root/net/bluetooth/l2cap_sock.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. l2cap_is_socket
  2. l2cap_validate_bredr_psm
  3. l2cap_validate_le_psm
  4. l2cap_sock_bind
  5. l2cap_sock_connect
  6. l2cap_sock_listen
  7. l2cap_sock_accept
  8. l2cap_sock_getname
  9. l2cap_sock_getsockopt_old
  10. l2cap_sock_getsockopt
  11. l2cap_valid_mtu
  12. l2cap_sock_setsockopt_old
  13. l2cap_sock_setsockopt
  14. l2cap_sock_sendmsg
  15. l2cap_sock_recvmsg
  16. l2cap_sock_kill
  17. __l2cap_wait_ack
  18. l2cap_sock_shutdown
  19. l2cap_sock_release
  20. l2cap_sock_cleanup_listen
  21. l2cap_sock_new_connection_cb
  22. l2cap_sock_recv_cb
  23. l2cap_sock_close_cb
  24. l2cap_sock_teardown_cb
  25. l2cap_sock_state_change_cb
  26. l2cap_sock_alloc_skb_cb
  27. l2cap_sock_ready_cb
  28. l2cap_sock_defer_cb
  29. l2cap_sock_resume_cb
  30. l2cap_sock_set_shutdown_cb
  31. l2cap_sock_get_sndtimeo_cb
  32. l2cap_sock_suspend_cb
  33. l2cap_sock_destruct
  34. l2cap_skb_msg_name
  35. l2cap_sock_init
  36. l2cap_sock_alloc
  37. l2cap_sock_create
  38. l2cap_init_sockets
  39. l2cap_cleanup_sockets

   1 /*
   2    BlueZ - Bluetooth protocol stack for Linux
   3    Copyright (C) 2000-2001 Qualcomm Incorporated
   4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
   5    Copyright (C) 2010 Google Inc.
   6    Copyright (C) 2011 ProFUSION Embedded Systems
   7 
   8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   9 
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License version 2 as
  12    published by the Free Software Foundation;
  13 
  14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  22 
  23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  25    SOFTWARE IS DISCLAIMED.
  26 */
  27 
  28 /* Bluetooth L2CAP sockets. */
  29 
  30 #include <linux/module.h>
  31 #include <linux/export.h>
  32 #include <linux/sched/signal.h>
  33 
  34 #include <net/bluetooth/bluetooth.h>
  35 #include <net/bluetooth/hci_core.h>
  36 #include <net/bluetooth/l2cap.h>
  37 
  38 #include "smp.h"
  39 
  40 static struct bt_sock_list l2cap_sk_list = {
  41         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
  42 };
  43 
  44 static const struct proto_ops l2cap_sock_ops;
  45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
  46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
  47                                      int proto, gfp_t prio, int kern);
  48 
  49 bool l2cap_is_socket(struct socket *sock)
  50 {
  51         return sock && sock->ops == &l2cap_sock_ops;
  52 }
  53 EXPORT_SYMBOL(l2cap_is_socket);
  54 
  55 static int l2cap_validate_bredr_psm(u16 psm)
  56 {
  57         /* PSM must be odd and lsb of upper byte must be 0 */
  58         if ((psm & 0x0101) != 0x0001)
  59                 return -EINVAL;
  60 
  61         /* Restrict usage of well-known PSMs */
  62         if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
  63                 return -EACCES;
  64 
  65         return 0;
  66 }
  67 
  68 static int l2cap_validate_le_psm(u16 psm)
  69 {
  70         /* Valid LE_PSM ranges are defined only until 0x00ff */
  71         if (psm > L2CAP_PSM_LE_DYN_END)
  72                 return -EINVAL;
  73 
  74         /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
  75         if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
  76                 return -EACCES;
  77 
  78         return 0;
  79 }
  80 
  81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
  82 {
  83         struct sock *sk = sock->sk;
  84         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
  85         struct sockaddr_l2 la;
  86         int len, err = 0;
  87 
  88         BT_DBG("sk %p", sk);
  89 
  90         if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
  91             addr->sa_family != AF_BLUETOOTH)
  92                 return -EINVAL;
  93 
  94         memset(&la, 0, sizeof(la));
  95         len = min_t(unsigned int, sizeof(la), alen);
  96         memcpy(&la, addr, len);
  97 
  98         if (la.l2_cid && la.l2_psm)
  99                 return -EINVAL;
 100 
 101         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
 102                 return -EINVAL;
 103 
 104         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
 105                 /* We only allow ATT user space socket */
 106                 if (la.l2_cid &&
 107                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
 108                         return -EINVAL;
 109         }
 110 
 111         lock_sock(sk);
 112 
 113         if (sk->sk_state != BT_OPEN) {
 114                 err = -EBADFD;
 115                 goto done;
 116         }
 117 
 118         if (la.l2_psm) {
 119                 __u16 psm = __le16_to_cpu(la.l2_psm);
 120 
 121                 if (la.l2_bdaddr_type == BDADDR_BREDR)
 122                         err = l2cap_validate_bredr_psm(psm);
 123                 else
 124                         err = l2cap_validate_le_psm(psm);
 125 
 126                 if (err)
 127                         goto done;
 128         }
 129 
 130         bacpy(&chan->src, &la.l2_bdaddr);
 131         chan->src_type = la.l2_bdaddr_type;
 132 
 133         if (la.l2_cid)
 134                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
 135         else
 136                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
 137 
 138         if (err < 0)
 139                 goto done;
 140 
 141         switch (chan->chan_type) {
 142         case L2CAP_CHAN_CONN_LESS:
 143                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
 144                         chan->sec_level = BT_SECURITY_SDP;
 145                 break;
 146         case L2CAP_CHAN_CONN_ORIENTED:
 147                 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
 148                     __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
 149                         chan->sec_level = BT_SECURITY_SDP;
 150                 break;
 151         case L2CAP_CHAN_RAW:
 152                 chan->sec_level = BT_SECURITY_SDP;
 153                 break;
 154         case L2CAP_CHAN_FIXED:
 155                 /* Fixed channels default to the L2CAP core not holding a
 156                  * hci_conn reference for them. For fixed channels mapping to
 157                  * L2CAP sockets we do want to hold a reference so set the
 158                  * appropriate flag to request it.
