This source file includes following definitions.
- l2cap_is_socket
- l2cap_validate_bredr_psm
- l2cap_validate_le_psm
- l2cap_sock_bind
- l2cap_sock_connect
- l2cap_sock_listen
- l2cap_sock_accept
- l2cap_sock_getname
- l2cap_sock_getsockopt_old
- l2cap_sock_getsockopt
- l2cap_valid_mtu
- l2cap_sock_setsockopt_old
- l2cap_sock_setsockopt
- l2cap_sock_sendmsg
- l2cap_sock_recvmsg
- l2cap_sock_kill
- __l2cap_wait_ack
- l2cap_sock_shutdown
- l2cap_sock_release
- l2cap_sock_cleanup_listen
- l2cap_sock_new_connection_cb
- l2cap_sock_recv_cb
- l2cap_sock_close_cb
- l2cap_sock_teardown_cb
- l2cap_sock_state_change_cb
- l2cap_sock_alloc_skb_cb
- l2cap_sock_ready_cb
- l2cap_sock_defer_cb
- l2cap_sock_resume_cb
- l2cap_sock_set_shutdown_cb
- l2cap_sock_get_sndtimeo_cb
- l2cap_sock_suspend_cb
- l2cap_sock_destruct
- l2cap_skb_msg_name
- l2cap_sock_init
- l2cap_sock_alloc
- l2cap_sock_create
- l2cap_init_sockets
- l2cap_cleanup_sockets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
37
38 #include "smp.h"
39
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42 };
43
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49 bool l2cap_is_socket(struct socket *sock)
50 {
51 return sock && sock->ops == &l2cap_sock_ops;
52 }
53 EXPORT_SYMBOL(l2cap_is_socket);
54
55 static int l2cap_validate_bredr_psm(u16 psm)
56 {
57
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66 }
67
68 static int l2cap_validate_le_psm(u16 psm)
69 {
70
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79 }
80
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 {
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155
156
157
158
159
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170 done:
171 release_sock(sk);
172 return err;
173 }
174
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177 {
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
193 if (la.l2_cid && la.l2_psm)
194 return -EINVAL;
195
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
199
200
201
202
203
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206
207
208
209
210
211
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 return -EINVAL;
215
216
217
218
219
220
221
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229
230 if (la.l2_cid &&
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232 return -EINVAL;
233 }
234
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
240 if (err)
241 return err;
242
243 lock_sock(sk);
244
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
247
248 release_sock(sk);
249
250 return err;
251 }
252
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
254 {
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
263 if (sk->sk_state != BT_BOUND) {
264 err = -EBADFD;
265 goto done;
266 }
267
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281
282 default:
283 err = -EOPNOTSUPP;
284 goto done;
285 }
286
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
289
290
291
292
293
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
298
299 done:
300 release_sock(sk);
301 return err;
302 }
303
304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
306 {
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
313
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
320 while (1) {
321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
323 break;
324 }
325
326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
329
330 if (!timeo) {
331 err = -EAGAIN;
332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
339
340 release_sock(sk);
341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
345 }
346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355 done:
356 release_sock(sk);
357 return err;
358 }
359
360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int peer)
362 {
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
372 return -ENOTCONN;
373
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
376
377 la->l2_psm = chan->psm;
378
379 if (peer) {
380 bacpy(&la->l2_bdaddr, &chan->dst);
381 la->l2_cid = cpu_to_le16(chan->dcid);
382 la->l2_bdaddr_type = chan->dst_type;
383 } else {
384 bacpy(&la->l2_bdaddr, &chan->src);
