projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Do not access chan->sk directly
[linux-2.6-block.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
bc3b2d7f 30#include <linux/export.h>
6230c9b4 31
bb58f747 32#include <net/bluetooth/bluetooth.h>
33575df7 33#include <net/bluetooth/hci_core.h>
bb58f747 34#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 35
36#include "smp.h"
bb58f747 37
5b28d95c
MY		 38static struct bt_sock_list l2cap_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
40};
41
cf2f90f5 42static const struct proto_ops l2cap_sock_ops;
80808e43 43static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
45 int proto, gfp_t prio);
cf2f90f5 46
b3916db3
DH		 47bool l2cap_is_socket(struct socket *sock)
48{
49 return sock && sock->ops == &l2cap_sock_ops;
50}
51EXPORT_SYMBOL(l2cap_is_socket);
52
af6bcd82
GP		 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
54{
55 struct sock *sk = sock->sk;
4343478f 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 57 struct sockaddr_l2 la;
58 int len, err = 0;
59
60 BT_DBG("sk %p", sk);
61
62 if (!addr || addr->sa_family != AF_BLUETOOTH)
63 return -EINVAL;
64
65 memset(&la, 0, sizeof(la));
66 len = min_t(unsigned int, sizeof(la), alen);
67 memcpy(&la, addr, len);
68
b62f328b 69 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 70 return -EINVAL;
71
80c1a2e7
JH		 72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
73 return -EINVAL;
74
bfe4655f
JH		 75 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
76 /* Connection oriented channels are not supported on LE */
77 if (la.l2_psm)
78 return -EINVAL;
79 /* We only allow ATT user space socket */
7f59ddad 80 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 81 return -EINVAL;
82 }
83
af6bcd82
GP		 84 lock_sock(sk);
85
86 if (sk->sk_state != BT_OPEN) {
87 err = -EBADFD;
88 goto done;
89 }
90
91 if (la.l2_psm) {
92 __u16 psm = __le16_to_cpu(la.l2_psm);
93
94 /* PSM must be odd and lsb of upper byte must be 0 */
95 if ((psm & 0x0101) != 0x0001) {
96 err = -EINVAL;
97 goto done;
98 }
99
100 /* Restrict usage of well-known PSMs */
101 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
102 err = -EACCES;
103 goto done;
104 }
105 }
106
9e4425ff 107 if (la.l2_cid)
6e4aff10 108 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 109 else
110 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 111
9e4425ff
GP		 112 if (err < 0)
113 goto done;
af6bcd82 114
6a974b50 115 switch (chan->chan_type) {
3124b843
MH		 116 case L2CAP_CHAN_CONN_LESS:
117 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
118 chan->sec_level = BT_SECURITY_SDP;
119 break;
6a974b50
MH		 120 case L2CAP_CHAN_CONN_ORIENTED:
121 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
122 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
123 chan->sec_level = BT_SECURITY_SDP;
124 break;
125 }
b62f328b 126
7eafc59e 127 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 128 chan->src_type = la.l2_bdaddr_type;
89bc500e
GP		 129
130 chan->state = BT_BOUND;
9e4425ff 131 sk->sk_state = BT_BOUND;
af6bcd82
GP		 132
133done:
134 release_sock(sk);
135 return err;
136}
137
2d792818
GP		 138static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
139 int alen, int flags)
4e34c50b
GP		 140{
141 struct sock *sk = sock->sk;
0c1bc5c6 142 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 143 struct sockaddr_l2 la;
144 int len, err = 0;
145
146 BT_DBG("sk %p", sk);
147
148 if (!addr || alen < sizeof(addr->sa_family) ||
149 addr->sa_family != AF_BLUETOOTH)
150 return -EINVAL;
151
152 memset(&la, 0, sizeof(la));
153 len = min_t(unsigned int, sizeof(la), alen);
154 memcpy(&la, addr, len);
155
acd7d370 156 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 157 return -EINVAL;
158
80c1a2e7
JH		 159 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
160 return -EINVAL;
161
eb622495
JH		 162 /* Check that the socket wasn't bound to something that
163 * conflicts with the address given to connect(). If chan->src
164 * is BDADDR_ANY it means bind() was never used, in which case
165 * chan->src_type and la.l2_bdaddr_type do not need to match.
166 */
167 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
168 bdaddr_type_is_le(la.l2_bdaddr_type)) {
169 /* Old user space versions will try to incorrectly bind
170 * the ATT socket using BDADDR_BREDR. We need to accept
171 * this and fix up the source address type only when
172 * both the source CID and destination CID indicate
173 * ATT. Anything else is an invalid combination.
174 */
175 if (chan->scid != L2CAP_CID_ATT ||
176 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
177 return -EINVAL;
178
179 /* We don't have the hdev available here to make a
180 * better decision on random vs public, but since all
181 * user space versions that exhibit this issue anyway do
182 * not support random local addresses assuming public
183 * here is good enough.
