 } else if ((sk->sk_state == BT_CONNECT2 &&
805                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
806                            sk->sk_state == BT_CONNECTED) {
807                         if (!l2cap_chan_check_security(chan, true))
808                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
809                         else
810                                 sk->sk_state_change(sk);
811                 } else {
812                         err = -EINVAL;
813                 }
814                 break;
815 
816         case BT_DEFER_SETUP:
817                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
818                         err = -EINVAL;
819                         break;
820                 }
821 
822                 if (get_user(opt, (u32 __user *) optval)) {
823                         err = -EFAULT;
824                         break;
825                 }
826 
827                 if (opt) {
828                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
829                         set_bit(FLAG_DEFER_SETUP, &chan->flags);
830                 } else {
831                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832                         clear_bit(FLAG_DEFER_SETUP, &chan->flags);
833                 }
834                 break;
835 
836         case BT_FLUSHABLE:
837                 if (get_user(opt, (u32 __user *) optval)) {
838                         err = -EFAULT;
839                         break;
840                 }
841 
842                 if (opt > BT_FLUSHABLE_ON) {
843                         err = -EINVAL;
844                         break;
845                 }
846 
847                 if (opt == BT_FLUSHABLE_OFF) {
848                         conn = chan->conn;
849                         /* proceed further only when we have l2cap_conn and
850                            No Flush support in the LM */
851                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
852                                 err = -EINVAL;
853                                 break;
854                         }
855                 }
856 
857                 if (opt)
858                         set_bit(FLAG_FLUSHABLE, &chan->flags);
859                 else
860                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
861                 break;
862 
863         case BT_POWER:
864                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
865                     chan->chan_type != L2CAP_CHAN_RAW) {
866                         err = -EINVAL;
867                         break;
868                 }
869 
870                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
871 
872                 len = min_t(unsigned int, sizeof(pwr), optlen);
873                 if (copy_from_user((char *) &pwr, optval, len)) {
874                         err = -EFAULT;
875                         break;
876                 }
877 
878                 if (pwr.force_active)
879                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880                 else
881                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
882                 break;
883 
884         case BT_CHANNEL_POLICY:
885                 if (get_user(opt, (u32 __user *) optval)) {
886                         err = -EFAULT;
887                         break;
888                 }
889 
890                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
891                         err = -EINVAL;
892                         break;
893                 }
894 
895                 if (chan->mode != L2CAP_MODE_ERTM &&
896                     chan->mode != L2CAP_MODE_STREAMING) {
897                         err = -EOPNOTSUPP;
898                         break;
899                 }
900 
901                 chan->chan_policy = (u8) opt;
902 
903                 if (sk->sk_state == BT_CONNECTED &&
904                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
905                         l2cap_move_start(chan);
906 
907                 break;
908 
909         case BT_SNDMTU:
910                 if (!bdaddr_type_is_le(chan->src_type)) {
911                         err = -EINVAL;
912                         break;
913                 }
914 
915                 /* Setting is not supported as it's the remote side that
916                  * decides this.
917                  */
918                 err = -EPERM;
919                 break;
920 
921         case BT_RCVMTU:
922                 if (!bdaddr_type_is_le(chan->src_type)) {
923                         err = -EINVAL;
924                         break;
925                 }
926 
927                 if (sk->sk_state == BT_CONNECTED) {
928                         err = -EISCONN;
929                         break;
930                 }
931 
932                 if (get_user(opt, (u16 __user *) optval)) {
933                         err = -EFAULT;
934                         break;
935                 }
936 
937                 chan->imtu = opt;
938                 break;
939 
940         default:
941                 err = -ENOPROTOOPT;
942                 break;
943         }
944 
945         release_sock(sk);
946         return err;
947 }
948 
949 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
950                               size_t len)
951 {
952         struct sock *sk = sock->sk;
953         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
954         int err;
955 
956         BT_DBG("sock %p, sk %p", sock, sk);
957 
958         err = sock_error(sk);
959         if (err)
960                 return err;
961 
962         if (msg->msg_flags & MSG_OOB)
963                 return -EOPNOTSUPP;
964 
965         if (sk->sk_state != BT_CONNECTED)
966                 return -ENOTCONN;
967 
968         lock_sock(sk);
969         err = bt_sock_wait_ready(sk, msg->msg_flags);
