0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
0030 #include <linux/module.h>
0031 #include <linux/export.h>
0032 #include <linux/filter.h>
0033 #include <linux/sched/signal.h>
0034
0035 #include <net/bluetooth/bluetooth.h>
0036 #include <net/bluetooth/hci_core.h>
0037 #include <net/bluetooth/l2cap.h>
0038
0039 #include "smp.h"
0040
0041 static struct bt_sock_list l2cap_sk_list = {
0042 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
0043 };
0044
0045 static const struct proto_ops l2cap_sock_ops;
0046 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
0047 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
0048 int proto, gfp_t prio, int kern);
0049
0050 bool l2cap_is_socket(struct socket *sock)
0051 {
0052 return sock && sock->ops == &l2cap_sock_ops;
0053 }
0054 EXPORT_SYMBOL(l2cap_is_socket);
0055
0056 static int l2cap_validate_bredr_psm(u16 psm)
0057 {
0058
0059 if ((psm & 0x0101) != 0x0001)
0060 return -EINVAL;
0061
0062
0063 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
0064 return -EACCES;
0065
0066 return 0;
0067 }
0068
0069 static int l2cap_validate_le_psm(u16 psm)
0070 {
0071
0072 if (psm > L2CAP_PSM_LE_DYN_END)
0073 return -EINVAL;
0074
0075
0076 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
0077 return -EACCES;
0078
0079 return 0;
0080 }
0081
0082 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
0083 {
0084 struct sock *sk = sock->sk;
0085 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0086 struct sockaddr_l2 la;
0087 int len, err = 0;
0088
0089 BT_DBG("sk %p", sk);
0090
0091 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
0092 addr->sa_family != AF_BLUETOOTH)
0093 return -EINVAL;
0094
0095 memset(&la, 0, sizeof(la));
0096 len = min_t(unsigned int, sizeof(la), alen);
0097 memcpy(&la, addr, len);
0098
0099 if (la.l2_cid && la.l2_psm)
0100 return -EINVAL;
0101
0102 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
0103 return -EINVAL;
0104
0105 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
0106
0107 if (la.l2_cid &&
0108 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
0109 return -EINVAL;
0110 }
0111
0112 lock_sock(sk);
0113
0114 if (sk->sk_state != BT_OPEN) {
0115 err = -EBADFD;
0116 goto done;
0117 }
0118
0119 if (la.l2_psm) {
0120 __u16 psm = __le16_to_cpu(la.l2_psm);
0121
0122 if (la.l2_bdaddr_type == BDADDR_BREDR)
0123 err = l2cap_validate_bredr_psm(psm);
0124 else
0125 err = l2cap_validate_le_psm(psm);
0126
0127 if (err)
0128 goto done;
0129 }
0130
0131 bacpy(&chan->src, &la.l2_bdaddr);
0132 chan->src_type = la.l2_bdaddr_type;
0133
0134 if (la.l2_cid)
0135 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
0136 else
0137 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
0138
0139 if (err < 0)
0140 goto done;
0141
0142 switch (chan->chan_type) {
0143 case L2CAP_CHAN_CONN_LESS:
0144 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
0145 chan->sec_level = BT_SECURITY_SDP;
0146 break;
0147 case L2CAP_CHAN_CONN_ORIENTED:
0148 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
0149 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
0150 chan->sec_level = BT_SECURITY_SDP;
0151 break;
0152 case L2CAP_CHAN_RAW:
0153 chan->sec_level = BT_SECURITY_SDP;
0154 break;
0155 case L2CAP_CHAN_FIXED:
0156
0157
0158
0159
0160
0161 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
0162 break;
0163 }
0164
0165
0166
0167
0168 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
0169 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0170 chan->mode = L2CAP_MODE_LE_FLOWCTL;
0171
0172 chan->state = BT_BOUND;
0173 sk->sk_state = BT_BOUND;
0174
0175 done:
0176 release_sock(sk);
0177 return err;
0178 }
0179
0180 static void l2cap_sock_init_pid(struct sock *sk)
0181 {
0182 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0183
0184
0185
0186
0187 if (chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0188 return;
0189
0190 spin_lock(&sk->sk_peer_lock);
0191 sk->sk_peer_pid = get_pid(task_tgid(current));
0192 spin_unlock(&sk->sk_peer_lock);
0193 }
0194
0195 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
0196 int alen, int flags)
0197 {
0198 struct sock *sk = sock->sk;
0199 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0200 struct sockaddr_l2 la;
0201 int len, err = 0;
0202 bool zapped;
0203
0204 BT_DBG("sk %p", sk);
0205
0206 lock_sock(sk);
0207 zapped = sock_flag(sk, SOCK_ZAPPED);
0208 release_sock(sk);
0209
0210 if (zapped)
0211 return -EINVAL;
0212
0213 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
0214 addr->sa_family != AF_BLUETOOTH)
0215 return -EINVAL;
0216
0217 memset(&la, 0, sizeof(la));
0218 len = min_t(unsigned int, sizeof(la), alen);
0219 memcpy(&la, addr, len);
0220
0221 if (la.l2_cid && la.l2_psm)
0222 return -EINVAL;
0223
0224 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
0225 return -EINVAL;
0226
0227
0228
0229
0230
0231
0232 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
0233 bdaddr_type_is_le(la.l2_bdaddr_type)) {
0234
0235
0236
0237
0238
0239
0240 if (chan->scid != L2CAP_CID_ATT ||
0241 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
0242 return -EINVAL;
0243
0244
0245
0246
0247
0248
0249
0250 chan->src_type = BDADDR_LE_PUBLIC;
0251 }
0252
0253 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
0254 return -EINVAL;
0255
0256 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
0257
0258 if (la.l2_cid &&
0259 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
0260 return -EINVAL;
0261 }
0262
0263
0264
0265
0266 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
0267 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
0268 chan->mode = L2CAP_MODE_LE_FLOWCTL;
0269
0270 l2cap_sock_init_pid(sk);
0271
0272 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
0273 &la.l2_bdaddr, la.l2_bdaddr_type);
0274 if (err)
0275 return err;
0276
0277 lock_sock(sk);
0278
0279 err = bt_sock_wait_state(sk, BT_CONNECTED,
0280 sock_sndtimeo(sk, flags & O_NONBLOCK));
0281
0282 release_sock(sk);
0283
0284 return err;
0285 }
0286
0287 static int l2cap_sock_listen(struct socket *sock, int backlog)
0288 {
0289 struct sock *sk = sock->sk;
0290 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0291 int err = 0;
0292
0293 BT_DBG("sk %p backlog %d", sk, backlog);
0294
0295 lock_sock(sk);
0296
0297 if (sk->sk_state != BT_BOUND) {
0298 err = -EBADFD;
0299 goto done;
0300 }
0301
0302 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
0303 err = -EINVAL;
0304 goto done;
0305 }
0306
0307 switch (chan->mode) {
0308 case L2CAP_MODE_BASIC:
0309 case L2CAP_MODE_LE_FLOWCTL:
0310 break;
0311 case L2CAP_MODE_EXT_FLOWCTL:
0312 if (!enable_ecred) {
0313 err = -EOPNOTSUPP;
0314 goto done;
0315 }
0316 break;
0317 case L2CAP_MODE_ERTM:
0318 case L2CAP_MODE_STREAMING:
0319 if (!disable_ertm)
0320 break;
0321 fallthrough;
0322 default:
0323 err = -EOPNOTSUPP;
0324 goto done;
0325 }
0326
0327 l2cap_sock_init_pid(sk);
0328
0329 sk->sk_max_ack_backlog = backlog;
0330 sk->sk_ack_backlog = 0;
0331
0332
0333
0334
0335
0336 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
0337
0338 chan->state = BT_LISTEN;
0339 sk->sk_state = BT_LISTEN;
0340
0341 done:
0342 release_sock(sk);
0343 return err;
0344 }
0345
0346 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
0347 int flags, bool kern)
0348 {
0349 DEFINE_WAIT_FUNC(wait, woken_wake_function);
0350 struct sock *sk = sock->sk, *nsk;
0351 long timeo;
0352 int err = 0;
0353
0354 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
0355
0356 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
0357
0358 BT_DBG("sk %p timeo %ld", sk, timeo);
0359
0360
0361 add_wait_queue_exclusive(sk_sleep(sk), &wait);
0362 while (1) {
0363 if (sk->sk_state != BT_LISTEN) {
0364 err = -EBADFD;
0365 break;
0366 }
0367
0368 nsk = bt_accept_dequeue(sk, newsock);
0369 if (nsk)
0370 break;
0371
0372 if (!timeo) {
0373 err = -EAGAIN;
0374 break;
0375 }
0376
0377 if (signal_pending(current)) {
0378 err = sock_intr_errno(timeo);
0379 break;
0380 }
0381
0382 release_sock(sk);
0383
0384 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
0385
0386 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
0387 }
0388 remove_wait_queue(sk_sleep(sk), &wait);
0389
0390 if (err)
0391 goto done;
0392
0393 newsock->state = SS_CONNECTED;
0394
0395 BT_DBG("new socket %p", nsk);
0396
0397 done:
0398 release_sock(sk);
0399 return err;
0400 }
0401
0402 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
0403 int peer)
0404 {
0405 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
0406 struct sock *sk = sock->sk;
0407 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0408
0409 BT_DBG("sock %p, sk %p", sock, sk);
0410
0411 if (peer && sk->sk_state != BT_CONNECTED &&
0412 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
0413 sk->sk_state != BT_CONFIG)
0414 return -ENOTCONN;
0415
0416 memset(la, 0, sizeof(struct sockaddr_l2));
0417 addr->sa_family = AF_BLUETOOTH;
0418
0419 la->l2_psm = chan->psm;
0420
0421 if (peer) {
0422 bacpy(&la->l2_bdaddr, &chan->dst);
0423 la->l2_cid = cpu_to_le16(chan->dcid);
0424 la->l2_bdaddr_type = chan->dst_type;
0425 } else {
0426 bacpy(&la->l2_bdaddr, &chan->src);
0427 la->l2_cid = cpu_to_le16(chan->scid);
0428 la->l2_bdaddr_type = chan->src_type;
0429 }
0430
0431 return sizeof(struct sockaddr_l2);
0432 }
0433
0434 static int l2cap_get_mode(struct l2cap_chan *chan)
0435 {
0436 switch (chan->mode) {
0437 case L2CAP_MODE_BASIC:
0438 return BT_MODE_BASIC;
0439 case L2CAP_MODE_ERTM:
0440 return BT_MODE_ERTM;
0441 case L2CAP_MODE_STREAMING:
0442 return BT_MODE_STREAMING;
0443 case L2CAP_MODE_LE_FLOWCTL:
0444 return BT_MODE_LE_FLOWCTL;
0445 case L2CAP_MODE_EXT_FLOWCTL:
0446 return BT_MODE_EXT_FLOWCTL;
0447 }
0448
0449 return -EINVAL;
0450 }
0451
0452 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
0453 char __user *optval, int __user *optlen)
0454 {
0455 struct sock *sk = sock->sk;
0456 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0457 struct l2cap_options opts;
0458 struct l2cap_conninfo cinfo;
0459 int len, err = 0;
0460 u32 opt;
0461
0462 BT_DBG("sk %p", sk);
0463
0464 if (get_user(len, optlen))
0465 return -EFAULT;
0466
0467 lock_sock(sk);
0468
0469 switch (optname) {
0470 case L2CAP_OPTIONS:
0471
0472
0473
0474
0475 if (bdaddr_type_is_le(chan->src_type) &&
0476 chan->scid != L2CAP_CID_ATT) {
0477 err = -EINVAL;
0478 break;
0479 }
0480
0481
0482 switch (chan->mode) {
0483 case L2CAP_MODE_BASIC:
0484 case L2CAP_MODE_ERTM:
0485 case L2CAP_MODE_STREAMING:
0486 break;
0487 default:
0488 err = -EINVAL;
0489 break;
0490 }
0491
0492 if (err < 0)
0493 break;
0494
0495 memset(&opts, 0, sizeof(opts));
0496 opts.imtu = chan->imtu;
0497 opts.omtu = chan->omtu;
0498 opts.flush_to = chan->flush_to;
0499 opts.mode = chan->mode;
0500 opts.fcs = chan->fcs;
0501 opts.max_tx = chan->max_tx;
0502 opts.txwin_size = chan->tx_win;
0503
0504 BT_DBG("mode 0x%2.2x", chan->mode);
0505
0506 len = min_t(unsigned int, len, sizeof(opts));
0507 if (copy_to_user(optval, (char *) &opts, len))
0508 err = -EFAULT;
0509
0510 break;
0511
0512 case L2CAP_LM:
0513 switch (chan->sec_level) {
0514 case BT_SECURITY_LOW:
0515 opt = L2CAP_LM_AUTH;
0516 break;
0517 case BT_SECURITY_MEDIUM:
0518 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
0519 break;
0520 case BT_SECURITY_HIGH:
0521 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
0522 L2CAP_LM_SECURE;
0523 break;
0524 case BT_SECURITY_FIPS:
0525 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
0526 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
0527 break;
0528 default:
0529 opt = 0;
0530 break;
0531 }
0532
0533 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
0534 opt |= L2CAP_LM_MASTER;
0535
0536 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
0537 opt |= L2CAP_LM_RELIABLE;
0538
0539 if (put_user(opt, (u32 __user *) optval))
0540 err = -EFAULT;
0541
0542 break;
0543
0544 case L2CAP_CONNINFO:
0545 if (sk->sk_state != BT_CONNECTED &&
0546 !(sk->sk_state == BT_CONNECT2 &&
0547 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
0548 err = -ENOTCONN;
0549 break;
0550 }
0551
0552 memset(&cinfo, 0, sizeof(cinfo));
0553 cinfo.hci_handle = chan->conn->hcon->handle;
0554 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
0555
0556 len = min_t(unsigned int, len, sizeof(cinfo));
0557 if (copy_to_user(optval, (char *) &cinfo, len))
0558 err = -EFAULT;
0559
0560 break;
0561
0562 default:
0563 err = -ENOPROTOOPT;
0564 break;
0565 }
0566
0567 release_sock(sk);
0568 return err;
0569 }
0570
0571 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
0572 char __user *optval, int __user *optlen)
0573 {
0574 struct sock *sk = sock->sk;
0575 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0576 struct bt_security sec;
0577 struct bt_power pwr;
0578 u32 phys;
0579 int len, mode, err = 0;
0580
0581 BT_DBG("sk %p", sk);
0582
0583 if (level == SOL_L2CAP)
0584 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
0585
0586 if (level != SOL_BLUETOOTH)
0587 return -ENOPROTOOPT;
0588
0589 if (get_user(len, optlen))
0590 return -EFAULT;
0591
0592 lock_sock(sk);
0593
0594 switch (optname) {
0595 case BT_SECURITY:
0596 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
0597 chan->chan_type != L2CAP_CHAN_FIXED &&
0598 chan->chan_type != L2CAP_CHAN_RAW) {
0599 err = -EINVAL;
0600 break;
0601 }
0602
0603 memset(&sec, 0, sizeof(sec));
0604 if (chan->conn) {
0605 sec.level = chan->conn->hcon->sec_level;
0606
0607 if (sk->sk_state == BT_CONNECTED)
0608 sec.key_size = chan->conn->hcon->enc_key_size;
0609 } else {
0610 sec.level = chan->sec_level;
0611 }
0612
0613 len = min_t(unsigned int, len, sizeof(sec));
0614 if (copy_to_user(optval, (char *) &sec, len))
0615 err = -EFAULT;
0616
0617 break;
0618
0619 case BT_DEFER_SETUP:
0620 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
0621 err = -EINVAL;
0622 break;
0623 }
0624
0625 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
0626 (u32 __user *) optval))
0627 err = -EFAULT;
0628
0629 break;
0630
0631 case BT_FLUSHABLE:
0632 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
0633 (u32 __user *) optval))
0634 err = -EFAULT;
0635
0636 break;
0637
0638 case BT_POWER:
0639 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
0640 && sk->sk_type != SOCK_RAW) {
0641 err = -EINVAL;
0642 break;
0643 }
0644
0645 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
0646
0647 len = min_t(unsigned int, len, sizeof(pwr));
0648 if (copy_to_user(optval, (char *) &pwr, len))
0649 err = -EFAULT;
0650
0651 break;
0652
0653 case BT_CHANNEL_POLICY:
0654 if (put_user(chan->chan_policy, (u32 __user *) optval))
0655 err = -EFAULT;
0656 break;
0657
0658 case BT_SNDMTU:
0659 if (!bdaddr_type_is_le(chan->src_type)) {
0660 err = -EINVAL;
0661 break;
0662 }
0663
0664 if (sk->sk_state != BT_CONNECTED) {
0665 err = -ENOTCONN;
0666 break;
0667 }
0668
0669 if (put_user(chan->omtu, (u16 __user *) optval))
0670 err = -EFAULT;
0671 break;
0672
0673 case BT_RCVMTU:
0674 if (!bdaddr_type_is_le(chan->src_type)) {
0675 err = -EINVAL;
0676 break;
0677 }
0678
0679 if (put_user(chan->imtu, (u16 __user *) optval))
0680 err = -EFAULT;
0681 break;
0682
0683 case BT_PHY:
0684 if (sk->sk_state != BT_CONNECTED) {
0685 err = -ENOTCONN;
0686 break;
0687 }
0688
0689 phys = hci_conn_get_phy(chan->conn->hcon);
0690
0691 if (put_user(phys, (u32 __user *) optval))
0692 err = -EFAULT;
0693 break;
0694
0695 case BT_MODE:
0696 if (!enable_ecred) {
0697 err = -ENOPROTOOPT;
0698 break;
0699 }
0700
0701 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
0702 err = -EINVAL;
0703 break;
0704 }
0705
0706 mode = l2cap_get_mode(chan);
0707 if (mode < 0) {
0708 err = mode;
0709 break;
0710 }
0711
0712 if (put_user(mode, (u8 __user *) optval))
0713 err = -EFAULT;
0714 break;
0715
0716 default:
0717 err = -ENOPROTOOPT;
0718 break;
0719 }
0720
0721 release_sock(sk);
0722 return err;
0723 }
0724
0725 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
0726 {
0727 switch (chan->scid) {
0728 case L2CAP_CID_ATT:
0729 if (mtu < L2CAP_LE_MIN_MTU)
0730 return false;
0731 break;
0732
0733 default:
0734 if (mtu < L2CAP_DEFAULT_MIN_MTU)
0735 return false;
0736 }
0737
0738 return true;
0739 }
0740
0741 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
0742 sockptr_t optval, unsigned int optlen)
0743 {
0744 struct sock *sk = sock->sk;
0745 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0746 struct l2cap_options opts;
0747 int len, err = 0;
0748 u32 opt;
0749
0750 BT_DBG("sk %p", sk);
0751
0752 lock_sock(sk);
0753
0754 switch (optname) {
0755 case L2CAP_OPTIONS:
0756 if (bdaddr_type_is_le(chan->src_type)) {
0757 err = -EINVAL;
0758 break;
0759 }
0760
0761 if (sk->sk_state == BT_CONNECTED) {
0762 err = -EINVAL;
0763 break;
0764 }
0765
0766 opts.imtu = chan->imtu;
0767 opts.omtu = chan->omtu;
0768 opts.flush_to = chan->flush_to;
0769 opts.mode = chan->mode;
0770 opts.fcs = chan->fcs;
0771 opts.max_tx = chan->max_tx;
0772 opts.txwin_size = chan->tx_win;
0773
0774 len = min_t(unsigned int, sizeof(opts), optlen);
0775 if (copy_from_sockptr(&opts, optval, len)) {
0776 err = -EFAULT;
0777 break;
0778 }
0779
0780 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
0781 err = -EINVAL;
0782 break;
0783 }
0784
0785 if (!l2cap_valid_mtu(chan, opts.imtu)) {
0786 err = -EINVAL;
0787 break;
0788 }
0789
0790
0791 switch (opts.mode) {
0792 case L2CAP_MODE_BASIC:
0793 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
0794 break;
0795 case L2CAP_MODE_ERTM:
0796 case L2CAP_MODE_STREAMING:
0797 if (!disable_ertm)
0798 break;
0799 fallthrough;
0800 default:
0801 err = -EINVAL;
0802 break;
0803 }
0804
0805 if (err < 0)
0806 break;
0807
0808 chan->mode = opts.mode;
0809
0810 BT_DBG("mode 0x%2.2x", chan->mode);
0811
0812 chan->imtu = opts.imtu;
0813 chan->omtu = opts.omtu;
0814 chan->fcs = opts.fcs;
0815 chan->max_tx = opts.max_tx;
0816 chan->tx_win = opts.txwin_size;
0817 chan->flush_to = opts.flush_to;
0818 break;
0819
0820 case L2CAP_LM:
0821 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0822 err = -EFAULT;
0823 break;
0824 }
0825
0826 if (opt & L2CAP_LM_FIPS) {
0827 err = -EINVAL;
0828 break;
0829 }
0830
0831 if (opt & L2CAP_LM_AUTH)
0832 chan->sec_level = BT_SECURITY_LOW;
0833 if (opt & L2CAP_LM_ENCRYPT)
0834 chan->sec_level = BT_SECURITY_MEDIUM;
0835 if (opt & L2CAP_LM_SECURE)
0836 chan->sec_level = BT_SECURITY_HIGH;
0837
0838 if (opt & L2CAP_LM_MASTER)
0839 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
0840 else
0841 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
0842
0843 if (opt & L2CAP_LM_RELIABLE)
0844 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
0845 else
0846 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
0847 break;
0848
0849 default:
0850 err = -ENOPROTOOPT;
0851 break;
0852 }
0853
0854 release_sock(sk);
0855 return err;
0856 }
0857
0858 static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
0859 {
0860 switch (mode) {
0861 case BT_MODE_BASIC:
0862 if (bdaddr_type_is_le(chan->src_type))
0863 return -EINVAL;
0864 mode = L2CAP_MODE_BASIC;
0865 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
0866 break;
0867 case BT_MODE_ERTM:
0868 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
0869 return -EINVAL;
0870 mode = L2CAP_MODE_ERTM;
0871 break;
0872 case BT_MODE_STREAMING:
0873 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
0874 return -EINVAL;
0875 mode = L2CAP_MODE_STREAMING;
0876 break;
0877 case BT_MODE_LE_FLOWCTL:
0878 if (!bdaddr_type_is_le(chan->src_type))
0879 return -EINVAL;
0880 mode = L2CAP_MODE_LE_FLOWCTL;
0881 break;
0882 case BT_MODE_EXT_FLOWCTL:
0883
0884 if (!bdaddr_type_is_le(chan->src_type))
0885 return -EINVAL;
0886 mode = L2CAP_MODE_EXT_FLOWCTL;
0887 break;
0888 default:
0889 return -EINVAL;
0890 }
0891
0892 chan->mode = mode;
0893
0894 return 0;
0895 }
0896
0897 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
0898 sockptr_t optval, unsigned int optlen)
0899 {
0900 struct sock *sk = sock->sk;
0901 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
0902 struct bt_security sec;
0903 struct bt_power pwr;
0904 struct l2cap_conn *conn;
0905 int len, err = 0;
0906 u32 opt;
0907 u16 mtu;
0908 u8 mode;
0909
0910 BT_DBG("sk %p", sk);
0911
0912 if (level == SOL_L2CAP)
0913 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
0914
0915 if (level != SOL_BLUETOOTH)
0916 return -ENOPROTOOPT;
0917
0918 lock_sock(sk);
0919
0920 switch (optname) {
0921 case BT_SECURITY:
0922 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
0923 chan->chan_type != L2CAP_CHAN_FIXED &&
0924 chan->chan_type != L2CAP_CHAN_RAW) {
0925 err = -EINVAL;
0926 break;
0927 }
0928
0929 sec.level = BT_SECURITY_LOW;
0930
0931 len = min_t(unsigned int, sizeof(sec), optlen);
0932 if (copy_from_sockptr(&sec, optval, len)) {
0933 err = -EFAULT;
0934 break;
0935 }
0936
0937 if (sec.level < BT_SECURITY_LOW ||
0938 sec.level > BT_SECURITY_FIPS) {
0939 err = -EINVAL;
0940 break;
0941 }
0942
0943 chan->sec_level = sec.level;
0944
0945 if (!chan->conn)
0946 break;
0947
0948 conn = chan->conn;
0949
0950
0951 if (chan->scid == L2CAP_CID_ATT) {
0952 if (smp_conn_security(conn->hcon, sec.level)) {
0953 err = -EINVAL;
0954 break;
0955 }
0956
0957 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
0958 sk->sk_state = BT_CONFIG;
0959 chan->state = BT_CONFIG;
0960
0961
0962 } else if ((sk->sk_state == BT_CONNECT2 &&
0963 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
0964 sk->sk_state == BT_CONNECTED) {
0965 if (!l2cap_chan_check_security(chan, true))
0966 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
0967 else
0968 sk->sk_state_change(sk);
0969 } else {
0970 err = -EINVAL;
0971 }
0972 break;
0973
0974 case BT_DEFER_SETUP:
0975 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
0976 err = -EINVAL;
0977 break;
0978 }
0979
0980 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0981 err = -EFAULT;
0982 break;
0983 }
0984
0985 if (opt) {
0986 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
0987 set_bit(FLAG_DEFER_SETUP, &chan->flags);
0988 } else {
0989 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
0990 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
0991 }
0992 break;
0993
0994 case BT_FLUSHABLE:
0995 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0996 err = -EFAULT;
0997 break;
0998 }
0999
1000 if (opt > BT_FLUSHABLE_ON) {
1001 err = -EINVAL;
1002 break;
1003 }
1004
1005 if (opt == BT_FLUSHABLE_OFF) {
1006 conn = chan->conn;
1007
1008
1009 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
1010 err = -EINVAL;
1011 break;
1012 }
1013 }
1014
1015 if (opt)
1016 set_bit(FLAG_FLUSHABLE, &chan->flags);
1017 else
1018 clear_bit(FLAG_FLUSHABLE, &chan->flags);
1019 break;
1020
1021 case BT_POWER:
1022 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
1023 chan->chan_type != L2CAP_CHAN_RAW) {
1024 err = -EINVAL;
1025 break;
1026 }
1027
1028 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
1029
1030 len = min_t(unsigned int, sizeof(pwr), optlen);
1031 if (copy_from_sockptr(&pwr, optval, len)) {
1032 err = -EFAULT;
1033 break;
1034 }
1035
1036 if (pwr.force_active)
1037 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1038 else
1039 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1040 break;
1041
1042 case BT_CHANNEL_POLICY:
1043 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1044 err = -EFAULT;
1045 break;
1046 }
1047
1048 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1049 err = -EINVAL;
1050 break;
1051 }
1052
1053 if (chan->mode != L2CAP_MODE_ERTM &&
1054 chan->mode != L2CAP_MODE_STREAMING) {
1055 err = -EOPNOTSUPP;
1056 break;
1057 }
1058
1059 chan->chan_policy = (u8) opt;
1060
1061 if (sk->sk_state == BT_CONNECTED &&
1062 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1063 l2cap_move_start(chan);
1064
1065 break;
1066
1067 case BT_SNDMTU:
1068 if (!bdaddr_type_is_le(chan->src_type)) {
1069 err = -EINVAL;
1070 break;
1071 }
1072
1073
1074
1075
1076 err = -EPERM;
1077 break;
1078
1079 case BT_RCVMTU:
1080 if (!bdaddr_type_is_le(chan->src_type)) {
1081 err = -EINVAL;
1082 break;
1083 }
1084
1085 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1086 sk->sk_state == BT_CONNECTED) {
1087 err = -EISCONN;
1088 break;
1089 }
1090
1091 if (copy_from_sockptr(&mtu, optval, sizeof(u16))) {
1092 err = -EFAULT;
1093 break;
1094 }
1095
1096 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1097 sk->sk_state == BT_CONNECTED)
1098 err = l2cap_chan_reconfigure(chan, mtu);
1099 else
1100 chan->imtu = mtu;
1101
1102 break;
1103
1104 case BT_MODE:
1105 if (!enable_ecred) {
1106 err = -ENOPROTOOPT;
1107 break;
1108 }
1109
1110 BT_DBG("sk->sk_state %u", sk->sk_state);
1111
1112 if (sk->sk_state != BT_BOUND) {
1113 err = -EINVAL;
1114 break;
1115 }
1116
1117 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1118 err = -EINVAL;
1119 break;
1120 }
1121
1122 if (copy_from_sockptr(&mode, optval, sizeof(u8))) {
1123 err = -EFAULT;
1124 break;
1125 }
1126
1127 BT_DBG("mode %u", mode);
1128
1129 err = l2cap_set_mode(chan, mode);
1130 if (err)
1131 break;
1132
1133 BT_DBG("mode 0x%2.2x", chan->mode);
1134
1135 break;
1136
1137 default:
1138 err = -ENOPROTOOPT;
1139 break;
1140 }
1141
1142 release_sock(sk);
1143 return err;
1144 }
1145
1146 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1147 size_t len)
1148 {
1149 struct sock *sk = sock->sk;
1150 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1151 int err;
1152
1153 BT_DBG("sock %p, sk %p", sock, sk);
1154
1155 err = sock_error(sk);
1156 if (err)
1157 return err;
1158
1159 if (msg->msg_flags & MSG_OOB)
1160 return -EOPNOTSUPP;
1161
1162 if (sk->sk_state != BT_CONNECTED)
1163 return -ENOTCONN;
1164
1165 lock_sock(sk);
1166 err = bt_sock_wait_ready(sk, msg->msg_flags);
1167 release_sock(sk);
1168 if (err)
1169 return err;
1170
1171 l2cap_chan_lock(chan);
1172 err = l2cap_chan_send(chan, msg, len);
1173 l2cap_chan_unlock(chan);
1174
1175 return err;
1176 }
1177
1178 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1179 size_t len, int flags)
1180 {
1181 struct sock *sk = sock->sk;
1182 struct l2cap_pinfo *pi = l2cap_pi(sk);
1183 int err;
1184
1185 lock_sock(sk);
1186
1187 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1188 &bt_sk(sk)->flags)) {
1189 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1190 sk->sk_state = BT_CONNECTED;
1191 pi->chan->state = BT_CONNECTED;
1192 __l2cap_ecred_conn_rsp_defer(pi->chan);
1193 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1194 sk->sk_state = BT_CONNECTED;
1195 pi->chan->state = BT_CONNECTED;
1196 __l2cap_le_connect_rsp_defer(pi->chan);
1197 } else {
1198 sk->sk_state = BT_CONFIG;
1199 pi->chan->state = BT_CONFIG;
1200 __l2cap_connect_rsp_defer(pi->chan);
1201 }
1202
1203 err = 0;
1204 goto done;
1205 }
1206
1207 release_sock(sk);
1208
1209 if (sock->type == SOCK_STREAM)
1210 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1211 else
1212 err = bt_sock_recvmsg(sock, msg, len, flags);
1213
1214 if (pi->chan->mode != L2CAP_MODE_ERTM)
1215 return err;
1216
1217
1218
1219 lock_sock(sk);
1220
1221 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1222 goto done;
1223
1224 if (pi->rx_busy_skb) {
1225 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1226 pi->rx_busy_skb = NULL;
1227 else
1228 goto done;
1229 }
1230
1231
1232
1233
1234
1235 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1236 l2cap_chan_busy(pi->chan, 0);
1237
1238 done:
1239 release_sock(sk);
1240 return err;
1241 }
1242
1243
1244
1245
1246 static void l2cap_sock_kill(struct sock *sk)
1247 {
1248 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1249 return;
1250
1251 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1252
1253
1254
1255 l2cap_chan_put(l2cap_pi(sk)->chan);
1256 sock_set_flag(sk, SOCK_DEAD);
1257 sock_put(sk);
1258 }
1259
1260 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1261 {
1262 DECLARE_WAITQUEUE(wait, current);
1263 int err = 0;
1264 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1265
1266 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1267
1268 add_wait_queue(sk_sleep(sk), &wait);
1269 set_current_state(TASK_INTERRUPTIBLE);
1270 do {
1271 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1272 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1273 jiffies_to_msecs(timeout - jiffies));
1274
1275 if (!timeo)
1276 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1277
1278 if (signal_pending(current)) {
1279 err = sock_intr_errno(timeo);
1280 break;
1281 }
1282
1283 release_sock(sk);
1284 timeo = schedule_timeout(timeo);
1285 lock_sock(sk);
1286 set_current_state(TASK_INTERRUPTIBLE);
1287
1288 err = sock_error(sk);
1289 if (err)
1290 break;
1291
1292 if (time_after(jiffies, timeout)) {
1293 err = -ENOLINK;
1294 break;
1295 }
1296
1297 } while (chan->unacked_frames > 0 &&
1298 chan->state == BT_CONNECTED);
1299
1300 set_current_state(TASK_RUNNING);
1301 remove_wait_queue(sk_sleep(sk), &wait);
1302 return err;
1303 }
1304
1305 static int l2cap_sock_shutdown(struct socket *sock, int how)
1306 {
1307 struct sock *sk = sock->sk;
1308 struct l2cap_chan *chan;
1309 struct l2cap_conn *conn;
1310 int err = 0;
1311
1312 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1313
1314
1315
1316
1317
1318
1319 how++;
1320
1321 if (!sk)
1322 return 0;
1323
1324 lock_sock(sk);
1325
1326 if ((sk->sk_shutdown & how) == how)
1327 goto shutdown_already;
1328
1329 BT_DBG("Handling sock shutdown");
1330
1331
1332 sock_hold(sk);
1333
1334 chan = l2cap_pi(sk)->chan;
1335
1336 l2cap_chan_hold(chan);
1337
1338 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1339
1340 if (chan->mode == L2CAP_MODE_ERTM &&
1341 chan->unacked_frames > 0 &&
1342 chan->state == BT_CONNECTED) {
1343 err = __l2cap_wait_ack(sk, chan);
1344
1345
1346
1347
1348
1349 if ((sk->sk_shutdown & how) == how)
1350 goto shutdown_matched;
1351 }
1352
1353
1354
1355
1356 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1357 sk->sk_shutdown |= RCV_SHUTDOWN;
1358 if ((sk->sk_shutdown & how) == how)
1359 goto shutdown_matched;
1360 }
1361
1362 sk->sk_shutdown |= SEND_SHUTDOWN;
1363 release_sock(sk);
1364
1365 l2cap_chan_lock(chan);
1366 conn = chan->conn;
1367 if (conn)
1368
1369 l2cap_conn_get(conn);
1370 l2cap_chan_unlock(chan);
1371
1372 if (conn)
1373
1374 mutex_lock(&conn->chan_lock);
1375
1376 l2cap_chan_lock(chan);
1377 l2cap_chan_close(chan, 0);
1378 l2cap_chan_unlock(chan);
1379
1380 if (conn) {
1381 mutex_unlock(&conn->chan_lock);
1382 l2cap_conn_put(conn);
1383 }
1384
1385 lock_sock(sk);
1386
1387 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1388 !(current->flags & PF_EXITING))
1389 err = bt_sock_wait_state(sk, BT_CLOSED,
1390 sk->sk_lingertime);
1391
1392 shutdown_matched:
1393 l2cap_chan_put(chan);
1394 sock_put(sk);
1395
1396 shutdown_already:
1397 if (!err && sk->sk_err)
1398 err = -sk->sk_err;
1399
1400 release_sock(sk);
1401
1402 BT_DBG("Sock shutdown complete err: %d", err);
1403
1404 return err;
1405 }
1406
1407 static int l2cap_sock_release(struct socket *sock)
1408 {
1409 struct sock *sk = sock->sk;
1410 int err;
1411 struct l2cap_chan *chan;
1412
1413 BT_DBG("sock %p, sk %p", sock, sk);
1414
1415 if (!sk)
1416 return 0;
1417
1418 bt_sock_unlink(&l2cap_sk_list, sk);
1419
1420 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
1421 chan = l2cap_pi(sk)->chan;
1422
1423 l2cap_chan_hold(chan);
1424 l2cap_chan_lock(chan);
1425
1426 sock_orphan(sk);
1427 l2cap_sock_kill(sk);
1428
1429 l2cap_chan_unlock(chan);
1430 l2cap_chan_put(chan);
1431
1432 return err;
1433 }
1434
1435 static void l2cap_sock_cleanup_listen(struct sock *parent)
1436 {
1437 struct sock *sk;
1438
1439 BT_DBG("parent %p state %s", parent,
1440 state_to_string(parent->sk_state));
1441
1442
1443 while ((sk = bt_accept_dequeue(parent, NULL))) {
1444 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1445
1446 BT_DBG("child chan %p state %s", chan,
1447 state_to_string(chan->state));
1448
1449 l2cap_chan_hold(chan);
1450 l2cap_chan_lock(chan);
1451
1452 __clear_chan_timer(chan);
1453 l2cap_chan_close(chan, ECONNRESET);
1454 l2cap_sock_kill(sk);
1455
1456 l2cap_chan_unlock(chan);
1457 l2cap_chan_put(chan);
1458 }
1459 }
1460
1461 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1462 {
1463 struct sock *sk, *parent = chan->data;
1464
1465 lock_sock(parent);
1466
1467
1468 if (sk_acceptq_is_full(parent)) {
1469 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1470 release_sock(parent);
1471 return NULL;
1472 }
1473
1474 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1475 GFP_ATOMIC, 0);
1476 if (!sk) {
1477 release_sock(parent);
1478 return NULL;
1479 }
1480
1481 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1482
1483 l2cap_sock_init(sk, parent);
1484
1485 bt_accept_enqueue(parent, sk, false);
1486
1487 release_sock(parent);
1488
1489 return l2cap_pi(sk)->chan;
1490 }
1491
1492 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1493 {
1494 struct sock *sk = chan->data;
1495 int err;
1496
1497 lock_sock(sk);
1498
1499 if (l2cap_pi(sk)->rx_busy_skb) {
1500 err = -ENOMEM;
1501 goto done;
1502 }
1503
1504 if (chan->mode != L2CAP_MODE_ERTM &&
1505 chan->mode != L2CAP_MODE_STREAMING) {
1506
1507
1508
1509 err = sk_filter(sk, skb);
1510 if (err)
1511 goto done;
1512 }
1513
1514 err = __sock_queue_rcv_skb(sk, skb);
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1526 l2cap_pi(sk)->rx_busy_skb = skb;
1527 l2cap_chan_busy(chan, 1);
1528 err = 0;
1529 }
1530
1531 done:
1532 release_sock(sk);
1533
1534 return err;
1535 }
1536
1537 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1538 {
1539 struct sock *sk = chan->data;
1540
1541 if (!sk)
1542 return;
1543
1544 l2cap_sock_kill(sk);
1545 }
1546
1547 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1548 {
1549 struct sock *sk = chan->data;
1550 struct sock *parent;
1551
1552 if (!sk)
1553 return;
1554
1555 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1556
1557
1558
1559
1560
1561
1562
1563
1564 lock_sock_nested(sk, atomic_read(&chan->nesting));
1565
1566 parent = bt_sk(sk)->parent;
1567
1568 switch (chan->state) {
1569 case BT_OPEN:
1570 case BT_BOUND:
1571 case BT_CLOSED:
1572 break;
1573 case BT_LISTEN:
1574 l2cap_sock_cleanup_listen(sk);
1575 sk->sk_state = BT_CLOSED;
1576 chan->state = BT_CLOSED;
1577
1578 break;
1579 default:
1580 sk->sk_state = BT_CLOSED;
1581 chan->state = BT_CLOSED;
1582
1583 sk->sk_err = err;
1584
1585 if (parent) {
1586 bt_accept_unlink(sk);
1587 parent->sk_data_ready(parent);
1588 } else {
1589 sk->sk_state_change(sk);
1590 }
1591
1592 break;
1593 }
1594 release_sock(sk);
1595
1596
1597 sock_set_flag(sk, SOCK_ZAPPED);
1598
1599 }
1600
1601 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1602 int err)
1603 {
1604 struct sock *sk = chan->data;
1605
1606 sk->sk_state = state;
1607
1608 if (err)
1609 sk->sk_err = err;
1610 }
1611
1612 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1613 unsigned long hdr_len,
1614 unsigned long len, int nb)
1615 {
1616 struct sock *sk = chan->data;
1617 struct sk_buff *skb;
1618 int err;
1619
1620 l2cap_chan_unlock(chan);
1621 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1622 l2cap_chan_lock(chan);
1623
1624 if (!skb)
1625 return ERR_PTR(err);
1626
1627 skb->priority = sk->sk_priority;
1628
1629 bt_cb(skb)->l2cap.chan = chan;
1630
1631 return skb;
1632 }
1633
1634 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1635 {
1636 struct sock *sk = chan->data;
1637 struct sock *parent;
1638
1639 lock_sock(sk);
1640
1641 parent = bt_sk(sk)->parent;
1642
1643 BT_DBG("sk %p, parent %p", sk, parent);
1644
1645 sk->sk_state = BT_CONNECTED;
1646 sk->sk_state_change(sk);
1647
1648 if (parent)
1649 parent->sk_data_ready(parent);
1650
1651 release_sock(sk);
1652 }
1653
1654 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1655 {
1656 struct sock *parent, *sk = chan->data;
1657
1658 lock_sock(sk);
1659
1660 parent = bt_sk(sk)->parent;
1661 if (parent)
1662 parent->sk_data_ready(parent);
1663
1664 release_sock(sk);
1665 }
1666
1667 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1668 {
1669 struct sock *sk = chan->data;
1670
1671 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1672 sk->sk_state = BT_CONNECTED;
1673 chan->state = BT_CONNECTED;
1674 }
1675
1676 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1677 sk->sk_state_change(sk);
1678 }
1679
1680 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1681 {
1682 struct sock *sk = chan->data;
1683
1684 lock_sock(sk);
1685 sk->sk_shutdown = SHUTDOWN_MASK;
1686 release_sock(sk);
1687 }
1688
1689 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1690 {
1691 struct sock *sk = chan->data;
1692
1693 return sk->sk_sndtimeo;
1694 }
1695
1696 static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1697 {
1698 struct sock *sk = chan->data;
1699
1700 return sk->sk_peer_pid;
1701 }
1702
1703 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1704 {
1705 struct sock *sk = chan->data;
1706
1707 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1708 sk->sk_state_change(sk);
1709 }
1710
1711 static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1712 {
1713 struct sock *sk = chan->data;
1714
1715 switch (chan->mode) {
1716 case L2CAP_MODE_ERTM:
1717 case L2CAP_MODE_STREAMING:
1718 return sk_filter(sk, skb);
1719 }
1720
1721 return 0;
1722 }
1723
1724 static const struct l2cap_ops l2cap_chan_ops = {
1725 .name = "L2CAP Socket Interface",
1726 .new_connection = l2cap_sock_new_connection_cb,
1727 .recv = l2cap_sock_recv_cb,
1728 .close = l2cap_sock_close_cb,
1729 .teardown = l2cap_sock_teardown_cb,
1730 .state_change = l2cap_sock_state_change_cb,
1731 .ready = l2cap_sock_ready_cb,
1732 .defer = l2cap_sock_defer_cb,
1733 .resume = l2cap_sock_resume_cb,
1734 .suspend = l2cap_sock_suspend_cb,
1735 .set_shutdown = l2cap_sock_set_shutdown_cb,
1736 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1737 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1738 .alloc_skb = l2cap_sock_alloc_skb_cb,
1739 .filter = l2cap_sock_filter,
1740 };
1741
1742 static void l2cap_sock_destruct(struct sock *sk)
1743 {
1744 BT_DBG("sk %p", sk);
1745
1746 if (l2cap_pi(sk)->chan) {
1747 l2cap_pi(sk)->chan->data = NULL;
1748 l2cap_chan_put(l2cap_pi(sk)->chan);
1749 }
1750
1751 if (l2cap_pi(sk)->rx_busy_skb) {
1752 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1753 l2cap_pi(sk)->rx_busy_skb = NULL;
1754 }
1755
1756 skb_queue_purge(&sk->sk_receive_queue);
1757 skb_queue_purge(&sk->sk_write_queue);
1758 }
1759
1760 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1761 int *msg_namelen)
1762 {
1763 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1764
1765 memset(la, 0, sizeof(struct sockaddr_l2));
1766 la->l2_family = AF_BLUETOOTH;
1767 la->l2_psm = bt_cb(skb)->l2cap.psm;
1768 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1769
1770 *msg_namelen = sizeof(struct sockaddr_l2);
1771 }
1772
1773 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1774 {
1775 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1776
1777 BT_DBG("sk %p", sk);
1778
1779 if (parent) {
1780 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1781
1782 sk->sk_type = parent->sk_type;
1783 bt_sk(sk)->flags = bt_sk(parent)->flags;
1784
1785 chan->chan_type = pchan->chan_type;
1786 chan->imtu = pchan->imtu;
1787 chan->omtu = pchan->omtu;
1788 chan->conf_state = pchan->conf_state;
1789 chan->mode = pchan->mode;
1790 chan->fcs = pchan->fcs;
1791 chan->max_tx = pchan->max_tx;
1792 chan->tx_win = pchan->tx_win;
1793 chan->tx_win_max = pchan->tx_win_max;
1794 chan->sec_level = pchan->sec_level;
1795 chan->flags = pchan->flags;
1796 chan->tx_credits = pchan->tx_credits;
1797 chan->rx_credits = pchan->rx_credits;
1798
1799 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1800 chan->scid = pchan->scid;
1801 chan->dcid = pchan->scid;
1802 }
1803
1804 security_sk_clone(parent, sk);
1805 } else {
1806 switch (sk->sk_type) {
1807 case SOCK_RAW:
1808 chan->chan_type = L2CAP_CHAN_RAW;
1809 break;
1810 case SOCK_DGRAM:
1811 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1812 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1813 break;
1814 case SOCK_SEQPACKET:
1815 case SOCK_STREAM:
1816 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1817 break;
1818 }
1819
1820 chan->imtu = L2CAP_DEFAULT_MTU;
1821 chan->omtu = 0;
1822 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1823 chan->mode = L2CAP_MODE_ERTM;
1824 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1825 } else {
1826 chan->mode = L2CAP_MODE_BASIC;
1827 }
1828
1829 l2cap_chan_set_defaults(chan);
1830 }
1831
1832
1833 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1834
1835 chan->data = sk;
1836 chan->ops = &l2cap_chan_ops;
1837 }
1838
1839 static struct proto l2cap_proto = {
1840 .name = "L2CAP",
1841 .owner = THIS_MODULE,
1842 .obj_size = sizeof(struct l2cap_pinfo)
1843 };
1844
1845 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1846 int proto, gfp_t prio, int kern)
1847 {
1848 struct sock *sk;
1849 struct l2cap_chan *chan;
1850
1851 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1852 if (!sk)
1853 return NULL;
1854
1855 sock_init_data(sock, sk);
1856 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1857
1858 sk->sk_destruct = l2cap_sock_destruct;
1859 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1860
1861 sock_reset_flag(sk, SOCK_ZAPPED);
1862
1863 sk->sk_protocol = proto;
1864 sk->sk_state = BT_OPEN;
1865
1866 chan = l2cap_chan_create();
1867 if (!chan) {
1868 sk_free(sk);
1869 return NULL;
1870 }
1871
1872 l2cap_chan_hold(chan);
1873
1874 l2cap_pi(sk)->chan = chan;
1875
1876 return sk;
1877 }
1878
1879 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1880 int kern)
1881 {
1882 struct sock *sk;
1883
1884 BT_DBG("sock %p", sock);
1885
1886 sock->state = SS_UNCONNECTED;
1887
1888 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1889 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1890 return -ESOCKTNOSUPPORT;
1891
1892 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1893 return -EPERM;
1894
1895 sock->ops = &l2cap_sock_ops;
1896
1897 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1898 if (!sk)
1899 return -ENOMEM;
1900
1901 l2cap_sock_init(sk, NULL);
1902 bt_sock_link(&l2cap_sk_list, sk);
1903 return 0;
1904 }
1905
1906 static const struct proto_ops l2cap_sock_ops = {
1907 .family = PF_BLUETOOTH,
1908 .owner = THIS_MODULE,
1909 .release = l2cap_sock_release,
1910 .bind = l2cap_sock_bind,
1911 .connect = l2cap_sock_connect,
1912 .listen = l2cap_sock_listen,
1913 .accept = l2cap_sock_accept,
1914 .getname = l2cap_sock_getname,
1915 .sendmsg = l2cap_sock_sendmsg,
1916 .recvmsg = l2cap_sock_recvmsg,
1917 .poll = bt_sock_poll,
1918 .ioctl = bt_sock_ioctl,
1919 .gettstamp = sock_gettstamp,
1920 .mmap = sock_no_mmap,
1921 .socketpair = sock_no_socketpair,
1922 .shutdown = l2cap_sock_shutdown,
1923 .setsockopt = l2cap_sock_setsockopt,
1924 .getsockopt = l2cap_sock_getsockopt
1925 };
1926
1927 static const struct net_proto_family l2cap_sock_family_ops = {
1928 .family = PF_BLUETOOTH,
1929 .owner = THIS_MODULE,
1930 .create = l2cap_sock_create,
1931 };
1932
1933 int __init l2cap_init_sockets(void)
1934 {
1935 int err;
1936
1937 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1938
1939 err = proto_register(&l2cap_proto, 0);
1940 if (err < 0)
1941 return err;
1942
1943 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1944 if (err < 0) {
1945 BT_ERR("L2CAP socket registration failed");
1946 goto error;
1947 }
1948
1949 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1950 NULL);
1951 if (err < 0) {
1952 BT_ERR("Failed to create L2CAP proc file");
1953 bt_sock_unregister(BTPROTO_L2CAP);
1954 goto error;
1955 }
1956
1957 BT_INFO("L2CAP socket layer initialized");
1958
1959 return 0;
1960
1961 error:
1962 proto_unregister(&l2cap_proto);
1963 return err;
1964 }
1965
1966 void l2cap_cleanup_sockets(void)
1967 {
1968 bt_procfs_cleanup(&init_net, "l2cap");
1969 bt_sock_unregister(BTPROTO_L2CAP);
1970 proto_unregister(&l2cap_proto);
1971 }