184 */
185 chan->src_type = BDADDR_LE_PUBLIC;
186 }
1f209383
JH		 187
188 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
189 return -EINVAL;
190
bfe4655f
JH		 191 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
192 /* Connection oriented channels are not supported on LE */
193 if (la.l2_psm)
194 return -EINVAL;
195 /* We only allow ATT user space socket */
7f59ddad 196 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 197 return -EINVAL;
198 }
199
6e4aff10 200 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 201 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 202 if (err)
b3fb611e 203 return err;
4e34c50b 204
6be36555
AE		 205 lock_sock(sk);
206
4e34c50b 207 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 208 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 209
210 release_sock(sk);
211
4e34c50b
GP		 212 return err;
213}
214
af6bcd82
GP		 215static int l2cap_sock_listen(struct socket *sock, int backlog)
216{
217 struct sock *sk = sock->sk;
0c1bc5c6 218 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 219 int err = 0;
220
221 BT_DBG("sk %p backlog %d", sk, backlog);
222
223 lock_sock(sk);
224
6b3af733 225 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 226 err = -EBADFD;
227 goto done;
228 }
229
6b3af733
MH		 230 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
231 err = -EINVAL;
232 goto done;
233 }
234
0c1bc5c6 235 switch (chan->mode) {
af6bcd82
GP		 236 case L2CAP_MODE_BASIC:
237 break;
238 case L2CAP_MODE_ERTM:
239 case L2CAP_MODE_STREAMING:
240 if (!disable_ertm)
241 break;
242 /* fall through */
243 default:
244 err = -ENOTSUPP;
245 goto done;
246 }
247
af6bcd82
GP		 248 sk->sk_max_ack_backlog = backlog;
249 sk->sk_ack_backlog = 0;
89bc500e
GP		 250
251 chan->state = BT_LISTEN;
af6bcd82
GP		 252 sk->sk_state = BT_LISTEN;
253
254done:
255 release_sock(sk);
256 return err;
257}
258
2d792818
GP		 259static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
260 int flags)
c47b7c72
GP		 261{
262 DECLARE_WAITQUEUE(wait, current);
263 struct sock *sk = sock->sk, *nsk;
264 long timeo;
265 int err = 0;
266
267 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
268
c47b7c72
GP		 269 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
270
271 BT_DBG("sk %p timeo %ld", sk, timeo);
272
273 /* Wait for an incoming connection. (wake-one). */
274 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 275 while (1) {
c47b7c72 276 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 277
278 if (sk->sk_state != BT_LISTEN) {
279 err = -EBADFD;
c47b7c72
GP		 280 break;
281 }
282
f9a3c20a
PH		 283 nsk = bt_accept_dequeue(sk, newsock);
284 if (nsk)
285 break;
c47b7c72 286
f9a3c20a
PH		 287 if (!timeo) {
288 err = -EAGAIN;
c47b7c72
GP		 289 break;
290 }
291
292 if (signal_pending(current)) {
293 err = sock_intr_errno(timeo);
294 break;
295 }
f9a3c20a
PH		 296
297 release_sock(sk);
298 timeo = schedule_timeout(timeo);
299 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 300 }
f9a3c20a 301 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 302 remove_wait_queue(sk_sleep(sk), &wait);
303
304 if (err)
305 goto done;
306
307 newsock->state = SS_CONNECTED;
308
309 BT_DBG("new socket %p", nsk);
310
311done:
312 release_sock(sk);
313 return err;
314}
315
2d792818
GP		 316static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
317 int *len, int peer)
d7175d55
GP		 318{
319 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
320 struct sock *sk = sock->sk;
0c1bc5c6 321 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 322
323 BT_DBG("sock %p, sk %p", sock, sk);
324
792039c7 325 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 326 addr->sa_family = AF_BLUETOOTH;
327 *len = sizeof(struct sockaddr_l2);
328
329 if (peer) {
fe4128e0 330 la->l2_psm = chan->psm;
7eafc59e 331 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 332 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 333 la->l2_bdaddr_type = chan->dst_type;
d7175d55 334 } else {
0c1bc5c6 335 la->l2_psm = chan->sport;
7eafc59e 336 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 337 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 338 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 339 }
340
341 return 0;
342}
343
2d792818
GP		 344static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
345 char __user *optval, int __user *optlen)
99f4808d
GP		 346{
347 struct sock *sk = sock->sk;
4343478f 348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 349 struct l2cap_options opts;
350 struct l2cap_conninfo cinfo;
351 int len, err = 0;
352 u32 opt;
353
354 BT_DBG("sk %p", sk);
355
356 if (get_user(len, optlen))
357 return -EFAULT;
358
359 lock_sock(sk);
360
361 switch (optname) {