 159                  */
 160                 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
 161                 break;
 162         }
 163 
 164         if (chan->psm && bdaddr_type_is_le(chan->src_type))
 165                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
 166 
 167         chan->state = BT_BOUND;
 168         sk->sk_state = BT_BOUND;
 169 
 170 done:
 171         release_sock(sk);
 172         return err;
 173 }
 174 
 175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
 176                               int alen, int flags)
 177 {
 178         struct sock *sk = sock->sk;
 179         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 180         struct sockaddr_l2 la;
 181         int len, err = 0;
 182 
 183         BT_DBG("sk %p", sk);
 184 
 185         if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
 186             addr->sa_family != AF_BLUETOOTH)
 187                 return -EINVAL;
 188 
 189         memset(&la, 0, sizeof(la));
 190         len = min_t(unsigned int, sizeof(la), alen);
 191         memcpy(&la, addr, len);
 192 
 193         if (la.l2_cid && la.l2_psm)
 194                 return -EINVAL;
 195 
 196         if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
 197                 return -EINVAL;
 198 
 199         /* Check that the socket wasn't bound to something that
 200          * conflicts with the address given to connect(). If chan->src
 201          * is BDADDR_ANY it means bind() was never used, in which case
 202          * chan->src_type and la.l2_bdaddr_type do not need to match.
 203          */
 204         if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
 205             bdaddr_type_is_le(la.l2_bdaddr_type)) {
 206                 /* Old user space versions will try to incorrectly bind
 207                  * the ATT socket using BDADDR_BREDR. We need to accept
 208                  * this and fix up the source address type only when
 209                  * both the source CID and destination CID indicate
 210                  * ATT. Anything else is an invalid combination.
 211                  */
 212                 if (chan->scid != L2CAP_CID_ATT ||
 213                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
 214                         return -EINVAL;
 215 
 216                 /* We don't have the hdev available here to make a
 217                  * better decision on random vs public, but since all
 218                  * user space versions that exhibit this issue anyway do
 219                  * not support random local addresses assuming public
 220                  * here is good enough.
 221                  */
 222                 chan->src_type = BDADDR_LE_PUBLIC;
 223         }
 224 
 225         if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
 226                 return -EINVAL;
 227 
 228         if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
 229                 /* We only allow ATT user space socket */
 230                 if (la.l2_cid &&
 231                     la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
 232                         return -EINVAL;
 233         }
 234 
 235         if (chan->psm && bdaddr_type_is_le(chan->src_type))
 236                 chan->mode = L2CAP_MODE_LE_FLOWCTL;
 237 
 238         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
 239                                  &la.l2_bdaddr, la.l2_bdaddr_type);
 240         if (err)
 241                 return err;
 242 
 243         lock_sock(sk);
 244 
 245         err = bt_sock_wait_state(sk, BT_CONNECTED,
 246                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
 247 
 248         release_sock(sk);
 249 
 250         return err;
 251 }
 252 
 253 static int l2cap_sock_listen(struct socket *sock, int backlog)
 254 {
 255         struct sock *sk = sock->sk;
 256         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 257         int err = 0;
 258 
 259         BT_DBG("sk %p backlog %d", sk, backlog);
 260 
 261         lock_sock(sk);
 262 
 263         if (sk->sk_state != BT_BOUND) {
 264                 err = -EBADFD;
 265                 goto done;
 266         }
 267 
 268         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
 269                 err = -EINVAL;
 270                 goto done;
 271         }
 272 
 273         switch (chan->mode) {
 274         case L2CAP_MODE_BASIC:
 275         case L2CAP_MODE_LE_FLOWCTL:
 276                 break;
 277         case L2CAP_MODE_ERTM:
 278         case L2CAP_MODE_STREAMING:
 279                 if (!disable_ertm)
 280                         break;
 281                 /* fall through */
 282         default:
 283                 err = -EOPNOTSUPP;
 284                 goto done;
 285         }
 286 
 287         sk->sk_max_ack_backlog = backlog;
 288         sk->sk_ack_backlog = 0;
 289 
 290         /* Listening channels need to use nested locking in order not to
 291          * cause lockdep warnings when the created child channels end up
 292          * being locked in the same thread as the parent channel.
 293          */
 294         atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
 295 
 296         chan->state = BT_LISTEN;
 297         sk->sk_state = BT_LISTEN;
 298 
 299 done:
 300         release_sock(sk);
 301         return err;
 302 }
 303 
 304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
 305                              int flags, bool kern)
 306 {
 307         DEFINE_WAIT_FUNC(wait, woken_wake_function);
 308         struct sock *sk = sock->sk, *nsk;
 309         long timeo;
 310         int err = 0;
 311 
 312         lock_sock_nested(sk, L2CAP_NESTING_PARENT);
 313 
 314         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
 315 
 316         BT_DBG("sk %p timeo %ld", sk, timeo);
 317 
 318         /* Wait for an incoming connection. (wake-one). */
 319         add_wait_queue_exclusive(sk_sleep(sk), &wait);
 320         while (1) {
 321                 if (sk->sk_state != BT_LISTEN) {
 322                         err = -EBADFD;
 323                         break;
 324                 }
 325 
 326                 nsk = bt_accept_dequeue(sk, newsock);
 327                 if (nsk)
 328                         break;
 329 
 330                 if (!timeo) {
 331                         err = -EAGAIN;
 332                         break;
 333                 }
 334 
 335                 if (signal_pending(current)) {
 336                         err = sock_intr_errno(timeo);
 337                         break;
 338                 }
 339 
 340                 release_sock(sk);
 341 
 342                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
 343 
 344                 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
 345         }
 346         remove_wait_queue(sk_sleep(sk), &wait);
 347 
 348         if (err)
 349                 goto done;
 350 
 351         newsock->state = SS_CONNECTED;
 352 
 353         BT_DBG("new socket %p", nsk);
 354 
 355 done:
 356         release_sock(sk);
 357         return err;
 358 }
 359 
 360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
 361                               int peer)
 362 {
 363         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
 364         struct sock *sk = sock->sk;
 365         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 366 
 367         BT_DBG("sock %p, sk %p", sock, sk);
 368 
 369         if (peer && sk->sk_state != BT_CONNECTED &&
 370             sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
 371             sk->sk_state != BT_CONFIG)
 372                 return -ENOTCONN;
 373 
 374         memset(la, 0, sizeof(struct sockaddr_l2));
 375         addr->sa_family = AF_BLUETOOTH;
 376 
 377         la->l2_psm = chan->psm;
 378 
 379         if (peer) {
 380                 bacpy(&la->l2_bdaddr, &chan->dst);
 381                 la->l2_cid = cpu_to_le16(chan->dcid);
 382                 la->l2_bdaddr_type = chan->dst_type;
 383         } else {
 384                 bacpy(&la->l2_bdaddr, &chan->src);
 385                 la->l2_cid = cpu_to_le16(chan->scid);
 386                 la->l2_bdaddr_type = chan->src_type;
 387         }
 388 
 389         return sizeof(struct sockaddr_l2);
 390 }
 391 
 392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
 393                                      char __user *optval, int __user *optlen)
 394 {
 395         struct sock *sk = sock->sk;
 396         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 397         struct l2cap_options opts;
 398         struct l2cap_conninfo cinfo;
 399         int len, err = 0;
 400         u32 opt;
 401 
 402         BT_DBG("sk %p", sk);
 403 
 404         if (get_user(len, optlen))
 405                 return -EFAULT;
 406 
 407         lock_sock(sk);
 408 
 409         switch (optname) {
 410         case L2CAP_OPTIONS:
 411                 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
 412                  * legacy ATT code depends on getsockopt for
 413                  * L2CAP_OPTIONS we need to let this pass.
