projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unnecessary braces from one-line if-statement
[linux-2.6-block.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
bc3b2d7f 30#include <linux/export.h>
6230c9b4 31
bb58f747 32#include <net/bluetooth/bluetooth.h>
33575df7 33#include <net/bluetooth/hci_core.h>
bb58f747 34#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 35
36#include "smp.h"
bb58f747 37
5b28d95c
MY		 38static struct bt_sock_list l2cap_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
40};
41
cf2f90f5 42static const struct proto_ops l2cap_sock_ops;
80808e43 43static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
45 int proto, gfp_t prio);
cf2f90f5 46
b3916db3
DH		 47bool l2cap_is_socket(struct socket *sock)
48{
49 return sock && sock->ops == &l2cap_sock_ops;
50}
51EXPORT_SYMBOL(l2cap_is_socket);
52
af6bcd82
GP		 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
54{
55 struct sock *sk = sock->sk;
4343478f 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 57 struct sockaddr_l2 la;
58 int len, err = 0;
59
60 BT_DBG("sk %p", sk);
61
62 if (!addr || addr->sa_family != AF_BLUETOOTH)
63 return -EINVAL;
64
65 memset(&la, 0, sizeof(la));
66 len = min_t(unsigned int, sizeof(la), alen);
67 memcpy(&la, addr, len);
68
b62f328b 69 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 70 return -EINVAL;
71
80c1a2e7
JH		 72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
73 return -EINVAL;
74
bfe4655f
JH		 75 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
76 /* Connection oriented channels are not supported on LE */
77 if (la.l2_psm)
78 return -EINVAL;
79 /* We only allow ATT user space socket */
7f59ddad 80 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 81 return -EINVAL;
82 }
83
af6bcd82
GP		 84 lock_sock(sk);
85
86 if (sk->sk_state != BT_OPEN) {
87 err = -EBADFD;
88 goto done;
89 }
90
91 if (la.l2_psm) {
92 __u16 psm = __le16_to_cpu(la.l2_psm);
93
94 /* PSM must be odd and lsb of upper byte must be 0 */
95 if ((psm & 0x0101) != 0x0001) {
96 err = -EINVAL;
97 goto done;
98 }
99
100 /* Restrict usage of well-known PSMs */
101 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
102 err = -EACCES;
103 goto done;
104 }
105 }
106
9e4425ff 107 if (la.l2_cid)
6e4aff10 108 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 109 else
110 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 111
9e4425ff
GP		 112 if (err < 0)
113 goto done;
af6bcd82 114
6a974b50 115 switch (chan->chan_type) {
3124b843
MH		 116 case L2CAP_CHAN_CONN_LESS:
117 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
118 chan->sec_level = BT_SECURITY_SDP;
119 break;
6a974b50
MH		 120 case L2CAP_CHAN_CONN_ORIENTED:
121 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
122 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
123 chan->sec_level = BT_SECURITY_SDP;
124 break;
125 }
b62f328b 126
7eafc59e 127 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 128 chan->src_type = la.l2_bdaddr_type;
89bc500e
GP		 129
130 chan->state = BT_BOUND;
9e4425ff 131 sk->sk_state = BT_BOUND;
af6bcd82
GP		 132
133done:
134 release_sock(sk);
135 return err;
136}
137
2d792818
GP		 138static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
139 int alen, int flags)
4e34c50b
GP		 140{
141 struct sock *sk = sock->sk;
0c1bc5c6 142 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 143 struct sockaddr_l2 la;
144 int len, err = 0;
145
146 BT_DBG("sk %p", sk);
147
148 if (!addr || alen < sizeof(addr->sa_family) ||
149 addr->sa_family != AF_BLUETOOTH)
150 return -EINVAL;
151
152 memset(&la, 0, sizeof(la));
153 len = min_t(unsigned int, sizeof(la), alen);
154 memcpy(&la, addr, len);
155
acd7d370 156 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 157 return -EINVAL;
158
80c1a2e7
JH		 159 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
160 return -EINVAL;
161
eb622495
JH		 162 /* Check that the socket wasn't bound to something that
163 * conflicts with the address given to connect(). If chan->src
164 * is BDADDR_ANY it means bind() was never used, in which case
165 * chan->src_type and la.l2_bdaddr_type do not need to match.
166 */
167 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
168 bdaddr_type_is_le(la.l2_bdaddr_type)) {
169 /* Old user space versions will try to incorrectly bind
170 * the ATT socket using BDADDR_BREDR. We need to accept
171 * this and fix up the source address type only when
172 * both the source CID and destination CID indicate
173 * ATT. Anything else is an invalid combination.
174 */
175 if (chan->scid != L2CAP_CID_ATT ||
176 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
177 return -EINVAL;
178
179 /* We don't have the hdev available here to make a
180 * better decision on random vs public, but since all
181 * user space versions that exhibit this issue anyway do
182 * not support random local addresses assuming public
183 * here is good enough.