362 case L2CAP_OPTIONS:
e3fb592b 363 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 364 opts.imtu = chan->imtu;
365 opts.omtu = chan->omtu;
366 opts.flush_to = chan->flush_to;
367 opts.mode = chan->mode;
47d1ec61
GP		 368 opts.fcs = chan->fcs;
369 opts.max_tx = chan->max_tx;
6327eb98 370 opts.txwin_size = chan->tx_win;
99f4808d
GP		 371
372 len = min_t(unsigned int, len, sizeof(opts));
373 if (copy_to_user(optval, (char *) &opts, len))
374 err = -EFAULT;
375
376 break;
377
378 case L2CAP_LM:
4343478f 379 switch (chan->sec_level) {
99f4808d
GP		 380 case BT_SECURITY_LOW:
381 opt = L2CAP_LM_AUTH;
382 break;
383 case BT_SECURITY_MEDIUM:
384 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
385 break;
386 case BT_SECURITY_HIGH:
387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 388 L2CAP_LM_SECURE;
99f4808d
GP		 389 break;
390 default:
391 opt = 0;
392 break;
393 }
394
43bd0f32 395 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 396 opt |= L2CAP_LM_MASTER;
397
ecf61bdb 398 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 399 opt |= L2CAP_LM_RELIABLE;
400
401 if (put_user(opt, (u32 __user *) optval))
402 err = -EFAULT;
403 break;
404
405 case L2CAP_CONNINFO:
406 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 407 !(sk->sk_state == BT_CONNECT2 &&
408 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 409 err = -ENOTCONN;
410 break;
411 }
412
8d03e971 413 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 414 cinfo.hci_handle = chan->conn->hcon->handle;
415 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 416
417 len = min_t(unsigned int, len, sizeof(cinfo));
418 if (copy_to_user(optval, (char *) &cinfo, len))
419 err = -EFAULT;
420
421 break;
422
423 default:
424 err = -ENOPROTOOPT;
425 break;
426 }
427
428 release_sock(sk);
429 return err;
430}
431
2d792818
GP		 432static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
433 char __user *optval, int __user *optlen)
99f4808d
GP		 434{
435 struct sock *sk = sock->sk;
4343478f 436 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 437 struct bt_security sec;
14b12d0b 438 struct bt_power pwr;
99f4808d
GP		 439 int len, err = 0;
440
441 BT_DBG("sk %p", sk);
442
443 if (level == SOL_L2CAP)
444 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
445
446 if (level != SOL_BLUETOOTH)
447 return -ENOPROTOOPT;
448
449 if (get_user(len, optlen))
450 return -EFAULT;
451
452 lock_sock(sk);
453
454 switch (optname) {
455 case BT_SECURITY:
715ec005 456 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 457 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 458 err = -EINVAL;
459 break;
460 }
461
8f360119 462 memset(&sec, 0, sizeof(sec));
85e34368 463 if (chan->conn) {
c6585a4d 464 sec.level = chan->conn->hcon->sec_level;
99f4808d 465
85e34368
AE		 466 if (sk->sk_state == BT_CONNECTED)
467 sec.key_size = chan->conn->hcon->enc_key_size;
468 } else {
469 sec.level = chan->sec_level;
470 }
8f360119 471
99f4808d
GP		 472 len = min_t(unsigned int, len, sizeof(sec));
473 if (copy_to_user(optval, (char *) &sec, len))
474 err = -EFAULT;
475
476 break;
477
478 case BT_DEFER_SETUP:
479 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
480 err = -EINVAL;
481 break;
482 }
483
c5daa683
GP		 484 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
485 (u32 __user *) optval))
99f4808d
GP		 486 err = -EFAULT;
487
488 break;
489
490 case BT_FLUSHABLE:
d57b0e8b 491 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 492 (u32 __user *) optval))
99f4808d
GP		 493 err = -EFAULT;
494
495 break;
496
14b12d0b
JG		 497 case BT_POWER:
498 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 499 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 500 err = -EINVAL;
501 break;
502 }
503
15770b1a 504 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 505
506 len = min_t(unsigned int, len, sizeof(pwr));
507 if (copy_to_user(optval, (char *) &pwr, len))
508 err = -EFAULT;
509
510 break;
511
2ea66482 512 case BT_CHANNEL_POLICY:
2ea66482
MM		 513 if (put_user(chan->chan_policy, (u32 __user *) optval))
514 err = -EFAULT;
515 break;
516
99f4808d
GP		 517 default:
518 err = -ENOPROTOOPT;
519 break;
520 }
521
522 release_sock(sk);
523 return err;
524}
525
682877c3
AG		 526static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
527{
528 switch (chan->scid) {
073d1cf3 529 case L2CAP_CID_ATT:
8c3a4f00 530 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 531 return false;
532 break;
533
534 default:
535 if (mtu < L2CAP_DEFAULT_MIN_MTU)
536 return false;
537 }
538
539 return true;
540}
541
2d792818
GP		 542static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
543 char __user *optval, unsigned int optlen)
33575df7
GP		 544{
