1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/export.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/smp.h>
36
37static struct bt_sock_list l2cap_sk_list = {
38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
39};
40
41static const struct proto_ops l2cap_sock_ops;
42static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
44
45static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
46{
47 struct sock *sk = sock->sk;
48 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
49 struct sockaddr_l2 la;
50 int len, err = 0;
51
52 BT_DBG("sk %p", sk);
53
54 if (!addr || addr->sa_family != AF_BLUETOOTH)
55 return -EINVAL;
56
57 memset(&la, 0, sizeof(la));
58 len = min_t(unsigned int, sizeof(la), alen);
59 memcpy(&la, addr, len);
60
61 if (la.l2_cid && la.l2_psm)
62 return -EINVAL;
63
64 lock_sock(sk);
65
66 if (sk->sk_state != BT_OPEN) {
67 err = -EBADFD;
68 goto done;
69 }
70
71 if (la.l2_psm) {
72 __u16 psm = __le16_to_cpu(la.l2_psm);
73
74
75 if ((psm & 0x0101) != 0x0001) {
76 err = -EINVAL;
77 goto done;
78 }
79
80
81 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
82 err = -EACCES;
83 goto done;
84 }
85 }
86
87 if (la.l2_cid)
88 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
89 else
90 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
91
92 if (err < 0)
93 goto done;
94
95 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
96 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
97 chan->sec_level = BT_SECURITY_SDP;
98
99 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
100
101 chan->state = BT_BOUND;
102 sk->sk_state = BT_BOUND;
103
104done:
105 release_sock(sk);
106 return err;
107}
108
109static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
110{
111 struct sock *sk = sock->sk;
112 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
113 struct sockaddr_l2 la;
114 int len, err = 0;
115
116 BT_DBG("sk %p", sk);
117
118 if (!addr || alen < sizeof(addr->sa_family) ||
119 addr->sa_family != AF_BLUETOOTH)
120 return -EINVAL;
121
122 memset(&la, 0, sizeof(la));
123 len = min_t(unsigned int, sizeof(la), alen);
124 memcpy(&la, addr, len);
125
126 if (la.l2_cid && la.l2_psm)
127 return -EINVAL;
128
129 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
130 &la.l2_bdaddr, la.l2_bdaddr_type);
131 if (err)
132 return err;
133
134 lock_sock(sk);
135
136 err = bt_sock_wait_state(sk, BT_CONNECTED,
137 sock_sndtimeo(sk, flags & O_NONBLOCK));
138
139 release_sock(sk);
140
141 return err;
142}
143
144static int l2cap_sock_listen(struct socket *sock, int backlog)
145{
146 struct sock *sk = sock->sk;
147 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
148 int err = 0;
149
150 BT_DBG("sk %p backlog %d", sk, backlog);
151
152 lock_sock(sk);
153
154 if (sk->sk_state != BT_BOUND) {
155 err = -EBADFD;
156 goto done;
157 }
158
159 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
160 err = -EINVAL;
161 goto done;
162 }
163
164 switch (chan->mode) {
165 case L2CAP_MODE_BASIC:
166 break;
167 case L2CAP_MODE_ERTM:
168 case L2CAP_MODE_STREAMING:
169 if (!disable_ertm)
170 break;
171
172 default:
173 err = -ENOTSUPP;
174 goto done;
175 }
176
177 sk->sk_max_ack_backlog = backlog;
178 sk->sk_ack_backlog = 0;
179
180 chan->state = BT_LISTEN;
181 sk->sk_state = BT_LISTEN;
182
183done:
184 release_sock(sk);
185 return err;
186}
187
188static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
189{
190 DECLARE_WAITQUEUE(wait, current);
191 struct sock *sk = sock->sk, *nsk;
192 long timeo;
193 int err = 0;
194
195 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
196
197 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
198
199 BT_DBG("sk %p timeo %ld", sk, timeo);
200
201
202 add_wait_queue_exclusive(sk_sleep(sk), &wait);
203 while (1) {
204 set_current_state(TASK_INTERRUPTIBLE);
205
206 if (sk->sk_state != BT_LISTEN) {
207 err = -EBADFD;
208 break;
209 }
210
211 nsk = bt_accept_dequeue(sk, newsock);
212 if (nsk)
213 break;
214
215 if (!timeo) {
216 err = -EAGAIN;
217 break;
218 }
219
220 if (signal_pending(current)) {
221 err = sock_intr_errno(timeo);
222 break;
223 }
224
225 release_sock(sk);
226 timeo = schedule_timeout(timeo);
227 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
228 }
229 __set_current_state(TASK_RUNNING);
230 remove_wait_queue(sk_sleep(sk), &wait);
231
232 if (err)
233 goto done;
234
235 newsock->state = SS_CONNECTED;
236
237 BT_DBG("new socket %p", nsk);
238
239done:
240 release_sock(sk);
241 return err;
242}
243
244static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
245{
246 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
247 struct sock *sk = sock->sk;
248 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
249
250 BT_DBG("sock %p, sk %p", sock, sk);
251
252 memset(la, 0, sizeof(struct sockaddr_l2));
253 addr->sa_family = AF_BLUETOOTH;
254 *len = sizeof(struct sockaddr_l2);
255
256 if (peer) {
257 la->l2_psm = chan->psm;
258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
259 la->l2_cid = cpu_to_le16(chan->dcid);
260 } else {
261 la->l2_psm = chan->sport;
262 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
263 la->l2_cid = cpu_to_le16(chan->scid);
264 }
265
266 return 0;
267}
268
269static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
270{
271 struct sock *sk = sock->sk;
272 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
273 struct l2cap_options opts;
274 struct l2cap_conninfo cinfo;
275 int len, err = 0;
276 u32 opt;
277
278 BT_DBG("sk %p", sk);
279
280 if (get_user(len, optlen))
281 return -EFAULT;
282
283 lock_sock(sk);
284
285 switch (optname) {
286 case L2CAP_OPTIONS:
287 memset(&opts, 0, sizeof(opts));
288 opts.imtu = chan->imtu;
289 opts.omtu = chan->omtu;
290 opts.flush_to = chan->flush_to;
291 opts.mode = chan->mode;
292 opts.fcs = chan->fcs;
293 opts.max_tx = chan->max_tx;
294 opts.txwin_size = chan->tx_win;
295
296 len = min_t(unsigned int, len, sizeof(opts));
297 if (copy_to_user(optval, (char *) &opts, len))
298 err = -EFAULT;
299
300 break;
301
302 case L2CAP_LM:
303 switch (chan->sec_level) {
304 case BT_SECURITY_LOW:
305 opt = L2CAP_LM_AUTH;
306 break;
307 case BT_SECURITY_MEDIUM:
308 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
309 break;
310 case BT_SECURITY_HIGH:
311 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
312 L2CAP_LM_SECURE;
313 break;
314 default:
315 opt = 0;
316 break;
317 }
318
319 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
320 opt |= L2CAP_LM_MASTER;
321
322 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
323 opt |= L2CAP_LM_RELIABLE;
324
325 if (put_user(opt, (u32 __user *) optval))
326 err = -EFAULT;
327 break;
328
329 case L2CAP_CONNINFO:
330 if (sk->sk_state != BT_CONNECTED &&
331 !(sk->sk_state == BT_CONNECT2 &&
332 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
333 err = -ENOTCONN;
334 break;
335 }
336
337 memset(&cinfo, 0, sizeof(cinfo));
338 cinfo.hci_handle = chan->conn->hcon->handle;
339 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
340
341 len = min_t(unsigned int, len, sizeof(cinfo));
342 if (copy_to_user(optval, (char *) &cinfo, len))
343 err = -EFAULT;
344
345 break;
346
347 default:
348 err = -ENOPROTOOPT;
349 break;
350 }
351
352 release_sock(sk);
353 return err;
354}
355
356static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
357{
358 struct sock *sk = sock->sk;
359 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
360 struct bt_security sec;
361 struct bt_power pwr;
362 int len, err = 0;
363
364 BT_DBG("sk %p", sk);
365
366 if (level == SOL_L2CAP)
367 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
368
369 if (level != SOL_BLUETOOTH)
370 return -ENOPROTOOPT;
371
372 if (get_user(len, optlen))
373 return -EFAULT;
374
375 lock_sock(sk);
376
377 switch (optname) {
378 case BT_SECURITY:
379 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
380 chan->chan_type != L2CAP_CHAN_RAW) {
381 err = -EINVAL;
382 break;
383 }
384
385 memset(&sec, 0, sizeof(sec));
386 if (chan->conn)
387 sec.level = chan->conn->hcon->sec_level;
388 else
389 sec.level = chan->sec_level;
390
391 if (sk->sk_state == BT_CONNECTED)
392 sec.key_size = chan->conn->hcon->enc_key_size;
393
394 len = min_t(unsigned int, len, sizeof(sec));
395 if (copy_to_user(optval, (char *) &sec, len))
396 err = -EFAULT;
397
398 break;
399
400 case BT_DEFER_SETUP:
401 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
402 err = -EINVAL;
403 break;
404 }
405
406 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
407 (u32 __user *) optval))
408 err = -EFAULT;
409
410 break;
411
412 case BT_FLUSHABLE:
413 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
414 (u32 __user *) optval))
415 err = -EFAULT;
416
417 break;
418
419 case BT_POWER:
420 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
421 && sk->sk_type != SOCK_RAW) {
422 err = -EINVAL;
423 break;
424 }
425
426 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
427
428 len = min_t(unsigned int, len, sizeof(pwr));
429 if (copy_to_user(optval, (char *) &pwr, len))
430 err = -EFAULT;
431
432 break;
433
434 case BT_CHANNEL_POLICY:
435 if (!enable_hs) {
436 err = -ENOPROTOOPT;
437 break;
438 }
439
440 if (put_user(chan->chan_policy, (u32 __user *) optval))
441 err = -EFAULT;
442 break;
443
444 default:
445 err = -ENOPROTOOPT;
446 break;
447 }
448
449 release_sock(sk);
450 return err;
451}
452
453static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
454{
455 switch (chan->scid) {
456 case L2CAP_CID_LE_DATA:
457 if (mtu < L2CAP_LE_MIN_MTU)
458 return false;
459 break;
460
461 default:
462 if (mtu < L2CAP_DEFAULT_MIN_MTU)
463 return false;
464 }
465
466 return true;
467}
468
469static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
470{
471 struct sock *sk = sock->sk;
472 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
473 struct l2cap_options opts;
474 int len, err = 0;
475 u32 opt;
476
477 BT_DBG("sk %p", sk);
478
479 lock_sock(sk);
480
481 switch (optname) {
482 case L2CAP_OPTIONS:
483 if (sk->sk_state == BT_CONNECTED) {
484 err = -EINVAL;
485 break;
486 }
487
488 opts.imtu = chan->imtu;
489 opts.omtu = chan->omtu;
490 opts.flush_to = chan->flush_to;
491 opts.mode = chan->mode;
492 opts.fcs = chan->fcs;
493 opts.max_tx = chan->max_tx;
494 opts.txwin_size = chan->tx_win;
495
496 len = min_t(unsigned int, sizeof(opts), optlen);
497 if (copy_from_user((char *) &opts, optval, len)) {
498 err = -EFAULT;
499 break;
500 }
501
502 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
503 err = -EINVAL;
504 break;
505 }
506
507 if (!l2cap_valid_mtu(chan, opts.imtu)) {
508 err = -EINVAL;
509 break;
510 }
511
512 chan->mode = opts.mode;
513 switch (chan->mode) {
514 case L2CAP_MODE_BASIC:
515 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
516 break;
517 case L2CAP_MODE_ERTM:
518 case L2CAP_MODE_STREAMING:
519 if (!disable_ertm)
520 break;
521
522 default:
523 err = -EINVAL;
524 break;
525 }
526
527 chan->imtu = opts.imtu;
528 chan->omtu = opts.omtu;
529 chan->fcs = opts.fcs;
530 chan->max_tx = opts.max_tx;
531 chan->tx_win = opts.txwin_size;
532 break;
533
534 case L2CAP_LM:
535 if (get_user(opt, (u32 __user *) optval)) {
536 err = -EFAULT;
537 break;
538 }
539
540 if (opt & L2CAP_LM_AUTH)
541 chan->sec_level = BT_SECURITY_LOW;
542 if (opt & L2CAP_LM_ENCRYPT)
543 chan->sec_level = BT_SECURITY_MEDIUM;
544 if (opt & L2CAP_LM_SECURE)
545 chan->sec_level = BT_SECURITY_HIGH;
546
547 if (opt & L2CAP_LM_MASTER)
548 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
549 else
550 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
551
552 if (opt & L2CAP_LM_RELIABLE)
553 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
554 else
555 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
556 break;
557
558 default:
559 err = -ENOPROTOOPT;
560 break;
561 }
562
563 release_sock(sk);
564 return err;
565}
566
567static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
568{
569 struct sock *sk = sock->sk;
570 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
571 struct bt_security sec;
572 struct bt_power pwr;
573 struct l2cap_conn *conn;
574 int len, err = 0;
575 u32 opt;
576
577 BT_DBG("sk %p", sk);
578
579 if (level == SOL_L2CAP)
580 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
581
582 if (level != SOL_BLUETOOTH)
583 return -ENOPROTOOPT;
584
585 lock_sock(sk);
586
587 switch (optname) {
588 case BT_SECURITY:
589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
590 chan->chan_type != L2CAP_CHAN_RAW) {
591 err = -EINVAL;
592 break;
593 }
594
595 sec.level = BT_SECURITY_LOW;
596
597 len = min_t(unsigned int, sizeof(sec), optlen);