184 */
185 chan->src_type = BDADDR_LE_PUBLIC;
186 }
1f209383
JH		 187
188 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
189 return -EINVAL;
190
bfe4655f
JH		 191 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
192 /* Connection oriented channels are not supported on LE */
193 if (la.l2_psm)
194 return -EINVAL;
195 /* We only allow ATT user space socket */
7f59ddad 196 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 197 return -EINVAL;
198 }
199
6e4aff10 200 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 201 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 202 if (err)
b3fb611e 203 return err;
4e34c50b 204
6be36555
AE		 205 lock_sock(sk);
206
4e34c50b 207 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 208 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 209
210 release_sock(sk);
211
4e34c50b
GP		 212 return err;
213}
214
af6bcd82
GP		 215static int l2cap_sock_listen(struct socket *sock, int backlog)
216{
217 struct sock *sk = sock->sk;
0c1bc5c6 218 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 219 int err = 0;
220
221 BT_DBG("sk %p backlog %d", sk, backlog);
222
223 lock_sock(sk);
224
6b3af733 225 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 226 err = -EBADFD;
227 goto done;
228 }
229
6b3af733
MH		 230 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
231 err = -EINVAL;
232 goto done;
233 }
234
0c1bc5c6 235 switch (chan->mode) {
af6bcd82
GP		 236 case L2CAP_MODE_BASIC:
237 break;
238 case L2CAP_MODE_ERTM:
239 case L2CAP_MODE_STREAMING:
240 if (!disable_ertm)
241 break;
242 /* fall through */
243 default:
244 err = -ENOTSUPP;
245 goto done;
246 }
247
af6bcd82
GP		 248 sk->sk_max_ack_backlog = backlog;
249 sk->sk_ack_backlog = 0;
89bc500e
GP		 250
251 chan->state = BT_LISTEN;
af6bcd82
GP		 252 sk->sk_state = BT_LISTEN;
253
254done:
255 release_sock(sk);
256 return err;
257}
258
2d792818
GP		 259static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
260 int flags)
c47b7c72
GP		 261{
262 DECLARE_WAITQUEUE(wait, current);
263 struct sock *sk = sock->sk, *nsk;
264 long timeo;
265 int err = 0;
266
267 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
268
c47b7c72
GP		 269 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
270
271 BT_DBG("sk %p timeo %ld", sk, timeo);
272
273 /* Wait for an incoming connection. (wake-one). */
274 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 275 while (1) {
c47b7c72 276 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 277
278 if (sk->sk_state != BT_LISTEN) {
279 err = -EBADFD;
c47b7c72
GP		 280 break;
281 }
282
f9a3c20a
PH		 283 nsk = bt_accept_dequeue(sk, newsock);
284 if (nsk)
285 break;
c47b7c72 286
f9a3c20a
PH		 287 if (!timeo) {
288 err = -EAGAIN;
c47b7c72
GP		 289 break;
290 }
291
292 if (signal_pending(current)) {
293 err = sock_intr_errno(timeo);
294 break;
295 }
f9a3c20a
PH		 296
297 release_sock(sk);
298 timeo = schedule_timeout(timeo);
299 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 300 }
f9a3c20a 301 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 302 remove_wait_queue(sk_sleep(sk), &wait);
303
304 if (err)
305 goto done;
306
307 newsock->state = SS_CONNECTED;
308
309 BT_DBG("new socket %p", nsk);
310
311done:
312 release_sock(sk);
313 return err;
314}
315
2d792818
GP		 316static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
317 int *len, int peer)
d7175d55
GP		 318{
319 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
320 struct sock *sk = sock->sk;
0c1bc5c6 321 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 322
323 BT_DBG("sock %p, sk %p", sock, sk);
324
792039c7 325 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 326 addr->sa_family = AF_BLUETOOTH;
327 *len = sizeof(struct sockaddr_l2);
328
329 if (peer) {
fe4128e0 330 la->l2_psm = chan->psm;
7eafc59e 331 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 332 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 333 la->l2_bdaddr_type = chan->dst_type;
d7175d55 334 } else {
0c1bc5c6 335 la->l2_psm = chan->sport;
7eafc59e 336 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 337 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 338 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 339 }
340
341 return 0;
342}
343
2d792818
GP		 344static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
345 char __user *optval, int __user *optlen)
99f4808d
GP		 346{
347 struct sock *sk = sock->sk;
4343478f 348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 349 struct l2cap_options opts;
350 struct l2cap_conninfo cinfo;
351 int len, err = 0;
352 u32 opt;
353
354 BT_DBG("sk %p", sk);
355
356 if (get_user(len, optlen))
357 return -EFAULT;
358
359 lock_sock(sk);
360
361 switch (optname) {
362 case L2CAP_OPTIONS:
e3fb592b 363 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 364 opts.imtu = chan->imtu;
365 opts.omtu = chan->omtu;
366 opts.flush_to = chan->flush_to;
367 opts.mode = chan->mode;
47d1ec61
GP		 368 opts.fcs = chan->fcs;
369 opts.max_tx = chan->max_tx;
6327eb98 370 opts.txwin_size = chan->tx_win;
99f4808d
GP		 371
372 len = min_t(unsigned int, len, sizeof(opts));
373 if (copy_to_user(optval, (char *) &opts, len))
374 err = -EFAULT;
375
376 break;
377
378 case L2CAP_LM:
4343478f 379 switch (chan->sec_level) {
99f4808d
GP		 380 case BT_SECURITY_LOW:
381 opt = L2CAP_LM_AUTH;
382 break;
383 case BT_SECURITY_MEDIUM:
384 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
385 break;
386 case BT_SECURITY_HIGH:
387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 388 L2CAP_LM_SECURE;
99f4808d
GP		 389 break;
390 default:
391 opt = 0;
392 break;
393 }
394
43bd0f32 395 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 396 opt |= L2CAP_LM_MASTER;
397
ecf61bdb 398 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 399 opt |= L2CAP_LM_RELIABLE;
400
401 if (put_user(opt, (u32 __user *) optval))
402 err = -EFAULT;
403 break;
404
405 case L2CAP_CONNINFO:
406 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 407 !(sk->sk_state == BT_CONNECT2 &&
408 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 409 err = -ENOTCONN;
410 break;
411 }
412
8d03e971 413 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 414 cinfo.hci_handle = chan->conn->hcon->handle;
415 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 416
417 len = min_t(unsigned int, len, sizeof(cinfo));
418 if (copy_to_user(optval, (char *) &cinfo, len))
419 err = -EFAULT;
420
421 break;
422
423 default:
424 err = -ENOPROTOOPT;
425 break;
426 }
427
428 release_sock(sk);
429 return err;
430}
431
2d792818
GP		 432static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
433 char __user *optval, int __user *optlen)
99f4808d
GP		 434{
435 struct sock *sk = sock->sk;
4343478f 436 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 437 struct bt_security sec;
14b12d0b 438 struct bt_power pwr;
99f4808d
GP		 439 int len, err = 0;
440
441 BT_DBG("sk %p", sk);
442
443 if (level == SOL_L2CAP)
444 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
445
446 if (level != SOL_BLUETOOTH)
447 return -ENOPROTOOPT;
448
449 if (get_user(len, optlen))
450 return -EFAULT;
451
452 lock_sock(sk);
453
454 switch (optname) {
455 case BT_SECURITY:
715ec005 456 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 457 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 458 err = -EINVAL;
459 break;
460 }
461
8f360119 462 memset(&sec, 0, sizeof(sec));
85e34368 463 if (chan->conn) {
c6585a4d 464 sec.level = chan->conn->hcon->sec_level;
99f4808d 465
85e34368
AE		 466 if (sk->sk_state == BT_CONNECTED)
467 sec.key_size = chan->conn->hcon->enc_key_size;
468 } else {
469 sec.level = chan->sec_level;
470 }
8f360119 471
99f4808d
GP		 472 len = min_t(unsigned int, len, sizeof(sec));
473 if (copy_to_user(optval, (char *) &sec, len))
474 err = -EFAULT;
475
476 break;
477
478 case BT_DEFER_SETUP:
479 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
480 err = -EINVAL;
481 break;
482 }
483
c5daa683
GP		 484 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
485 (u32 __user *) optval))
99f4808d
GP		 486 err = -EFAULT;
487
488 break;
489
490 case BT_FLUSHABLE:
d57b0e8b 491 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 492 (u32 __user *) optval))
99f4808d
GP		 493 err = -EFAULT;
494
495 break;
496
14b12d0b
JG		 497 case BT_POWER:
498 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 499 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 500 err = -EINVAL;
501 break;
502 }
503
15770b1a 504 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 505
506 len = min_t(unsigned int, len, sizeof(pwr));
507 if (copy_to_user(optval, (char *) &pwr, len))
508 err = -EFAULT;
509
510 break;
511
2ea66482 512 case BT_CHANNEL_POLICY:
2ea66482
MM		 513 if (put_user(chan->chan_policy, (u32 __user *) optval))
514 err = -EFAULT;
515 break;
516
99f4808d
GP		 517 default:
518 err = -ENOPROTOOPT;
519 break;
520 }
521
522 release_sock(sk);
523 return err;
524}
525
682877c3
AG		 526static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
527{
528 switch (chan->scid) {
073d1cf3 529 case L2CAP_CID_ATT:
8c3a4f00 530 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 531 return false;
532 break;
533
534 default:
535 if (mtu < L2CAP_DEFAULT_MIN_MTU)
536 return false;
537 }
538
539 return true;
540}
541
2d792818
GP		 542static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
543 char __user *optval, unsigned int optlen)
33575df7
GP		 544{
545 struct sock *sk = sock->sk;
