1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/module.h> 31#include <linux/export.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36 37#include "smp.h" 38 39static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41}; 42 43static const struct proto_ops l2cap_sock_ops; 44static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio); 47 48bool l2cap_is_socket(struct socket *sock) 49{ 50 return sock && sock->ops == &l2cap_sock_ops; 51} 52EXPORT_SYMBOL(l2cap_is_socket); 53 54static int l2cap_validate_bredr_psm(u16 psm) 55{ 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65} 66 67static int l2cap_validate_le_psm(u16 psm) 68{ 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78} 79 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81{ 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 103 /* We only allow ATT user space socket */ 104 if (la.l2_cid && 105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 106 return -EINVAL; 107 } 108 109 lock_sock(sk); 110 111 if (sk->sk_state != BT_OPEN) { 112 err = -EBADFD; 113 goto done; 114 } 115 116 if (la.l2_psm) { 117 __u16 psm = __le16_to_cpu(la.l2_psm); 118 119 if (la.l2_bdaddr_type == BDADDR_BREDR) 120 err = l2cap_validate_bredr_psm(psm); 121 else 122 err = l2cap_validate_le_psm(psm); 123 124 if (err) 125 goto done; 126 } 127 128 if (la.l2_cid) 129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 130 else 131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 132 133 if (err < 0) 134 goto done; 135 136 switch (chan->chan_type) { 137 case L2CAP_CHAN_CONN_LESS: 138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 139 chan->sec_level = BT_SECURITY_SDP; 140 break; 141 case L2CAP_CHAN_CONN_ORIENTED: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 144 chan->sec_level = BT_SECURITY_SDP; 145 break; 146 case L2CAP_CHAN_RAW: 147 chan->sec_level = BT_SECURITY_SDP; 148 break; 149 case L2CAP_CHAN_FIXED: 150 /* Fixed channels default to the L2CAP core not holding a 151 * hci_conn reference for them. For fixed channels mapping to 152 * L2CAP sockets we do want to hold a reference so set the 153 * appropriate flag to request it. 154 */ 155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 156 break; 157 } 158 159 bacpy(&chan->src, &la.l2_bdaddr); 160 chan->src_type = la.l2_bdaddr_type; 161 162 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 163 chan->mode = L2CAP_MODE_LE_FLOWCTL; 164 165 chan->state = BT_BOUND; 166 sk->sk_state = BT_BOUND; 167 168done: 169 release_sock(sk); 170 return err; 171} 172 173static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 174 int alen, int flags) 175{ 176 struct sock *sk = sock->sk; 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 178 struct sockaddr_l2 la; 179 int len, err = 0; 180 181 BT_DBG("sk %p", sk); 182 183 if (!addr || alen < sizeof(addr->sa_family) || 184 addr->sa_family != AF_BLUETOOTH) 185 return -EINVAL; 186 187 memset(&la, 0, sizeof(la)); 188 len = min_t(unsigned int, sizeof(la), alen); 189 memcpy(&la, addr, len); 190 191 if (la.l2_cid && la.l2_psm) 192 return -EINVAL; 193 194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 195 return -EINVAL; 196 197 /* Check that the socket wasn't bound to something that 198 * conflicts with the address given to connect(). If chan->src 199 * is BDADDR_ANY it means bind() was never used, in which case 200 * chan->src_type and la.l2_bdaddr_type do not need to match. 201 */ 202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 203 bdaddr_type_is_le(la.l2_bdaddr_type)) { 204 /* Old user space versions will try to incorrectly bind 205 * the ATT socket using BDADDR_BREDR. We need to accept 206 * this and fix up the source address type only when 207 * both the source CID and destination CID indicate 208 * ATT. Anything else is an invalid combination. 209 */ 210 if (chan->scid != L2CAP_CID_ATT || 211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 212 return -EINVAL; 213 214 /* We don't have the hdev available here to make a 215 * better decision on random vs public, but since all 216 * user space versions that exhibit this issue anyway do 217 * not support random local addresses assuming public 218 * here is good enough. 