385 la->l2_cid = cpu_to_le16(chan->scid);
386 la->l2_bdaddr_type = chan->src_type;
387 }
388
389 return sizeof(struct sockaddr_l2);
390 }
391
392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
394 {
395 struct sock *sk = sock->sk;
396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
399 int len, err = 0;
400 u32 opt;
401
402 BT_DBG("sk %p", sk);
403
404 if (get_user(len, optlen))
405 return -EFAULT;
406
407 lock_sock(sk);
408
409 switch (optname) {
410 case L2CAP_OPTIONS:
411
412
413
414
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
417 err = -EINVAL;
418 break;
419 }
420
421 memset(&opts, 0, sizeof(opts));
422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
428 opts.txwin_size = chan->tx_win;
429
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
432 err = -EFAULT;
433
434 break;
435
436 case L2CAP_LM:
437 switch (chan->sec_level) {
438 case BT_SECURITY_LOW:
439 opt = L2CAP_LM_AUTH;
440 break;
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
443 break;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
446 L2CAP_LM_SECURE;
447 break;
448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451 break;
452 default:
453 opt = 0;
454 break;
455 }
456
457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
458 opt |= L2CAP_LM_MASTER;
459
460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
461 opt |= L2CAP_LM_RELIABLE;
462
463 if (put_user(opt, (u32 __user *) optval))
464 err = -EFAULT;
465
466 break;
467
468 case L2CAP_CONNINFO:
469 if (sk->sk_state != BT_CONNECTED &&
470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
472 err = -ENOTCONN;
473 break;
474 }
475
476 memset(&cinfo, 0, sizeof(cinfo));
477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
479
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
482 err = -EFAULT;
483
484 break;
485
486 default:
487 err = -ENOPROTOOPT;
488 break;
489 }
490
491 release_sock(sk);
492 return err;
493 }
494
495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
497 {
498 struct sock *sk = sock->sk;
499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
500 struct bt_security sec;
501 struct bt_power pwr;
502 int len, err = 0;
503
504 BT_DBG("sk %p", sk);
505
506 if (level == SOL_L2CAP)
507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
508
509 if (level != SOL_BLUETOOTH)
510 return -ENOPROTOOPT;
511
512 if (get_user(len, optlen))
513 return -EFAULT;
514
515 lock_sock(sk);
516
517 switch (optname) {
518 case BT_SECURITY:
519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
520 chan->chan_type != L2CAP_CHAN_FIXED &&
521 chan->chan_type != L2CAP_CHAN_RAW) {
522 err = -EINVAL;
523 break;
524 }
525
526 memset(&sec, 0, sizeof(sec));
527 if (chan->conn) {
528 sec.level = chan->conn->hcon->sec_level;
529
530 if (sk->sk_state == BT_CONNECTED)
531 sec.key_size = chan->conn->hcon->enc_key_size;
532 } else {
533 sec.level = chan->sec_level;
534 }
535
536 len = min_t(unsigned int, len, sizeof(sec));
537 if (copy_to_user(optval, (char *) &sec, len))
538 err = -EFAULT;
539
540 break;
541
542 case BT_DEFER_SETUP:
543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
544 err = -EINVAL;
545 break;
546 }
547
548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549 (u32 __user *) optval))
550 err = -EFAULT;
551
552 break;
553
554 case BT_FLUSHABLE:
555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
556 (u32 __user *) optval))
557 err = -EFAULT;
558
559 break;
560
561 case BT_POWER:
562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
563 && sk->sk_type != SOCK_RAW) {
564 err = -EINVAL;
565 break;
566 }
567
568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
569
570 len = min_t(unsigned int, len, sizeof(pwr));
571 if (copy_to_user(optval, (char *) &pwr, len))
572 err = -EFAULT;
573
574 break;
575
576 case BT_CHANNEL_POLICY:
577 if (put_user(chan->chan_policy, (u32 __user *) optval))
578 err = -EFAULT;
579 break;
580
581 case BT_SNDMTU:
582 if (!bdaddr_type_is_le(chan->src_type)) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (sk->sk_state != BT_CONNECTED) {
588 err = -ENOTCONN;
589 break;
590 }
591
592 if (put_user(chan->omtu, (u16 __user *) optval))