970         release_sock(sk);
971         if (err)
972                 return err;
973 
974         l2cap_chan_lock(chan);
975         err = l2cap_chan_send(chan, msg, len);
976         l2cap_chan_unlock(chan);
977 
978         return err;
979 }
980 
981 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
982                               size_t len, int flags)
983 {
984         struct sock *sk = sock->sk;
985         struct l2cap_pinfo *pi = l2cap_pi(sk);
986         int err;
987 
988         lock_sock(sk);
989 
990         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
991                                                     &bt_sk(sk)->flags)) {
992                 if (bdaddr_type_is_le(pi->chan->src_type)) {
993                         sk->sk_state = BT_CONNECTED;
994                         pi->chan->state = BT_CONNECTED;
995                         __l2cap_le_connect_rsp_defer(pi->chan);
996                 } else {
997                         sk->sk_state = BT_CONFIG;
998                         pi->chan->state = BT_CONFIG;
999                         __l2cap_connect_rsp_defer(pi->chan);
1000                 }
1001 
1002                 err = 0;
1003                 goto done;
1004         }
1005 
1006         release_sock(sk);
1007 
1008         if (sock->type == SOCK_STREAM)
1009                 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1010         else
1011                 err = bt_sock_recvmsg(sock, msg, len, flags);
1012 
1013         if (pi->chan->mode != L2CAP_MODE_ERTM)
1014                 return err;
1015 
1016         /* Attempt to put pending rx data in the socket buffer */
1017 
1018         lock_sock(sk);
1019 
1020         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1021                 goto done;
1022 
1023         if (pi->rx_busy_skb) {
1024                 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1025                         pi->rx_busy_skb = NULL;
1026                 else
1027                         goto done;
1028         }
1029 
1030         /* Restore data flow when half of the receive buffer is
1031          * available.  This avoids resending large numbers of
1032          * frames.
1033          */
1034         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1035                 l2cap_chan_busy(pi->chan, 0);
1036 
1037 done:
1038         release_sock(sk);
1039         return err;
1040 }
1041 
1042 /* Kill socket (only if zapped and orphan)
1043  * Must be called on unlocked socket.
1044  */
1045 static void l2cap_sock_kill(struct sock *sk)
1046 {
1047         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1048                 return;
1049 
1050         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1051 
1052         /* Kill poor orphan */
1053 
1054         l2cap_chan_put(l2cap_pi(sk)->chan);
1055         sock_set_flag(sk, SOCK_DEAD);
1056         sock_put(sk);
1057 }
1058 
1059 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1060 {
1061         DECLARE_WAITQUEUE(wait, current);
1062         int err = 0;
1063         int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1064         /* Timeout to prevent infinite loop */
1065         unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1066 
1067         add_wait_queue(sk_sleep(sk), &wait);
1068         set_current_state(TASK_INTERRUPTIBLE);
1069         do {
1070                 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1071                        chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1072                        jiffies_to_msecs(timeout - jiffies));
1073 
1074                 if (!timeo)
1075                         timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1076 
1077                 if (signal_pending(current)) {
1078                         err = sock_intr_errno(timeo);
1079                         break;
1080                 }
1081 
1082                 release_sock(sk);
1083                 timeo = schedule_timeout(timeo);
1084                 lock_sock(sk);
1085                 set_current_state(TASK_INTERRUPTIBLE);
1086 
1087                 err = sock_error(sk);
1088                 if (err)
1089                         break;
1090 
1091                 if (time_after(jiffies, timeout)) {
1092                         err = -ENOLINK;
1093                         break;
1094                 }
1095 
1096         } while (chan->unacked_frames > 0 &&
1097                  chan->state == BT_CONNECTED);
1098 
1099         set_current_state(TASK_RUNNING);
1100         remove_wait_queue(sk_sleep(sk), &wait);
1101         return err;
1102 }
1103 
1104 static int l2cap_sock_shutdown(struct socket *sock, int how)
1105 {
1106         struct sock *sk = sock->sk;
1107         struct l2cap_chan *chan;
1108         struct l2cap_conn *conn;
1109         int err = 0;
1110 
1111         BT_DBG("sock %p, sk %p", sock, sk);
1112 
1113         if (!sk)
1114                 return 0;
1115 
1116         lock_sock(sk);
1117 
1118         if (sk->sk_shutdown)
1119                 goto shutdown_already;
1120 
1121         BT_DBG("Handling sock shutdown");
1122 
1123         /* prevent sk structure from being freed whilst unlocked */
1124         sock_hold(sk);
1125 
1126         chan = l2cap_pi(sk)->chan;
1127         /* prevent chan structure from being freed whilst unlocked */
1128         l2cap_chan_hold(chan);
1129 
1130         BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1131 
1132         if (chan->mode == L2CAP_MODE_ERTM &&
1133             chan->unacked_frames > 0 &&
1134             chan->state == BT_CONNECTED) {
1135                 err = __l2cap_wait_ack(sk, chan);
1136 
1137                 /* After waiting for ACKs, check whether shutdown
1138                  * has already been actioned to close the L2CAP
1139                  * link such as by l2cap_disconnection_req().
