1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/security.h>
31#include <linux/export.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/smp.h>
37
38static const struct proto_ops l2cap_sock_ops;
39static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
41
42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43{
44 struct sock *sk = sock->sk;
45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
58 if (la.l2_cid && la.l2_psm)
59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, la.l2_cid);
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
88
89 if (err < 0)
90 goto done;
91
92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
95
96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
97
98 chan->state = BT_BOUND;
99 sk->sk_state = BT_BOUND;
100
101done:
102 release_sock(sk);
103 return err;
104}
105
106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107{
108 struct sock *sk = sock->sk;
109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
123 if (la.l2_cid && la.l2_psm)
124 return -EINVAL;
125
126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
127 if (err)
128 goto done;
129
130 err = bt_sock_wait_state(sk, BT_CONNECTED,
131 sock_sndtimeo(sk, flags & O_NONBLOCK));
132done:
133 if (sock_owned_by_user(sk))
134 release_sock(sk);
135 return err;
136}
137
138static int l2cap_sock_listen(struct socket *sock, int backlog)
139{
140 struct sock *sk = sock->sk;
141 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
142 int err = 0;
143
144 BT_DBG("sk %p backlog %d", sk, backlog);
145
146 lock_sock(sk);
147
148 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
149 || sk->sk_state != BT_BOUND) {
150 err = -EBADFD;
151 goto done;
152 }
153
154 switch (chan->mode) {
155 case L2CAP_MODE_BASIC:
156 break;
157 case L2CAP_MODE_ERTM:
158 case L2CAP_MODE_STREAMING:
159 if (!disable_ertm)
160 break;
161
162 default:
163 err = -ENOTSUPP;
164 goto done;
165 }
166
167 sk->sk_max_ack_backlog = backlog;
168 sk->sk_ack_backlog = 0;
169
170 chan->state = BT_LISTEN;
171 sk->sk_state = BT_LISTEN;
172
173done:
174 release_sock(sk);
175 return err;
176}
177
178static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
179{
180 DECLARE_WAITQUEUE(wait, current);
181 struct sock *sk = sock->sk, *nsk;
182 long timeo;
183 int err = 0;
184
185 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
186
187 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
188
189 BT_DBG("sk %p timeo %ld", sk, timeo);
190
191
192 add_wait_queue_exclusive(sk_sleep(sk), &wait);
193 while (1) {
194 set_current_state(TASK_INTERRUPTIBLE);
195
196 if (sk->sk_state != BT_LISTEN) {
197 err = -EBADFD;
198 break;
199 }
200
201 nsk = bt_accept_dequeue(sk, newsock);
202 if (nsk)
203 break;
204
205 if (!timeo) {
206 err = -EAGAIN;
207 break;
208 }
209
210 if (signal_pending(current)) {
211 err = sock_intr_errno(timeo);
212 break;
213 }
214
215 release_sock(sk);
216 timeo = schedule_timeout(timeo);
217 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
218 }
219 __set_current_state(TASK_RUNNING);
220 remove_wait_queue(sk_sleep(sk), &wait);
221
222 if (err)
223 goto done;
224
225 newsock->state = SS_CONNECTED;
226
227 BT_DBG("new socket %p", nsk);
228
229done:
230 release_sock(sk);
231 return err;
232}
233
234static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
235{
236 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
237 struct sock *sk = sock->sk;
238 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
239
240 BT_DBG("sock %p, sk %p", sock, sk);
241
242 addr->sa_family = AF_BLUETOOTH;
243 *len = sizeof(struct sockaddr_l2);
244
245 if (peer) {
246 la->l2_psm = chan->psm;
247 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
248 la->l2_cid = cpu_to_le16(chan->dcid);
249 } else {
250 la->l2_psm = chan->sport;
251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
252 la->l2_cid = cpu_to_le16(chan->scid);
253 }
254
255 return 0;
256}
257
258static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
259{
260 struct sock *sk = sock->sk;
261 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
262 struct l2cap_options opts;
263 struct l2cap_conninfo cinfo;
264 int len, err = 0;
265 u32 opt;
266
267 BT_DBG("sk %p", sk);
268
269 if (get_user(len, optlen))
270 return -EFAULT;
271
272 lock_sock(sk);
273
274 switch (optname) {
275 case L2CAP_OPTIONS:
276 memset(&opts, 0, sizeof(opts));
277 opts.imtu = chan->imtu;
278 opts.omtu = chan->omtu;
279 opts.flush_to = chan->flush_to;
280 opts.mode = chan->mode;
281 opts.fcs = chan->fcs;
282 opts.max_tx = chan->max_tx;
283 opts.txwin_size = chan->tx_win;
284
285 len = min_t(unsigned int, len, sizeof(opts));
286 if (copy_to_user(optval, (char *) &opts, len))
287 err = -EFAULT;
288
289 break;
290
291 case L2CAP_LM:
292 switch (chan->sec_level) {
293 case BT_SECURITY_LOW:
294 opt = L2CAP_LM_AUTH;
295 break;
296 case BT_SECURITY_MEDIUM:
297 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
298 break;
299 case BT_SECURITY_HIGH:
300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
301 L2CAP_LM_SECURE;
302 break;
303 default:
304 opt = 0;
305 break;
306 }
307
308 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
309 opt |= L2CAP_LM_MASTER;
310
311 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
312 opt |= L2CAP_LM_RELIABLE;
313
314 if (put_user(opt, (u32 __user *) optval))
315 err = -EFAULT;
316 break;
317
318 case L2CAP_CONNINFO:
319 if (sk->sk_state != BT_CONNECTED &&
320 !(sk->sk_state == BT_CONNECT2 &&
321 bt_sk(sk)->defer_setup)) {
322 err = -ENOTCONN;
323 break;
324 }
325
326 memset(&cinfo, 0, sizeof(cinfo));
327 cinfo.hci_handle = chan->conn->hcon->handle;
328 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
329
330 len = min_t(unsigned int, len, sizeof(cinfo));
331 if (copy_to_user(optval, (char *) &cinfo, len))
332 err = -EFAULT;
333
334 break;
335
336 default:
337 err = -ENOPROTOOPT;
338 break;
339 }
340
341 release_sock(sk);
342 return err;
343}
344
345static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
346{
347 struct sock *sk = sock->sk;
348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
349 struct bt_security sec;
350 struct bt_power pwr;
351 int len, err = 0;
352
353 BT_DBG("sk %p", sk);
354
355 if (level == SOL_L2CAP)
356 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
357
358 if (level != SOL_BLUETOOTH)
359 return -ENOPROTOOPT;
360
361 if (get_user(len, optlen))
362 return -EFAULT;
363
364 lock_sock(sk);
365
366 switch (optname) {
367 case BT_SECURITY:
368 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
369 chan->chan_type != L2CAP_CHAN_RAW) {
370 err = -EINVAL;
371 break;
372 }
373
374 memset(&sec, 0, sizeof(sec));
375 sec.level = chan->sec_level;
376
377 if (sk->sk_state == BT_CONNECTED)
378 sec.key_size = chan->conn->hcon->enc_key_size;
379
380 len = min_t(unsigned int, len, sizeof(sec));
381 if (copy_to_user(optval, (char *) &sec, len))
382 err = -EFAULT;
383
384 break;
385
386 case BT_DEFER_SETUP:
387 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
388 err = -EINVAL;
389 break;
390 }
391
392 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
393 err = -EFAULT;
394
395 break;
396
397 case BT_FLUSHABLE:
398 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
399 (u32 __user *) optval))
400 err = -EFAULT;
401
402 break;
403
404 case BT_POWER:
405 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
406 && sk->sk_type != SOCK_RAW) {
407 err = -EINVAL;
408 break;
409 }
410
411 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
412
413 len = min_t(unsigned int, len, sizeof(pwr));
414 if (copy_to_user(optval, (char *) &pwr, len))
415 err = -EFAULT;
416
417 break;
418
419 case BT_CHANNEL_POLICY:
420 if (!enable_hs) {
421 err = -ENOPROTOOPT;
422 break;
423 }
424
425 if (put_user(chan->chan_policy, (u32 __user *) optval))
426 err = -EFAULT;
427 break;
428
429 default:
430 err = -ENOPROTOOPT;
431 break;
432 }
433
434 release_sock(sk);
435 return err;
436}
437
438static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
439{
440 struct sock *sk = sock->sk;
441 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
442 struct l2cap_options opts;
443 int len, err = 0;
444 u32 opt;
445
446 BT_DBG("sk %p", sk);
447
448 lock_sock(sk);
449
450 switch (optname) {
451 case L2CAP_OPTIONS:
452 if (sk->sk_state == BT_CONNECTED) {
453 err = -EINVAL;
454 break;
455 }
456
457 opts.imtu = chan->imtu;
458 opts.omtu = chan->omtu;
459 opts.flush_to = chan->flush_to;
460 opts.mode = chan->mode;
461 opts.fcs = chan->fcs;
462 opts.max_tx = chan->max_tx;
463 opts.txwin_size = chan->tx_win;
464
465 len = min_t(unsigned int, sizeof(opts), optlen);
466 if (copy_from_user((char *) &opts, optval, len)) {
467 err = -EFAULT;
468 break;
469 }
470
471 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
472 err = -EINVAL;
473 break;
474 }
475
476 chan->mode = opts.mode;
477 switch (chan->mode) {
478 case L2CAP_MODE_BASIC:
479 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
480 break;
481 case L2CAP_MODE_ERTM:
482 case L2CAP_MODE_STREAMING:
483 if (!disable_ertm)
484 break;
485
486 default:
487 err = -EINVAL;
488 break;
489 }
490
491 chan->imtu = opts.imtu;
492 chan->omtu = opts.omtu;
493 chan->fcs = opts.fcs;
494 chan->max_tx = opts.max_tx;
495 chan->tx_win = opts.txwin_size;
496 break;
497
498 case L2CAP_LM:
499 if (get_user(opt, (u32 __user *) optval)) {
500 err = -EFAULT;
501 break;
502 }
503
504 if (opt & L2CAP_LM_AUTH)
505 chan->sec_level = BT_SECURITY_LOW;
506 if (opt & L2CAP_LM_ENCRYPT)
507 chan->sec_level = BT_SECURITY_MEDIUM;
508 if (opt & L2CAP_LM_SECURE)
509 chan->sec_level = BT_SECURITY_HIGH;
510
511 if (opt & L2CAP_LM_MASTER)
512 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
513 else
514 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
515
516 if (opt & L2CAP_LM_RELIABLE)
517 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
518 else
519 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
520 break;
521
522 default:
523 err = -ENOPROTOOPT;
524 break;
525 }
526
527 release_sock(sk);
528 return err;
529}
530
531static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
532{
533 struct sock *sk = sock->sk;
534 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
535 struct bt_security sec;
536 struct bt_power pwr;
537 struct l2cap_conn *conn;
538 int len, err = 0;
539 u32 opt;
540
541 BT_DBG("sk %p", sk);
542
543 if (level == SOL_L2CAP)
544 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
545
546 if (level != SOL_BLUETOOTH)
547 return -ENOPROTOOPT;
548
549 lock_sock(sk);
550
551 switch (optname) {
552 case BT_SECURITY:
553 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
554 chan->chan_type != L2CAP_CHAN_RAW) {
555 err = -EINVAL;
556 break;
557 }
558
559 sec.level = BT_SECURITY_LOW;
560
561 len = min_t(unsigned int, sizeof(sec), optlen);
562 if (copy_from_user((char *) &sec, optval, len)) {
563 err = -EFAULT;
564 break;
565 }
566
567 if (sec.level < BT_SECURITY_LOW ||
568 sec.level > BT_SECURITY_HIGH) {
569 err = -EINVAL;
570 break;
571 }
572
573 chan->sec_level = sec.level;
574
575 if (!chan->conn)
576 break;
577
578 conn = chan->conn;
579
580
581 if (chan->scid == L2CAP_CID_LE_DATA) {
582 if (!conn->hcon->out) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (smp_conn_security(conn, sec.level))
588 break;
589 sk->sk_state = BT_CONFIG;
590 chan->state = BT_CONFIG;
591
592
593 } else if (sk->sk_state == BT_CONNECT2 &&
594 bt_sk(sk)->defer_setup) {
595 err = l2cap_chan_check_security(chan);
596 } else {
597 err = -EINVAL;
598 }
599 break;
600
601 case BT_DEFER_SETUP:
602 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
603 err = -EINVAL;
604 break;
605 }
606
607 if (get_user(opt, (u32 __user *) optval)) {
608 err = -EFAULT;
609 break;
610 }
611
612 bt_sk(sk)->defer_setup = opt;
613 break;
614
615 case BT_FLUSHABLE:
616 if (get_user(opt, (u32 __user *) optval)) {
617 err = -EFAULT;
618 break;
619 }
620
621 if (opt > BT_FLUSHABLE_ON) {
622 err = -EINVAL;
623 break;
624 }
625
626 if (opt == BT_FLUSHABLE_OFF) {
627 struct l2cap_conn *conn = chan->conn;
628
629
630 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
631 err = -EINVAL;
632 break;
633 }
634 }
635
636 if (opt)
637 set_bit(FLAG_FLUSHABLE, &chan->flags);
638 else
639 clear_bit(FLAG_FLUSHABLE, &chan->flags);
640 break;
641
642 case BT_POWER:
643 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
644 chan->chan_type != L2CAP_CHAN_RAW) {
645 err = -EINVAL;
646 break;
647 }
648
649 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
650
651 len = min_t(unsigned int, sizeof(pwr), optlen);
652 if (copy_from_user((char *) &pwr, optval, len)) {
653 err = -EFAULT;
654 break;
655 }
656
657 if (pwr.force_active)
658 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
659 else
660 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
661 break;
662
663 case BT_CHANNEL_POLICY:
664 if (!enable_hs) {
665 err = -ENOPROTOOPT;
666 break;
667 }
668
669 if (get_user(opt, (u32 __user *) optval)) {
670 err = -EFAULT;
671 break;
672 }
673
674 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
675 err = -EINVAL;
676 break;
677 }
678
679 if (chan->mode != L2CAP_MODE_ERTM &&
680 chan->mode != L2CAP_MODE_STREAMING) {
681 err = -EOPNOTSUPP;
682 break;
683 }
684
685 chan->chan_policy = (u8) opt;
686 break;
687
688 default:
689 err = -ENOPROTOOPT;
690 break;
691 }
692
693 release_sock(sk);
694 return err;
695}
696
697static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
698{
699 struct sock *sk = sock->sk;
700 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
701 int err;
702
703 BT_DBG("sock %p, sk %p", sock, sk);
704
705 err = sock_error(sk);
706 if (err)
707 return err;
708
709 if (msg->msg_flags & MSG_OOB)
710 return -EOPNOTSUPP;
711
712 lock_sock(sk);
713
714 if (sk->sk_state != BT_CONNECTED) {
715 release_sock(sk);
716 return -ENOTCONN;
717 }
718
719 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
720
721 release_sock(sk);
722 return err;
723}
724
725static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
726{
727 struct sock *sk = sock->sk;
728 struct l2cap_pinfo *pi = l2cap_pi(sk);
729 int err;
730
731 lock_sock(sk);
732
733 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
734 sk->sk_state = BT_CONFIG;
735 pi->chan->state = BT_CONFIG;
736
737 __l2cap_connect_rsp_defer(pi->chan);
738 release_sock(sk);
739 return 0;
740 }
741
742 release_sock(sk);
743
744 if (sock->type == SOCK_STREAM)
745 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
746 else
747 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
748
749 if (pi->chan->mode != L2CAP_MODE_ERTM)
750 return err;
751
752
753
754 lock_sock(sk);
755
756 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
757 goto done;
758
759 if (pi->rx_busy_skb) {
760 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
761 pi->rx_busy_skb = NULL;
762 else
763 goto done;
764 }
765
766
767
768
769
770 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
771 l2cap_chan_busy(pi->chan, 0);
772
773done:
774 release_sock(sk);
775 return err;
776}
777
778
779
780
781static void l2cap_sock_kill(struct sock *sk)
782{
783 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
784 return;
785
786 BT_DBG("sk %p state %d", sk, sk->sk_state);
787
788
789
790 l2cap_chan_destroy(l2cap_pi(sk)->chan);
791 sock_set_flag(sk, SOCK_DEAD);
792 sock_put(sk);
793}
794
795static int l2cap_sock_shutdown(struct socket *sock, int how)
796{
797 struct sock *sk = sock->sk;
798 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
799 int err = 0;
800
801 BT_DBG("sock %p, sk %p", sock, sk);
802
803 if (!sk)
804 return 0;
805
806 lock_sock(sk);
807 if (!sk->sk_shutdown) {
808 if (chan->mode == L2CAP_MODE_ERTM)
809 err = __l2cap_wait_ack(sk);
810
811 sk->sk_shutdown = SHUTDOWN_MASK;
812 l2cap_chan_close(chan, 0);
813
814 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
815 err = bt_sock_wait_state(sk, BT_CLOSED,
816 sk->sk_lingertime);
817 }
818
819 if (!err && sk->sk_err)
820 err = -sk->sk_err;
821
822 release_sock(sk);
823 return err;
824}
825
826static int l2cap_sock_release(struct socket *sock)
827{
828 struct sock *sk = sock->sk;
829 int err;
830
831 BT_DBG("sock %p, sk %p", sock, sk);
832
833 if (!sk)
834 return 0;
835
836 err = l2cap_sock_shutdown(sock, 2);
837
838 sock_orphan(sk);
839 l2cap_sock_kill(sk);
840 return err;
841}
842
843static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
844{
845 struct sock *sk, *parent = data;
846
847 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
848 GFP_ATOMIC);
849 if (!sk)
850 return NULL;
851
852 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
853
854 l2cap_sock_init(sk, parent);
855
856 return l2cap_pi(sk)->chan;
857}
858
859static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
860{
861 int err;
862 struct sock *sk = data;
863 struct l2cap_pinfo *pi = l2cap_pi(sk);
864
865 if (pi->rx_busy_skb)
866 return -ENOMEM;
867
868 err = sock_queue_rcv_skb(sk, skb);
869
870
871
872
873
874
875
876
877
878
879 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
880 pi->rx_busy_skb = skb;
881 l2cap_chan_busy(pi->chan, 1);
882 err = 0;
883 }
884
885 return err;
886}
887
888static void l2cap_sock_close_cb(void *data)
889{
890 struct sock *sk = data;
891
892 l2cap_sock_kill(sk);
893}
894
895static void l2cap_sock_state_change_cb(void *data, int state)
896{
897 struct sock *sk = data;
898
899 sk->sk_state = state;
900}
901
902static struct l2cap_ops l2cap_chan_ops = {
903 .name = "L2CAP Socket Interface",
904 .new_connection = l2cap_sock_new_connection_cb,
905 .recv = l2cap_sock_recv_cb,
906 .close = l2cap_sock_close_cb,
907 .state_change = l2cap_sock_state_change_cb,
908};
909
910static void l2cap_sock_destruct(struct sock *sk)
911{
912 BT_DBG("sk %p", sk);
913
914 if (l2cap_pi(sk)->rx_busy_skb) {
915 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
916 l2cap_pi(sk)->rx_busy_skb = NULL;
917 }
918
919 skb_queue_purge(&sk->sk_receive_queue);
920 skb_queue_purge(&sk->sk_write_queue);
921}
922
923static void l2cap_sock_init(struct sock *sk, struct sock *parent)
924{
925 struct l2cap_pinfo *pi = l2cap_pi(sk);
926 struct l2cap_chan *chan = pi->chan;
927
928 BT_DBG("sk %p", sk);
929
930 if (parent) {
931 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
932
933 sk->sk_type = parent->sk_type;
934 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
935
936 chan->chan_type = pchan->chan_type;
937 chan->imtu = pchan->imtu;
938 chan->omtu = pchan->omtu;
939 chan->conf_state = pchan->conf_state;
940 chan->mode = pchan->mode;
941 chan->fcs = pchan->fcs;
942 chan->max_tx = pchan->max_tx;
943 chan->tx_win = pchan->tx_win;
944 chan->tx_win_max = pchan->tx_win_max;
945 chan->sec_level = pchan->sec_level;
946 chan->flags = pchan->flags;
947
948 security_sk_clone(parent, sk);
949 } else {
950
951 switch (sk->sk_type) {
952 case SOCK_RAW:
953 chan->chan_type = L2CAP_CHAN_RAW;
954 break;
955 case SOCK_DGRAM:
956 chan->chan_type = L2CAP_CHAN_CONN_LESS;