593 err = -EFAULT;
594 break;
595
596 case BT_RCVMTU:
597 if (!bdaddr_type_is_le(chan->src_type)) {
598 err = -EINVAL;
599 break;
600 }
601
602 if (put_user(chan->imtu, (u16 __user *) optval))
603 err = -EFAULT;
604 break;
605
606 default:
607 err = -ENOPROTOOPT;
608 break;
609 }
610
611 release_sock(sk);
612 return err;
613 }
614
615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
616 {
617 switch (chan->scid) {
618 case L2CAP_CID_ATT:
619 if (mtu < L2CAP_LE_MIN_MTU)
620 return false;
621 break;
622
623 default:
624 if (mtu < L2CAP_DEFAULT_MIN_MTU)
625 return false;
626 }
627
628 return true;
629 }
630
631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632 char __user *optval, unsigned int optlen)
633 {
634 struct sock *sk = sock->sk;
635 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
636 struct l2cap_options opts;
637 int len, err = 0;
638 u32 opt;
639
640 BT_DBG("sk %p", sk);
641
642 lock_sock(sk);
643
644 switch (optname) {
645 case L2CAP_OPTIONS:
646 if (bdaddr_type_is_le(chan->src_type)) {
647 err = -EINVAL;
648 break;
649 }
650
651 if (sk->sk_state == BT_CONNECTED) {
652 err = -EINVAL;
653 break;
654 }
655
656 opts.imtu = chan->imtu;
657 opts.omtu = chan->omtu;
658 opts.flush_to = chan->flush_to;
659 opts.mode = chan->mode;
660 opts.fcs = chan->fcs;
661 opts.max_tx = chan->max_tx;
662 opts.txwin_size = chan->tx_win;
663
664 len = min_t(unsigned int, sizeof(opts), optlen);
665 if (copy_from_user((char *) &opts, optval, len)) {
666 err = -EFAULT;
667 break;
668 }
669
670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
671 err = -EINVAL;
672 break;
673 }
674
675 if (!l2cap_valid_mtu(chan, opts.imtu)) {
676 err = -EINVAL;
677 break;
678 }
679
680 chan->mode = opts.mode;
681 switch (chan->mode) {
682 case L2CAP_MODE_LE_FLOWCTL:
683 break;
684 case L2CAP_MODE_BASIC:
685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
686 break;
687 case L2CAP_MODE_ERTM:
688 case L2CAP_MODE_STREAMING:
689 if (!disable_ertm)
690 break;
691
692 default:
693 err = -EINVAL;
694 break;
695 }
696
697 chan->imtu = opts.imtu;
698 chan->omtu = opts.omtu;
699 chan->fcs = opts.fcs;
700 chan->max_tx = opts.max_tx;
701 chan->tx_win = opts.txwin_size;
702 chan->flush_to = opts.flush_to;
703 break;
704
705 case L2CAP_LM:
706 if (get_user(opt, (u32 __user *) optval)) {
707 err = -EFAULT;
708 break;
709 }
710
711 if (opt & L2CAP_LM_FIPS) {
712 err = -EINVAL;
713 break;
714 }
715
716 if (opt & L2CAP_LM_AUTH)
717 chan->sec_level = BT_SECURITY_LOW;
718 if (opt & L2CAP_LM_ENCRYPT)
719 chan->sec_level = BT_SECURITY_MEDIUM;
720 if (opt & L2CAP_LM_SECURE)
721 chan->sec_level = BT_SECURITY_HIGH;
722
723 if (opt & L2CAP_LM_MASTER)
724 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
725 else
726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
727
728 if (opt & L2CAP_LM_RELIABLE)
729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
730 else
731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
732 break;
733
734 default:
735 err = -ENOPROTOOPT;
736 break;
737 }
738
739 release_sock(sk);
740 return err;
741 }
742
743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744 char __user *optval, unsigned int optlen)
745 {
746 struct sock *sk = sock->sk;
747 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
748 struct bt_security sec;
749 struct bt_power pwr;
750 struct l2cap_conn *conn;
751 int len, err = 0;
752 u32 opt;
753
754 BT_DBG("sk %p", sk);
755
756 if (level == SOL_L2CAP)
757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
758
759 if (level != SOL_BLUETOOTH)
760 return -ENOPROTOOPT;
761
762 lock_sock(sk);
763
764 switch (optname) {
765 case BT_SECURITY:
766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
767 chan->chan_type != L2CAP_CHAN_FIXED &&
768 chan->chan_type != L2CAP_CHAN_RAW) {
769 err = -EINVAL;
770 break;
771 }
772
773 sec.level = BT_SECURITY_LOW;
774
775 len = min_t(unsigned int, sizeof(sec), optlen);
776 if (copy_from_user((char *) &sec, optval, len)) {
777 err = -EFAULT;
778 break;
779 }
780
781 if (sec.level < BT_SECURITY_LOW ||
782 sec.level > BT_SECURITY_FIPS) {
783 err = -EINVAL;