545 struct sock *sk = sock->sk;
b4450035 546 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 547 struct l2cap_options opts;
548 int len, err = 0;
549 u32 opt;
550
551 BT_DBG("sk %p", sk);
552
553 lock_sock(sk);
554
555 switch (optname) {
556 case L2CAP_OPTIONS:
557 if (sk->sk_state == BT_CONNECTED) {
558 err = -EINVAL;
559 break;
560 }
561
0c1bc5c6
GP		 562 opts.imtu = chan->imtu;
563 opts.omtu = chan->omtu;
564 opts.flush_to = chan->flush_to;
565 opts.mode = chan->mode;
47d1ec61
GP		 566 opts.fcs = chan->fcs;
567 opts.max_tx = chan->max_tx;
6327eb98 568 opts.txwin_size = chan->tx_win;
33575df7
GP		 569
570 len = min_t(unsigned int, sizeof(opts), optlen);
571 if (copy_from_user((char *) &opts, optval, len)) {
572 err = -EFAULT;
573 break;
574 }
575
6327eb98 576 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 577 err = -EINVAL;
578 break;
579 }
580
682877c3
AG		 581 if (!l2cap_valid_mtu(chan, opts.imtu)) {
582 err = -EINVAL;
583 break;
584 }
585
0c1bc5c6
GP		 586 chan->mode = opts.mode;
587 switch (chan->mode) {
33575df7 588 case L2CAP_MODE_BASIC:
c1360a1c 589 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 590 break;
591 case L2CAP_MODE_ERTM:
592 case L2CAP_MODE_STREAMING:
593 if (!disable_ertm)
594 break;
595 /* fall through */
596 default:
597 err = -EINVAL;
598 break;
599 }
600
0c1bc5c6
GP		 601 chan->imtu = opts.imtu;
602 chan->omtu = opts.omtu;
47d1ec61
GP		 603 chan->fcs = opts.fcs;
604 chan->max_tx = opts.max_tx;
6327eb98 605 chan->tx_win = opts.txwin_size;
12d59781 606 chan->flush_to = opts.flush_to;
33575df7
GP		 607 break;
608
609 case L2CAP_LM:
610 if (get_user(opt, (u32 __user *) optval)) {
611 err = -EFAULT;
612 break;
613 }
614
615 if (opt & L2CAP_LM_AUTH)
4343478f 616 chan->sec_level = BT_SECURITY_LOW;
33575df7 617 if (opt & L2CAP_LM_ENCRYPT)
4343478f 618 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 619 if (opt & L2CAP_LM_SECURE)
4343478f 620 chan->sec_level = BT_SECURITY_HIGH;
33575df7 621
43bd0f32
AE		 622 if (opt & L2CAP_LM_MASTER)
623 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
624 else
625 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 626
627 if (opt & L2CAP_LM_RELIABLE)
628 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
629 else
630 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 631 break;
632
633 default:
634 err = -ENOPROTOOPT;
635 break;
636 }
637
638 release_sock(sk);
639 return err;
640}
641
2d792818
GP		 642static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
643 char __user *optval, unsigned int optlen)
33575df7
GP		 644{
645 struct sock *sk = sock->sk;
4343478f 646 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 647 struct bt_security sec;
14b12d0b 648 struct bt_power pwr;
f1cb9af5 649 struct l2cap_conn *conn;
33575df7
GP		 650 int len, err = 0;
651 u32 opt;
652
653 BT_DBG("sk %p", sk);
654
655 if (level == SOL_L2CAP)
656 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
657
658 if (level != SOL_BLUETOOTH)
659 return -ENOPROTOOPT;
660
661 lock_sock(sk);
662
663 switch (optname) {
664 case BT_SECURITY:
715ec005 665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 666 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 667 err = -EINVAL;
668 break;
669 }
670
671 sec.level = BT_SECURITY_LOW;
672
673 len = min_t(unsigned int, sizeof(sec), optlen);
674 if (copy_from_user((char *) &sec, optval, len)) {
675 err = -EFAULT;
676 break;
677 }
678
679 if (sec.level < BT_SECURITY_LOW ||
2d792818 680 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 681 err = -EINVAL;
682 break;
683 }
684
4343478f 685 chan->sec_level = sec.level;
f1cb9af5 686
0bee1d60
GP		 687 if (!chan->conn)
688 break;
689
f1cb9af5 690 conn = chan->conn;
0bee1d60
GP		 691
692 /*change security for LE channels */
073d1cf3 693 if (chan->scid == L2CAP_CID_ATT) {
f1cb9af5
VCG		 694 if (!conn->hcon->out) {
695 err = -EINVAL;
696 break;
697 }
698
cc110922 699 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 700 break;
f1cb9af5 701 sk->sk_state = BT_CONFIG;
3542b854 702 chan->state = BT_CONFIG;
0bee1d60 703
a7d7723a
GP		 704 /* or for ACL link */
705 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 706 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 707 sk->sk_state == BT_CONNECTED) {
708 if (!l2cap_chan_check_security(chan))
c5daa683 709 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 710 else
711 sk->sk_state_change(sk);
0bee1d60
GP		 712 } else {
713 err = -EINVAL;
f1cb9af5 714 }
33575df7
GP		 715 break;
716
717 case BT_DEFER_SETUP:
718 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
719 err = -EINVAL;
720 break;
721 }
722
723 if (get_user(opt, (u32 __user *) optval)) {
724 err = -EFAULT;
725 break;
726 }
727