b4450035 546 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 547 struct l2cap_options opts;
548 int len, err = 0;
549 u32 opt;
550
551 BT_DBG("sk %p", sk);
552
553 lock_sock(sk);
554
555 switch (optname) {
556 case L2CAP_OPTIONS:
557 if (sk->sk_state == BT_CONNECTED) {
558 err = -EINVAL;
559 break;
560 }
561
0c1bc5c6
GP		 562 opts.imtu = chan->imtu;
563 opts.omtu = chan->omtu;
564 opts.flush_to = chan->flush_to;
565 opts.mode = chan->mode;
47d1ec61
GP		 566 opts.fcs = chan->fcs;
567 opts.max_tx = chan->max_tx;
6327eb98 568 opts.txwin_size = chan->tx_win;
33575df7
GP		 569
570 len = min_t(unsigned int, sizeof(opts), optlen);
571 if (copy_from_user((char *) &opts, optval, len)) {
572 err = -EFAULT;
573 break;
574 }
575
6327eb98 576 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 577 err = -EINVAL;
578 break;
579 }
580
682877c3
AG		 581 if (!l2cap_valid_mtu(chan, opts.imtu)) {
582 err = -EINVAL;
583 break;
584 }
585
0c1bc5c6
GP		 586 chan->mode = opts.mode;
587 switch (chan->mode) {
33575df7 588 case L2CAP_MODE_BASIC:
c1360a1c 589 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 590 break;
591 case L2CAP_MODE_ERTM:
592 case L2CAP_MODE_STREAMING:
593 if (!disable_ertm)
594 break;
595 /* fall through */
596 default:
597 err = -EINVAL;
598 break;
599 }
600
0c1bc5c6
GP		 601 chan->imtu = opts.imtu;
602 chan->omtu = opts.omtu;
47d1ec61
GP		 603 chan->fcs = opts.fcs;
604 chan->max_tx = opts.max_tx;
6327eb98 605 chan->tx_win = opts.txwin_size;
12d59781 606 chan->flush_to = opts.flush_to;
33575df7
GP		 607 break;
608
609 case L2CAP_LM:
610 if (get_user(opt, (u32 __user *) optval)) {
611 err = -EFAULT;
612 break;
613 }
614
615 if (opt & L2CAP_LM_AUTH)
4343478f 616 chan->sec_level = BT_SECURITY_LOW;
33575df7 617 if (opt & L2CAP_LM_ENCRYPT)
4343478f 618 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 619 if (opt & L2CAP_LM_SECURE)
4343478f 620 chan->sec_level = BT_SECURITY_HIGH;
33575df7 621
43bd0f32
AE		 622 if (opt & L2CAP_LM_MASTER)
623 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
624 else
625 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 626
627 if (opt & L2CAP_LM_RELIABLE)
628 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
629 else
630 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 631 break;
632
633 default:
634 err = -ENOPROTOOPT;
635 break;
636 }
637
638 release_sock(sk);
639 return err;
640}
641
2d792818
GP		 642static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
643 char __user *optval, unsigned int optlen)
33575df7
GP		 644{
645 struct sock *sk = sock->sk;
4343478f 646 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 647 struct bt_security sec;
14b12d0b 648 struct bt_power pwr;
f1cb9af5 649 struct l2cap_conn *conn;
33575df7
GP		 650 int len, err = 0;
651 u32 opt;
652
653 BT_DBG("sk %p", sk);
654
655 if (level == SOL_L2CAP)
656 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
657
658 if (level != SOL_BLUETOOTH)
659 return -ENOPROTOOPT;
660
661 lock_sock(sk);
662
663 switch (optname) {
664 case BT_SECURITY:
715ec005 665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 666 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 667 err = -EINVAL;
668 break;
669 }
670
671 sec.level = BT_SECURITY_LOW;
672
673 len = min_t(unsigned int, sizeof(sec), optlen);
674 if (copy_from_user((char *) &sec, optval, len)) {
675 err = -EFAULT;
676 break;
677 }
678
679 if (sec.level < BT_SECURITY_LOW ||
2d792818 680 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 681 err = -EINVAL;
682 break;
683 }
684
4343478f 685 chan->sec_level = sec.level;
f1cb9af5 686
0bee1d60
GP		 687 if (!chan->conn)
688 break;
689
f1cb9af5 690 conn = chan->conn;
0bee1d60
GP		 691
692 /*change security for LE channels */
073d1cf3 693 if (chan->scid == L2CAP_CID_ATT) {
f1cb9af5
VCG		 694 if (!conn->hcon->out) {
695 err = -EINVAL;
696 break;
697 }
698
cc110922 699 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 700 break;
f1cb9af5 701 sk->sk_state = BT_CONFIG;
3542b854 702 chan->state = BT_CONFIG;
0bee1d60 703
a7d7723a
GP		 704 /* or for ACL link */
705 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 706 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 707 sk->sk_state == BT_CONNECTED) {
708 if (!l2cap_chan_check_security(chan))
c5daa683 709 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 710 else
711 sk->sk_state_change(sk);
0bee1d60
GP		 712 } else {
713 err = -EINVAL;
f1cb9af5 714 }
33575df7
GP		 715 break;
716
717 case BT_DEFER_SETUP:
718 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
719 err = -EINVAL;
720 break;
721 }
722
723 if (get_user(opt, (u32 __user *) optval)) {
724 err = -EFAULT;
725 break;
726 }
727
bdc25783 728 if (opt) {
c5daa683 729 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 730 set_bit(FLAG_DEFER_SETUP, &chan->flags);
731 } else {
c5daa683 732 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 733 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
734 }
33575df7
GP		 735 break;
736
737 case BT_FLUSHABLE:
738 if (get_user(opt, (u32 __user *) optval)) {
739 err = -EFAULT;
740 break;
741 }
742
743 if (opt > BT_FLUSHABLE_ON) {
744 err = -EINVAL;
745 break;
746 }
747
748 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 749 conn = chan->conn;
25985edc 750 /* proceed further only when we have l2cap_conn and
33575df7
GP		 751 No Flush support in the LM */
752 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
753 err = -EINVAL;
754 break;
755 }
756 }
757
d57b0e8b
AE		 758 if (opt)
759 set_bit(FLAG_FLUSHABLE, &chan->flags);
760 else
761 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 762 break;
763
14b12d0b
JG		 764 case BT_POWER:
765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 766 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 767 err = -EINVAL;
768 break;
769 }
770
771 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
772
773 len = min_t(unsigned int, sizeof(pwr), optlen);
774 if (copy_from_user((char *) &pwr, optval, len)) {
775 err = -EFAULT;
776 break;
777 }
15770b1a
AE		 778
779 if (pwr.force_active)
780 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
781 else
782 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 783 break;
784
2ea66482 785 case BT_CHANNEL_POLICY:
2ea66482
MM		 786 if (get_user(opt, (u32 __user *) optval)) {
787 err = -EFAULT;
788 break;
789 }
790
791 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
792 err = -EINVAL;
793 break;
794 }
795
796 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 797 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 798 err = -EOPNOTSUPP;
799 break;
800 }
801
802 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 803
804 if (sk->sk_state == BT_CONNECTED &&
805 chan->move_role == L2CAP_MOVE_ROLE_NONE)
806 l2cap_move_start(chan);
807
14b12d0b
JG		 808 break;
809
33575df7
GP		 810 default:
811 err = -ENOPROTOOPT;
812 break;
813 }
814
815 release_sock(sk);
816 return err;
817}
fd83ccdb 818
2d792818
GP		 819static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
820 struct msghdr *msg, size_t len)
fd83ccdb
GP		 821{
822 struct sock *sk = sock->sk;
0c1bc5c6 823 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 824 int err;
825
826 BT_DBG("sock %p, sk %p", sock, sk);
827
828 err = sock_error(sk);
829 if (err)
830 return err;
831
832 if (msg->msg_flags & MSG_OOB)
833 return -EOPNOTSUPP;
834
a6a5568c 835 if (sk->sk_state != BT_CONNECTED)
9a91a04a 836 return -ENOTCONN;
fd83ccdb 837
e793dcf0
JH		 838 lock_sock(sk);
839 err = bt_sock_wait_ready(sk, msg->msg_flags);
840 release_sock(sk);
841 if (err)
842 return err;
843
a6a5568c 844 l2cap_chan_lock(chan);
5e59b791 845 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 846 l2cap_chan_unlock(chan);
fd83ccdb 847
fd83ccdb
GP		 848 return err;
849}
33575df7 850
2d792818
GP		 851static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
852 struct msghdr *msg, size_t len, int flags)
68983259
GP		 853{
854 struct sock *sk = sock->sk;
e328140f
MM		 855 struct l2cap_pinfo *pi = l2cap_pi(sk);
856 int err;
68983259
GP		 857
858 lock_sock(sk);
859
c5daa683
GP		 860 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
861 &bt_sk(sk)->flags)) {
8c1d787b 862 sk->sk_state = BT_CONFIG;
3542b854 863 pi->chan->state = BT_CONFIG;
8c1d787b 864
e328140f 865 __l2cap_connect_rsp_defer(pi->chan);
970871bc
JH		 866 err = 0;
867 goto done;
68983259
GP		 868 }
869
870 release_sock(sk);
871
872 if (sock->type == SOCK_STREAM)
e328140f
MM		 873 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
874 else
875 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
876
877 if (pi->chan->mode != L2CAP_MODE_ERTM)
878 return err;
879
880 /* Attempt to put pending rx data in the socket buffer */
881
882 lock_sock(sk);
883
884 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
885 goto done;
886
887 if (pi->rx_busy_skb) {
888 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
889 pi->rx_busy_skb = NULL;
890 else
891 goto done;
892 }
893
894 /* Restore data flow when half of the receive buffer is
895 * available. This avoids resending large numbers of
896 * frames.
897 */
898 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
899 l2cap_chan_busy(pi->chan, 0);
68983259 900
e328140f
MM		 901done:
902 release_sock(sk);
903 return err;
68983259
GP		 904}
905
05fc1576
GP		 906/* Kill socket (only if zapped and orphan)
907 * Must be called on unlocked socket.
908 */
ba3bd0ee 909static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 910{
911 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