957 break;
958 case SOCK_SEQPACKET:
959 case SOCK_STREAM:
960 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
961 break;
962 }
963
964 chan->imtu = L2CAP_DEFAULT_MTU;
965 chan->omtu = 0;
966 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
967 chan->mode = L2CAP_MODE_ERTM;
968 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
969 } else {
970 chan->mode = L2CAP_MODE_BASIC;
971 }
972 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
973 chan->fcs = L2CAP_FCS_CRC16;
974 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
975 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
976 chan->sec_level = BT_SECURITY_LOW;
977 chan->flags = 0;
978 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
979 }
980
981
982 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
983
984 chan->data = sk;
985 chan->ops = &l2cap_chan_ops;
986}
987
988static struct proto l2cap_proto = {
989 .name = "L2CAP",
990 .owner = THIS_MODULE,
991 .obj_size = sizeof(struct l2cap_pinfo)
992};
993
994static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
995{
996 struct sock *sk;
997 struct l2cap_chan *chan;
998
999 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1000 if (!sk)
1001 return NULL;
1002
1003 sock_init_data(sock, sk);
1004 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1005
1006 sk->sk_destruct = l2cap_sock_destruct;
1007 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1008
1009 sock_reset_flag(sk, SOCK_ZAPPED);
1010
1011 sk->sk_protocol = proto;
1012 sk->sk_state = BT_OPEN;
1013
1014 chan = l2cap_chan_create(sk);
1015 if (!chan) {
1016 l2cap_sock_kill(sk);
1017 return NULL;
1018 }
1019
1020 l2cap_pi(sk)->chan = chan;
1021
1022 return sk;
1023}
1024
1025static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1026 int kern)
1027{
1028 struct sock *sk;
1029
1030 BT_DBG("sock %p", sock);
1031
1032 sock->state = SS_UNCONNECTED;
1033
1034 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1035 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1036 return -ESOCKTNOSUPPORT;
1037
1038 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1039 return -EPERM;
1040
1041 sock->ops = &l2cap_sock_ops;
1042
1043 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1044 if (!sk)
1045 return -ENOMEM;
1046
1047 l2cap_sock_init(sk, NULL);
1048 return 0;
1049}
1050
1051static const struct proto_ops l2cap_sock_ops = {
1052 .family = PF_BLUETOOTH,
1053 .owner = THIS_MODULE,
1054 .release = l2cap_sock_release,
1055 .bind = l2cap_sock_bind,
1056 .connect = l2cap_sock_connect,
1057 .listen = l2cap_sock_listen,
1058 .accept = l2cap_sock_accept,
1059 .getname = l2cap_sock_getname,
1060 .sendmsg = l2cap_sock_sendmsg,
1061 .recvmsg = l2cap_sock_recvmsg,
1062 .poll = bt_sock_poll,
1063 .ioctl = bt_sock_ioctl,
1064 .mmap = sock_no_mmap,
1065 .socketpair = sock_no_socketpair,
1066 .shutdown = l2cap_sock_shutdown,
1067 .setsockopt = l2cap_sock_setsockopt,
1068 .getsockopt = l2cap_sock_getsockopt
1069};
1070
1071static const struct net_proto_family l2cap_sock_family_ops = {
1072 .family = PF_BLUETOOTH,
1073 .owner = THIS_MODULE,
1074 .create = l2cap_sock_create,
1075};
1076
1077int __init l2cap_init_sockets(void)
1078{
1079 int err;
1080
1081 err = proto_register(&l2cap_proto, 0);
1082 if (err < 0)
1083 return err;
1084
1085 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1086 if (err < 0)
1087 goto error;
1088
1089 BT_INFO("L2CAP socket layer initialized");
1090
1091 return 0;
1092
1093error:
1094 BT_ERR("L2CAP socket registration failed");
1095 proto_unregister(&l2cap_proto);
1096 return err;
1097}
1098
1099void l2cap_cleanup_sockets(void)
1100{
1101 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1102 BT_ERR("L2CAP socket unregistration failed");
1103
1104 proto_unregister(&l2cap_proto);
1105}
1106