bdc25783 728 if (opt) {
c5daa683 729 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 730 set_bit(FLAG_DEFER_SETUP, &chan->flags);
731 } else {
c5daa683 732 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 733 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
734 }
33575df7
GP		 735 break;
736
737 case BT_FLUSHABLE:
738 if (get_user(opt, (u32 __user *) optval)) {
739 err = -EFAULT;
740 break;
741 }
742
743 if (opt > BT_FLUSHABLE_ON) {
744 err = -EINVAL;
745 break;
746 }
747
748 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 749 conn = chan->conn;
25985edc 750 /* proceed further only when we have l2cap_conn and
33575df7
GP		 751 No Flush support in the LM */
752 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
753 err = -EINVAL;
754 break;
755 }
756 }
757
d57b0e8b
AE		 758 if (opt)
759 set_bit(FLAG_FLUSHABLE, &chan->flags);
760 else
761 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 762 break;
763
14b12d0b
JG		 764 case BT_POWER:
765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 766 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 767 err = -EINVAL;
768 break;
769 }
770
771 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
772
773 len = min_t(unsigned int, sizeof(pwr), optlen);
774 if (copy_from_user((char *) &pwr, optval, len)) {
775 err = -EFAULT;
776 break;
777 }
15770b1a
AE		 778
779 if (pwr.force_active)
780 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
781 else
782 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 783 break;
784
2ea66482 785 case BT_CHANNEL_POLICY:
2ea66482
MM		 786 if (get_user(opt, (u32 __user *) optval)) {
787 err = -EFAULT;
788 break;
789 }
790
791 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
792 err = -EINVAL;
793 break;
794 }
795
796 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 797 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 798 err = -EOPNOTSUPP;
799 break;
800 }
801
802 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 803
804 if (sk->sk_state == BT_CONNECTED &&
805 chan->move_role == L2CAP_MOVE_ROLE_NONE)
806 l2cap_move_start(chan);
807
14b12d0b
JG		 808 break;
809
33575df7
GP		 810 default:
811 err = -ENOPROTOOPT;
812 break;
813 }
814
815 release_sock(sk);
816 return err;
817}
fd83ccdb 818
2d792818
GP		 819static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
820 struct msghdr *msg, size_t len)
fd83ccdb
GP		 821{
822 struct sock *sk = sock->sk;
0c1bc5c6 823 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 824 int err;
825
826 BT_DBG("sock %p, sk %p", sock, sk);
827
828 err = sock_error(sk);
829 if (err)
830 return err;
831
832 if (msg->msg_flags & MSG_OOB)
833 return -EOPNOTSUPP;
834
a6a5568c 835 if (sk->sk_state != BT_CONNECTED)
9a91a04a 836 return -ENOTCONN;
fd83ccdb 837
e793dcf0
JH		 838 lock_sock(sk);
839 err = bt_sock_wait_ready(sk, msg->msg_flags);
840 release_sock(sk);
841 if (err)
842 return err;
843
a6a5568c 844 l2cap_chan_lock(chan);
5e59b791 845 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 846 l2cap_chan_unlock(chan);
fd83ccdb 847
fd83ccdb
GP		 848 return err;
849}
33575df7 850
2d792818
GP		 851static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
852 struct msghdr *msg, size_t len, int flags)
68983259
GP		 853{
854 struct sock *sk = sock->sk;
e328140f
MM		 855 struct l2cap_pinfo *pi = l2cap_pi(sk);
856 int err;
68983259
GP		 857
858 lock_sock(sk);
859
c5daa683
GP		 860 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
861 &bt_sk(sk)->flags)) {
8c1d787b 862 sk->sk_state = BT_CONFIG;
3542b854 863 pi->chan->state = BT_CONFIG;
8c1d787b 864
e328140f 865 __l2cap_connect_rsp_defer(pi->chan);
970871bc
JH		 866 err = 0;
867 goto done;
68983259
GP		 868 }
869
870 release_sock(sk);
871
872 if (sock->type == SOCK_STREAM)
e328140f
MM		 873 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
874 else
875 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
876
877 if (pi->chan->mode != L2CAP_MODE_ERTM)
878 return err;
879
880 /* Attempt to put pending rx data in the socket buffer */
881
882 lock_sock(sk);
883
884 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
885 goto done;
886
887 if (pi->rx_busy_skb) {
888 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
889 pi->rx_busy_skb = NULL;
890 else
891 goto done;
892 }
893
894 /* Restore data flow when half of the receive buffer is
895 * available. This avoids resending large numbers of
896 * frames.
897 */
898 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
899 l2cap_chan_busy(pi->chan, 0);
68983259 900
e328140f
MM		 901done:
902 release_sock(sk);
903 return err;
68983259
GP		 904}
905
05fc1576
GP		 906/* Kill socket (only if zapped and orphan)
907 * Must be called on unlocked socket.
908 */
ba3bd0ee 909static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 910{
911 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
912 return;
913
e05dcc32 914 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 915
916 /* Kill poor orphan */
6ff5abbf 917
4af66c69 918 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 919 sock_set_flag(sk, SOCK_DEAD);
920 sock_put(sk);
921}
922
dc25306b
GP		 923static int __l2cap_wait_ack(struct sock *sk)
924{
925 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
926 DECLARE_WAITQUEUE(wait, current);
927 int err = 0;
928 int timeo = HZ/5;
929
930 add_wait_queue(sk_sleep(sk), &wait);
931 set_current_state(TASK_INTERRUPTIBLE);
932 while (chan->unacked_frames > 0 && chan->conn) {
933 if (!timeo)
934 timeo = HZ/5;
935
936 if (signal_pending(current)) {
937 err = sock_intr_errno(timeo);
938 break;
939 }
940
941 release_sock(sk);
942 timeo = schedule_timeout(timeo);
943 lock_sock(sk);
944 set_current_state(TASK_INTERRUPTIBLE);
945
946 err = sock_error(sk);
947 if (err)
948 break;
949 }
950 set_current_state(TASK_RUNNING);
951 remove_wait_queue(sk_sleep(sk), &wait);
952 return err;
953}
954
dcba0dba
GP		 955static int l2cap_sock_shutdown(struct socket *sock, int how)
956{
957 struct sock *sk = sock->sk;
7ddb6e0f 958 struct l2cap_chan *chan;
3df91ea2 959 struct l2cap_conn *conn;
dcba0dba
GP		 960 int err = 0;
961
962 BT_DBG("sock %p, sk %p", sock, sk);
963
964 if (!sk)
965 return 0;
966
7ddb6e0f 967 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 968 conn = chan->conn;
969
970 if (conn)
971 mutex_lock(&conn->chan_lock);
7ddb6e0f 972
6be36555 973 l2cap_chan_lock(chan);
dcba0dba 974 lock_sock(sk);
6be36555 975
dcba0dba 976 if (!sk->sk_shutdown) {
0c1bc5c6 977 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 978 err = __l2cap_wait_ack(sk);
979
980 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 981
6be36555 982 release_sock(sk);
0f852724 983 l2cap_chan_close(chan, 0);
6be36555 984 lock_sock(sk);
dcba0dba
GP		 985
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
987 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 988 sk->sk_lingertime);
dcba0dba
GP		 989 }
990
991 if (!err && sk->sk_err)
992 err = -sk->sk_err;
993
994 release_sock(sk);
6be36555 995 l2cap_chan_unlock(chan);
3df91ea2
AE		 996
997 if (conn)
998 mutex_unlock(&conn->chan_lock);
999
dcba0dba
GP		 1000 return err;
1001}
1002
554f05bb
GP		 1003static int l2cap_sock_release(struct socket *sock)
1004{
1005 struct sock *sk = sock->sk;
1006 int err;
1007
1008 BT_DBG("sock %p, sk %p", sock, sk);
1009
1010 if (!sk)
1011 return 0;
1012
5b28d95c
MY		 1013 bt_sock_unlink(&l2cap_sk_list, sk);
1014
554f05bb
GP		 1015 err = l2cap_sock_shutdown(sock, 2);
1016
1017 sock_orphan(sk);
1018 l2cap_sock_kill(sk);
1019 return err;
1020}
1021
c0df7f6e
AE		 1022static void l2cap_sock_cleanup_listen(struct sock *parent)
1023{
1024 struct sock *sk;
1025
1026 BT_DBG("parent %p", parent);
1027
1028 /* Close not yet accepted channels */
1029 while ((sk = bt_accept_dequeue(parent, NULL))) {
1030 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1031
1032 l2cap_chan_lock(chan);
1033 __clear_chan_timer(chan);
1034 l2cap_chan_close(chan, ECONNRESET);
1035 l2cap_chan_unlock(chan);
1036
1037 l2cap_sock_kill(sk);
1038 }
1039}
1040
80b98027 1041static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1042{
80b98027 1043 struct sock *sk, *parent = chan->data;
80808e43 1044
53826692
GP		 1045 /* Check for backlog size */
1046 if (sk_acceptq_is_full(parent)) {
1047 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1048 return NULL;
1049 }
1050
80808e43 1051 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 1052 GFP_ATOMIC);
80808e43
GP		 1053 if (!sk)
1054 return NULL;
1055
d22015aa
OP		 1056 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1057
80808e43
GP		 1058 l2cap_sock_init(sk, parent);
1059
644912e1
GP		 1060 bt_accept_enqueue(parent, sk);
1061
80808e43
GP		 1062 return l2cap_pi(sk)->chan;
1063}
1064
80b98027 1065static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1066{
80b98027 1067 struct sock *sk = chan->data;
84b34d98 1068 int err;
e328140f 1069
6be36555
AE		 1070 lock_sock(sk);
1071
84b34d98 1072 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1073 err = -ENOMEM;
1074 goto done;
1075 }
e328140f
MM		 1076
1077 err = sock_queue_rcv_skb(sk, skb);
1078
1079 /* For ERTM, handle one skb that doesn't fit into the recv
1080 * buffer. This is important to do because the data frames
1081 * have already been acked, so the skb cannot be discarded.
1082 *
1083 * Notify the l2cap core that the buffer is full, so the
1084 * LOCAL_BUSY state is entered and no more frames are
1085 * acked and reassembled until there is buffer space
1086 * available.
1087 */
84b34d98
MH		 1088 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1089 l2cap_pi(sk)->rx_busy_skb = skb;
1090 l2cap_chan_busy(chan, 1);
e328140f
MM		 1091 err = 0;
1092 }
23070494 1093
6be36555
AE		 1094done:
1095 release_sock(sk);
1096
e328140f 1097 return err;
23070494
GP		 1098}
1099
80b98027 1100static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1101{
80b98027 1102 struct sock *sk = chan->data;
ba3bd0ee
GP		 1103
1104 l2cap_sock_kill(sk);
1105}
1106
c0df7f6e
AE		 1107static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1108{
1109 struct sock *sk = chan->data;
1110 struct sock *parent;
1111
1112 lock_sock(sk);
1113
1114 parent = bt_sk(sk)->parent;
1115
1116 sock_set_flag(sk, SOCK_ZAPPED);
1117
1118 switch (chan->state) {
1119 case BT_OPEN:
1120 case BT_BOUND:
1121 case BT_CLOSED:
1122 break;
1123 case BT_LISTEN:
1124 l2cap_sock_cleanup_listen(sk);
1125 sk->sk_state = BT_CLOSED;
1126 chan->state = BT_CLOSED;
1127
1128 break;
1129 default:
1130 sk->sk_state = BT_CLOSED;
1131 chan->state = BT_CLOSED;
1132
1133 sk->sk_err = err;
1134
1135 if (parent) {
1136 bt_accept_unlink(sk);
1137 parent->sk_data_ready(parent, 0);
1138 } else {
1139 sk->sk_state_change(sk);
1140 }
1141
1142 break;
1143 }
1144
1145 release_sock(sk);
1146}
1147
53f52121
GP		 1148static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1149 int err)
89bc500e 1150{
80b98027 1151 struct sock *sk = chan->data;
89bc500e
GP		 1152
1153 sk->sk_state = state;
53f52121
GP		 1154
1155 if (err)
1156 sk->sk_err = err;
89bc500e
GP		 1157}
1158
2f7719ce 1159static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1160 unsigned long len, int nb)
2f7719ce 1161{
0f2c6153 1162 struct sock *sk = chan->data;
90338947
GP		 1163 struct sk_buff *skb;
1164 int err;
1165
a6a5568c 1166 l2cap_chan_unlock(chan);
0f2c6153 1167 skb = bt_skb_send_alloc(sk, len, nb, &err);
a6a5568c
MM		 1168 l2cap_chan_lock(chan);
1169
90338947
GP		 1170 if (!skb)
1171 return ERR_PTR(err);
2f7719ce 1172
90338947 1173 return skb;
2f7719ce
AE		 1174}
1175
54a59aa2
AE		 1176static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1177{
1178 struct sock *sk = chan->data;
1179 struct sock *parent;
1180
1181 lock_sock(sk);
1182
1183 parent = bt_sk(sk)->parent;
1184
1185 BT_DBG("sk %p, parent %p", sk, parent);
1186
1187 sk->sk_state = BT_CONNECTED;
1188 sk->sk_state_change(sk);
1189
1190 if (parent)
1191 parent->sk_data_ready(parent, 0);
1192
1193 release_sock(sk);
1194}
1195
2dc4e510
GP		 1196static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1197{
1198 struct sock *sk = chan->data;
1199 struct sock *parent = bt_sk(sk)->parent;
1200
1201 if (parent)
1202 parent->sk_data_ready(parent, 0);
1203}
1204
d97c899b
MH		 1205static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1206{
1207 struct sock *sk = chan->data;
1208
1209 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1210 sk->sk_state_change(sk);
1211}
1212
5ec1bbe5
GP		 1213static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1214{
1215 struct sock *sk = chan->data;
1216
1217 lock_sock(sk);
1218 sk->sk_shutdown = SHUTDOWN_MASK;
1219 release_sock(sk);
1220}
1221
8d836d71
GP		 1222static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1223{
1224 struct sock *sk = chan->data;
1225
1226 return sk->sk_sndtimeo;
1227}
1228
80808e43
GP		 1229static struct l2cap_ops l2cap_chan_ops = {
1230 .name = "L2CAP Socket Interface",
1231 .new_connection = l2cap_sock_new_connection_cb,
23070494 1232 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1233 .close = l2cap_sock_close_cb,
c0df7f6e 1234 .teardown = l2cap_sock_teardown_cb,
89bc500e 1235 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1236 .ready = l2cap_sock_ready_cb,
2dc4e510 1237 .defer = l2cap_sock_defer_cb,
d97c899b 1238 .resume = l2cap_sock_resume_cb,
5ec1bbe5 1239 .set_shutdown = l2cap_sock_set_shutdown_cb,
8d836d71 1240 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
2f7719ce 1241 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1242};
1243
bb58f747
GP		 1244static void l2cap_sock_destruct(struct sock *sk)
1245{
1246 BT_DBG("sk %p", sk);
1247
23d3a869
SL		 1248 if (l2cap_pi(sk)->chan)
1249 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1250
e328140f
MM		 1251 if (l2cap_pi(sk)->rx_busy_skb) {
1252 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1253 l2cap_pi(sk)->rx_busy_skb = NULL;
1254 }
1255
bb58f747
GP		 1256 skb_queue_purge(&sk->sk_receive_queue);
1257 skb_queue_purge(&sk->sk_write_queue);
1258}
1259
2edf870d
MH		 1260static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1261 int *msg_namelen)
1262{
1263 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1264
1265 memset(la, 0, sizeof(struct sockaddr_l2));
1266 la->l2_family = AF_BLUETOOTH;
1267 la->l2_psm = bt_cb(skb)->psm;
1268 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1269
1270 *msg_namelen = sizeof(struct sockaddr_l2);
1271}
1272
80808e43 1273static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1274{
84b34d98 1275 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1276
1277 BT_DBG("sk %p", sk);
1278
1279 if (parent) {
b4450035
GP		 1280 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1281
bb58f747 1282 sk->sk_type = parent->sk_type;
c5daa683 1283 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1284
715ec005 1285 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1286 chan->imtu = pchan->imtu;
1287 chan->omtu = pchan->omtu;
b4450035 1288 chan->conf_state = pchan->conf_state;
0c1bc5c6 1289 chan->mode = pchan->mode;
47d1ec61
GP		 1290 chan->fcs = pchan->fcs;
1291 chan->max_tx = pchan->max_tx;
1292 chan->tx_win = pchan->tx_win;
6b3c7104 1293 chan->tx_win_max = pchan->tx_win_max;
4343478f 1294 chan->sec_level = pchan->sec_level;
d57b0e8b 1295 chan->flags = pchan->flags;
6230c9b4
PM		 1296
1297 security_sk_clone(parent, sk);
bb58f747 1298 } else {
715ec005
GP		 1299 switch (sk->sk_type) {
1300 case SOCK_RAW:
1301 chan->chan_type = L2CAP_CHAN_RAW;
1302 break;
1303 case SOCK_DGRAM:
1304 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1305 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1306 break;
1307 case SOCK_SEQPACKET:
1308 case SOCK_STREAM:
1309 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1310 break;
1311 }
1312
0c1bc5c6
GP		 1313 chan->imtu = L2CAP_DEFAULT_MTU;
1314 chan->omtu = 0;
bb58f747 1315 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1316 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1317 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1318 } else {
0c1bc5c6 1319 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1320 }
bd4b1653
AE		 1321
1322 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1323 }
1324
1325 /* Default config options */
0c1bc5c6 1326 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1327
1328 chan->data = sk;
1329 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1330}
1331
1332static struct proto l2cap_proto = {
1333 .name = "L2CAP",
1334 .owner = THIS_MODULE,
1335 .obj_size = sizeof(struct l2cap_pinfo)
1336};
1337
2d792818
GP		 1338static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1339 int proto, gfp_t prio)
bb58f747
GP		 1340{
1341 struct sock *sk;
dc50a06d 1342 struct l2cap_chan *chan;
bb58f747
GP		 1343
1344 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1345 if (!sk)
1346 return NULL;
1347
1348 sock_init_data(sock, sk);
1349 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1350
1351 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1352 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1353
1354 sock_reset_flag(sk, SOCK_ZAPPED);
1355
1356 sk->sk_protocol = proto;
1357 sk->sk_state = BT_OPEN;
1358
eef1d9b6 1359 chan = l2cap_chan_create();
dc50a06d 1360 if (!chan) {
49dfbb91 1361 sk_free(sk);
dc50a06d
GP		 1362 return NULL;
1363 }
1364
61d6ef3e
MM		 1365 l2cap_chan_hold(chan);
1366
eef1d9b6
GP		 1367 chan->sk = sk;
1368
dc50a06d
GP		 1369 l2cap_pi(sk)->chan = chan;
1370
bb58f747
GP		 1371 return sk;
1372}
1373
1374static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1375 int kern)
1376{
1377 struct sock *sk;
1378
1379 BT_DBG("sock %p", sock);
1380
1381 sock->state = SS_UNCONNECTED;
1382
1383 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1384 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1385 return -ESOCKTNOSUPPORT;
1386
1387 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1388 return -EPERM;
1389
1390 sock->ops = &l2cap_sock_ops;
1391
1392 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1393 if (!sk)
1394 return -ENOMEM;
1395
1396 l2cap_sock_init(sk, NULL);
5b28d95c 1397 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1398 return 0;
1399}
1400
cf2f90f5 1401static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1402 .family = PF_BLUETOOTH,
1403 .owner = THIS_MODULE,
1404 .release = l2cap_sock_release,
1405 .bind = l2cap_sock_bind,
1406 .connect = l2cap_sock_connect,
1407 .listen = l2cap_sock_listen,
1408 .accept = l2cap_sock_accept,
1409 .getname = l2cap_sock_getname,
1410 .sendmsg = l2cap_sock_sendmsg,
1411 .recvmsg = l2cap_sock_recvmsg,
1412 .poll = bt_sock_poll,
1413 .ioctl = bt_sock_ioctl,
1414 .mmap = sock_no_mmap,
1415 .socketpair = sock_no_socketpair,
1416 .shutdown = l2cap_sock_shutdown,
1417 .setsockopt = l2cap_sock_setsockopt,
1418 .getsockopt = l2cap_sock_getsockopt
1419};
1420
bb58f747
GP		 1421static const struct net_proto_family l2cap_sock_family_ops = {
1422 .family = PF_BLUETOOTH,
1423 .owner = THIS_MODULE,
1424 .create = l2cap_sock_create,
1425};
1426
1427int __init l2cap_init_sockets(void)
1428{
e2174ca4 1429 int err;
bb58f747 1430
e2174ca4
GP		 1431 err = proto_register(&l2cap_proto, 0);
1432 if (err < 0)
1433 return err;
bb58f747 1434
e2174ca4 1435 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1436 if (err < 0) {
1437 BT_ERR("L2CAP socket registration failed");
e2174ca4 1438 goto error;
5b28d95c
MY		 1439 }
1440
b0316615 1441 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1442 NULL);
5b28d95c
MY		 1443 if (err < 0) {
1444 BT_ERR("Failed to create L2CAP proc file");
1445 bt_sock_unregister(BTPROTO_L2CAP);
1446 goto error;
1447 }
bb58f747 1448
e2174ca4 1449 BT_INFO("L2CAP socket layer initialized");
bb58f747 1450
e2174ca4 1451 return 0;
bb58f747
GP		 1452
1453error:
e2174ca4
GP		 1454 proto_unregister(&l2cap_proto);
1455 return err;
bb58f747
GP		 1456}
1457
1458void l2cap_cleanup_sockets(void)
1459{
5b28d95c 1460 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1461 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1462 proto_unregister(&l2cap_proto);
bb58f747 1463}
Linux 6.x block layer and io_uring tree(s)