912 return;
913
e05dcc32 914 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 915
916 /* Kill poor orphan */
6ff5abbf 917
4af66c69 918 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 919 sock_set_flag(sk, SOCK_DEAD);
920 sock_put(sk);
921}
922
dc25306b
GP		 923static int __l2cap_wait_ack(struct sock *sk)
924{
925 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
926 DECLARE_WAITQUEUE(wait, current);
927 int err = 0;
928 int timeo = HZ/5;
929
930 add_wait_queue(sk_sleep(sk), &wait);
931 set_current_state(TASK_INTERRUPTIBLE);
932 while (chan->unacked_frames > 0 && chan->conn) {
933 if (!timeo)
934 timeo = HZ/5;
935
936 if (signal_pending(current)) {
937 err = sock_intr_errno(timeo);
938 break;
939 }
940
941 release_sock(sk);
942 timeo = schedule_timeout(timeo);
943 lock_sock(sk);
944 set_current_state(TASK_INTERRUPTIBLE);
945
946 err = sock_error(sk);
947 if (err)
948 break;
949 }
950 set_current_state(TASK_RUNNING);
951 remove_wait_queue(sk_sleep(sk), &wait);
952 return err;
953}
954
dcba0dba
GP		 955static int l2cap_sock_shutdown(struct socket *sock, int how)
956{
957 struct sock *sk = sock->sk;
7ddb6e0f 958 struct l2cap_chan *chan;
3df91ea2 959 struct l2cap_conn *conn;
dcba0dba
GP		 960 int err = 0;
961
962 BT_DBG("sock %p, sk %p", sock, sk);
963
964 if (!sk)
965 return 0;
966
7ddb6e0f 967 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 968 conn = chan->conn;
969
970 if (conn)
971 mutex_lock(&conn->chan_lock);
7ddb6e0f 972
6be36555 973 l2cap_chan_lock(chan);
dcba0dba 974 lock_sock(sk);
6be36555 975
dcba0dba 976 if (!sk->sk_shutdown) {
0c1bc5c6 977 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 978 err = __l2cap_wait_ack(sk);
979
980 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 981
6be36555 982 release_sock(sk);
0f852724 983 l2cap_chan_close(chan, 0);
6be36555 984 lock_sock(sk);
dcba0dba
GP		 985
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
987 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 988 sk->sk_lingertime);
dcba0dba
GP		 989 }
990
991 if (!err && sk->sk_err)
992 err = -sk->sk_err;
993
994 release_sock(sk);
6be36555 995 l2cap_chan_unlock(chan);
3df91ea2
AE		 996
997 if (conn)
998 mutex_unlock(&conn->chan_lock);
999
dcba0dba
GP		 1000 return err;
1001}
1002
554f05bb
GP		 1003static int l2cap_sock_release(struct socket *sock)
1004{
1005 struct sock *sk = sock->sk;
1006 int err;
1007
1008 BT_DBG("sock %p, sk %p", sock, sk);
1009
1010 if (!sk)
1011 return 0;
1012
5b28d95c
MY		 1013 bt_sock_unlink(&l2cap_sk_list, sk);
1014
554f05bb
GP		 1015 err = l2cap_sock_shutdown(sock, 2);
1016
1017 sock_orphan(sk);
1018 l2cap_sock_kill(sk);
1019 return err;
1020}
1021
c0df7f6e
AE		 1022static void l2cap_sock_cleanup_listen(struct sock *parent)
1023{
1024 struct sock *sk;
1025
1026 BT_DBG("parent %p", parent);
1027
1028 /* Close not yet accepted channels */
1029 while ((sk = bt_accept_dequeue(parent, NULL))) {
1030 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1031
1032 l2cap_chan_lock(chan);
1033 __clear_chan_timer(chan);
1034 l2cap_chan_close(chan, ECONNRESET);
1035 l2cap_chan_unlock(chan);
1036
1037 l2cap_sock_kill(sk);
1038 }
1039}
1040
80b98027 1041static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1042{
80b98027 1043 struct sock *sk, *parent = chan->data;
80808e43 1044
8ffb9290
GP		 1045 lock_sock(parent);
1046
53826692
GP		 1047 /* Check for backlog size */
1048 if (sk_acceptq_is_full(parent)) {
1049 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1050 return NULL;
1051 }
1052
80808e43 1053 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 1054 GFP_ATOMIC);
80808e43
GP		 1055 if (!sk)
1056 return NULL;
1057
d22015aa
OP		 1058 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1059
80808e43
GP		 1060 l2cap_sock_init(sk, parent);
1061
644912e1
GP		 1062 bt_accept_enqueue(parent, sk);
1063
8ffb9290
GP		 1064 release_sock(parent);
1065
80808e43
GP		 1066 return l2cap_pi(sk)->chan;
1067}
1068
80b98027 1069static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1070{
80b98027 1071 struct sock *sk = chan->data;
84b34d98 1072 int err;
e328140f 1073
6be36555
AE		 1074 lock_sock(sk);
1075
84b34d98 1076 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1077 err = -ENOMEM;
1078 goto done;
1079 }
e328140f
MM		 1080
1081 err = sock_queue_rcv_skb(sk, skb);
1082
1083 /* For ERTM, handle one skb that doesn't fit into the recv
1084 * buffer. This is important to do because the data frames
1085 * have already been acked, so the skb cannot be discarded.
1086 *
1087 * Notify the l2cap core that the buffer is full, so the
1088 * LOCAL_BUSY state is entered and no more frames are
1089 * acked and reassembled until there is buffer space
1090 * available.
1091 */
84b34d98
MH		 1092 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1093 l2cap_pi(sk)->rx_busy_skb = skb;
1094 l2cap_chan_busy(chan, 1);
e328140f
MM		 1095 err = 0;
1096 }
23070494 1097
6be36555
AE		 1098done:
1099 release_sock(sk);
1100
e328140f 1101 return err;
23070494
GP		 1102}
1103
80b98027 1104static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1105{
80b98027 1106 struct sock *sk = chan->data;
ba3bd0ee
GP		 1107
1108 l2cap_sock_kill(sk);
1109}
1110
c0df7f6e
AE		 1111static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1112{
1113 struct sock *sk = chan->data;
1114 struct sock *parent;
1115
1116 lock_sock(sk);
1117
1118 parent = bt_sk(sk)->parent;
1119
1120 sock_set_flag(sk, SOCK_ZAPPED);
1121
1122 switch (chan->state) {
1123 case BT_OPEN:
1124 case BT_BOUND:
1125 case BT_CLOSED:
1126 break;
1127 case BT_LISTEN:
1128 l2cap_sock_cleanup_listen(sk);
1129 sk->sk_state = BT_CLOSED;
1130 chan->state = BT_CLOSED;
1131
1132 break;
1133 default:
1134 sk->sk_state = BT_CLOSED;
1135 chan->state = BT_CLOSED;
1136
1137 sk->sk_err = err;
1138
1139 if (parent) {
1140 bt_accept_unlink(sk);
1141 parent->sk_data_ready(parent, 0);
1142 } else {
1143 sk->sk_state_change(sk);
1144 }
1145
1146 break;
1147 }
1148
1149 release_sock(sk);
1150}
1151
53f52121
GP		 1152static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1153 int err)
89bc500e 1154{
80b98027 1155 struct sock *sk = chan->data;
89bc500e
GP		 1156
1157 sk->sk_state = state;
53f52121
GP		 1158
1159 if (err)
1160 sk->sk_err = err;
89bc500e
GP		 1161}
1162
2f7719ce 1163static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1164 unsigned long len, int nb)
2f7719ce 1165{
0f2c6153 1166 struct sock *sk = chan->data;
90338947
GP		 1167 struct sk_buff *skb;
1168 int err;
1169
a6a5568c 1170 l2cap_chan_unlock(chan);
0f2c6153 1171 skb = bt_skb_send_alloc(sk, len, nb, &err);
a6a5568c
MM		 1172 l2cap_chan_lock(chan);
1173
90338947
GP		 1174 if (!skb)
1175 return ERR_PTR(err);
2f7719ce 1176
0e790c64
GP		 1177 bt_cb(skb)->chan = chan;
1178
90338947 1179 return skb;
2f7719ce
AE		 1180}
1181
54a59aa2
AE		 1182static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1183{
1184 struct sock *sk = chan->data;
1185 struct sock *parent;
1186
1187 lock_sock(sk);
1188
1189 parent = bt_sk(sk)->parent;
1190
1191 BT_DBG("sk %p, parent %p", sk, parent);
1192
1193 sk->sk_state = BT_CONNECTED;
1194 sk->sk_state_change(sk);
1195
1196 if (parent)
1197 parent->sk_data_ready(parent, 0);
1198
1199 release_sock(sk);
1200}
1201
2dc4e510
GP		 1202static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1203{
acdcabf5
GP		 1204 struct sock *parent, *sk = chan->data;
1205
1206 lock_sock(sk);
2dc4e510 1207
acdcabf5 1208 parent = bt_sk(sk)->parent;
2dc4e510
GP		 1209 if (parent)
1210 parent->sk_data_ready(parent, 0);
acdcabf5
GP		 1211
1212 release_sock(sk);
2dc4e510
GP		 1213}
1214
d97c899b
MH		 1215static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1216{
1217 struct sock *sk = chan->data;
1218
1219 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1220 sk->sk_state_change(sk);
1221}
1222
5ec1bbe5
GP		 1223static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1224{
1225 struct sock *sk = chan->data;
1226
1227 lock_sock(sk);
1228 sk->sk_shutdown = SHUTDOWN_MASK;
1229 release_sock(sk);
1230}
1231
8d836d71
GP		 1232static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1233{
1234 struct sock *sk = chan->data;
1235
1236 return sk->sk_sndtimeo;
1237}
1238
80808e43
GP		 1239static struct l2cap_ops l2cap_chan_ops = {
1240 .name = "L2CAP Socket Interface",
1241 .new_connection = l2cap_sock_new_connection_cb,
23070494 1242 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1243 .close = l2cap_sock_close_cb,
c0df7f6e 1244 .teardown = l2cap_sock_teardown_cb,
89bc500e 1245 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1246 .ready = l2cap_sock_ready_cb,
2dc4e510 1247 .defer = l2cap_sock_defer_cb,
d97c899b 1248 .resume = l2cap_sock_resume_cb,
5ec1bbe5 1249 .set_shutdown = l2cap_sock_set_shutdown_cb,
8d836d71 1250 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
2f7719ce 1251 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1252};
1253
bb58f747
GP		 1254static void l2cap_sock_destruct(struct sock *sk)
1255{
1256 BT_DBG("sk %p", sk);
1257
23d3a869
SL		 1258 if (l2cap_pi(sk)->chan)
1259 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1260
e328140f
MM		 1261 if (l2cap_pi(sk)->rx_busy_skb) {
1262 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1263 l2cap_pi(sk)->rx_busy_skb = NULL;
1264 }
1265
bb58f747
GP		 1266 skb_queue_purge(&sk->sk_receive_queue);
1267 skb_queue_purge(&sk->sk_write_queue);
1268}
1269
2edf870d
MH		 1270static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1271 int *msg_namelen)
1272{
1273 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1274
1275 memset(la, 0, sizeof(struct sockaddr_l2));
1276 la->l2_family = AF_BLUETOOTH;
1277 la->l2_psm = bt_cb(skb)->psm;
1278 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1279
1280 *msg_namelen = sizeof(struct sockaddr_l2);
1281}
1282
80808e43 1283static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1284{
84b34d98 1285 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1286
1287 BT_DBG("sk %p", sk);
1288
1289 if (parent) {
b4450035
GP		 1290 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1291