1140                  */
1141                 if (sk->sk_shutdown)
1142                         goto has_shutdown;
1143         }
1144 
1145         sk->sk_shutdown = SHUTDOWN_MASK;
1146         release_sock(sk);
1147 
1148         l2cap_chan_lock(chan);
1149         conn = chan->conn;
1150         if (conn)
1151                 /* prevent conn structure from being freed */
1152                 l2cap_conn_get(conn);
1153         l2cap_chan_unlock(chan);
1154 
1155         if (conn)
1156                 /* mutex lock must be taken before l2cap_chan_lock() */
1157                 mutex_lock(&conn->chan_lock);
1158 
1159         l2cap_chan_lock(chan);
1160         l2cap_chan_close(chan, 0);
1161         l2cap_chan_unlock(chan);
1162 
1163         if (conn) {
1164                 mutex_unlock(&conn->chan_lock);
1165                 l2cap_conn_put(conn);
1166         }
1167 
1168         lock_sock(sk);
1169 
1170         if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1171             !(current->flags & PF_EXITING))
1172                 err = bt_sock_wait_state(sk, BT_CLOSED,
1173                                          sk->sk_lingertime);
1174 
1175 has_shutdown:
1176         l2cap_chan_put(chan);
1177         sock_put(sk);
1178 
1179 shutdown_already:
1180         if (!err && sk->sk_err)
1181                 err = -sk->sk_err;
1182 
1183         release_sock(sk);
1184 
1185         BT_DBG("Sock shutdown complete err: %d", err);
1186 
1187         return err;
1188 }
1189 
1190 static int l2cap_sock_release(struct socket *sock)
1191 {
1192         struct sock *sk = sock->sk;
1193         int err;
1194 
1195         BT_DBG("sock %p, sk %p", sock, sk);
1196 
1197         if (!sk)
1198                 return 0;
1199 
1200         bt_sock_unlink(&l2cap_sk_list, sk);
1201 
1202         err = l2cap_sock_shutdown(sock, 2);
1203 
1204         sock_orphan(sk);
1205         l2cap_sock_kill(sk);
1206         return err;
1207 }
1208 
1209 static void l2cap_sock_cleanup_listen(struct sock *parent)
1210 {
1211         struct sock *sk;
1212 
1213         BT_DBG("parent %p state %s", parent,
1214                state_to_string(parent->sk_state));
1215 
1216         /* Close not yet accepted channels */
1217         while ((sk = bt_accept_dequeue(parent, NULL))) {
1218                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1219 
1220                 BT_DBG("child chan %p state %s", chan,
1221                        state_to_string(chan->state));
1222 
1223                 l2cap_chan_lock(chan);
1224                 __clear_chan_timer(chan);
1225                 l2cap_chan_close(chan, ECONNRESET);
1226                 l2cap_chan_unlock(chan);
1227 
1228                 l2cap_sock_kill(sk);
1229         }
1230 }
1231 
1232 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1233 {
1234         struct sock *sk, *parent = chan->data;
1235 
1236         lock_sock(parent);
1237 
1238         /* Check for backlog size */
1239         if (sk_acceptq_is_full(parent)) {
1240                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1241                 release_sock(parent);
1242                 return NULL;
1243         }
1244 
1245         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1246                               GFP_ATOMIC, 0);
1247         if (!sk) {
1248                 release_sock(parent);
1249                 return NULL;
1250         }
1251 
1252         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1253 
1254         l2cap_sock_init(sk, parent);
1255 
1256         bt_accept_enqueue(parent, sk);
1257 
1258         release_sock(parent);
1259 
1260         return l2cap_pi(sk)->chan;
1261 }
1262 
1263 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1264 {
1265         struct sock *sk = chan->data;
1266         int err;
1267 
1268         lock_sock(sk);
1269 
1270         if (l2cap_pi(sk)->rx_busy_skb) {
1271                 err = -ENOMEM;
1272                 goto done;
1273         }
1274 
1275         if (chan->mode != L2CAP_MODE_ERTM &&
1276             chan->mode != L2CAP_MODE_STREAMING) {
1277                 /* Even if no filter is attached, we could potentially
1278                  * get errors from security modules, etc.