 414                  */
 415                 if (bdaddr_type_is_le(chan->src_type) &&
 416                     chan->scid != L2CAP_CID_ATT) {
 417                         err = -EINVAL;
 418                         break;
 419                 }
 420 
 421                 memset(&opts, 0, sizeof(opts));
 422                 opts.imtu     = chan->imtu;
 423                 opts.omtu     = chan->omtu;
 424                 opts.flush_to = chan->flush_to;
 425                 opts.mode     = chan->mode;
 426                 opts.fcs      = chan->fcs;
 427                 opts.max_tx   = chan->max_tx;
 428                 opts.txwin_size = chan->tx_win;
 429 
 430                 len = min_t(unsigned int, len, sizeof(opts));
 431                 if (copy_to_user(optval, (char *) &opts, len))
 432                         err = -EFAULT;
 433 
 434                 break;
 435 
 436         case L2CAP_LM:
 437                 switch (chan->sec_level) {
 438                 case BT_SECURITY_LOW:
 439                         opt = L2CAP_LM_AUTH;
 440                         break;
 441                 case BT_SECURITY_MEDIUM:
 442                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
 443                         break;
 444                 case BT_SECURITY_HIGH:
 445                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
 446                               L2CAP_LM_SECURE;
 447                         break;
 448                 case BT_SECURITY_FIPS:
 449                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
 450                               L2CAP_LM_SECURE | L2CAP_LM_FIPS;
 451                         break;
 452                 default:
 453                         opt = 0;
 454                         break;
 455                 }
 456 
 457                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
 458                         opt |= L2CAP_LM_MASTER;
 459 
 460                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
 461                         opt |= L2CAP_LM_RELIABLE;
 462 
 463                 if (put_user(opt, (u32 __user *) optval))
 464                         err = -EFAULT;
 465 
 466                 break;
 467 
 468         case L2CAP_CONNINFO:
 469                 if (sk->sk_state != BT_CONNECTED &&
 470                     !(sk->sk_state == BT_CONNECT2 &&
 471                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
 472                         err = -ENOTCONN;
 473                         break;
 474                 }
 475 
 476                 memset(&cinfo, 0, sizeof(cinfo));
 477                 cinfo.hci_handle = chan->conn->hcon->handle;
 478                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
 479 
 480                 len = min_t(unsigned int, len, sizeof(cinfo));
 481                 if (copy_to_user(optval, (char *) &cinfo, len))
 482                         err = -EFAULT;
 483 
 484                 break;
 485 
 486         default:
 487                 err = -ENOPROTOOPT;
 488                 break;
 489         }
 490 
 491         release_sock(sk);
 492         return err;
 493 }
 494 
 495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
 496                                  char __user *optval, int __user *optlen)
 497 {
 498         struct sock *sk = sock->sk;
 499         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 500         struct bt_security sec;
 501         struct bt_power pwr;
 502         int len, err = 0;
 503 
 504         BT_DBG("sk %p", sk);
 505 
 506         if (level == SOL_L2CAP)
 507                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
 508 
 509         if (level != SOL_BLUETOOTH)
 510                 return -ENOPROTOOPT;
 511 
 512         if (get_user(len, optlen))
 513                 return -EFAULT;
 514 
 515         lock_sock(sk);
 516 
 517         switch (optname) {
 518         case BT_SECURITY:
 519                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 520                     chan->chan_type != L2CAP_CHAN_FIXED &&
 521                     chan->chan_type != L2CAP_CHAN_RAW) {
 522                         err = -EINVAL;
 523                         break;
 524                 }
 525 
 526                 memset(&sec, 0, sizeof(sec));
 527                 if (chan->conn) {
 528                         sec.level = chan->conn->hcon->sec_level;
 529 
 530                         if (sk->sk_state == BT_CONNECTED)
 531                                 sec.key_size = chan->conn->hcon->enc_key_size;
 532                 } else {
 533                         sec.level = chan->sec_level;
 534                 }
 535 
 536                 len = min_t(unsigned int, len, sizeof(sec));
 537                 if (copy_to_user(optval, (char *) &sec, len))
 538                         err = -EFAULT;
 539 
 540                 break;
 541 
 542         case BT_DEFER_SETUP:
 543                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 544                         err = -EINVAL;
 545                         break;
 546                 }
 547 
 548                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
 549                              (u32 __user *) optval))
 550                         err = -EFAULT;
 551 
 552                 break;
 553 
 554         case BT_FLUSHABLE:
 555                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
 556                              (u32 __user *) optval))
 557                         err = -EFAULT;
 558 
 559                 break;
 560 
 561         case BT_POWER:
 562                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
 563                     && sk->sk_type != SOCK_RAW) {
 564                         err = -EINVAL;
 565                         break;
 566                 }
 567 
 568                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 569 
 570                 len = min_t(unsigned int, len, sizeof(pwr));
 571                 if (copy_to_user(optval, (char *) &pwr, len))
 572                         err = -EFAULT;
 573 
 574                 break;
 575 
 576         case BT_CHANNEL_POLICY:
 577                 if (put_user(chan->chan_policy, (u32 __user *) optval))
 578                         err = -EFAULT;
 579                 break;
 580 
 581         case BT_SNDMTU:
 582                 if (!bdaddr_type_is_le(chan->src_type)) {
 583                         err = -EINVAL;
 584                         break;
 585                 }
 586 
 587                 if (sk->sk_state != BT_CONNECTED) {
 588                         err = -ENOTCONN;
 589                         break;
 590                 }
 591 
 592                 if (put_user(chan->omtu, (u16 __user *) optval))
 593                         err = -EFAULT;
 594                 break;
 595 
 596         case BT_RCVMTU:
 597                 if (!bdaddr_type_is_le(chan->src_type)) {
 598                         err = -EINVAL;
 599                         break;
 600                 }
 601 
 602                 if (put_user(chan->imtu, (u16 __user *) optval))
 603                         err = -EFAULT;
 604                 break;
 605 
 606         default:
 607                 err = -ENOPROTOOPT;
 608                 break;
 609         }
 610 
 611         release_sock(sk);
 612         return err;
 613 }
 614 
 615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
 616 {
 617         switch (chan->scid) {
 618         case L2CAP_CID_ATT:
 619                 if (mtu < L2CAP_LE_MIN_MTU)
 620                         return false;
 621                 break;
 622 
 623         default:
 624                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
 625                         return false;
 626         }
 627 
 628         return true;
 629 }
 630 
 631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
 632                                      char __user *optval, unsigned int optlen)
 633 {
 634         struct sock *sk = sock->sk;
 635         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 636         struct l2cap_options opts;
 637         int len, err = 0;
 638         u32 opt;
 639 
 640         BT_DBG("sk %p", sk);
 641 
 642         lock_sock(sk);
 643 
 644         switch (optname) {
 645         case L2CAP_OPTIONS:
 646                 if (bdaddr_type_is_le(chan->src_type)) {
 647                         err = -EINVAL;
 648                         break;
 649                 }
 650 
 651                 if (sk->sk_state == BT_CONNECTED) {
 652                         err = -EINVAL;
 653                         break;
 654                 }
 655 
 656                 opts.imtu     = chan->imtu;
 657                 opts.omtu     = chan->omtu;
 658                 opts.flush_to = chan->flush_to;
 659                 opts.mode     = chan->mode;
 660                 opts.fcs      = chan->fcs;
 661                 opts.max_tx   = chan->max_tx;
 662                 opts.txwin_size = chan->tx_win;
 663 
 664                 len = min_t(unsigned int, sizeof(opts), optlen);
 665                 if (copy_from_user((char *) &opts, optval, len)) {
 666                         err = -EFAULT;
 667                         break;
 668                 }
 669 
 670                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
 671                         err = -EINVAL;
 672                         break;
 673                 }
 674 
 675                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
 676                         err = -EINVAL;
 677                         break;
 678                 }
 679 
 680                 chan->mode = opts.mode;
 681                 switch (chan->mode) {
 682                 case L2CAP_MODE_LE_FLOWCTL:
 683                         break;
 684                 case L2CAP_MODE_BASIC:
 685                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
 686                         break;
 687                 case L2CAP_MODE_ERTM:
 688                 case L2CAP_MODE_STREAMING:
 689                         if (!disable_ertm)
 690                                 break;
 691                         /* fall through */
 692                 default:
 693                         err = -EINVAL;
 694                         break;
 695                 }
 696 
 697                 chan->imtu = opts.imtu;
 698                 chan->omtu = opts.omtu;
 699                 chan->fcs  = opts.fcs;
 700                 chan->max_tx = opts.max_tx;
 701                 chan->tx_win = opts.txwin_size;
 702                 chan->flush_to = opts.flush_to;
 703                 break;
 704 
 705         case L2CAP_LM:
 706                 if (get_user(opt, (u32 __user *) optval)) {
 707                         err = -EFAULT;
 708                         break;
 709                 }
 710 
 711                 if (opt & L2CAP_LM_FIPS) {
 712                         err = -EINVAL;
 713                         break;
 714                 }
 715 
 716                 if (opt & L2CAP_LM_AUTH)
 717                         chan->sec_level = BT_SECURITY_LOW;
 718                 if (opt & L2CAP_LM_ENCRYPT)
 719                         chan->sec_level = BT_SECURITY_MEDIUM;
 720                 if (opt & L2CAP_LM_SECURE)
 721                         chan->sec_level = BT_SECURITY_HIGH;
 722 
 723                 if (opt & L2CAP_LM_MASTER)
 724                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
 725                 else
 726                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
 727 
 728                 if (opt & L2CAP_LM_RELIABLE)
 729                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
 730                 else
 731                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
 732                 break;
 733 
 734         default:
 735                 err = -ENOPROTOOPT;
 736                 break;
 737         }
 738 
 739         release_sock(sk);
 740         return err;
 741 }
 742 
 743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
 744                                  char __user *optval, unsigned int optlen)
 745 {
 746         struct sock *sk = sock->sk;
 747         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 748         struct bt_security sec;
 749         struct bt_power pwr;
 750         struct l2cap_conn *conn;
 751         int len, err = 0;
 752         u32 opt;
 753 
 754         BT_DBG("sk %p", sk);
 755 
 756         if (level == SOL_L2CAP)
 757                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
 758 
 759         if (level != SOL_BLUETOOTH)
 760                 return -ENOPROTOOPT;
 761 
 762         lock_sock(sk);
 763 
 764         switch (optname) {
 765         case BT_SECURITY:
 766                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 767                     chan->chan_type != L2CAP_CHAN_FIXED &&
 768                     chan->chan_type != L2CAP_CHAN_RAW) {
 769                         err = -EINVAL;
 770                         break;
 771                 }
 772 
 773                 sec.level = BT_SECURITY_LOW;
 774 
 775                 len = min_t(unsigned int, sizeof(sec), optlen);
 776                 if (copy_from_user((char *) &sec, optval, len)) {
 777                         err = -EFAULT;
 778                         break;
 779                 }
 780 
 781                 if (sec.level < BT_SECURITY_LOW ||
 782                     sec.level > BT_SECURITY_FIPS) {
 783                         err = -EINVAL;
 784                         break;
 785                 }
 786 
 787                 chan->sec_level = sec.level;
 788 
 789                 if (!chan->conn)
 790                         break;
 791 
 792                 conn = chan->conn;
 793 
 794                 /* change security for LE channels */
 795                 if (chan->scid == L2CAP_CID_ATT) {
 796                         if (smp_conn_security(conn->hcon, sec.level)) {
 797                                 err = -EINVAL;
 798                                 break;
 799                         }
 800 
 801                         set_bit(FLAG_PENDING_SECURITY, &chan->flags);
 802                         sk->sk_state = BT_CONFIG;
 803                         chan->state = BT_CONFIG;
 804 
 805                 /* or for ACL link */
 806                 } else if ((sk->sk_state == BT_CONNECT2 &&
 807                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
 808                            sk->sk_state == BT_CONNECTED) {
 809                         if (!l2cap_chan_check_security(chan, true))
 810                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
 811                         else
 812                                 sk->sk_state_change(sk);
 813                 } else {
 814                         err = -EINVAL;
 815                 }
 816                 break;
 817 
 818         case BT_DEFER_SETUP:
 819                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 820                         err = -EINVAL;
 821                         break;
 822                 }
 823 
 824                 if (get_user(opt, (u32 __user *) optval)) {
 825                         err = -EFAULT;
 826                         break;
 827                 }