bb58f747 1292 sk->sk_type = parent->sk_type;
c5daa683 1293 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1294
715ec005 1295 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1296 chan->imtu = pchan->imtu;
1297 chan->omtu = pchan->omtu;
b4450035 1298 chan->conf_state = pchan->conf_state;
0c1bc5c6 1299 chan->mode = pchan->mode;
47d1ec61
GP		 1300 chan->fcs = pchan->fcs;
1301 chan->max_tx = pchan->max_tx;
1302 chan->tx_win = pchan->tx_win;
6b3c7104 1303 chan->tx_win_max = pchan->tx_win_max;
4343478f 1304 chan->sec_level = pchan->sec_level;
d57b0e8b 1305 chan->flags = pchan->flags;
6230c9b4
PM		 1306
1307 security_sk_clone(parent, sk);
bb58f747 1308 } else {
715ec005
GP		 1309 switch (sk->sk_type) {
1310 case SOCK_RAW:
1311 chan->chan_type = L2CAP_CHAN_RAW;
1312 break;
1313 case SOCK_DGRAM:
1314 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1315 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1316 break;
1317 case SOCK_SEQPACKET:
1318 case SOCK_STREAM:
1319 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1320 break;
1321 }
1322
0c1bc5c6
GP		 1323 chan->imtu = L2CAP_DEFAULT_MTU;
1324 chan->omtu = 0;
bb58f747 1325 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1326 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1327 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1328 } else {
0c1bc5c6 1329 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1330 }
bd4b1653
AE		 1331
1332 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1333 }
1334
1335 /* Default config options */
0c1bc5c6 1336 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1337
1338 chan->data = sk;
1339 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1340}
1341
1342static struct proto l2cap_proto = {
1343 .name = "L2CAP",
1344 .owner = THIS_MODULE,
1345 .obj_size = sizeof(struct l2cap_pinfo)
1346};
1347
2d792818
GP		 1348static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1349 int proto, gfp_t prio)
bb58f747
GP		 1350{
1351 struct sock *sk;
dc50a06d 1352 struct l2cap_chan *chan;
bb58f747
GP		 1353
1354 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1355 if (!sk)
1356 return NULL;
1357
1358 sock_init_data(sock, sk);
1359 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1360
1361 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1362 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1363
1364 sock_reset_flag(sk, SOCK_ZAPPED);
1365
1366 sk->sk_protocol = proto;
1367 sk->sk_state = BT_OPEN;
1368
eef1d9b6 1369 chan = l2cap_chan_create();
dc50a06d 1370 if (!chan) {
49dfbb91 1371 sk_free(sk);
dc50a06d
GP		 1372 return NULL;
1373 }
1374
61d6ef3e
MM		 1375 l2cap_chan_hold(chan);
1376
dc50a06d
GP		 1377 l2cap_pi(sk)->chan = chan;
1378
bb58f747
GP		 1379 return sk;
1380}
1381
1382static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1383 int kern)
1384{
1385 struct sock *sk;
1386
1387 BT_DBG("sock %p", sock);
1388
1389 sock->state = SS_UNCONNECTED;
1390
1391 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1392 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1393 return -ESOCKTNOSUPPORT;
1394
1395 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1396 return -EPERM;
1397
1398 sock->ops = &l2cap_sock_ops;
1399
1400 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1401 if (!sk)
1402 return -ENOMEM;
1403
1404 l2cap_sock_init(sk, NULL);
5b28d95c 1405 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1406 return 0;
1407}
1408
cf2f90f5 1409static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1410 .family = PF_BLUETOOTH,
1411 .owner = THIS_MODULE,
1412 .release = l2cap_sock_release,
1413 .bind = l2cap_sock_bind,
1414 .connect = l2cap_sock_connect,
1415 .listen = l2cap_sock_listen,
1416 .accept = l2cap_sock_accept,
1417 .getname = l2cap_sock_getname,
1418 .sendmsg = l2cap_sock_sendmsg,
1419 .recvmsg = l2cap_sock_recvmsg,
1420 .poll = bt_sock_poll,
1421 .ioctl = bt_sock_ioctl,
1422 .mmap = sock_no_mmap,
1423 .socketpair = sock_no_socketpair,
1424 .shutdown = l2cap_sock_shutdown,
1425 .setsockopt = l2cap_sock_setsockopt,
1426 .getsockopt = l2cap_sock_getsockopt
1427};
1428
bb58f747
GP		 1429static const struct net_proto_family l2cap_sock_family_ops = {
1430 .family = PF_BLUETOOTH,
1431 .owner = THIS_MODULE,
1432 .create = l2cap_sock_create,
1433};
1434
1435int __init l2cap_init_sockets(void)
1436{
e2174ca4 1437 int err;
bb58f747 1438
e2174ca4
GP		 1439 err = proto_register(&l2cap_proto, 0);
1440 if (err < 0)
1441 return err;
bb58f747 1442
e2174ca4 1443 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1444 if (err < 0) {
1445 BT_ERR("L2CAP socket registration failed");
e2174ca4 1446 goto error;
5b28d95c
MY		 1447 }
1448
b0316615 1449 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1450 NULL);
5b28d95c
MY		 1451 if (err < 0) {
1452 BT_ERR("Failed to create L2CAP proc file");
1453 bt_sock_unregister(BTPROTO_L2CAP);
1454 goto error;
1455 }
bb58f747 1456
e2174ca4 1457 BT_INFO("L2CAP socket layer initialized");
bb58f747 1458
e2174ca4 1459 return 0;
bb58f747
GP		 1460
1461error:
e2174ca4
GP		 1462 proto_unregister(&l2cap_proto);
1463 return err;
bb58f747
GP		 1464}
1465
1466void l2cap_cleanup_sockets(void)
1467{
5b28d95c 1468 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1469 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1470 proto_unregister(&l2cap_proto);
bb58f747 1471}
Linux 6.x block layer and io_uring tree(s)