784 break;
785 }
786
787 chan->sec_level = sec.level;
788
789 if (!chan->conn)
790 break;
791
792 conn = chan->conn;
793
794
795 if (chan->scid == L2CAP_CID_ATT) {
796 if (smp_conn_security(conn->hcon, sec.level)) {
797 err = -EINVAL;
798 break;
799 }
800
801 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
802 sk->sk_state = BT_CONFIG;
803 chan->state = BT_CONFIG;
804
805
806 } else if ((sk->sk_state == BT_CONNECT2 &&
807 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
808 sk->sk_state == BT_CONNECTED) {
809 if (!l2cap_chan_check_security(chan, true))
810 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
811 else
812 sk->sk_state_change(sk);
813 } else {
814 err = -EINVAL;
815 }
816 break;
817
818 case BT_DEFER_SETUP:
819 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
820 err = -EINVAL;
821 break;
822 }
823
824 if (get_user(opt, (u32 __user *) optval)) {
825 err = -EFAULT;
826 break;
827 }
828
829 if (opt) {
830 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
831 set_bit(FLAG_DEFER_SETUP, &chan->flags);
832 } else {
833 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
835 }
836 break;
837
838 case BT_FLUSHABLE:
839 if (get_user(opt, (u32 __user *) optval)) {
840 err = -EFAULT;
841 break;
842 }
843
844 if (opt > BT_FLUSHABLE_ON) {
845 err = -EINVAL;
846 break;
847 }
848
849 if (opt == BT_FLUSHABLE_OFF) {
850 conn = chan->conn;
851
852
853 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
854 err = -EINVAL;
855 break;
856 }
857 }
858
859 if (opt)
860 set_bit(FLAG_FLUSHABLE, &chan->flags);
861 else
862 clear_bit(FLAG_FLUSHABLE, &chan->flags);
863 break;
864
865 case BT_POWER:
866 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
867 chan->chan_type != L2CAP_CHAN_RAW) {
868 err = -EINVAL;
869 break;
870 }
871
872 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
873
874 len = min_t(unsigned int, sizeof(pwr), optlen);
875 if (copy_from_user((char *) &pwr, optval, len)) {
876 err = -EFAULT;
877 break;
878 }
879
880 if (pwr.force_active)
881 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
882 else
883 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
884 break;
885
886 case BT_CHANNEL_POLICY:
887 if (get_user(opt, (u32 __user *) optval)) {
888 err = -EFAULT;
889 break;
890 }
891
892 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
893 err = -EINVAL;
894 break;
895 }
896
897 if (chan->mode != L2CAP_MODE_ERTM &&
898 chan->mode != L2CAP_MODE_STREAMING) {
899 err = -EOPNOTSUPP;
900 break;
901 }
902
903 chan->chan_policy = (u8) opt;
904
905 if (sk->sk_state == BT_CONNECTED &&
906 chan->move_role == L2CAP_MOVE_ROLE_NONE)
907 l2cap_move_start(chan);
908
909 break;
910
911 case BT_SNDMTU:
912 if (!bdaddr_type_is_le(chan->src_type)) {
913 err = -EINVAL;
914 break;
915 }
916
917
918
919
920 err = -EPERM;
921 break;
922
923 case BT_RCVMTU:
924 if (!bdaddr_type_is_le(chan->src_type)) {
925 err = -EINVAL;
926 break;
927 }
928
929 if (sk->sk_state == BT_CONNECTED) {
930 err = -EISCONN;
931 break;
932 }
933
934 if (get_user(opt, (u16 __user *) optval)) {
935 err = -EFAULT;
936 break;
937 }
938
939 chan->imtu = opt;
940 break;
941
942 default:
943 err = -ENOPROTOOPT;
944 break;
945 }
946
947 release_sock(sk);
948 return err;
949 }
950
951 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
952 size_t len)
953 {
954 struct sock *sk = sock->sk;
955 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
956 int err;
957
958 BT_DBG("sock %p, sk %p", sock, sk);
959
960 err = sock_error(sk);
961 if (err)
962 return err;
963
964 if (msg->msg_flags & MSG_OOB)
965 return -EOPNOTSUPP;
966
967 if (sk->sk_state != BT_CONNECTED)
968 return -ENOTCONN;
969
970 lock_sock(sk);
971 err = bt_sock_wait_ready(sk, msg->msg_flags);
972 release_sock(sk);
973 if (err)
974 return err;
975
976 l2cap_chan_lock(chan);
977 err = l2cap_chan_send(chan, msg, len);
978 l2cap_chan_unlock(chan);
979
980 return err;
981 }
982
983 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
984 size_t len, int flags)
985 {
986 struct sock *sk = sock->sk;
987 struct l2cap_pinfo *pi = l2cap_pi(sk);
988 int err;
989
990 lock_sock(sk);
991