1279                  */
1280                 err = sk_filter(sk, skb);
1281                 if (err)
1282                         goto done;
1283         }
1284 
1285         err = __sock_queue_rcv_skb(sk, skb);
1286 
1287         /* For ERTM, handle one skb that doesn't fit into the recv
1288          * buffer.  This is important to do because the data frames
1289          * have already been acked, so the skb cannot be discarded.
1290          *
1291          * Notify the l2cap core that the buffer is full, so the
1292          * LOCAL_BUSY state is entered and no more frames are
1293          * acked and reassembled until there is buffer space
1294          * available.
1295          */
1296         if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1297                 l2cap_pi(sk)->rx_busy_skb = skb;
1298                 l2cap_chan_busy(chan, 1);
1299                 err = 0;
1300         }
1301 
1302 done:
1303         release_sock(sk);
1304 
1305         return err;
1306 }
1307 
1308 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1309 {
1310         struct sock *sk = chan->data;
1311 
1312         l2cap_sock_kill(sk);
1313 }
1314 
1315 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1316 {
1317         struct sock *sk = chan->data;
1318         struct sock *parent;
1319 
1320         BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1321 
1322         /* This callback can be called both for server (BT_LISTEN)
1323          * sockets as well as "normal" ones. To avoid lockdep warnings
1324          * with child socket locking (through l2cap_sock_cleanup_listen)
1325          * we need separation into separate nesting levels. The simplest
1326          * way to accomplish this is to inherit the nesting level used
1327          * for the channel.
1328          */
1329         lock_sock_nested(sk, atomic_read(&chan->nesting));
1330 
1331         parent = bt_sk(sk)->parent;
1332 
1333         sock_set_flag(sk, SOCK_ZAPPED);
1334 
1335         switch (chan->state) {
1336         case BT_OPEN:
1337         case BT_BOUND:
1338         case BT_CLOSED:
1339                 break;
1340         case BT_LISTEN:
1341                 l2cap_sock_cleanup_listen(sk);
1342                 sk->sk_state = BT_CLOSED;
1343                 chan->state = BT_CLOSED;
1344 
1345                 break;
1346         default:
1347                 sk->sk_state = BT_CLOSED;
1348                 chan->state = BT_CLOSED;
1349 
1350                 sk->sk_err = err;
1351 
1352                 if (parent) {
1353                         bt_accept_unlink(sk);
1354                         parent->sk_data_ready(parent);
1355                 } else {
1356                         sk->sk_state_change(sk);
1357                 }
1358 
1359                 break;
1360         }
1361 
1362         release_sock(sk);
1363 }
1364 
1365 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1366                                        int err)
1367 {
1368         struct sock *sk = chan->data;
1369 
1370         sk->sk_state = state;
1371 
1372         if (err)
1373                 sk->sk_err = err;
1374 }
1375 
1376 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1377                                                unsigned long hdr_len,
1378                                                unsigned long len, int nb)
1379 {
1380         struct sock *sk = chan->data;
1381         struct sk_buff *skb;
1382         int err;
1383 
1384         l2cap_chan_unlock(chan);
1385         skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1386         l2cap_chan_lock(chan);
1387 
1388         if (!skb)
1389                 return ERR_PTR(err);
1390 
1391         skb->priority = sk->sk_priority;
1392 
1393         bt_cb(skb)->l2cap.chan = chan;
1394 
1395         return skb;
1396 }
1397 
1398 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1399 {
1400         struct sock *sk = chan->data;
1401         struct sock *parent;
1402 
1403         lock_sock(sk);
1404 
1405         parent = bt_sk(sk)->parent;
1406 
1407         BT_DBG("sk %p, parent %p", sk, parent);
1408 
1409         sk->sk_state = BT_CONNECTED;
1410         sk->sk_state_change(sk);
1411 
1412         if (parent)
1413                 parent->sk_data_ready(parent);
1414 
1415         release_sock(sk);
1416 }
1417 
1418 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1419 {
1420         struct sock *parent, *sk = chan->data;
1421 
1422         lock_sock(sk);
1423 
1424         parent = bt_sk(sk)->parent;
1425         if (parent)
1426                 parent->sk_data_ready(parent);
1427 
1428         release_sock(sk);
1429 }
1430 
1431 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1432 {
1433         struct sock *sk = chan->data;
1434 
1435         if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1436                 sk->sk_state = BT_CONNECTED;