 828 
 829                 if (opt) {
 830                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 831                         set_bit(FLAG_DEFER_SETUP, &chan->flags);
 832                 } else {
 833                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 834                         clear_bit(FLAG_DEFER_SETUP, &chan->flags);
 835                 }
 836                 break;
 837 
 838         case BT_FLUSHABLE:
 839                 if (get_user(opt, (u32 __user *) optval)) {
 840                         err = -EFAULT;
 841                         break;
 842                 }
 843 
 844                 if (opt > BT_FLUSHABLE_ON) {
 845                         err = -EINVAL;
 846                         break;
 847                 }
 848 
 849                 if (opt == BT_FLUSHABLE_OFF) {
 850                         conn = chan->conn;
 851                         /* proceed further only when we have l2cap_conn and
 852                            No Flush support in the LM */
 853                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
 854                                 err = -EINVAL;
 855                                 break;
 856                         }
 857                 }
 858 
 859                 if (opt)
 860                         set_bit(FLAG_FLUSHABLE, &chan->flags);
 861                 else
 862                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
 863                 break;
 864 
 865         case BT_POWER:
 866                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 867                     chan->chan_type != L2CAP_CHAN_RAW) {
 868                         err = -EINVAL;
 869                         break;
 870                 }
 871 
 872                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
 873 
 874                 len = min_t(unsigned int, sizeof(pwr), optlen);
 875                 if (copy_from_user((char *) &pwr, optval, len)) {
 876                         err = -EFAULT;
 877                         break;
 878                 }
 879 
 880                 if (pwr.force_active)
 881                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 882                 else
 883                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 884                 break;
 885 
 886         case BT_CHANNEL_POLICY:
 887                 if (get_user(opt, (u32 __user *) optval)) {
 888                         err = -EFAULT;
 889                         break;
 890                 }
 891 
 892                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
 893                         err = -EINVAL;
 894                         break;
 895                 }
 896 
 897                 if (chan->mode != L2CAP_MODE_ERTM &&
 898                     chan->mode != L2CAP_MODE_STREAMING) {
 899                         err = -EOPNOTSUPP;
 900                         break;
 901                 }
 902 
 903                 chan->chan_policy = (u8) opt;
 904 
 905                 if (sk->sk_state == BT_CONNECTED &&
 906                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
 907                         l2cap_move_start(chan);
 908 
 909                 break;
 910 
 911         case BT_SNDMTU:
 912                 if (!bdaddr_type_is_le(chan->src_type)) {
 913                         err = -EINVAL;
 914                         break;
 915                 }
 916 
 917                 /* Setting is not supported as it's the remote side that
 918                  * decides this.
 919                  */
 920                 err = -EPERM;
 921                 break;
 922 
 923         case BT_RCVMTU:
 924                 if (!bdaddr_type_is_le(chan->src_type)) {
 925                         err = -EINVAL;
 926                         break;
 927                 }
 928 
 929                 if (sk->sk_state == BT_CONNECTED) {
 930                         err = -EISCONN;
 931                         break;
 932                 }
 933 
 934                 if (get_user(opt, (u16 __user *) optval)) {
 935                         err = -EFAULT;
 936                         break;
 937                 }
 938 
 939                 chan->imtu = opt;
 940                 break;
 941 
 942         default:
 943                 err = -ENOPROTOOPT;
 944                 break;
 945         }
 946 
 947         release_sock(sk);
 948         return err;
 949 }
 950 
 951 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 952                               size_t len)
 953 {
 954         struct sock *sk = sock->sk;
 955         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 956         int err;
 957 
 958         BT_DBG("sock %p, sk %p", sock, sk);
 959 
 960         err = sock_error(sk);
 961         if (err)
 962                 return err;
 963 
 964         if (msg->msg_flags & MSG_OOB)
 965                 return -EOPNOTSUPP;
 966 
 967         if (sk->sk_state != BT_CONNECTED)
 968                 return -ENOTCONN;
 969 
 970         lock_sock(sk);
 971         err = bt_sock_wait_ready(sk, msg->msg_flags);
 972         release_sock(sk);
 973         if (err)
 974                 return err;
 975 
 976         l2cap_chan_lock(chan);
 977         err = l2cap_chan_send(chan, msg, len);
 978         l2cap_chan_unlock(chan);
 979 
 980         return err;
 981 }
 982 
 983 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 984                               size_t len, int flags)
 985 {
 986         struct sock *sk = sock->sk;
 987         struct l2cap_pinfo *pi = l2cap_pi(sk);
 988         int err;
 989 
 990         lock_sock(sk);
 991 
 992         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
 993                                                     &bt_sk(sk)->flags)) {
 994                 if (bdaddr_type_is_le(pi->chan->src_type)) {
 995                         sk->sk_state = BT_CONNECTED;
 996                         pi->chan->state = BT_CONNECTED;
 997                         __l2cap_le_connect_rsp_defer(pi->chan);
 998                 } else {
 999                         sk->sk_state = BT_CONFIG;
1000                         pi->chan->state = BT_CONFIG;
1001                         __l2cap_connect_rsp_defer(pi->chan);
1002                 }
1003 
1004                 err = 0;
1005                 goto done;
1006         }
1007 
1008         release_sock(sk);
1009 
1010         if (sock->type == SOCK_STREAM)
1011                 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1012         else
1013                 err = bt_sock_recvmsg(sock, msg, len, flags);
1014 
1015         if (pi->chan->mode != L2CAP_MODE_ERTM)
1016                 return err;
1017 
1018         /* Attempt to put pending rx data in the socket buffer */
1019 
1020         lock_sock(sk);
1021 
1022         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1023                 goto done;
1024 
1025         if (pi->rx_busy_skb) {
1026                 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1027                         pi->rx_busy_skb = NULL;
1028                 else
1029                         goto done;
1030         }
1031 
1032         /* Restore data flow when half of the receive buffer is
1033          * available.  This avoids resending large numbers of
1034          * frames.
1035          */
1036         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1037                 l2cap_chan_busy(pi->chan, 0);
1038 
1039 done:
1040         release_sock(sk);
1041         return err;
1042 }
1043 
1044 /* Kill socket (only if zapped and orphan)
1045  * Must be called on unlocked socket.