992 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
993 &bt_sk(sk)->flags)) {
994 if (bdaddr_type_is_le(pi->chan->src_type)) {
995 sk->sk_state = BT_CONNECTED;
996 pi->chan->state = BT_CONNECTED;
997 __l2cap_le_connect_rsp_defer(pi->chan);
998 } else {
999 sk->sk_state = BT_CONFIG;
1000 pi->chan->state = BT_CONFIG;
1001 __l2cap_connect_rsp_defer(pi->chan);
1002 }
1003
1004 err = 0;
1005 goto done;
1006 }
1007
1008 release_sock(sk);
1009
1010 if (sock->type == SOCK_STREAM)
1011 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1012 else
1013 err = bt_sock_recvmsg(sock, msg, len, flags);
1014
1015 if (pi->chan->mode != L2CAP_MODE_ERTM)
1016 return err;
1017
1018
1019
1020 lock_sock(sk);
1021
1022 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1023 goto done;
1024
1025 if (pi->rx_busy_skb) {
1026 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1027 pi->rx_busy_skb = NULL;
1028 else
1029 goto done;
1030 }
1031
1032
1033
1034
1035
1036 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1037 l2cap_chan_busy(pi->chan, 0);
1038
1039 done:
1040 release_sock(sk);
1041 return err;
1042 }
1043
1044
1045
1046
1047 static void l2cap_sock_kill(struct sock *sk)
1048 {
1049 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1050 return;
1051
1052 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1053
1054
1055
1056 l2cap_chan_put(l2cap_pi(sk)->chan);
1057 sock_set_flag(sk, SOCK_DEAD);
1058 sock_put(sk);
1059 }
1060
1061 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1062 {
1063 DECLARE_WAITQUEUE(wait, current);
1064 int err = 0;
1065 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1066
1067 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1068
1069 add_wait_queue(sk_sleep(sk), &wait);
1070 set_current_state(TASK_INTERRUPTIBLE);
1071 do {
1072 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1073 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1074 jiffies_to_msecs(timeout - jiffies));
1075
1076 if (!timeo)
1077 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1078
1079 if (signal_pending(current)) {
1080 err = sock_intr_errno(timeo);
1081 break;
1082 }
1083
1084 release_sock(sk);
1085 timeo = schedule_timeout(timeo);
1086 lock_sock(sk);
1087 set_current_state(TASK_INTERRUPTIBLE);
1088
1089 err = sock_error(sk);
1090 if (err)
1091 break;
1092
1093 if (time_after(jiffies, timeout)) {
1094 err = -ENOLINK;
1095 break;
1096 }
1097
1098 } while (chan->unacked_frames > 0 &&
1099 chan->state == BT_CONNECTED);
1100
1101 set_current_state(TASK_RUNNING);
1102 remove_wait_queue(sk_sleep(sk), &wait);
1103 return err;
1104 }
1105
1106 static int l2cap_sock_shutdown(struct socket *sock, int how)
1107 {
1108 struct sock *sk = sock->sk;
1109 struct l2cap_chan *chan;
1110 struct l2cap_conn *conn;
1111 int err = 0;
1112
1113 BT_DBG("sock %p, sk %p", sock, sk);
1114
1115 if (!sk)
1116 return 0;
1117
1118 lock_sock(sk);
1119
1120 if (sk->sk_shutdown)
1121 goto shutdown_already;
1122
1123 BT_DBG("Handling sock shutdown");
1124
1125
1126 sock_hold(sk);
1127
1128 chan = l2cap_pi(sk)->chan;
1129
1130 l2cap_chan_hold(chan);
1131
1132 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1133
1134 if (chan->mode == L2CAP_MODE_ERTM &&
1135 chan->unacked_frames > 0 &&
1136 chan->state == BT_CONNECTED) {
1137 err = __l2cap_wait_ack(sk, chan);
1138
1139
1140
1141
1142
1143 if (sk->sk_shutdown)
1144 goto has_shutdown;
1145 }
1146
1147 sk->sk_shutdown = SHUTDOWN_MASK;
1148 release_sock(sk);
1149
1150 l2cap_chan_lock(chan);
1151 conn = chan->conn;
1152 if (conn)
1153
1154 l2cap_conn_get(conn);
1155 l2cap_chan_unlock(chan);
1156
1157 if (conn)
1158
1159 mutex_lock(&conn->chan_lock);
1160
1161 l2cap_chan_lock(chan);
1162 l2cap_chan_close(chan, 0);
1163 l2cap_chan_unlock(chan);
1164
1165 if (conn) {
1166 mutex_unlock(&conn->chan_lock);
1167 l2cap_conn_put(conn);
1168 }
1169
1170 lock_sock(sk);
1171
1172 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1173 !(current->flags & PF_EXITING))
1174 err = bt_sock_wait_state(sk, BT_CLOSED,
1175 sk->sk_lingertime);
1176
1177 has_shutdown:
1178 l2cap_chan_put(chan);
1179 sock_put(sk);
1180