1437                 chan->state = BT_CONNECTED;
1438         }
1439 
1440         clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1441         sk->sk_state_change(sk);
1442 }
1443 
1444 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1445 {
1446         struct sock *sk = chan->data;
1447 
1448         lock_sock(sk);
1449         sk->sk_shutdown = SHUTDOWN_MASK;
1450         release_sock(sk);
1451 }
1452 
1453 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1454 {
1455         struct sock *sk = chan->data;
1456 
1457         return sk->sk_sndtimeo;
1458 }
1459 
1460 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1461 {
1462         struct sock *sk = chan->data;
1463 
1464         set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1465         sk->sk_state_change(sk);
1466 }
1467 
1468 static const struct l2cap_ops l2cap_chan_ops = {
1469         .name                   = "L2CAP Socket Interface",
1470         .new_connection         = l2cap_sock_new_connection_cb,
1471         .recv                   = l2cap_sock_recv_cb,
1472         .close                  = l2cap_sock_close_cb,
1473         .teardown               = l2cap_sock_teardown_cb,
1474         .state_change           = l2cap_sock_state_change_cb,
1475         .ready                  = l2cap_sock_ready_cb,
1476         .defer                  = l2cap_sock_defer_cb,
1477         .resume                 = l2cap_sock_resume_cb,
1478         .suspend                = l2cap_sock_suspend_cb,
1479         .set_shutdown           = l2cap_sock_set_shutdown_cb,
1480         .get_sndtimeo           = l2cap_sock_get_sndtimeo_cb,
1481         .alloc_skb              = l2cap_sock_alloc_skb_cb,
1482 };
1483 
1484 static void l2cap_sock_destruct(struct sock *sk)
1485 {
1486         BT_DBG("sk %p", sk);
1487 
1488         if (l2cap_pi(sk)->chan)
1489                 l2cap_chan_put(l2cap_pi(sk)->chan);
1490 
1491         if (l2cap_pi(sk)->rx_busy_skb) {
1492                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1493                 l2cap_pi(sk)->rx_busy_skb = NULL;
1494         }
1495 
1496         skb_queue_purge(&sk->sk_receive_queue);
1497         skb_queue_purge(&sk->sk_write_queue);
1498 }
1499 
1500 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1501                                int *msg_namelen)
1502 {
1503         DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1504 
1505         memset(la, 0, sizeof(struct sockaddr_l2));
1506         la->l2_family = AF_BLUETOOTH;
1507         la->l2_psm = bt_cb(skb)->l2cap.psm;
1508         bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1509 
1510         *msg_namelen = sizeof(struct sockaddr_l2);
1511 }
1512 
1513 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1514 {
1515         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1516 
1517         BT_DBG("sk %p", sk);
1518 
1519         if (parent) {
1520                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1521 
1522                 sk->sk_type = parent->sk_type;
1523                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1524 
1525                 chan->chan_type = pchan->chan_type;
1526                 chan->imtu = pchan->imtu;
1527                 chan->omtu = pchan->omtu;
1528                 chan->conf_state = pchan->conf_state;
1529                 chan->mode = pchan->mode;
1530                 chan->fcs  = pchan->fcs;
1531                 chan->max_tx = pchan->max_tx;
1532                 chan->tx_win = pchan->tx_win;
1533                 chan->tx_win_max = pchan->tx_win_max;
1534                 chan->sec_level = pchan->sec_level;
1535                 chan->flags = pchan->flags;
1536                 chan->tx_credits = pchan->tx_credits;
1537                 chan->rx_credits = pchan->rx_credits;
1538 
1539                 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1540                         chan->scid = pchan->scid;
1541                         chan->dcid = pchan->scid;
1542                 }
1543 
1544                 security_sk_clone(parent, sk);
1545         } else {
1546                 switch (sk->sk_type) {
1547                 case SOCK_RAW:
1548                         chan->chan_type = L2CAP_CHAN_RAW;
1549                         break;
1550                 case SOCK_DGRAM:
1551                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1552                         bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1553                         break;
1554                 case SOCK_SEQPACKET:
1555                 case SOCK_STREAM:
1556                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1557                         break;
1558                 }
1559 
1560                 chan->imtu = L2CAP_DEFAULT_MTU;
1561                 chan->omtu = 0;
1562                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1563                         chan->mode = L2CAP_MODE_ERTM;