1046  */
1047 static void l2cap_sock_kill(struct sock *sk)
1048 {
1049         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1050                 return;
1051 
1052         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1053 
1054         /* Kill poor orphan */
1055 
1056         l2cap_chan_put(l2cap_pi(sk)->chan);
1057         sock_set_flag(sk, SOCK_DEAD);
1058         sock_put(sk);
1059 }
1060 
1061 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1062 {
1063         DECLARE_WAITQUEUE(wait, current);
1064         int err = 0;
1065         int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1066         /* Timeout to prevent infinite loop */
1067         unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1068 
1069         add_wait_queue(sk_sleep(sk), &wait);
1070         set_current_state(TASK_INTERRUPTIBLE);
1071         do {
1072                 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1073                        chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1074                        jiffies_to_msecs(timeout - jiffies));
1075 
1076                 if (!timeo)
1077                         timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1078 
1079                 if (signal_pending(current)) {
1080                         err = sock_intr_errno(timeo);
1081                         break;
1082                 }
1083 
1084                 release_sock(sk);
1085                 timeo = schedule_timeout(timeo);
1086                 lock_sock(sk);
1087                 set_current_state(TASK_INTERRUPTIBLE);
1088 
1089                 err = sock_error(sk);
1090                 if (err)
1091                         break;
1092 
1093                 if (time_after(jiffies, timeout)) {
1094                         err = -ENOLINK;
1095                         break;
1096                 }
1097 
1098         } while (chan->unacked_frames > 0 &&
1099                  chan->state == BT_CONNECTED);
1100 
1101         set_current_state(TASK_RUNNING);
1102         remove_wait_queue(sk_sleep(sk), &wait);
1103         return err;
1104 }
1105 
1106 static int l2cap_sock_shutdown(struct socket *sock, int how)
1107 {
1108         struct sock *sk = sock->sk;
1109         struct l2cap_chan *chan;
1110         struct l2cap_conn *conn;
1111         int err = 0;
1112 
1113         BT_DBG("sock %p, sk %p", sock, sk);
1114 
1115         if (!sk)
1116                 return 0;
1117 
1118         lock_sock(sk);
1119 
1120         if (sk->sk_shutdown)
1121                 goto shutdown_already;
1122 
1123         BT_DBG("Handling sock shutdown");
1124 
1125         /* prevent sk structure from being freed whilst unlocked */
1126         sock_hold(sk);
1127 
1128         chan = l2cap_pi(sk)->chan;
1129         /* prevent chan structure from being freed whilst unlocked */
1130         l2cap_chan_hold(chan);
1131 
1132         BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1133 
1134         if (chan->mode == L2CAP_MODE_ERTM &&
1135             chan->unacked_frames > 0 &&
1136             chan->state == BT_CONNECTED) {
1137                 err = __l2cap_wait_ack(sk, chan);
1138 
1139                 /* After waiting for ACKs, check whether shutdown
1140                  * has already been actioned to close the L2CAP
1141                  * link such as by l2cap_disconnection_req().
1142                  */
1143                 if (sk->sk_shutdown)
1144                         goto has_shutdown;
1145         }
1146 
1147         sk->sk_shutdown = SHUTDOWN_MASK;
1148         release_sock(sk);
1149 
1150         l2cap_chan_lock(chan);
1151         conn = chan->conn;
1152         if (conn)
1153                 /* prevent conn structure from being freed */
1154                 l2cap_conn_get(conn);
1155         l2cap_chan_unlock(chan);
1156 
1157         if (conn)
1158                 /* mutex lock must be taken before l2cap_chan_lock() */
1159                 mutex_lock(&conn->chan_lock);
1160 
1161         l2cap_chan_lock(chan);
1162         l2cap_chan_close(chan, 0);
1163         l2cap_chan_unlock(chan);
1164 
1165         if (conn) {
1166                 mutex_unlock(&conn->chan_lock);
1167                 l2cap_conn_put(conn);
1168         }
1169 
1170         lock_sock(sk);
1171 
1172         if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1173             !(current->flags & PF_EXITING))
1174                 err = bt_sock_wait_state(sk, BT_CLOSED,
1175                                          sk->sk_lingertime);
1176 
1177 has_shutdown:
1178         l2cap_chan_put(chan);
1179         sock_put(sk);
1180 
1181 shutdown_already:
1182         if (!err && sk->sk_err)
1183                 err = -sk->sk_err;
1184 
1185         release_sock(sk);
1186 
1187         BT_DBG("Sock shutdown complete err: %d", err);
1188 
1189         return err;
1190 }
1191 
1192 static int l2cap_sock_release(struct socket *sock)
1193 {
1194         struct sock *sk = sock->sk;
1195         int err;
1196 
1197         BT_DBG("sock %p, sk %p", sock, sk);
1198 
1199         if (!sk)
1200                 return 0;
1201 
1202         bt_sock_unlink(&l2cap_sk_list, sk);
1203 
1204         err = l2cap_sock_shutdown(sock, 2);
1205 
1206         sock_orphan(sk);
1207         l2cap_sock_kill(sk);
1208         return err;
1209 }
1210 
1211 static void l2cap_sock_cleanup_listen(struct sock *parent)
1212 {
1213         struct sock *sk;
1214 
1215         BT_DBG("parent %p state %s", parent,
1216                state_to_string(parent->sk_state));
1217 
1218         /* Close not yet accepted channels */
1219         while ((sk = bt_accept_dequeue(parent, NULL))) {
1220                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1221 
1222                 BT_DBG("child chan %p state %s", chan,
1223                        state_to_string(chan->state));
1224 
1225                 l2cap_chan_lock(chan);
1226                 __clear_chan_timer(chan);
1227                 l2cap_chan_close(chan, ECONNRESET);
1228                 l2cap_chan_unlock(chan);
1229 
1230                 l2cap_sock_kill(sk);
1231         }
1232 }
1233 
1234 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1235 {
1236         struct sock *sk, *parent = chan->data;
1237 
1238         lock_sock(parent);
1239 
1240         /* Check for backlog size */
1241         if (sk_acceptq_is_full(parent)) {
1242                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1243                 release_sock(parent);
1244                 return NULL;
1245         }
1246 
1247         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1248                               GFP_ATOMIC, 0);
1249         if (!sk) {
1250                 release_sock(parent);
1251                 return NULL;
1252         }
1253 
1254         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1255 
1256         l2cap_sock_init(sk, parent);
1257 
1258         bt_accept_enqueue(parent, sk, false);
1259 
1260         release_sock(parent);
1261 
1262         return l2cap_pi(sk)->chan;
1263 }
1264 
1265 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1266 {
1267         struct sock *sk = chan->data;
1268         int err;
1269 
1270         lock_sock(sk);
1271 
1272         if (l2cap_pi(sk)->rx_busy_skb) {
1273                 err = -ENOMEM;
1274                 goto done;
1275         }
1276 
1277         if (chan->mode != L2CAP_MODE_ERTM &&
1278             chan->mode != L2CAP_MODE_STREAMING) {
1279                 /* Even if no filter is attached, we could potentially
1280                  * get errors from security modules, etc.