1181 shutdown_already:
1182 if (!err && sk->sk_err)
1183 err = -sk->sk_err;
1184
1185 release_sock(sk);
1186
1187 BT_DBG("Sock shutdown complete err: %d", err);
1188
1189 return err;
1190 }
1191
1192 static int l2cap_sock_release(struct socket *sock)
1193 {
1194 struct sock *sk = sock->sk;
1195 int err;
1196
1197 BT_DBG("sock %p, sk %p", sock, sk);
1198
1199 if (!sk)
1200 return 0;
1201
1202 bt_sock_unlink(&l2cap_sk_list, sk);
1203
1204 err = l2cap_sock_shutdown(sock, 2);
1205
1206 sock_orphan(sk);
1207 l2cap_sock_kill(sk);
1208 return err;
1209 }
1210
1211 static void l2cap_sock_cleanup_listen(struct sock *parent)
1212 {
1213 struct sock *sk;
1214
1215 BT_DBG("parent %p state %s", parent,
1216 state_to_string(parent->sk_state));
1217
1218
1219 while ((sk = bt_accept_dequeue(parent, NULL))) {
1220 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1221
1222 BT_DBG("child chan %p state %s", chan,
1223 state_to_string(chan->state));
1224
1225 l2cap_chan_lock(chan);
1226 __clear_chan_timer(chan);
1227 l2cap_chan_close(chan, ECONNRESET);
1228 l2cap_chan_unlock(chan);
1229
1230 l2cap_sock_kill(sk);
1231 }
1232 }
1233
1234 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1235 {
1236 struct sock *sk, *parent = chan->data;
1237
1238 lock_sock(parent);
1239
1240
1241 if (sk_acceptq_is_full(parent)) {
1242 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1243 release_sock(parent);
1244 return NULL;
1245 }
1246
1247 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1248 GFP_ATOMIC, 0);
1249 if (!sk) {
1250 release_sock(parent);
1251 return NULL;
1252 }
1253
1254 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1255
1256 l2cap_sock_init(sk, parent);
1257
1258 bt_accept_enqueue(parent, sk, false);
1259
1260 release_sock(parent);
1261
1262 return l2cap_pi(sk)->chan;
1263 }
1264
1265 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1266 {
1267 struct sock *sk = chan->data;
1268 int err;
1269
1270 lock_sock(sk);
1271
1272 if (l2cap_pi(sk)->rx_busy_skb) {
1273 err = -ENOMEM;
1274 goto done;
1275 }
1276
1277 if (chan->mode != L2CAP_MODE_ERTM &&
1278 chan->mode != L2CAP_MODE_STREAMING) {
1279
1280
1281
1282 err = sk_filter(sk, skb);
1283 if (err)
1284 goto done;
1285 }
1286
1287 err = __sock_queue_rcv_skb(sk, skb);
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1299 l2cap_pi(sk)->rx_busy_skb = skb;
1300 l2cap_chan_busy(chan, 1);
1301 err = 0;
1302 }
1303
1304 done:
1305 release_sock(sk);
1306
1307 return err;
1308 }
1309
1310 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1311 {
1312 struct sock *sk = chan->data;
1313
1314 l2cap_sock_kill(sk);
1315 }
1316
1317 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1318 {
1319 struct sock *sk = chan->data;
1320 struct sock *parent;
1321
1322 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1323
1324
1325
1326
1327
1328
1329
1330
1331 lock_sock_nested(sk, atomic_read(&chan->nesting));
1332
1333 parent = bt_sk(sk)->parent;
1334
1335 sock_set_flag(sk, SOCK_ZAPPED);
1336
1337 switch (chan->state) {
1338 case BT_OPEN:
1339 case BT_BOUND:
1340 case BT_CLOSED:
1341 break;
1342 case BT_LISTEN:
1343 l2cap_sock_cleanup_listen(sk);
1344 sk->sk_state = BT_CLOSED;
1345 chan->state = BT_CLOSED;
1346
1347 break;
1348 default:
1349 sk->sk_state = BT_CLOSED;
1350 chan->state = BT_CLOSED;
1351
1352 sk->sk_err = err;
1353
1354 if (parent) {
1355 bt_accept_unlink(sk);
1356 parent->sk_data_ready(parent);
1357 } else {
1358 sk->sk_state_change(sk);
1359 }
1360
1361 break;
1362 }
1363
1364 release_sock(sk);
1365 }
1366
1367 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1368 int err)
1369 {
1370 struct sock *sk = chan->data;
1371
1372 sk->sk_state = state;
1373
1374 if (err)
1375 sk->sk_err = err;
1376 }
1377
1378 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1379 unsigned long hdr_len,
1380 unsigned long len, int nb)
1381 {
1382 struct sock *sk = chan->data;
1383 struct sk_buff *skb;
1384 int err;
1385
1386 l2cap_chan_unlock(chan);
1387 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1388 l2cap_chan_lock(chan);
1389
1390 if (!skb)
1391 return ERR_PTR(err);
1392