1564                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1565                 } else {
1566                         chan->mode = L2CAP_MODE_BASIC;
1567                 }
1568 
1569                 l2cap_chan_set_defaults(chan);
1570         }
1571 
1572         /* Default config options */
1573         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1574 
1575         chan->data = sk;
1576         chan->ops = &l2cap_chan_ops;
1577 }
1578 
1579 static struct proto l2cap_proto = {
1580         .name           = "L2CAP",
1581         .owner          = THIS_MODULE,
1582         .obj_size       = sizeof(struct l2cap_pinfo)
1583 };
1584 
1585 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1586                                      int proto, gfp_t prio, int kern)
1587 {
1588         struct sock *sk;
1589         struct l2cap_chan *chan;
1590 
1591         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1592         if (!sk)
1593                 return NULL;
1594 
1595         sock_init_data(sock, sk);
1596         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1597 
1598         sk->sk_destruct = l2cap_sock_destruct;
1599         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1600 
1601         sock_reset_flag(sk, SOCK_ZAPPED);
1602 
1603         sk->sk_protocol = proto;
1604         sk->sk_state = BT_OPEN;
1605 
1606         chan = l2cap_chan_create();
1607         if (!chan) {
1608                 sk_free(sk);
1609                 return NULL;
1610         }
1611 
1612         l2cap_chan_hold(chan);
1613 
1614         l2cap_pi(sk)->chan = chan;
1615 
1616         return sk;
1617 }
1618 
1619 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1620                              int kern)
1621 {
1622         struct sock *sk;
1623 
1624         BT_DBG("sock %p", sock);
1625 
1626         sock->state = SS_UNCONNECTED;
1627 
1628         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1629             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1630                 return -ESOCKTNOSUPPORT;
1631 
1632         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1633                 return -EPERM;
1634 
1635         sock->ops = &l2cap_sock_ops;
1636 
1637         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1638         if (!sk)
1639                 return -ENOMEM;
1640 
1641         l2cap_sock_init(sk, NULL);
1642         bt_sock_link(&l2cap_sk_list, sk);
1643         return 0;
1644 }
1645 
1646 static const struct proto_ops l2cap_sock_ops = {
1647         .family         = PF_BLUETOOTH,
1648         .owner          = THIS_MODULE,
1649         .release        = l2cap_sock_release,
1650         .bind           = l2cap_sock_bind,
1651         .connect        = l2cap_sock_connect,
1652         .listen         = l2cap_sock_listen,
1653         .accept         = l2cap_sock_accept,
1654         .getname        = l2cap_sock_getname,
1655         .sendmsg        = l2cap_sock_sendmsg,
1656         .recvmsg        = l2cap_sock_recvmsg,
1657         .poll           = bt_sock_poll,
1658         .ioctl          = bt_sock_ioctl,
1659         .mmap           = sock_no_mmap,
1660         .socketpair     = sock_no_socketpair,
1661         .shutdown       = l2cap_sock_shutdown,
1662         .setsockopt     = l2cap_sock_setsockopt,
1663         .getsockopt     = l2cap_sock_getsockopt
1664 };
1665 
1666 static const struct net_proto_family l2cap_sock_family_ops = {
1667         .family = PF_BLUETOOTH,
1668         .owner  = THIS_MODULE,
1669         .create = l2cap_sock_create,
1670 };
1671 
1672 int __init l2cap_init_sockets(void)
1673 {
1674         int err;
1675 
1676         BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1677 
1678         err = proto_register(&l2cap_proto, 0);
1679         if (err < 0)
1680                 return err;
1681 
1682         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1683         if (err < 0) {
1684                 BT_ERR("L2CAP socket registration failed");
1685                 goto error;
1686         }
1687 
1688         err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1689                              NULL);
1690         if (err < 0) {
1691                 BT_ERR("Failed to create L2CAP proc file");
1692                 bt_sock_unregister(BTPROTO_L2CAP);
1693                 goto error;
1694         }
1695 
1696         BT_INFO("L2CAP socket layer initialized");
1697 
1698         return 0;
1699 
1700 error:
1701         proto_unregister(&l2cap_proto);
1702         return err;
1703 }
1704 
1705 void l2cap_cleanup_sockets(void)
1706 {
1707         bt_procfs_cleanup(&init_net, "l2cap");
1708         bt_sock_unregister(BTPROTO_L2CAP);
1709         proto_unregister(&l2cap_proto);
1710 }
1711 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp