projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
nvmet: Remove the data_len field from the nvmet_req struct
[linux-2.6-block.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
174cd4b1 32#include <linux/sched/signal.h>
6230c9b4 33
bb58f747 34#include <net/bluetooth/bluetooth.h>
33575df7 35#include <net/bluetooth/hci_core.h>
bb58f747 36#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 37
38#include "smp.h"
bb58f747 39
5b28d95c
MY		 40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
cf2f90f5 44static const struct proto_ops l2cap_sock_ops;
80808e43 45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818 46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 47 int proto, gfp_t prio, int kern);
cf2f90f5 48
b3916db3
DH		 49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
4946096d
JH		 55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
114f9f1e 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
114f9f1e 71 if (psm > L2CAP_PSM_LE_DYN_END)
4946096d
JH		 72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
114f9f1e 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 76 return -EACCES;
77
78 return 0;
79}
80
af6bcd82
GP		 81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
4343478f 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
d2ecfa76
MJ		 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
af6bcd82
GP		 92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
bfe4655f 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 105 /* We only allow ATT user space socket */
9149761a 106 if (la.l2_cid &&
dcf4adbf 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 108 return -EINVAL;
109 }
110
af6bcd82
GP		 111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
4946096d
JH		 121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
af6bcd82 125
4946096d 126 if (err)
af6bcd82 127 goto done;
af6bcd82
GP		 128 }
129
a2342c5f
JH		 130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
9e4425ff 133 if (la.l2_cid)
6e4aff10 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 137
9e4425ff
GP		 138 if (err < 0)
139 goto done;
af6bcd82 140
6a974b50 141 switch (chan->chan_type) {
3124b843
MH		 142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
6a974b50
MH		 146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
cb6ca8e1
JH		 151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
c16900cf
JH		 154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
6a974b50 162 }
b62f328b 163
38319713 164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 166
89bc500e 167 chan->state = BT_BOUND;
9e4425ff 168 sk->sk_state = BT_BOUND;
af6bcd82
GP		 169
170done:
171 release_sock(sk);
172 return err;
173}
174
2d792818
GP		 175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
4e34c50b
GP		 177{
178 struct sock *sk = sock->sk;
0c1bc5c6 179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
d2ecfa76 185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
4e34c50b
GP		 186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
acd7d370 193 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 194 return -EINVAL;
195
80c1a2e7
JH		 196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
eb622495
JH		 199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 */
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
211 */
212 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 214 return -EINVAL;
215
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
221 */
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
1f209383
JH		 224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
bfe4655f 228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 229 /* We only allow ATT user space socket */
9149761a 230 if (la.l2_cid &&
dcf4adbf 231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 232 return -EINVAL;
233 }
234
38319713 235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 237
6e4aff10 238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 239 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 240 if (err)
b3fb611e 241 return err;
4e34c50b 242
6be36555
AE		 243 lock_sock(sk);
244
4e34c50b 245 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 246 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 247
248 release_sock(sk);
249
4e34c50b
GP		 250 return err;
251}
252
af6bcd82
GP		 253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
0c1bc5c6 256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
6b3af733 263 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 264 err = -EBADFD;
265 goto done;
266 }
267
6b3af733
MH		 268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
0c1bc5c6 273 switch (chan->mode) {
af6bcd82 274 case L2CAP_MODE_BASIC:
38319713 275 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281 /* fall through */
282 default:
beb19e4c 283 err = -EOPNOTSUPP;
af6bcd82
GP		 284 goto done;
285 }
286
af6bcd82
GP		 287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
89bc500e 289
abe84903
JH		 290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
293 */
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
89bc500e 296 chan->state = BT_LISTEN;
af6bcd82
GP		 297 sk->sk_state = BT_LISTEN;
298
299done:
300 release_sock(sk);
301 return err;
302}
303
2d792818 304static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
cdfbabfb 305 int flags, bool kern)
c47b7c72 306{
dfb2fae7 307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
c47b7c72
GP		 308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
3b2ab39e 312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 313
c47b7c72
GP		 314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 320 while (1) {
f9a3c20a
PH		 321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
c47b7c72
GP		 323 break;
324 }
325
f9a3c20a
PH		 326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
c47b7c72 329
f9a3c20a
PH		 330 if (!timeo) {
331 err = -EAGAIN;
c47b7c72
GP		 332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
f9a3c20a
PH		 339
340 release_sock(sk);
dfb2fae7
PH		 341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
3b2ab39e 344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 345 }
c47b7c72
GP		 346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
2d792818 360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
9b2c45d4 361 int peer)
d7175d55
GP		 362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
0c1bc5c6 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
e8b1ab9e 369 if (peer && sk->sk_state != BT_CONNECTED &&
bf19d51b
JH		 370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
b783fbc3
JH		 372 return -ENOTCONN;
373
792039c7 374 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55 375 addr->sa_family = AF_BLUETOOTH;
d7175d55 376
d7e5e76b
JH		 377 la->l2_psm = chan->psm;
378
d7175d55 379 if (peer) {
7eafc59e 380 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 381 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 382 la->l2_bdaddr_type = chan->dst_type;
d7175d55 383 } else {
7eafc59e 384 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 385 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 386 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 387 }
388
9b2c45d4 389 return sizeof(struct sockaddr_l2);
d7175d55
GP		 390}
391
2d792818
GP		 392static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
99f4808d
GP		 394{
395 struct sock *sk = sock->sk;
4343478f 396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
399 int len, err = 0;
400 u32 opt;
401
402 BT_DBG("sk %p", sk);
403
404 if (get_user(len, optlen))
405 return -EFAULT;
406
407 lock_sock(sk);
408
409 switch (optname) {
410 case L2CAP_OPTIONS:
64b4f8dc
JH		 411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
412 * legacy ATT code depends on getsockopt for
413 * L2CAP_OPTIONS we need to let this pass.
414 */
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
417 err = -EINVAL;
418 break;
419 }
420
e3fb592b 421 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
47d1ec61
GP		 426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
6327eb98 428 opts.txwin_size = chan->tx_win;
99f4808d
GP		 429
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
432 err = -EFAULT;
433
434 break;
435
436 case L2CAP_LM:
4343478f 437 switch (chan->sec_level) {
99f4808d
GP		 438 case BT_SECURITY_LOW:
439 opt = L2CAP_LM_AUTH;
440 break;
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
443 break;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 446 L2CAP_LM_SECURE;
99f4808d 447 break;
7d513e92
MH		 448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451 break;
99f4808d
GP		 452 default:
453 opt = 0;
454 break;
455 }
456
43bd0f32 457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 458 opt |= L2CAP_LM_MASTER;
459
ecf61bdb 460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 461 opt |= L2CAP_LM_RELIABLE;
462
463 if (put_user(opt, (u32 __user *) optval))
464 err = -EFAULT;
7d513e92 465
99f4808d
GP		 466 break;
467
468 case L2CAP_CONNINFO:
469 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 472 err = -ENOTCONN;
473 break;
474 }
475
8d03e971 476 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 479
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
482 err = -EFAULT;
483
484 break;
485
486 default:
487 err = -ENOPROTOOPT;
488 break;
489 }
490
491 release_sock(sk);
492 return err;
493}
494
2d792818
GP		 495static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
99f4808d
GP		 497{
498 struct sock *sk = sock->sk;
4343478f 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 500 struct bt_security sec;
14b12d0b 501 struct bt_power pwr;
99f4808d
GP		 502 int len, err = 0;
503
504 BT_DBG("sk %p", sk);
505
506 if (level == SOL_L2CAP)
507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
508
509 if (level != SOL_BLUETOOTH)
510 return -ENOPROTOOPT;
511
512 if (get_user(len, optlen))
513 return -EFAULT;
514
515 lock_sock(sk);
516
517 switch (optname) {
518 case BT_SECURITY:
715ec005 519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 520 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 521 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 522 err = -EINVAL;
523 break;
524 }
525
8f360119 526 memset(&sec, 0, sizeof(sec));
85e34368 527 if (chan->conn) {
c6585a4d 528 sec.level = chan->conn->hcon->sec_level;
99f4808d 529
85e34368
AE		 530 if (sk->sk_state == BT_CONNECTED)
531 sec.key_size = chan->conn->hcon->enc_key_size;
532 } else {
533 sec.level = chan->sec_level;
534 }
8f360119 535
99f4808d
GP		 536 len = min_t(unsigned int, len, sizeof(sec));
537 if (copy_to_user(optval, (char *) &sec, len))
538 err = -EFAULT;
539
540 break;
541
542 case BT_DEFER_SETUP:
543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
544 err = -EINVAL;
545 break;
546 }
547
c5daa683
GP		 548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549 (u32 __user *) optval))
99f4808d
GP		 550 err = -EFAULT;
551
552 break;
553
554 case BT_FLUSHABLE:
d57b0e8b 555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 556 (u32 __user *) optval))
99f4808d
GP		 557 err = -EFAULT;
558
559 break;
560
14b12d0b
JG		 561 case BT_POWER:
562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 563 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 564 err = -EINVAL;
565 break;
566 }
567
15770b1a 568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 569
570 len = min_t(unsigned int, len, sizeof(pwr));
571 if (copy_to_user(optval, (char *) &pwr, len))
572 err = -EFAULT;
573
574 break;
575
2ea66482 576 case BT_CHANNEL_POLICY:
2ea66482
MM		 577 if (put_user(chan->chan_policy, (u32 __user *) optval))
578 err = -EFAULT;
579 break;
580
1f435424 581 case BT_SNDMTU:
1f435424
JH		 582 if (!bdaddr_type_is_le(chan->src_type)) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (sk->sk_state != BT_CONNECTED) {
588 err = -ENOTCONN;
589 break;
590 }
591
592 if (put_user(chan->omtu, (u16 __user *) optval))
593 err = -EFAULT;
594 break;
595
596 case BT_RCVMTU:
1f435424
JH		 597 if (!bdaddr_type_is_le(chan->src_type)) {
598 err = -EINVAL;
599 break;
600 }
601
602 if (put_user(chan->imtu, (u16 __user *) optval))
603 err = -EFAULT;
604 break;
605
99f4808d
GP		 606 default:
607 err = -ENOPROTOOPT;
608 break;
609 }
610
611 release_sock(sk);
612 return err;
613}
614
682877c3
AG		 615static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
616{
617 switch (chan->scid) {
073d1cf3 618 case L2CAP_CID_ATT:
8c3a4f00 619 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 620 return false;
621 break;
622
623 default:
624 if (mtu < L2CAP_DEFAULT_MIN_MTU)
625 return false;
626 }
627
628 return true;
629}
630
2d792818
GP		 631static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632 char __user *optval, unsigned int optlen)
33575df7
GP		 633{
634 struct sock *sk = sock->sk;
b4450035 635 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 636 struct l2cap_options opts;
637 int len, err = 0;
638 u32 opt;
639
640 BT_DBG("sk %p", sk);
641
642 lock_sock(sk);
643
644 switch (optname) {
645 case L2CAP_OPTIONS:
64b4f8dc
JH		 646 if (bdaddr_type_is_le(chan->src_type)) {
647 err = -EINVAL;
648 break;
649 }
650
33575df7
GP		 651 if (sk->sk_state == BT_CONNECTED) {
652 err = -EINVAL;
653 break;
654 }
655
0c1bc5c6
GP		 656 opts.imtu = chan->imtu;
657 opts.omtu = chan->omtu;
658 opts.flush_to = chan->flush_to;
659 opts.mode = chan->mode;
47d1ec61
GP		 660 opts.fcs = chan->fcs;
661 opts.max_tx = chan->max_tx;
6327eb98 662 opts.txwin_size = chan->tx_win;
33575df7
GP		 663
664 len = min_t(unsigned int, sizeof(opts), optlen);
665 if (copy_from_user((char *) &opts, optval, len)) {
666 err = -EFAULT;
667 break;
668 }
669
6327eb98 670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 671 err = -EINVAL;
672 break;
673 }
674
682877c3
AG		 675 if (!l2cap_valid_mtu(chan, opts.imtu)) {
676 err = -EINVAL;
677 break;
678 }
679
0c1bc5c6
GP		 680 chan->mode = opts.mode;
681 switch (chan->mode) {
38319713
JH		 682 case L2CAP_MODE_LE_FLOWCTL:
683 break;
33575df7 684 case L2CAP_MODE_BASIC:
c1360a1c 685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 686 break;
687 case L2CAP_MODE_ERTM:
688 case L2CAP_MODE_STREAMING:
689 if (!disable_ertm)
690 break;
691 /* fall through */
692 default:
693 err = -EINVAL;
694 break;
695 }
696
0c1bc5c6
GP		 697 chan->imtu = opts.imtu;
698 chan->omtu = opts.omtu;
47d1ec61
GP		 699 chan->fcs = opts.fcs;
700 chan->max_tx = opts.max_tx;
6327eb98 701 chan->tx_win = opts.txwin_size;
12d59781 702 chan->flush_to = opts.flush_to;
33575df7
GP		 703 break;
704
705 case L2CAP_LM:
706 if (get_user(opt, (u32 __user *) optval)) {
707 err = -EFAULT;
708 break;
709 }
710
7d513e92
MH		 711 if (opt & L2CAP_LM_FIPS) {
712 err = -EINVAL;
713 break;
714 }
715
33575df7 716 if (opt & L2CAP_LM_AUTH)
4343478f 717 chan->sec_level = BT_SECURITY_LOW;
33575df7 718 if (opt & L2CAP_LM_ENCRYPT)
4343478f 719 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 720 if (opt & L2CAP_LM_SECURE)
4343478f 721 chan->sec_level = BT_SECURITY_HIGH;
33575df7 722
43bd0f32
AE		 723 if (opt & L2CAP_LM_MASTER)
724 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
725 else
726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 727
728 if (opt & L2CAP_LM_RELIABLE)
729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
730 else
731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 732 break;
733
734 default:
735 err = -ENOPROTOOPT;
736 break;
737 }
738
739 release_sock(sk);
740 return err;
741}
742
2d792818
GP		 743static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744 char __user *optval, unsigned int optlen)
33575df7
GP		 745{
746 struct sock *sk = sock->sk;
4343478f 747 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 748 struct bt_security sec;
14b12d0b 749 struct bt_power pwr;
f1cb9af5 750 struct l2cap_conn *conn;
33575df7
GP		 751 int len, err = 0;
752 u32 opt;
753
754 BT_DBG("sk %p", sk);
755
756 if (level == SOL_L2CAP)
757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
758
759 if (level != SOL_BLUETOOTH)
760 return -ENOPROTOOPT;
761
762 lock_sock(sk);
763
764 switch (optname) {
765 case BT_SECURITY:
715ec005 766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 767 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 768 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 769 err = -EINVAL;
770 break;
771 }
772
773 sec.level = BT_SECURITY_LOW;
774
775 len = min_t(unsigned int, sizeof(sec), optlen);
776 if (copy_from_user((char *) &sec, optval, len)) {
777 err = -EFAULT;
778 break;
779 }
780
781 if (sec.level < BT_SECURITY_LOW ||
a164cee1 782 sec.level > BT_SECURITY_FIPS) {
33575df7
GP		 783 err = -EINVAL;
784 break;
785 }
786
4343478f 787 chan->sec_level = sec.level;
f1cb9af5 788
0bee1d60
GP		 789 if (!chan->conn)
790 break;
791
f1cb9af5 792 conn = chan->conn;
0bee1d60 793
bbb69b37 794 /* change security for LE channels */
073d1cf3 795 if (chan->scid == L2CAP_CID_ATT) {
bbb69b37
FD		 796 if (smp_conn_security(conn->hcon, sec.level)) {
797 err = -EINVAL;
f1cb9af5 798 break;
bbb69b37
FD		 799 }
800
d52deb17 801 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
f1cb9af5 802 sk->sk_state = BT_CONFIG;
3542b854 803 chan->state = BT_CONFIG;
0bee1d60 804
a7d7723a
GP		 805 /* or for ACL link */
806 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 807 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a 808 sk->sk_state == BT_CONNECTED) {
e7cafc45 809 if (!l2cap_chan_check_security(chan, true))
c5daa683 810 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 811 else
812 sk->sk_state_change(sk);
0bee1d60
GP		 813 } else {
814 err = -EINVAL;
f1cb9af5 815 }
33575df7
GP		 816 break;
817
818 case BT_DEFER_SETUP:
819 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
820 err = -EINVAL;
821 break;
822 }
823
824 if (get_user(opt, (u32 __user *) optval)) {
825 err = -EFAULT;
826 break;
827 }
828
bdc25783 829 if (opt) {
c5daa683 830 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 831 set_bit(FLAG_DEFER_SETUP, &chan->flags);
832 } else {
c5daa683 833 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 834 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
835 }
33575df7
GP		 836 break;
837
838 case BT_FLUSHABLE:
839 if (get_user(opt, (u32 __user *) optval)) {
840 err = -EFAULT;
841 break;
842 }
843
844 if (opt > BT_FLUSHABLE_ON) {
845 err = -EINVAL;
846 break;
847 }
848
849 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 850 conn = chan->conn;
25985edc 851 /* proceed further only when we have l2cap_conn and
33575df7
GP		 852 No Flush support in the LM */
853 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
854 err = -EINVAL;
855 break;
856 }
857 }
858
d57b0e8b
AE		 859 if (opt)
860 set_bit(FLAG_FLUSHABLE, &chan->flags);
861 else
862 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 863 break;
864
14b12d0b
JG		 865 case BT_POWER:
866 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 867 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 868 err = -EINVAL;
869 break;
870 }
871
872 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
873
874 len = min_t(unsigned int, sizeof(pwr), optlen);
875 if (copy_from_user((char *) &pwr, optval, len)) {
876 err = -EFAULT;
877 break;
878 }
15770b1a
AE		 879
880 if (pwr.force_active)
881 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
882 else
883 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 884 break;
885
2ea66482 886 case BT_CHANNEL_POLICY:
2ea66482
MM		 887 if (get_user(opt, (u32 __user *) optval)) {
888 err = -EFAULT;
889 break;
890 }
891
892 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
893 err = -EINVAL;
894 break;
895 }
896
897 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 898 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 899 err = -EOPNOTSUPP;
900 break;
901 }
902
903 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 904
905 if (sk->sk_state == BT_CONNECTED &&
906 chan->move_role == L2CAP_MOVE_ROLE_NONE)
907 l2cap_move_start(chan);
908
14b12d0b
JG		 909 break;
910
1f435424 911 case BT_SNDMTU:
1f435424
JH		 912 if (!bdaddr_type_is_le(chan->src_type)) {
913 err = -EINVAL;
914 break;
915 }
916
917 /* Setting is not supported as it's the remote side that
918 * decides this.
919 */
920 err = -EPERM;
921 break;
922
923 case BT_RCVMTU:
1f435424
JH		 924 if (!bdaddr_type_is_le(chan->src_type)) {
925 err = -EINVAL;
926 break;
927 }
928
929 if (sk->sk_state == BT_CONNECTED) {
930 err = -EISCONN;
931 break;
932 }
933
23bc6ab0 934 if (get_user(opt, (u16 __user *) optval)) {
1f435424
JH		 935 err = -EFAULT;
936 break;
937 }
938
939 chan->imtu = opt;
940 break;
941
33575df7
GP		 942 default:
943 err = -ENOPROTOOPT;
944 break;
945 }
946
947 release_sock(sk);
948 return err;
949}
fd83ccdb 950
1b784140
YX		 951static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
952 size_t len)
fd83ccdb
GP		 953{
954 struct sock *sk = sock->sk;
0c1bc5c6 955 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 956 int err;
957
958 BT_DBG("sock %p, sk %p", sock, sk);
959
960 err = sock_error(sk);
961 if (err)
962 return err;
963
964 if (msg->msg_flags & MSG_OOB)
965 return -EOPNOTSUPP;
966
a6a5568c 967 if (sk->sk_state != BT_CONNECTED)
9a91a04a 968 return -ENOTCONN;
fd83ccdb 969
e793dcf0
JH		 970 lock_sock(sk);
971 err = bt_sock_wait_ready(sk, msg->msg_flags);
972 release_sock(sk);
973 if (err)
974 return err;
975
a6a5568c 976 l2cap_chan_lock(chan);
8d46321c 977 err = l2cap_chan_send(chan, msg, len);
a6a5568c 978 l2cap_chan_unlock(chan);
fd83ccdb 979
fd83ccdb
GP		 980 return err;
981}
33575df7 982
1b784140
YX		 983static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
984 size_t len, int flags)
68983259
GP		 985{
986 struct sock *sk = sock->sk;
e328140f
MM		 987 struct l2cap_pinfo *pi = l2cap_pi(sk);
988 int err;
68983259
GP		 989
990 lock_sock(sk);
991
c5daa683
GP		 992 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
993 &bt_sk(sk)->flags)) {
38319713
JH		 994 if (bdaddr_type_is_le(pi->chan->src_type)) {
995 sk->sk_state = BT_CONNECTED;
996 pi->chan->state = BT_CONNECTED;
997 __l2cap_le_connect_rsp_defer(pi->chan);
998 } else {
999 sk->sk_state = BT_CONFIG;
1000 pi->chan->state = BT_CONFIG;
1001 __l2cap_connect_rsp_defer(pi->chan);
1002 }
8c1d787b 1003
970871bc
JH		 1004 err = 0;
1005 goto done;
68983259
GP		 1006 }
1007
1008 release_sock(sk);
1009
1010 if (sock->type == SOCK_STREAM)
1b784140 1011 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
e328140f 1012 else
1b784140 1013 err = bt_sock_recvmsg(sock, msg, len, flags);
e328140f
MM		 1014
1015 if (pi->chan->mode != L2CAP_MODE_ERTM)
1016 return err;
1017
1018 /* Attempt to put pending rx data in the socket buffer */
1019
1020 lock_sock(sk);
1021
1022 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1023 goto done;
1024
1025 if (pi->rx_busy_skb) {
dbb50887 1026 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
e328140f
MM		 1027 pi->rx_busy_skb = NULL;
1028 else
1029 goto done;
1030 }
1031
1032 /* Restore data flow when half of the receive buffer is
1033 * available. This avoids resending large numbers of
1034 * frames.
1035 */
1036 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1037 l2cap_chan_busy(pi->chan, 0);
68983259 1038
e328140f
MM		 1039done:
1040 release_sock(sk);
1041 return err;
68983259
GP		 1042}
1043
05fc1576
GP		 1044/* Kill socket (only if zapped and orphan)
1045 * Must be called on unlocked socket.
1046 */
ba3bd0ee 1047static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1048{
1049 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1050 return;
1051
e05dcc32 1052 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1053
1054 /* Kill poor orphan */
6ff5abbf 1055
4af66c69 1056 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1057 sock_set_flag(sk, SOCK_DEAD);
1058 sock_put(sk);
1059}
1060
f65468f6 1061static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
dc25306b 1062{
dc25306b
GP		 1063 DECLARE_WAITQUEUE(wait, current);
1064 int err = 0;
cb02a255 1065 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
e432c72c
DJ		 1066 /* Timeout to prevent infinite loop */
1067 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
dc25306b
GP		 1068
1069 add_wait_queue(sk_sleep(sk), &wait);
1070 set_current_state(TASK_INTERRUPTIBLE);
f65468f6 1071 do {
e432c72c
DJ		 1072 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1073 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1074 jiffies_to_msecs(timeout - jiffies));
451e4c6c 1075
dc25306b 1076 if (!timeo)
cb02a255 1077 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
dc25306b
GP		 1078
1079 if (signal_pending(current)) {
1080 err = sock_intr_errno(timeo);
1081 break;
1082 }
1083
1084 release_sock(sk);
1085 timeo = schedule_timeout(timeo);
1086 lock_sock(sk);
1087 set_current_state(TASK_INTERRUPTIBLE);
1088
1089 err = sock_error(sk);
1090 if (err)
1091 break;
f65468f6 1092
e432c72c
DJ		 1093 if (time_after(jiffies, timeout)) {
1094 err = -ENOLINK;
1095 break;
1096 }
1097
f65468f6
DJ		 1098 } while (chan->unacked_frames > 0 &&
1099 chan->state == BT_CONNECTED);
1100
dc25306b
GP		 1101 set_current_state(TASK_RUNNING);
1102 remove_wait_queue(sk_sleep(sk), &wait);
1103 return err;
1104}
1105
dcba0dba
GP		 1106static int l2cap_sock_shutdown(struct socket *sock, int how)
1107{
1108 struct sock *sk = sock->sk;
7ddb6e0f 1109 struct l2cap_chan *chan;
3df91ea2 1110 struct l2cap_conn *conn;
dcba0dba
GP		 1111 int err = 0;
1112
1113 BT_DBG("sock %p, sk %p", sock, sk);
1114
1115 if (!sk)
1116 return 0;
1117
04ba72e6
DJ		 1118 lock_sock(sk);
1119
e7456437
DJ		 1120 if (sk->sk_shutdown)
1121 goto shutdown_already;
1122
1123 BT_DBG("Handling sock shutdown");
1124
2baea85d
DJ		 1125 /* prevent sk structure from being freed whilst unlocked */
1126 sock_hold(sk);
1127
7ddb6e0f 1128 chan = l2cap_pi(sk)->chan;
2baea85d
DJ		 1129 /* prevent chan structure from being freed whilst unlocked */
1130 l2cap_chan_hold(chan);
3df91ea2 1131
49d11741
JH		 1132 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1133
e7456437
DJ		 1134 if (chan->mode == L2CAP_MODE_ERTM &&
1135 chan->unacked_frames > 0 &&
9f7378a9 1136 chan->state == BT_CONNECTED) {
e7456437 1137 err = __l2cap_wait_ack(sk, chan);
dcba0dba 1138
9f7378a9
DJ		 1139 /* After waiting for ACKs, check whether shutdown
1140 * has already been actioned to close the L2CAP
1141 * link such as by l2cap_disconnection_req().
1142 */
1143 if (sk->sk_shutdown)
1144 goto has_shutdown;
1145 }
1146
e7456437 1147 sk->sk_shutdown = SHUTDOWN_MASK;
e7456437 1148 release_sock(sk);
04ba72e6
DJ		 1149
1150 l2cap_chan_lock(chan);
1151 conn = chan->conn;
1152 if (conn)
1153 /* prevent conn structure from being freed */
1154 l2cap_conn_get(conn);
1155 l2cap_chan_unlock(chan);
1156
1157 if (conn)
1158 /* mutex lock must be taken before l2cap_chan_lock() */
1159 mutex_lock(&conn->chan_lock);
1160
1161 l2cap_chan_lock(chan);
e7456437 1162 l2cap_chan_close(chan, 0);
04ba72e6
DJ		 1163 l2cap_chan_unlock(chan);
1164
1165 if (conn) {
1166 mutex_unlock(&conn->chan_lock);
1167 l2cap_conn_put(conn);
1168 }
1169
e7456437 1170 lock_sock(sk);
dcba0dba 1171
e7456437
DJ		 1172 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1173 !(current->flags & PF_EXITING))
1174 err = bt_sock_wait_state(sk, BT_CLOSED,
1175 sk->sk_lingertime);
dcba0dba 1176
9f7378a9 1177has_shutdown:
04ba72e6
DJ		 1178 l2cap_chan_put(chan);
1179 sock_put(sk);
1180
1181shutdown_already:
dcba0dba
GP		 1182 if (!err && sk->sk_err)
1183 err = -sk->sk_err;
1184
1185 release_sock(sk);
3df91ea2 1186
04ba72e6 1187 BT_DBG("Sock shutdown complete err: %d", err);
451e4c6c 1188
dcba0dba
GP		 1189 return err;
1190}
1191
554f05bb
GP		 1192static int l2cap_sock_release(struct socket *sock)
1193{
1194 struct sock *sk = sock->sk;
1195 int err;
1196
1197 BT_DBG("sock %p, sk %p", sock, sk);
1198
1199 if (!sk)
1200 return 0;
1201
5b28d95c
MY		 1202 bt_sock_unlink(&l2cap_sk_list, sk);
1203
554f05bb
GP		 1204 err = l2cap_sock_shutdown(sock, 2);
1205
1206 sock_orphan(sk);
1207 l2cap_sock_kill(sk);
1208 return err;
1209}
1210
c0df7f6e
AE		 1211static void l2cap_sock_cleanup_listen(struct sock *parent)
1212{
1213 struct sock *sk;
1214
49d11741
JH		 1215 BT_DBG("parent %p state %s", parent,
1216 state_to_string(parent->sk_state));
c0df7f6e
AE		 1217
1218 /* Close not yet accepted channels */
1219 while ((sk = bt_accept_dequeue(parent, NULL))) {
1220 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1221
49d11741
JH		 1222 BT_DBG("child chan %p state %s", chan,
1223 state_to_string(chan->state));
1224
c0df7f6e
AE		 1225 l2cap_chan_lock(chan);
1226 __clear_chan_timer(chan);
1227 l2cap_chan_close(chan, ECONNRESET);
1228 l2cap_chan_unlock(chan);
1229
1230 l2cap_sock_kill(sk);
1231 }
1232}
1233
80b98027 1234static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1235{
80b98027 1236 struct sock *sk, *parent = chan->data;
80808e43 1237
8ffb9290
GP		 1238 lock_sock(parent);
1239
53826692
GP		 1240 /* Check for backlog size */
1241 if (sk_acceptq_is_full(parent)) {
1242 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1243 release_sock(parent);
53826692
GP		 1244 return NULL;
1245 }
1246
80808e43 1247 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
11aa9c28 1248 GFP_ATOMIC, 0);
8a96f3cd
JT		 1249 if (!sk) {
1250 release_sock(parent);
80808e43 1251 return NULL;
8a96f3cd 1252 }
80808e43 1253
d22015aa
OP		 1254 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1255
80808e43
GP		 1256 l2cap_sock_init(sk, parent);
1257
c4f5627f 1258 bt_accept_enqueue(parent, sk, false);
644912e1 1259
8ffb9290
GP		 1260 release_sock(parent);
1261
80808e43
GP		 1262 return l2cap_pi(sk)->chan;
1263}
1264
80b98027 1265static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1266{
80b98027 1267 struct sock *sk = chan->data;
84b34d98 1268 int err;
e328140f 1269
6be36555
AE		 1270 lock_sock(sk);
1271
84b34d98 1272 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1273 err = -ENOMEM;
1274 goto done;
1275 }
e328140f 1276
dbb50887
DB		 1277 if (chan->mode != L2CAP_MODE_ERTM &&
1278 chan->mode != L2CAP_MODE_STREAMING) {
1279 /* Even if no filter is attached, we could potentially
1280 * get errors from security modules, etc.
1281 */
1282 err = sk_filter(sk, skb);
1283 if (err)
1284 goto done;
1285 }
1286
1287 err = __sock_queue_rcv_skb(sk, skb);
e328140f
MM		 1288
1289 /* For ERTM, handle one skb that doesn't fit into the recv
1290 * buffer. This is important to do because the data frames
1291 * have already been acked, so the skb cannot be discarded.
1292 *
1293 * Notify the l2cap core that the buffer is full, so the
1294 * LOCAL_BUSY state is entered and no more frames are
1295 * acked and reassembled until there is buffer space
1296 * available.
1297 */
84b34d98
MH		 1298 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1299 l2cap_pi(sk)->rx_busy_skb = skb;
1300 l2cap_chan_busy(chan, 1);
e328140f
MM		 1301 err = 0;
1302 }
23070494 1303
6be36555
AE		 1304done:
1305 release_sock(sk);
1306
e328140f 1307 return err;
23070494
GP		 1308}
1309
80b98027 1310static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1311{
80b98027 1312 struct sock *sk = chan->data;
ba3bd0ee
GP		 1313
1314 l2cap_sock_kill(sk);
1315}
1316
c0df7f6e
AE		 1317static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1318{
1319 struct sock *sk = chan->data;
1320 struct sock *parent;
1321
49d11741
JH		 1322 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1323
3b2ab39e
JH		 1324 /* This callback can be called both for server (BT_LISTEN)
1325 * sockets as well as "normal" ones. To avoid lockdep warnings
1326 * with child socket locking (through l2cap_sock_cleanup_listen)
1327 * we need separation into separate nesting levels. The simplest
1328 * way to accomplish this is to inherit the nesting level used
1329 * for the channel.
1330 */
1331 lock_sock_nested(sk, atomic_read(&chan->nesting));
c0df7f6e
AE		 1332
1333 parent = bt_sk(sk)->parent;
1334
1335 sock_set_flag(sk, SOCK_ZAPPED);
1336
1337 switch (chan->state) {
1338 case BT_OPEN:
1339 case BT_BOUND:
1340 case BT_CLOSED:
1341 break;
1342 case BT_LISTEN:
1343 l2cap_sock_cleanup_listen(sk);
1344 sk->sk_state = BT_CLOSED;
1345 chan->state = BT_CLOSED;
1346
1347 break;
1348 default:
1349 sk->sk_state = BT_CLOSED;
1350 chan->state = BT_CLOSED;
1351
1352 sk->sk_err = err;
1353
1354 if (parent) {
1355 bt_accept_unlink(sk);
676d2369 1356 parent->sk_data_ready(parent);
c0df7f6e
AE		 1357 } else {
1358 sk->sk_state_change(sk);
1359 }
1360
1361 break;
1362 }
1363
1364 release_sock(sk);
1365}
1366
53f52121
GP		 1367static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1368 int err)
89bc500e 1369{
80b98027 1370 struct sock *sk = chan->data;
89bc500e
GP		 1371
1372 sk->sk_state = state;
53f52121
GP		 1373
1374 if (err)
1375 sk->sk_err = err;
89bc500e
GP		 1376}
1377
2f7719ce 1378static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
d9fbd02b 1379 unsigned long hdr_len,
90338947 1380 unsigned long len, int nb)
2f7719ce 1381{
0f2c6153 1382 struct sock *sk = chan->data;
90338947
GP		 1383 struct sk_buff *skb;
1384 int err;
1385
a6a5568c 1386 l2cap_chan_unlock(chan);
d9fbd02b 1387 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
a6a5568c
MM		 1388 l2cap_chan_lock(chan);
1389
90338947
GP		 1390 if (!skb)
1391 return ERR_PTR(err);
2f7719ce 1392
8d46321c
MH		 1393 skb->priority = sk->sk_priority;
1394
a4368ff3 1395 bt_cb(skb)->l2cap.chan = chan;
0e790c64 1396
90338947 1397 return skb;
2f7719ce
AE		 1398}
1399
54a59aa2
AE		 1400static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1401{
1402 struct sock *sk = chan->data;
1403 struct sock *parent;
1404
1405 lock_sock(sk);
1406
1407 parent = bt_sk(sk)->parent;
1408
1409 BT_DBG("sk %p, parent %p", sk, parent);
1410
1411 sk->sk_state = BT_CONNECTED;
1412 sk->sk_state_change(sk);
1413
1414 if (parent)
676d2369 1415 parent->sk_data_ready(parent);
54a59aa2
AE		 1416
1417 release_sock(sk);
1418}
1419
2dc4e510
GP		 1420static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1421{
acdcabf5
GP		 1422 struct sock *parent, *sk = chan->data;
1423
1424 lock_sock(sk);
2dc4e510 1425
acdcabf5 1426 parent = bt_sk(sk)->parent;
2dc4e510 1427 if (parent)
676d2369 1428 parent->sk_data_ready(parent);
acdcabf5
GP		 1429
1430 release_sock(sk);
2dc4e510
GP		 1431}
1432
d97c899b
MH		 1433static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1434{
1435 struct sock *sk = chan->data;
1436
d52deb17
JH		 1437 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1438 sk->sk_state = BT_CONNECTED;
1439 chan->state = BT_CONNECTED;
1440 }
1441
d97c899b
MH		 1442 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1443 sk->sk_state_change(sk);
1444}
1445
5ec1bbe5
GP		 1446static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1447{
1448 struct sock *sk = chan->data;
1449
1450 lock_sock(sk);
1451 sk->sk_shutdown = SHUTDOWN_MASK;
1452 release_sock(sk);
1453}
1454
8d836d71
GP		 1455static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1456{
1457 struct sock *sk = chan->data;
1458
1459 return sk->sk_sndtimeo;
1460}
1461
837776f7
JH		 1462static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1463{
1464 struct sock *sk = chan->data;
1465
1466 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1467 sk->sk_state_change(sk);
1468}
1469
67f86a45 1470static const struct l2cap_ops l2cap_chan_ops = {
0498878b
JR		 1471 .name = "L2CAP Socket Interface",
1472 .new_connection = l2cap_sock_new_connection_cb,
1473 .recv = l2cap_sock_recv_cb,
1474 .close = l2cap_sock_close_cb,
1475 .teardown = l2cap_sock_teardown_cb,
1476 .state_change = l2cap_sock_state_change_cb,
1477 .ready = l2cap_sock_ready_cb,
1478 .defer = l2cap_sock_defer_cb,
1479 .resume = l2cap_sock_resume_cb,
1480 .suspend = l2cap_sock_suspend_cb,
1481 .set_shutdown = l2cap_sock_set_shutdown_cb,
1482 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1483 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1484};
1485
bb58f747
GP		 1486static void l2cap_sock_destruct(struct sock *sk)
1487{
1488 BT_DBG("sk %p", sk);
1489
23d3a869
SL		 1490 if (l2cap_pi(sk)->chan)
1491 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1492
e328140f
MM		 1493 if (l2cap_pi(sk)->rx_busy_skb) {
1494 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1495 l2cap_pi(sk)->rx_busy_skb = NULL;
1496 }
1497
bb58f747
GP		 1498 skb_queue_purge(&sk->sk_receive_queue);
1499 skb_queue_purge(&sk->sk_write_queue);
1500}
1501
2edf870d
MH		 1502static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1503 int *msg_namelen)
1504{
342dfc30 1505 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1506
1507 memset(la, 0, sizeof(struct sockaddr_l2));
1508 la->l2_family = AF_BLUETOOTH;
a4368ff3
JH		 1509 la->l2_psm = bt_cb(skb)->l2cap.psm;
1510 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
2edf870d
MH		 1511
1512 *msg_namelen = sizeof(struct sockaddr_l2);
1513}
1514
80808e43 1515static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1516{
84b34d98 1517 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1518
1519 BT_DBG("sk %p", sk);
1520
1521 if (parent) {
b4450035
GP		 1522 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1523
bb58f747 1524 sk->sk_type = parent->sk_type;
c5daa683 1525 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1526
715ec005 1527 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1528 chan->imtu = pchan->imtu;
1529 chan->omtu = pchan->omtu;
b4450035 1530 chan->conf_state = pchan->conf_state;
0c1bc5c6 1531 chan->mode = pchan->mode;
47d1ec61
GP		 1532 chan->fcs = pchan->fcs;
1533 chan->max_tx = pchan->max_tx;
1534 chan->tx_win = pchan->tx_win;
6b3c7104 1535 chan->tx_win_max = pchan->tx_win_max;
4343478f 1536 chan->sec_level = pchan->sec_level;
d57b0e8b 1537 chan->flags = pchan->flags;
0cd75f7e
JH		 1538 chan->tx_credits = pchan->tx_credits;
1539 chan->rx_credits = pchan->rx_credits;
6230c9b4 1540
7a8e5a31
JH		 1541 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1542 chan->scid = pchan->scid;
1543 chan->dcid = pchan->scid;
1544 }
1545
6230c9b4 1546 security_sk_clone(parent, sk);
bb58f747 1547 } else {
715ec005
GP		 1548 switch (sk->sk_type) {
1549 case SOCK_RAW:
1550 chan->chan_type = L2CAP_CHAN_RAW;
1551 break;
1552 case SOCK_DGRAM:
1553 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1554 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1555 break;
1556 case SOCK_SEQPACKET:
1557 case SOCK_STREAM:
1558 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1559 break;
1560 }
1561
0c1bc5c6
GP		 1562 chan->imtu = L2CAP_DEFAULT_MTU;
1563 chan->omtu = 0;
bb58f747 1564 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1565 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1566 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1567 } else {
0c1bc5c6 1568 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1569 }
bd4b1653
AE		 1570
1571 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1572 }
1573
1574 /* Default config options */
0c1bc5c6 1575 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1576
1577 chan->data = sk;
1578 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1579}
1580
1581static struct proto l2cap_proto = {
1582 .name = "L2CAP",
1583 .owner = THIS_MODULE,
1584 .obj_size = sizeof(struct l2cap_pinfo)
1585};
1586
2d792818 1587static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 1588 int proto, gfp_t prio, int kern)
bb58f747
GP		 1589{
1590 struct sock *sk;
dc50a06d 1591 struct l2cap_chan *chan;
bb58f747 1592
11aa9c28 1593 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
bb58f747
GP		 1594 if (!sk)
1595 return NULL;
1596
1597 sock_init_data(sock, sk);
1598 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1599
1600 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1601 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1602
1603 sock_reset_flag(sk, SOCK_ZAPPED);
1604
1605 sk->sk_protocol = proto;
1606 sk->sk_state = BT_OPEN;
1607
eef1d9b6 1608 chan = l2cap_chan_create();
dc50a06d 1609 if (!chan) {
49dfbb91 1610 sk_free(sk);
dc50a06d
GP		 1611 return NULL;
1612 }
1613
61d6ef3e
MM		 1614 l2cap_chan_hold(chan);
1615
dc50a06d
GP		 1616 l2cap_pi(sk)->chan = chan;
1617
bb58f747
GP		 1618 return sk;
1619}
1620
1621static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1622 int kern)
1623{
1624 struct sock *sk;
1625
1626 BT_DBG("sock %p", sock);
1627
1628 sock->state = SS_UNCONNECTED;
1629
1630 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1631 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1632 return -ESOCKTNOSUPPORT;
1633
1634 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1635 return -EPERM;
1636
1637 sock->ops = &l2cap_sock_ops;
1638
11aa9c28 1639 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
bb58f747
GP		 1640 if (!sk)
1641 return -ENOMEM;
1642
1643 l2cap_sock_init(sk, NULL);
5b28d95c 1644 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1645 return 0;
1646}
1647
cf2f90f5 1648static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1649 .family = PF_BLUETOOTH,
1650 .owner = THIS_MODULE,
1651 .release = l2cap_sock_release,
1652 .bind = l2cap_sock_bind,
1653 .connect = l2cap_sock_connect,
1654 .listen = l2cap_sock_listen,
1655 .accept = l2cap_sock_accept,
1656 .getname = l2cap_sock_getname,
1657 .sendmsg = l2cap_sock_sendmsg,
1658 .recvmsg = l2cap_sock_recvmsg,
a11e1d43 1659 .poll = bt_sock_poll,
65390587 1660 .ioctl = bt_sock_ioctl,
c7cbdbf2 1661 .gettstamp = sock_gettstamp,
65390587
GP		 1662 .mmap = sock_no_mmap,
1663 .socketpair = sock_no_socketpair,
1664 .shutdown = l2cap_sock_shutdown,
1665 .setsockopt = l2cap_sock_setsockopt,
1666 .getsockopt = l2cap_sock_getsockopt
1667};
1668
bb58f747
GP		 1669static const struct net_proto_family l2cap_sock_family_ops = {
1670 .family = PF_BLUETOOTH,
1671 .owner = THIS_MODULE,
1672 .create = l2cap_sock_create,
1673};
1674
1675int __init l2cap_init_sockets(void)
1676{
e2174ca4 1677 int err;
bb58f747 1678
dd625558
MH		 1679 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1680
e2174ca4
GP		 1681 err = proto_register(&l2cap_proto, 0);
1682 if (err < 0)
1683 return err;
bb58f747 1684
e2174ca4 1685 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1686 if (err < 0) {
1687 BT_ERR("L2CAP socket registration failed");
e2174ca4 1688 goto error;
5b28d95c
MY		 1689 }
1690
b0316615 1691 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1692 NULL);
5b28d95c
MY		 1693 if (err < 0) {
1694 BT_ERR("Failed to create L2CAP proc file");
1695 bt_sock_unregister(BTPROTO_L2CAP);
1696 goto error;
1697 }
bb58f747 1698
e2174ca4 1699 BT_INFO("L2CAP socket layer initialized");
bb58f747 1700
e2174ca4 1701 return 0;
bb58f747
GP		 1702
1703error:
e2174ca4
GP		 1704 proto_unregister(&l2cap_proto);
1705 return err;
bb58f747
GP		 1706}
1707
1708void l2cap_cleanup_sockets(void)
1709{
5b28d95c 1710 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1711 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1712 proto_unregister(&l2cap_proto);
bb58f747 1713}
Linux 6.x block layer and io_uring tree(s)