219 */ 220 chan->src_type = BDADDR_LE_PUBLIC; 221 } 222 223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 224 return -EINVAL; 225 226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 227 /* We only allow ATT user space socket */ 228 if (la.l2_cid && 229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 230 return -EINVAL; 231 } 232 233 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 234 chan->mode = L2CAP_MODE_LE_FLOWCTL; 235 236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 237 &la.l2_bdaddr, la.l2_bdaddr_type); 238 if (err) 239 return err; 240 241 lock_sock(sk); 242 243 err = bt_sock_wait_state(sk, BT_CONNECTED, 244 sock_sndtimeo(sk, flags & O_NONBLOCK)); 245 246 release_sock(sk); 247 248 return err; 249} 250 251static int l2cap_sock_listen(struct socket *sock, int backlog) 252{ 253 struct sock *sk = sock->sk; 254 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 255 int err = 0; 256 257 BT_DBG("sk %p backlog %d", sk, backlog); 258 259 lock_sock(sk); 260 261 if (sk->sk_state != BT_BOUND) { 262 err = -EBADFD; 263 goto done; 264 } 265 266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 267 err = -EINVAL; 268 goto done; 269 } 270 271 switch (chan->mode) { 272 case L2CAP_MODE_BASIC: 273 case L2CAP_MODE_LE_FLOWCTL: 274 break; 275 case L2CAP_MODE_ERTM: 276 case L2CAP_MODE_STREAMING: 277 if (!disable_ertm) 278 break; 279 /* fall through */ 280 default: 281 err = -EOPNOTSUPP; 282 goto done; 283 } 284 285 sk->sk_max_ack_backlog = backlog; 286 sk->sk_ack_backlog = 0; 287 288 /* Listening channels need to use nested locking in order not to 289 * cause lockdep warnings when the created child channels end up 290 * being locked in the same thread as the parent channel. 291 */ 292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 293 294 chan->state = BT_LISTEN; 295 sk->sk_state = BT_LISTEN; 296 297done: 298 release_sock(sk); 299 return err; 300} 301 302static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 303 int flags) 304{ 305 DEFINE_WAIT_FUNC(wait, woken_wake_function); 306 struct sock *sk = sock->sk, *nsk; 307 long timeo; 308 int err = 0; 309 310 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 311 312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 313 314 BT_DBG("sk %p timeo %ld", sk, timeo); 315 316 /* Wait for an incoming connection. (wake-one). */ 317 add_wait_queue_exclusive(sk_sleep(sk), &wait); 318 while (1) { 319 if (sk->sk_state != BT_LISTEN) { 320 err = -EBADFD; 321 break; 322 } 323 324 nsk = bt_accept_dequeue(sk, newsock); 325 if (nsk) 326 break; 327 328 if (!timeo) { 329 err = -EAGAIN; 330 break; 331 } 332 333 if (signal_pending(current)) { 334 err = sock_intr_errno(timeo); 335 break; 336 } 337 338 release_sock(sk); 339 340 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 341 342 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 343 } 344 remove_wait_queue(sk_sleep(sk), &wait); 345 346 if (err) 347 goto done; 348 349 newsock->state = SS_CONNECTED; 350 351 BT_DBG("new socket %p", nsk); 352 353done: 354 release_sock(sk); 355 return err; 356} 357 358static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 359 int *len, int peer) 360{ 361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 362 struct sock *sk = sock->sk; 363 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 364 365 BT_DBG("sock %p, sk %p", sock, sk); 366 367 if (peer && sk->sk_state != BT_CONNECTED && 368 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 369 sk->sk_state != BT_CONFIG) 370 return -ENOTCONN; 371 372 memset(la, 0, sizeof(struct sockaddr_l2)); 373 addr->sa_family = AF_BLUETOOTH; 374 *len = sizeof(struct sockaddr_l2); 375 376 la->l2_psm = chan->psm; 377 378 if (peer) { 379 bacpy(&la->l2_bdaddr, &chan->dst); 380 la->l2_cid = cpu_to_le16(chan->dcid); 381 la->l2_bdaddr_type = chan->dst_type; 382 } else { 383 bacpy(&la->l2_bdaddr, &chan->src); 384 la->l2_cid = cpu_to_le16(chan->scid); 385 la->l2_bdaddr_type = chan->src_type; 386 } 387 388 return 0; 389} 390 391static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 392 char __user *optval, int __user *optlen) 393{ 394 struct sock *sk = sock->sk; 395 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 396 struct l2cap_options opts; 397 struct l2cap_conninfo cinfo; 398 int len, err = 0; 399 u32 opt; 400 401 BT_DBG("sk %p", sk); 402 403 if (get_user(len, optlen)) 404 return -EFAULT; 405 406 lock_sock(sk); 407 408 switch (optname) { 409 case L2CAP_OPTIONS: 410 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 411 * legacy ATT code depends on getsockopt for 412 * L2CAP_OPTIONS we need to let this pass. 413 */ 414 if (bdaddr_type_is_le(chan->src_type) && 415 chan->scid != L2CAP_CID_ATT) { 416 err = -EINVAL; 417 break; 418 } 419 420 memset(&opts, 0, sizeof(opts)); 421 opts.imtu = chan->imtu; 422 opts.omtu = chan->omtu; 423 opts.flush_to = chan->flush_to; 424 opts.mode = chan->mode; 425 opts.fcs = chan->fcs; 426 opts.max_tx = chan->max_tx; 427 opts.txwin_size = chan->tx_win; 428 429 len = min_t(unsigned int, len, sizeof(opts)); 430 if (copy_to_user(optval, (char *) &opts, len)) 431 err = -EFAULT; 432 433 break; 434 435 case L2CAP_LM: 436 switch (chan->sec_level) { 437 case BT_SECURITY_LOW: 438 opt = L2CAP_LM_AUTH; 439 break; 440 case BT_SECURITY_MEDIUM: 441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 442 break; 443 case BT_SECURITY_HIGH: 444 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 445 L2CAP_LM_SECURE; 446 break; 447 case BT_SECURITY_FIPS: 448 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 449 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 450 break; 451 default: 452 opt = 0; 453 break; 454 } 455 456 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 457 opt |= L2CAP_LM_MASTER; 458 459 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 460 opt |= L2CAP_LM_RELIABLE; 461 462 if (put_user(opt, (u32 __user *) optval)) 463 err = -EFAULT; 464 465 break; 466 467 case L2CAP_CONNINFO: 468 if (sk->sk_state != BT_CONNECTED && 469 !