1281                  */
1282                 err = sk_filter(sk, skb);
1283                 if (err)
1284                         goto done;
1285         }
1286 
1287         err = __sock_queue_rcv_skb(sk, skb);
1288 
1289         /* For ERTM, handle one skb that doesn't fit into the recv
1290          * buffer.  This is important to do because the data frames
1291          * have already been acked, so the skb cannot be discarded.
1292          *
1293          * Notify the l2cap core that the buffer is full, so the
1294          * LOCAL_BUSY state is entered and no more frames are
1295          * acked and reassembled until there is buffer space
1296          * available.
1297          */
1298         if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1299                 l2cap_pi(sk)->rx_busy_skb = skb;
1300                 l2cap_chan_busy(chan, 1);
1301                 err = 0;
1302         }
1303 
1304 done:
1305         release_sock(sk);
1306 
1307         return err;
1308 }
1309 
1310 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1311 {
1312         struct sock *sk = chan->data;
1313 
1314         l2cap_sock_kill(sk);
1315 }
1316 
1317 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1318 {
1319         struct sock *sk = chan->data;
1320         struct sock *parent;
1321 
1322         BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1323 
1324         /* This callback can be called both for server (BT_LISTEN)
1325          * sockets as well as "normal" ones. To avoid lockdep warnings
1326          * with child socket locking (through l2cap_sock_cleanup_listen)
1327          * we need separation into separate nesting levels. The simplest
1328          * way to accomplish this is to inherit the nesting level used
1329          * for the channel.
1330          */
1331         lock_sock_nested(sk, atomic_read(&chan->nesting));
1332 
1333         parent = bt_sk(sk)->parent;
1334 
1335         sock_set_flag(sk, SOCK_ZAPPED);
1336 
1337         switch (chan->state) {
1338         case BT_OPEN:
1339         case BT_BOUND:
1340         case BT_CLOSED:
1341                 break;
1342         case BT_LISTEN:
1343                 l2cap_sock_cleanup_listen(sk);
1344                 sk->sk_state = BT_CLOSED;
1345                 chan->state = BT_CLOSED;
1346 
1347                 break;
1348         default:
1349                 sk->sk_state = BT_CLOSED;
1350                 chan->state = BT_CLOSED;
1351 
1352                 sk->sk_err = err;
1353 
1354                 if (parent) {
1355                         bt_accept_unlink(sk);
1356                         parent->sk_data_ready(parent);
1357                 } else {
1358                         sk->sk_state_change(sk);
1359                 }
1360 
1361                 break;
1362         }
1363 
1364         release_sock(sk);
1365 }
1366 
1367 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1368                                        int err)
1369 {
1370         struct sock *sk = chan->data;
1371 
1372         sk->sk_state = state;
1373 
1374         if (err)
1375                 sk->sk_err = err;
1376 }
1377 
1378 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1379                                                unsigned long hdr_len,
1380                                                unsigned long len, int nb)
1381 {
1382         struct sock *sk = chan->data;
1383         struct sk_buff *skb;
1384         int err;
1385 
1386         l2cap_chan_unlock(chan);
1387         skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1388         l2cap_chan_lock(chan);
1389 
1390         if (!skb)
1391                 return ERR_PTR(err);
1392 
1393         skb->priority = sk->sk_priority;
1394 
1395         bt_cb(skb)->l2cap.chan = chan;
1396 
1397         return skb;
1398 }
1399 
1400 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1401 {
1402         struct sock *sk = chan->data;
1403         struct sock *parent;
1404 
1405         lock_sock(sk);
1406 
1407         parent = bt_sk(sk)->parent;
1408 
1409         BT_DBG("sk %p, parent %p", sk, parent);
1410 
1411         sk->sk_state = BT_CONNECTED;
1412         sk->sk_state_change(sk);
1413 
1414         if (parent)
1415                 parent->sk_data_ready(parent);
1416 
1417         release_sock(sk);
1418 }
1419 
1420 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1421 {
1422         struct sock *parent, *sk = chan->data;
1423 
1424         lock_sock(sk);
1425 
1426         parent = bt_sk(sk)->parent;
1427         if (parent)
1428                 parent->sk_data_ready(parent);
1429 
1430         release_sock(sk);
1431 }
1432 
1433 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1434 {
1435         struct sock *sk = chan->data;
1436 
1437         if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1438                 sk->sk_state = BT_CONNECTED;
1439                 chan->state = BT_CONNECTED;
1440         }
1441 
1442         clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1443         sk->sk_state_change(sk);
1444 }
1445 
1446 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1447 {
1448         struct sock *sk = chan->data;
1449 
1450         lock_sock(sk);
1451         sk->sk_shutdown = SHUTDOWN_MASK;
1452         release_sock(sk);
1453 }
1454 
1455 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1456 {
1457         struct sock *sk = chan->data;
1458 
1459         return sk->sk_sndtimeo;
1460 }
1461 
1462 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1463 {
1464         struct sock *sk = chan->data;
1465 
1466         set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1467         sk->sk_state_change(sk);
1468 }
1469 
1470 static const struct l2cap_ops l2cap_chan_ops = {
1471         .name                   = "L2CAP Socket Interface",
1472         .new_connection         = l2cap_sock_new_connection_cb,
1473         .recv                   = l2cap_sock_recv_cb,
1474         .close                  = l2cap_sock_close_cb,
1475         .teardown               = l2cap_sock_teardown_cb,
1476         .state_change           = l2cap_sock_state_change_cb,
1477         .ready                  = l2cap_sock_ready_cb,
1478         .defer                  = l2cap_sock_defer_cb,
1479         .resume                 = l2cap_sock_resume_cb,
1480         .suspend                = l2cap_sock_suspend_cb,
1481         .set_shutdown           = l2cap_sock_set_shutdown_cb,
1482         .get_sndtimeo           = l2cap_sock_get_sndtimeo_cb,
1483         .alloc_skb              = l2cap_sock_alloc_skb_cb,
1484 };
1485 
1486 static void l2cap_sock_destruct(struct sock *sk)
1487 {
1488         BT_DBG("sk %p", sk);
1489 
1490         if (l2cap_pi(sk)->chan)
1491                 l2cap_chan_put(l2cap_pi(sk)->chan);
1492 
1493         if (l2cap_pi(sk)->rx_busy_skb) {
1494                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1495                 l2cap_pi(sk)->rx_busy_skb = NULL;
1496         }
1497 
1498         skb_queue_purge(&sk->sk_receive_queue);
1499         skb_queue_purge(&sk->sk_write_queue);
1500 }
1501 
1502 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1503                                int *msg_namelen)
1504 {
1505         DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1506 
1507         memset(la, 0, sizeof(struct sockaddr_l2));