1393 skb->priority = sk->sk_priority;
1394
1395 bt_cb(skb)->l2cap.chan = chan;
1396
1397 return skb;
1398 }
1399
1400 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1401 {
1402 struct sock *sk = chan->data;
1403 struct sock *parent;
1404
1405 lock_sock(sk);
1406
1407 parent = bt_sk(sk)->parent;
1408
1409 BT_DBG("sk %p, parent %p", sk, parent);
1410
1411 sk->sk_state = BT_CONNECTED;
1412 sk->sk_state_change(sk);
1413
1414 if (parent)
1415 parent->sk_data_ready(parent);
1416
1417 release_sock(sk);
1418 }
1419
1420 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1421 {
1422 struct sock *parent, *sk = chan->data;
1423
1424 lock_sock(sk);
1425
1426 parent = bt_sk(sk)->parent;
1427 if (parent)
1428 parent->sk_data_ready(parent);
1429
1430 release_sock(sk);
1431 }
1432
1433 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1434 {
1435 struct sock *sk = chan->data;
1436
1437 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1438 sk->sk_state = BT_CONNECTED;
1439 chan->state = BT_CONNECTED;
1440 }
1441
1442 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1443 sk->sk_state_change(sk);
1444 }
1445
1446 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1447 {
1448 struct sock *sk = chan->data;
1449
1450 lock_sock(sk);
1451 sk->sk_shutdown = SHUTDOWN_MASK;
1452 release_sock(sk);
1453 }
1454
1455 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1456 {
1457 struct sock *sk = chan->data;
1458
1459 return sk->sk_sndtimeo;
1460 }
1461
1462 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1463 {
1464 struct sock *sk = chan->data;
1465
1466 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1467 sk->sk_state_change(sk);
1468 }
1469
1470 static const struct l2cap_ops l2cap_chan_ops = {
1471 .name = "L2CAP Socket Interface",
1472 .new_connection = l2cap_sock_new_connection_cb,
1473 .recv = l2cap_sock_recv_cb,
1474 .close = l2cap_sock_close_cb,
1475 .teardown = l2cap_sock_teardown_cb,
1476 .state_change = l2cap_sock_state_change_cb,
1477 .ready = l2cap_sock_ready_cb,
1478 .defer = l2cap_sock_defer_cb,
1479 .resume = l2cap_sock_resume_cb,
1480 .suspend = l2cap_sock_suspend_cb,
1481 .set_shutdown = l2cap_sock_set_shutdown_cb,
1482 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1483 .alloc_skb = l2cap_sock_alloc_skb_cb,
1484 };
1485
1486 static void l2cap_sock_destruct(struct sock *sk)
1487 {
1488 BT_DBG("sk %p", sk);
1489
1490 if (l2cap_pi(sk)->chan)
1491 l2cap_chan_put(l2cap_pi(sk)->chan);
1492
1493 if (l2cap_pi(sk)->rx_busy_skb) {
1494 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1495 l2cap_pi(sk)->rx_busy_skb = NULL;
1496 }
1497
1498 skb_queue_purge(&sk->sk_receive_queue);
1499 skb_queue_purge(&sk->sk_write_queue);
1500 }
1501
1502 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1503 int *msg_namelen)
1504 {
1505 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1506
1507 memset(la, 0, sizeof(struct sockaddr_l2));
1508 la->l2_family = AF_BLUETOOTH;
1509 la->l2_psm = bt_cb(skb)->l2cap.psm;
1510 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1511
1512 *msg_namelen = sizeof(struct sockaddr_l2);
1513 }
1514
1515 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1516 {
1517 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1518
1519 BT_DBG("sk %p", sk);
1520
1521 if (parent) {
1522 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1523
1524 sk->sk_type = parent->sk_type;
1525 bt_sk(sk)->flags = bt_sk(parent)->flags;
1526
1527 chan->chan_type = pchan->chan_type;
1528 chan->imtu = pchan->imtu;
1529 chan->omtu = pchan->omtu;
1530 chan->conf_state = pchan->conf_state;
1531 chan->mode = pchan->mode;
1532 chan->fcs = pchan->fcs;
1533 chan->max_tx = pchan->max_tx;
1534 chan->tx_win = pchan->tx_win;
1535 chan->tx_win_max = pchan->tx_win_max;
1536 chan->sec_level = pchan->sec_level;
1537 chan->flags = pchan->flags;
1538 chan->tx_credits = pchan->tx_credits;
1539 chan->rx_credits = pchan->rx_credits;
1540
1541 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1542 chan->scid = pchan->scid;
1543 chan->dcid = pchan->scid;
1544 }
1545
1546 security_sk_clone(parent, sk);
1547 } else {
1548 switch (sk->sk_type) {