(sk->sk_state == BT_CONNECT2 && 470 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 471 err = -ENOTCONN; 472 break; 473 } 474 475 memset(&cinfo, 0, sizeof(cinfo)); 476 cinfo.hci_handle = chan->conn->hcon->handle; 477 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 478 479 len = min_t(unsigned int, len, sizeof(cinfo)); 480 if (copy_to_user(optval, (char *) &cinfo, len)) 481 err = -EFAULT; 482 483 break; 484 485 default: 486 err = -ENOPROTOOPT; 487 break; 488 } 489 490 release_sock(sk); 491 return err; 492} 493 494static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 495 char __user *optval, int __user *optlen) 496{ 497 struct sock *sk = sock->sk; 498 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 499 struct bt_security sec; 500 struct bt_power pwr; 501 int len, err = 0; 502 503 BT_DBG("sk %p", sk); 504 505 if (level == SOL_L2CAP) 506 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 507 508 if (level != SOL_BLUETOOTH) 509 return -ENOPROTOOPT; 510 511 if (get_user(len, optlen)) 512 return -EFAULT; 513 514 lock_sock(sk); 515 516 switch (optname) { 517 case BT_SECURITY: 518 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 519 chan->chan_type != L2CAP_CHAN_FIXED && 520 chan->chan_type != L2CAP_CHAN_RAW) { 521 err = -EINVAL; 522 break; 523 } 524 525 memset(&sec, 0, sizeof(sec)); 526 if (chan->conn) { 527 sec.level = chan->conn->hcon->sec_level; 528 529 if (sk->sk_state == BT_CONNECTED) 530 sec.key_size = chan->conn->hcon->enc_key_size; 531 } else { 532 sec.level = chan->sec_level; 533 } 534 535 len = min_t(unsigned int, len, sizeof(sec)); 536 if (copy_to_user(optval, (char *) &sec, len)) 537 err = -EFAULT; 538 539 break; 540 541 case BT_DEFER_SETUP: 542 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 543 err = -EINVAL; 544 break; 545 } 546 547 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 548 (u32 __user *) optval)) 549 err = -EFAULT; 550 551 break; 552 553 case BT_FLUSHABLE: 554 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 555 (u32 __user *) optval)) 556 err = -EFAULT; 557 558 break; 559 560 case BT_POWER: 561 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 562 && sk->sk_type != SOCK_RAW) { 563 err = -EINVAL; 564 break; 565 } 566 567 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 568 569 len = min_t(unsigned int, len, sizeof(pwr)); 570 if (copy_to_user(optval, (char *) &pwr, len)) 571 err = -EFAULT; 572 573 break; 574 575 case BT_CHANNEL_POLICY: 576 if (put_user(chan->chan_policy, (u32 __user *) optval)) 577 err = -EFAULT; 578 break; 579 580 case BT_SNDMTU: 581 if (!bdaddr_type_is_le(chan->src_type)) { 582 err = -EINVAL; 583 break; 584 } 585 586 if (sk->sk_state != BT_CONNECTED) { 587 err = -ENOTCONN; 588 break; 589 } 590 591 if (put_user(chan->omtu, (u16 __user *) optval)) 592 err = -EFAULT; 593 break; 594 595 case BT_RCVMTU: 596 if (!bdaddr_type_is_le(chan->src_type)) { 597 err = -EINVAL; 598 break; 599 } 600 601 if (put_user(chan->imtu, (u16 __user *) optval)) 602 err = -EFAULT; 603 break; 604 605 default: 606 err = -ENOPROTOOPT; 607 break; 608 } 609 610 release_sock(sk); 611 return err; 612} 613 614static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 615{ 616 switch (chan->scid) { 617 case L2CAP_CID_ATT: 618 if (mtu < L2CAP_LE_MIN_MTU) 619 return false; 620 break; 621 622 default: 623 if (mtu < L2CAP_DEFAULT_MIN_MTU) 624 return false; 625 } 626 627 return true; 628} 629 630static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 631 char __user *optval, unsigned int optlen) 632{ 633 struct sock *sk = sock->sk; 634 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 635 struct l2cap_options opts; 636 int len, err = 0; 637 u32 opt; 638 639 BT_DBG("sk %p", sk); 640 641 lock_sock(sk); 642 643 switch (optname) { 644 case L2CAP_OPTIONS: 645 if (bdaddr_type_is_le(chan->src_type)) { 646 err = -EINVAL; 647 break; 648 } 649 650 if (sk->sk_state == BT_CONNECTED) { 651 err = -EINVAL; 652 break; 653 } 654 655 opts.imtu = chan->imtu; 656 opts.omtu = chan->omtu; 657 opts.flush_to = chan->flush_to; 658 opts.mode = chan->mode; 659 opts.fcs = chan->fcs; 660 opts.max_tx = chan->max_tx; 661 opts.txwin_size = chan->tx_win; 662 663 len = min_t(unsigned int, sizeof(opts), optlen); 664 if (copy_from_user((char *) &opts, optval, len)) { 665 err = -EFAULT; 666 break; 667 } 668 669 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 670 err = -EINVAL; 671 break; 672 } 673 674 if (!l2cap_valid_mtu(chan, opts.imtu)) { 675 err = -EINVAL; 676 break; 677 } 678 679 chan->mode = opts.mode; 680 switch (chan->mode) { 681 case L2CAP_MODE_LE_FLOWCTL: 682 break; 683 case L2CAP_MODE_BASIC: 684 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 685 break; 686 case L2CAP_MODE_ERTM: 687 case L2CAP_MODE_STREAMING: 688 if (!disable_ertm) 689 break; 690 /* fall through */ 691 default: 692 err = -EINVAL; 693 break; 694 } 695 696 chan->imtu = opts.imtu; 697 chan->omtu = opts.omtu; 698 chan->fcs = opts.fcs; 699 chan->max_tx = opts.max_tx; 700 chan->tx_win = opts.txwin_size; 701 chan->flush_to = opts.flush_to; 702 break; 703 704 case L2CAP_LM: 705 if (get_user(opt, (u32 __user *) optval)) { 706 err = -EFAULT; 707 break; 708 } 709 710 if (opt & L2CAP_LM_FIPS) { 711 err = -EINVAL; 712 break; 713 } 714 715 if (opt & L2CAP_LM_AUTH) 716 chan->sec_level = BT_SECURITY_LOW; 717 if (opt & L2CAP_LM_ENCRYPT) 718 chan->sec_level = BT_SECURITY_MEDIUM; 719 if (opt & L2CAP_LM_SECURE) 720 chan->sec_level = BT_SECURITY_HIGH; 721 722 if (opt & L2CAP_LM_MASTER) 723 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 724 else 725 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 726 727 if (opt & L2CAP_LM_RELIABLE) 728 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 729 else 730 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 731 break; 732 733 default: 734 err = -ENOPROTOOPT; 735 break; 736 } 737 738 release_sock(sk); 739 return err; 740} 741 742static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 743 char __user *optval, unsigned int optlen) 744{ 745 struct sock *sk = sock->sk; 746 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 747 struct bt_security sec; 748 struct bt_power pwr; 749 struct l2cap_conn *conn; 750 int len, err = 0; 751 u32 opt; 752 753 BT_DBG("sk %p", sk); 754 755 if (level == SOL_L2CAP) 756 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 757 758 if (level != SOL_BLUETOOTH) 759 return -ENOPROTOOPT; 760 761 lock_sock(sk); 762 763 switch (optname) { 764 case BT_SECURITY: 765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 766 chan->chan_type != L2CAP_CHAN_FIXED && 767 chan->chan_type != L2CAP_CHAN_RAW) { 768 err = -EINVAL; 769 break; 770 } 771 772 sec.level = BT_SECURITY_LOW; 773 774 len = min_t(unsigned int, sizeof(sec), optlen); 775 if (copy_from_user((char *) &sec, optval, len)) { 776 err = -EFAULT; 777 break; 778 } 779 780 if (sec.level < BT_SECURITY_LOW || 781 sec.level > BT_SECURITY_HIGH) { 782 err = -EINVAL; 783 break; 784 } 785 786 chan->sec_level = sec.level; 787 788 if (!chan->conn) 789 break; 790 791 conn = chan->conn; 792 793 /*change security for LE channels */ 794 if (chan->scid == L2CAP_CID_ATT) { 795 if (smp_conn_security(conn->hcon, sec.level)) 796 break; 797 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 798 sk->sk_state = BT_CONFIG; 799 chan->state = BT_CONFIG; 800 801 /* or for ACL link */ 802 } else if ((sk->sk_state == BT_CONNECT2 && 803 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 804 sk->sk_state == BT_CONNECTED) { 805 if (!l2cap_chan_check_security(chan, true)) 806 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 807 else 808 sk->sk_state_change(sk); 809 } else { 810 err = -EINVAL; 811 } 812 break; 813 814 case BT_DEFER_SETUP: 815 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 816 err = -EINVAL; 817 break; 818 } 819 820 if (get_user(opt, (u32 __user *) optval)) { 821 err = -EFAULT; 822 break; 823 } 824 825 if (opt) { 826 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 827 set_bit(FLAG_DEFER_SETUP, &chan->flags); 828 } else { 829 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 830 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 831 } 832 break; 833 834 case BT_FLUSHABLE: 835 if (get_user(opt, (u32 __user *) optval)) { 836 err = -EFAULT; 837 break; 838 } 839 840 if (opt > BT_FLUSHABLE_ON) { 841 err = -EINVAL; 842 break; 843 } 844 845 if (opt == BT_FLUSHABLE_OFF) { 846 conn = chan->conn; 847 /* proceed further only when we have l2cap_conn and 848 No Flush support in the LM */ 849 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 850 err = -EINVAL; 851 break; 852 } 853 } 854 855 if (opt) 856 set_bit(FLAG_FLUSHABLE, &chan->flags); 857 else 858 clear_bit(FLAG_FLUSHABLE, &chan->flags); 859 break; 860 861 case BT_POWER: 862 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 863 chan->chan_type != L2CAP_CHAN_RAW) { 864 err = -EINVAL; 865 break; 866 } 867 868 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 869 870 len = min_t(unsigned int, sizeof(pwr), optlen); 871 if (copy_from_user((char *) &pwr, optval, len)) { 872 err = -EFAULT; 873 break; 874 } 875 876 if (pwr.force_active) 877 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 878 else 879 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 880 break; 881 882 case BT_CHANNEL_POLICY: 883 if (get_user(opt, (u32 __user *) optval)) { 884 err = -EFAULT; 885 break; 886 } 887 888 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 889 err = -EINVAL; 890 break; 891 } 892 893 if (chan->mode != L2CAP_MODE_ERTM && 894 chan->mode != L2CAP_MODE_STREAMING) { 895 err = -EOPNOTSUPP; 896 break; 897 } 898 899 chan->chan_policy = (u8) opt; 900 901 if (sk->sk_state == BT_CONNECTED && 902 chan->move_role == L2CAP_MOVE_ROLE_NONE) 903 l2cap_move_start(chan); 904 905 break; 906 907 case BT_SNDMTU: 908 if (!bdaddr_type_is_le(chan->src_type)) { 909 err = -EINVAL; 910 break; 911 } 912 913 /* Setting is not supported as it's the remote side that 914 * decides this. 915 */ 916 err = -EPERM; 917 break; 918 919 case BT_RCVMTU: 920 if (!bdaddr_type_is_le(chan->src_type)) { 921 err = -EINVAL; 922 break; 923 } 924 925 if (sk->sk_state == BT_CONNECTED) { 926 err = -EISCONN; 927 break; 928 } 929 930 if (get_user(opt, (u32 __user *) optval)) { 931 err = -EFAULT; 932 break; 933 } 934 935 chan->imtu = opt; 936 break; 937 938 default: 939 err = -ENOPROTOOPT; 940 break; 941 } 942 943 release_sock(sk); 944 return err; 945} 946 947static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, 948 size_t len) 949{ 950 struct sock *sk = sock->sk; 951 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 952 int err; 953 954 BT_DBG("sock %p, sk %p", sock, sk); 955 956 err = sock_error(sk); 957 if (err) 958 return err; 959 960 if (msg->msg_flags & MSG_OOB) 961 return -EOPNOTSUPP; 962 963 if (sk->sk_state != BT_CONNECTED) 964 return -ENOTCONN; 965 966 lock_sock(sk); 967 err = bt_sock_wait_ready(sk, msg->msg_flags); 968 release_sock(sk); 969 if (err) 970 return err; 971 972 l2cap_chan_lock(chan); 973 err = l2cap_chan_send(chan, msg, len); 974 l2cap_chan_unlock(chan); 975 976 return err; 977} 978 979static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, 980 size_t len, int flags) 981{ 982 struct sock *sk = sock->sk; 983 struct l2cap_pinfo *pi = l2cap_pi(sk); 984 int err; 985 986 lock_sock(sk); 987 988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 989 &bt_sk(sk)->flags)) { 990 if (bdaddr_type_is_le(pi->chan->src_type)) { 991 sk->sk_state = BT_CONNECTED; 992 pi->chan->state = BT_CONNECTED; 993 __l2cap_le_connect_rsp_defer(pi->chan); 994 } else { 995 sk->sk_state = BT_CONFIG; 996 pi->chan->state = BT_CONFIG; 997 __l2cap_connect_rsp_defer(pi->chan); 998 } 999 1000 err = 0; 1001 goto done; 1002 } 1003 1004 release_sock(sk); 1005 1006 if (sock->type == SOCK_STREAM) 1007 err = bt_sock_stream_recvmsg(sock, msg, len, flags); 1008 else 1009 err = bt_sock_recvmsg(sock, msg, len, flags); 1010 1011 if (pi->chan->mode != L2CAP_MODE_ERTM) 1012 return err; 1013 1014 /* Attempt to put pending rx data in the socket buffer */ 1015 1016 lock_sock(sk); 1017 1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1019 goto done; 1020 1021 if (pi->rx_busy_skb) { 1022 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1023 pi->rx_busy_skb = NULL; 1024 else 1025 goto done; 1026 } 1027 1028 /* Restore data flow when half of the receive buffer is 1029 * available. This avoids resending large numbers of 1030 * frames. 1031 */ 1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1033 l2cap_chan_busy(pi->chan, 0); 1034 1035done: 1036 release_sock(sk); 1037 return err; 1038} 1039 1040/* Kill socket (only if zapped and orphan) 1041 * Must be called on unlocked socket. 1042 */ 1043static void l2cap_sock_kill(struct sock *sk) 1044{ 1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1046 return; 1047 1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1049 1050 /* Kill poor orphan */ 1051 1052 l2cap_chan_put(l2cap_pi(sk)->chan); 1053 sock_set_flag(sk, SOCK_DEAD); 1054 sock_put(sk); 1055} 1056 1057static int __l2cap_wait_ack(struct sock *sk) 1058{ 1059 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1060 DECLARE_WAITQUEUE(wait, current); 1061 int err = 0; 1062 int timeo = HZ/5; 1063 1064 add_wait_queue(sk_sleep(sk), &wait); 1065 set_current_state(TASK_INTERRUPTIBLE); 1066 while (chan->unacked_frames > 0 && chan->conn) { 1067 if (!timeo) 1068 timeo = HZ/5; 1069 1070 if (signal_pending(current)) { 1071 err = sock_intr_errno(timeo); 1072 break; 1073 } 1074 1075 release_sock(sk); 1076 timeo = schedule_timeout(timeo); 1077 lock_sock(sk); 1078 set_current_state(TASK_INTERRUPTIBLE); 1079 1080 err = sock_error(sk); 1081 if (err) 1082 break; 1083 } 1084 set_current_state(TASK_RUNNING); 1085 remove_wait_queue(sk_sleep(sk), &wait); 1086 return err; 1087} 1088 1089static int l2cap_sock_shutdown(struct socket *sock, int how) 1090{ 1091 struct sock *sk = sock->sk; 1092 struct l2cap_chan *chan; 1093 struct l2cap_conn *conn; 1094 int err = 0; 1095 1096 BT_DBG("sock %p, sk %p", sock, sk); 1097 1098 if (!sk) 1099 return 0; 1100 1101 chan = l2cap_pi(sk)->chan; 1102 conn = chan->conn; 1103 1104 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1105 1106 if (conn) 1107 mutex_lock(&conn->chan_lock); 1108 1109 l2cap_chan_lock(chan); 1110 lock_sock(sk); 1111 1112 if (!sk->sk_shutdown) { 1113 if (chan->mode == L2CAP_MODE_ERTM) 1114 err = __l2cap_wait_ack(sk); 1115 1116 sk->sk_shutdown = SHUTDOWN_MASK; 1117 1118 release_sock(sk); 1119 l2cap_chan_close(chan, 0); 1120 lock_sock(sk); 1121 1122 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1123 !(current->flags & PF_EXITING)) 1124 err = bt_sock_wait_state(sk, BT_CLOSED, 1125 sk->sk_lingertime); 1126 } 1127 1128 if (!err && sk->sk_err) 1129 err = -sk->sk_err; 1130 1131 release_sock(sk); 1132 l2cap_chan_unlock(chan); 1133 1134 if (conn) 1135 mutex_unlock(&conn->chan_lock); 1136 1137 return err; 1138} 1139 1140static int l2cap_sock_release(struct socket *sock) 1141{ 1142 struct sock *sk = sock->sk; 1143 int err; 1144 1145 BT_DBG("sock %p, sk %p", sock, sk); 1146 1147 if (!sk) 1148 return 0; 1149 1150 bt_sock_unlink(&l2cap_sk_list, sk); 1151 1152 err = l2cap_sock_shutdown(sock, 2); 1153 1154 sock_orphan(sk); 1155 l2cap_sock_kill(sk); 1156 return err; 1157} 1158 1159static void l2cap_sock_cleanup_listen(struct sock *parent) 1160{ 1161 struct sock *sk; 1162 1163 BT_DBG("parent %p state %s", parent, 1164 state_to_string(parent->sk_state)); 1165 1166 /* Close not yet accepted channels */ 1167 while ((sk = bt_accept_dequeue(parent, NULL))) { 1168 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1169 1170 BT_DBG("child chan %p state %s", chan, 1171 state_to_string(chan->state)); 1172 1173 l2cap_chan_lock(chan); 1174 __clear_chan_timer(chan); 1175 l2cap_chan_close(chan, ECONNRESET); 1176 l2cap_chan_unlock(chan); 1177 1178 l2cap_sock_kill(sk); 1179 } 1180} 1181 1182static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1183{ 1184 struct sock *sk, *parent = chan->data; 1185 1186 lock_sock(parent); 1187 1188 /* Check for backlog size */ 1189 if (sk_acceptq_is_full(parent)) { 1190 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1191 release_sock(parent); 1192 return NULL; 1193 } 1194 1195 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1196 GFP_ATOMIC); 1197 if (!sk) { 1198 release_sock(parent); 1199 return NULL; 1200 } 1201 1202 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1203 1204 l2cap_sock_init(sk, parent); 1205 1206 bt_accept_enqueue(parent, sk); 1207 1208 release_sock(parent); 1209 1210 return l2cap_pi(sk)->chan; 1211} 1212 1213static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1214{ 1215 struct sock *sk = chan->data; 1216 int err; 1217 1218 lock_sock(sk); 1219 1220 if (l2cap_pi(sk)->rx_busy_skb) { 1221 err = -ENOMEM; 1222 goto done; 1223 } 1224 1225 err = sock_queue_rcv_skb(sk, skb); 1226 1227 /* For ERTM, handle one skb that doesn't fit into the recv 1228 * buffer. This is important to do because the data frames 1229 * have already been acked, so the skb cannot be discarded. 1230 * 1231 * Notify the l2cap core that the buffer is full, so the 1232 * LOCAL_BUSY state is entered and no more frames are 1233 * acked and reassembled until there is buffer space 1234 * available. 1235 */ 1236 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1237 l2cap_pi(sk)->rx_busy_skb = skb; 1238 l2cap_chan_busy(chan, 1); 1239 err = 0; 1240 } 1241 1242done: 1243 release_sock(sk); 1244 1245 return err; 1246} 1247 1248static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1249{ 1250 struct sock *sk = chan->data; 1251 1252 l2cap_sock_kill(sk); 1253} 1254 1255static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1256{ 1257 struct sock *sk = chan->data; 1258 struct sock *parent; 1259 1260 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1261 1262 /* This callback can be called both for server (BT_LISTEN) 1263 * sockets as well as "normal" ones. To avoid lockdep warnings 1264 * with child socket locking (through l2cap_sock_cleanup_listen) 1265 * we need separation into separate nesting levels. The simplest 1266 * way to accomplish this is to inherit the nesting level used 1267 * for the channel. 1268 */ 1269 lock_sock_nested(sk, atomic_read(&chan->nesting)); 1270 1271 parent = bt_sk(sk)->parent; 1272 1273 sock_set_flag(sk, SOCK_ZAPPED); 1274 1275 switch (chan->state) { 1276 case BT_OPEN: 1277 case BT_BOUND: 1278 case BT_CLOSED: 1279 break; 1280 case BT_LISTEN: 1281 l2cap_sock_cleanup_listen(sk); 1282 sk->sk_state = BT_CLOSED; 1283 chan->state = BT_CLOSED; 1284 1285 break; 1286 default: 1287 sk->sk_state = BT_CLOSED; 1288 chan->state = BT_CLOSED; 1289 1290 sk->sk_err = err; 1291 1292 if (parent) { 1293 bt_accept_unlink(sk); 1294 parent->sk_data_ready(parent); 1295 } else { 1296 sk->sk_state_change(sk); 1297 } 1298 1299 break; 1300 } 1301 1302 release_sock(sk); 1303} 1304 1305static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1306 int err) 1307{ 1308 struct sock *sk = chan->data; 1309 1310 sk->sk_state = state; 1311 1312 if (err) 1313 sk->sk_err = err; 1314} 1315 1316static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1317 unsigned long hdr_len, 1318 unsigned long len, int nb) 1319{ 1320 struct sock *sk = chan->data; 1321 struct sk_buff *skb; 1322 int err; 1323 1324 l2cap_chan_unlock(chan); 1325 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1326 l2cap_chan_lock(chan); 1327 1328 if (!skb) 1329 return ERR_PTR(err); 1330 1331 skb->priority = sk->sk_priority; 1332 1333 bt_cb(skb)->l2cap.chan = chan; 1334 1335 return skb; 1336} 1337 1338static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1339{ 1340 struct sock *sk = chan->data; 1341 struct sock *parent; 1342 1343 lock_sock(sk); 1344 1345 parent = bt_sk(sk)->parent; 1346 1347 BT_DBG("sk %p, parent %p", sk, parent); 1348 1349 sk->sk_state = BT_CONNECTED; 1350 sk->sk_state_change(sk); 1351 1352 if (parent) 1353 parent->sk_data_ready(parent); 1354 1355 release_sock(sk); 1356} 1357 1358static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1359{ 1360 struct sock *parent, *sk = chan->data; 1361 1362 lock_sock(sk); 1363 1364 parent = bt_sk(sk)->parent; 1365 if (parent) 1366 parent->sk_data_ready(parent); 1367 1368 release_sock(sk); 1369} 1370 1371static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1372{ 1373 struct sock *sk = chan->data; 1374 1375 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1376 sk->sk_state = BT_CONNECTED; 1377 chan->state = BT_CONNECTED; 1378 } 1379 1380 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1381 sk->sk_state_change(sk); 1382} 1383 1384static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1385{ 1386 struct sock *sk = chan->data; 1387 1388 lock_sock(sk); 1389 sk->sk_shutdown = SHUTDOWN_MASK; 1390 release_sock(sk); 1391} 1392 1393static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1394{ 1395 struct sock *sk = chan->data; 1396 1397 return sk->sk_sndtimeo; 1398} 1399 1400static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1401{ 1402 struct sock *sk = chan->data; 1403 1404 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1405 sk->sk_state_change(sk); 1406} 1407 1408static const struct l2cap_ops l2cap_chan_ops = { 1409 .name = "L2CAP Socket Interface", 1410 .new_connection = l2cap_sock_new_connection_cb, 1411 .recv = l2cap_sock_recv_cb, 1412 .close = l2cap_sock_close_cb, 1413 .teardown = l2cap_sock_teardown_cb, 1414 .state_change = l2cap_sock_state_change_cb, 1415 .ready = l2cap_sock_ready_cb, 1416 .defer = l2cap_sock_defer_cb, 1417 .resume = l2cap_sock_resume_cb, 1418 .suspend = l2cap_sock_suspend_cb, 1419 .set_shutdown = l2cap_sock_set_shutdown_cb, 1420 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1421 .alloc_skb = l2cap_sock_alloc_skb_cb, 1422}; 1423 1424static void l2cap_sock_destruct(struct sock *sk) 1425{ 1426 BT_DBG("sk %p", sk); 1427 1428 if (l2cap_pi(sk)->chan) 1429 l2cap_chan_put(l2cap_pi(sk)->chan); 1430 1431 if (l2cap_pi(sk)->rx_busy_skb) { 1432 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1433 l2cap_pi(sk)->rx_busy_skb = NULL; 1434 } 1435 1436 skb_queue_purge(&sk->sk_receive_queue); 1437 skb_queue_purge(&sk->sk_write_queue); 1438} 1439 1440static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1441 int *msg_namelen) 1442{ 1443 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1444 1445 memset(la, 0, sizeof(struct sockaddr_l2)); 1446 la->l2_family = AF_BLUETOOTH; 1447 la->l2_psm = bt_cb(skb)->l2cap.psm; 1448 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr); 1449 1450 *msg_namelen = sizeof(struct sockaddr_l2); 1451} 1452 1453static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1454{ 1455 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1456 1457 BT_DBG("sk %p", sk); 1458 1459 if (parent) { 1460 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1461 1462 sk->sk_type = parent->sk_type; 1463 bt_sk(sk)->flags = bt_sk(parent)->flags; 1464 1465 chan->chan_type = pchan->chan_type; 1466 chan->imtu = pchan->imtu; 