1508         la->l2_family = AF_BLUETOOTH;
1509         la->l2_psm = bt_cb(skb)->l2cap.psm;
1510         bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1511 
1512         *msg_namelen = sizeof(struct sockaddr_l2);
1513 }
1514 
1515 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1516 {
1517         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1518 
1519         BT_DBG("sk %p", sk);
1520 
1521         if (parent) {
1522                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1523 
1524                 sk->sk_type = parent->sk_type;
1525                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1526 
1527                 chan->chan_type = pchan->chan_type;
1528                 chan->imtu = pchan->imtu;
1529                 chan->omtu = pchan->omtu;
1530                 chan->conf_state = pchan->conf_state;
1531                 chan->mode = pchan->mode;
1532                 chan->fcs  = pchan->fcs;
1533                 chan->max_tx = pchan->max_tx;
1534                 chan->tx_win = pchan->tx_win;
1535                 chan->tx_win_max = pchan->tx_win_max;
1536                 chan->sec_level = pchan->sec_level;
1537                 chan->flags = pchan->flags;
1538                 chan->tx_credits = pchan->tx_credits;
1539                 chan->rx_credits = pchan->rx_credits;
1540 
1541                 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1542                         chan->scid = pchan->scid;
1543                         chan->dcid = pchan->scid;
1544                 }
1545 
1546                 security_sk_clone(parent, sk);
1547         } else {
1548                 switch (sk->sk_type) {
1549                 case SOCK_RAW:
1550                         chan->chan_type = L2CAP_CHAN_RAW;
1551                         break;
1552                 case SOCK_DGRAM:
1553                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1554                         bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1555                         break;
1556                 case SOCK_SEQPACKET:
1557                 case SOCK_STREAM:
1558                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1559                         break;
1560                 }
1561 
1562                 chan->imtu = L2CAP_DEFAULT_MTU;
1563                 chan->omtu = 0;
1564                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1565                         chan->mode = L2CAP_MODE_ERTM;
1566                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1567                 } else {
1568                         chan->mode = L2CAP_MODE_BASIC;
1569                 }
1570 
1571                 l2cap_chan_set_defaults(chan);
1572         }
1573 
1574         /* Default config options */
1575         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1576 
1577         chan->data = sk;
1578         chan->ops = &l2cap_chan_ops;
1579 }
1580 
1581 static struct proto l2cap_proto = {
1582         .name           = "L2CAP",
1583         .owner          = THIS_MODULE,
1584         .obj_size       = sizeof(struct l2cap_pinfo)
1585 };
1586 
1587 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1588                                      int proto, gfp_t prio, int kern)
1589 {
1590         struct sock *sk;
1591         struct l2cap_chan *chan;
1592 
1593         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1594         if (!sk)
1595                 return NULL;
1596 
1597         sock_init_data(sock, sk);
1598         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1599 
1600         sk->sk_destruct = l2cap_sock_destruct;
1601         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1602 
1603         sock_reset_flag(sk, SOCK_ZAPPED);
1604 
1605         sk->sk_protocol = proto;
1606         sk->sk_state = BT_OPEN;
1607 
1608         chan = l2cap_chan_create();
1609         if (!chan) {
1610                 sk_free(sk);
1611                 return NULL;
1612         }
1613 
1614         l2cap_chan_hold(chan);
1615 
1616         l2cap_pi(sk)->chan = chan;
1617 
1618         return sk;
1619 }
1620 
1621 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1622                              int kern)
1623 {
1624         struct sock *sk;
1625 
1626         BT_DBG("sock %p", sock);
1627 
1628         sock->state = SS_UNCONNECTED;
1629 
1630         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1631             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1632                 return -ESOCKTNOSUPPORT;
1633 
1634         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1635                 return -EPERM;
1636 
1637         sock->ops = &l2cap_sock_ops;
1638 
1639         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1640         if (!sk)
1641                 return -ENOMEM;
1642 
1643         l2cap_sock_init(sk, NULL);
1644         bt_sock_link(&l2cap_sk_list, sk);
1645         return 0;
1646 }
1647 
1648 static const struct proto_ops l2cap_sock_ops = {
1649         .family         = PF_BLUETOOTH,
1650         .owner          = THIS_MODULE,
1651         .release        = l2cap_sock_release,
1652         .bind           = l2cap_sock_bind,
1653         .connect        = l2cap_sock_connect,
1654         .listen         = l2cap_sock_listen,
1655         .accept         = l2cap_sock_accept,
1656         .getname        = l2cap_sock_getname,
1657         .sendmsg        = l2cap_sock_sendmsg,
1658         .recvmsg        = l2cap_sock_recvmsg,
1659         .poll           = bt_sock_poll,
1660         .ioctl          = bt_sock_ioctl,
1661         .gettstamp      = sock_gettstamp,
1662         .mmap           = sock_no_mmap,
1663         .socketpair     = sock_no_socketpair,
1664         .shutdown       = l2cap_sock_shutdown,
1665         .setsockopt     = l2cap_sock_setsockopt,
1666         .getsockopt     = l2cap_sock_getsockopt
1667 };
1668 
1669 static const struct net_proto_family l2cap_sock_family_ops = {
1670         .family = PF_BLUETOOTH,
1671         .owner  = THIS_MODULE,
1672         .create = l2cap_sock_create,
1673 };
1674 
1675 int __init l2cap_init_sockets(void)
1676 {
1677         int err;
1678 
1679         BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1680 
1681         err = proto_register(&l2cap_proto, 0);
1682         if (err < 0)
1683                 return err;
1684 
1685         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1686         if (err < 0) {
1687                 BT_ERR("L2CAP socket registration failed");
1688                 goto error;
1689         }
1690 
1691         err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1692                              NULL);
1693         if (err < 0) {
1694                 BT_ERR("Failed to create L2CAP proc file");
1695                 bt_sock_unregister(BTPROTO_L2CAP);
1696                 goto error;
1697         }
1698 
1699         BT_INFO("L2CAP socket layer initialized");
1700 
1701         return 0;
1702 
1703 error:
1704         proto_unregister(&l2cap_proto);
1705         return err;
1706 }
1707 
1708 void l2cap_cleanup_sockets(void)
1709 {
1710         bt_procfs_cleanup(&init_net, "l2cap");
1711         bt_sock_unregister(BTPROTO_L2CAP);
1712         proto_unregister(&l2cap_proto);
1713 }

/* [<][>][^][v][top][bottom][index][help] */