1549 case SOCK_RAW:
1550 chan->chan_type = L2CAP_CHAN_RAW;
1551 break;
1552 case SOCK_DGRAM:
1553 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1554 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1555 break;
1556 case SOCK_SEQPACKET:
1557 case SOCK_STREAM:
1558 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1559 break;
1560 }
1561
1562 chan->imtu = L2CAP_DEFAULT_MTU;
1563 chan->omtu = 0;
1564 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1565 chan->mode = L2CAP_MODE_ERTM;
1566 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1567 } else {
1568 chan->mode = L2CAP_MODE_BASIC;
1569 }
1570
1571 l2cap_chan_set_defaults(chan);
1572 }
1573
1574
1575 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1576
1577 chan->data = sk;
1578 chan->ops = &l2cap_chan_ops;
1579 }
1580
1581 static struct proto l2cap_proto = {
1582 .name = "L2CAP",
1583 .owner = THIS_MODULE,
1584 .obj_size = sizeof(struct l2cap_pinfo)
1585 };
1586
1587 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1588 int proto, gfp_t prio, int kern)
1589 {
1590 struct sock *sk;
1591 struct l2cap_chan *chan;
1592
1593 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1594 if (!sk)
1595 return NULL;
1596
1597 sock_init_data(sock, sk);
1598 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1599
1600 sk->sk_destruct = l2cap_sock_destruct;
1601 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1602
1603 sock_reset_flag(sk, SOCK_ZAPPED);
1604
1605 sk->sk_protocol = proto;
1606 sk->sk_state = BT_OPEN;
1607
1608 chan = l2cap_chan_create();
1609 if (!chan) {
1610 sk_free(sk);
1611 return NULL;
1612 }
1613
1614 l2cap_chan_hold(chan);
1615
1616 l2cap_pi(sk)->chan = chan;
1617
1618 return sk;
1619 }
1620
1621 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1622 int kern)
1623 {
1624 struct sock *sk;
1625
1626 BT_DBG("sock %p", sock);
1627
1628 sock->state = SS_UNCONNECTED;
1629
1630 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1631 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1632 return -ESOCKTNOSUPPORT;
1633
1634 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1635 return -EPERM;
1636
1637 sock->ops = &l2cap_sock_ops;
1638
1639 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1640 if (!sk)
1641 return -ENOMEM;
1642
1643 l2cap_sock_init(sk, NULL);
1644 bt_sock_link(&l2cap_sk_list, sk);
1645 return 0;
1646 }
1647
1648 static const struct proto_ops l2cap_sock_ops = {
1649 .family = PF_BLUETOOTH,
1650 .owner = THIS_MODULE,
1651 .release = l2cap_sock_release,
1652 .bind = l2cap_sock_bind,
1653 .connect = l2cap_sock_connect,
1654 .listen = l2cap_sock_listen,
1655 .accept = l2cap_sock_accept,
1656 .getname = l2cap_sock_getname,
1657 .sendmsg = l2cap_sock_sendmsg,
1658 .recvmsg = l2cap_sock_recvmsg,
1659 .poll = bt_sock_poll,
1660 .ioctl = bt_sock_ioctl,
1661 .gettstamp = sock_gettstamp,
1662 .mmap = sock_no_mmap,
1663 .socketpair = sock_no_socketpair,
1664 .shutdown = l2cap_sock_shutdown,
1665 .setsockopt = l2cap_sock_setsockopt,
1666 .getsockopt = l2cap_sock_getsockopt
1667 };
1668
1669 static const struct net_proto_family l2cap_sock_family_ops = {
1670 .family = PF_BLUETOOTH,
1671 .owner = THIS_MODULE,
1672 .create = l2cap_sock_create,
1673 };
1674
1675 int __init l2cap_init_sockets(void)
1676 {
1677 int err;
1678
1679 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1680
1681 err = proto_register(&l2cap_proto, 0);
1682 if (err < 0)
1683 return err;
1684
1685 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1686 if (err < 0) {
1687 BT_ERR("L2CAP socket registration failed");
1688 goto error;
1689 }
1690
1691 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1692 NULL);
1693 if (err < 0) {
1694 BT_ERR("Failed to create L2CAP proc file");
1695 bt_sock_unregister(BTPROTO_L2CAP);
1696 goto error;
1697 }
1698
1699 BT_INFO("L2CAP socket layer initialized");
1700
1701 return 0;
1702
1703 error:
1704 proto_unregister(&l2cap_proto);
1705 return err;
1706 }
1707
1708 void l2cap_cleanup_sockets(void)
1709 {
1710 bt_procfs_cleanup(&init_net, "l2cap");
1711 bt_sock_unregister(BTPROTO_L2CAP);
1712 proto_unregister(&l2cap_proto);
1713 }