1467 chan->omtu = pchan->omtu; 1468 chan->conf_state = pchan->conf_state; 1469 chan->mode = pchan->mode; 1470 chan->fcs = pchan->fcs; 1471 chan->max_tx = pchan->max_tx; 1472 chan->tx_win = pchan->tx_win; 1473 chan->tx_win_max = pchan->tx_win_max; 1474 chan->sec_level = pchan->sec_level; 1475 chan->flags = pchan->flags; 1476 chan->tx_credits = pchan->tx_credits; 1477 chan->rx_credits = pchan->rx_credits; 1478 1479 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1480 chan->scid = pchan->scid; 1481 chan->dcid = pchan->scid; 1482 } 1483 1484 security_sk_clone(parent, sk); 1485 } else { 1486 switch (sk->sk_type) { 1487 case SOCK_RAW: 1488 chan->chan_type = L2CAP_CHAN_RAW; 1489 break; 1490 case SOCK_DGRAM: 1491 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1492 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1493 break; 1494 case SOCK_SEQPACKET: 1495 case SOCK_STREAM: 1496 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1497 break; 1498 } 1499 1500 chan->imtu = L2CAP_DEFAULT_MTU; 1501 chan->omtu = 0; 1502 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1503 chan->mode = L2CAP_MODE_ERTM; 1504 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1505 } else { 1506 chan->mode = L2CAP_MODE_BASIC; 1507 } 1508 1509 l2cap_chan_set_defaults(chan); 1510 } 1511 1512 /* Default config options */ 1513 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1514 1515 chan->data = sk; 1516 chan->ops = &l2cap_chan_ops; 1517} 1518 1519static struct proto l2cap_proto = { 1520 .name = "L2CAP", 1521 .owner = THIS_MODULE, 1522 .obj_size = sizeof(struct l2cap_pinfo) 1523}; 1524 1525static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1526 int proto, gfp_t prio) 1527{ 1528 struct sock *sk; 1529 struct l2cap_chan *chan; 1530 1531 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1532 if (!sk) 1533 return NULL; 1534 1535 sock_init_data(sock, sk); 1536 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1537 1538 sk->sk_destruct = l2cap_sock_destruct; 1539 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1540 1541 sock_reset_flag(sk, SOCK_ZAPPED); 1542 1543 sk->sk_protocol = proto; 1544 sk->sk_state = BT_OPEN; 1545 1546 chan = l2cap_chan_create(); 1547 if (!chan) { 1548 sk_free(sk); 1549 return NULL; 1550 } 1551 1552 l2cap_chan_hold(chan); 1553 1554 l2cap_pi(sk)->chan = chan; 1555 1556 return sk; 1557} 1558 1559static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1560 int kern) 1561{ 1562 struct sock *sk; 1563 1564 BT_DBG("sock %p", sock); 1565 1566 sock->state = SS_UNCONNECTED; 1567 1568 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1569 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1570 return -ESOCKTNOSUPPORT; 1571 1572 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1573 return -EPERM; 1574 1575 sock->ops = &l2cap_sock_ops; 1576 1577 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1578 if (!sk) 1579 return -ENOMEM; 1580 1581 l2cap_sock_init(sk, NULL); 1582 bt_sock_link(&l2cap_sk_list, sk); 1583 return 0; 1584} 1585 1586static const struct proto_ops l2cap_sock_ops = { 1587 .family = PF_BLUETOOTH, 1588 .owner = THIS_MODULE, 1589 .release = l2cap_sock_release, 1590 .bind = l2cap_sock_bind, 1591 .connect = l2cap_sock_connect, 1592 .listen = l2cap_sock_listen, 1593 .accept = l2cap_sock_accept, 1594 .getname = l2cap_sock_getname, 1595 .sendmsg = l2cap_sock_sendmsg, 1596 .recvmsg = l2cap_sock_recvmsg, 1597 .poll = bt_sock_poll, 1598 .ioctl = bt_sock_ioctl, 1599 .mmap = sock_no_mmap, 1600 .socketpair = sock_no_socketpair, 1601 .shutdown = l2cap_sock_shutdown, 1602 .setsockopt = l2cap_sock_setsockopt, 1603 .getsockopt = l2cap_sock_getsockopt 1604}; 1605 1606static const struct net_proto_family l2cap_sock_family_ops = { 1607 .family = PF_BLUETOOTH, 1608 .owner = THIS_MODULE, 1609 .create = l2cap_sock_create, 1610}; 1611 1612int __init l2cap_init_sockets(void) 1613{ 1614 int err; 1615 1616 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr)); 1617 1618 err = proto_register(&l2cap_proto, 0); 1619 if (err < 0) 1620 return err; 1621 1622 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1623 if (err < 0) { 1624 BT_ERR("L2CAP socket registration failed"); 1625 goto error; 1626 } 1627 1628 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1629 NULL); 1630 if (err < 0) { 1631 BT_ERR("Failed to create L2CAP proc file"); 1632 bt_sock_unregister(BTPROTO_L2CAP); 1633 goto error; 1634 } 1635 1636 BT_INFO("L2CAP socket layer initialized"); 1637 1638 return 0; 1639 1640error: 1641 proto_unregister(&l2cap_proto); 1642 return err; 1643} 1644 1645void l2cap_cleanup_sockets(void) 1646{ 1647 bt_procfs_cleanup(&init_net, "l2cap"); 1648 bt_sock_unregister(BTPROTO_L2CAP); 1649 proto_unregister(&l2cap_proto); 1650} 1651