598 if (copy_from_user((char *) &sec, optval, len)) {
599 err = -EFAULT;
600 break;
601 }
602
603 if (sec.level < BT_SECURITY_LOW ||
604 sec.level > BT_SECURITY_HIGH) {
605 err = -EINVAL;
606 break;
607 }
608
609 chan->sec_level = sec.level;
610
611 if (!chan->conn)
612 break;
613
614 conn = chan->conn;
615
616
617 if (chan->scid == L2CAP_CID_LE_DATA) {
618 if (!conn->hcon->out) {
619 err = -EINVAL;
620 break;
621 }
622
623 if (smp_conn_security(conn->hcon, sec.level))
624 break;
625 sk->sk_state = BT_CONFIG;
626 chan->state = BT_CONFIG;
627
628
629 } else if ((sk->sk_state == BT_CONNECT2 &&
630 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
631 sk->sk_state == BT_CONNECTED) {
632 if (!l2cap_chan_check_security(chan))
633 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
634 else
635 sk->sk_state_change(sk);
636 } else {
637 err = -EINVAL;
638 }
639 break;
640
641 case BT_DEFER_SETUP:
642 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
643 err = -EINVAL;
644 break;
645 }
646
647 if (get_user(opt, (u32 __user *) optval)) {
648 err = -EFAULT;
649 break;
650 }
651
652 if (opt)
653 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
654 else
655 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
656 break;
657
658 case BT_FLUSHABLE:
659 if (get_user(opt, (u32 __user *) optval)) {
660 err = -EFAULT;
661 break;
662 }
663
664 if (opt > BT_FLUSHABLE_ON) {
665 err = -EINVAL;
666 break;
667 }
668
669 if (opt == BT_FLUSHABLE_OFF) {
670 struct l2cap_conn *conn = chan->conn;
671
672
673 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
674 err = -EINVAL;
675 break;
676 }
677 }
678
679 if (opt)
680 set_bit(FLAG_FLUSHABLE, &chan->flags);
681 else
682 clear_bit(FLAG_FLUSHABLE, &chan->flags);
683 break;
684
685 case BT_POWER:
686 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
687 chan->chan_type != L2CAP_CHAN_RAW) {
688 err = -EINVAL;
689 break;
690 }
691
692 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
693
694 len = min_t(unsigned int, sizeof(pwr), optlen);
695 if (copy_from_user((char *) &pwr, optval, len)) {
696 err = -EFAULT;
697 break;
698 }
699
700 if (pwr.force_active)
701 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
702 else
703 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
704 break;
705
706 case BT_CHANNEL_POLICY:
707 if (!enable_hs) {
708 err = -ENOPROTOOPT;
709 break;
710 }
711
712 if (get_user(opt, (u32 __user *) optval)) {
713 err = -EFAULT;
714 break;
715 }
716
717 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
718 err = -EINVAL;
719 break;
720 }
721
722 if (chan->mode != L2CAP_MODE_ERTM &&
723 chan->mode != L2CAP_MODE_STREAMING) {
724 err = -EOPNOTSUPP;
725 break;
726 }
727
728 chan->chan_policy = (u8) opt;
729 break;
730
731 default:
732 err = -ENOPROTOOPT;
733 break;
734 }
735
736 release_sock(sk);
737 return err;
738}
739
740static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
741{
742 struct sock *sk = sock->sk;
743 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
744 int err;
745
746 BT_DBG("sock %p, sk %p", sock, sk);
747
748 err = sock_error(sk);
749 if (err)
750 return err;
751
752 if (msg->msg_flags & MSG_OOB)
753 return -EOPNOTSUPP;
754
755 if (sk->sk_state != BT_CONNECTED)
756 return -ENOTCONN;
757
758 l2cap_chan_lock(chan);
759 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
760 l2cap_chan_unlock(chan);
761
762 return err;
763}
764
765static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
766{
767 struct sock *sk = sock->sk;
768 struct l2cap_pinfo *pi = l2cap_pi(sk);
769 int err;
770
771 lock_sock(sk);
772
773 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
774 &bt_sk(sk)->flags)) {
775 sk->sk_state = BT_CONFIG;
776 pi->chan->state = BT_CONFIG;
777
778 __l2cap_connect_rsp_defer(pi->chan);
779 release_sock(sk);
780 return 0;
781 }
782
783 release_sock(sk);
784
785 if (sock->type == SOCK_STREAM)
786 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
787 else
788 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
789
790 if (pi->chan->mode != L2CAP_MODE_ERTM)
791 return err;
792
793
794
795 lock_sock(sk);
796
797 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
798 goto done;
799
800 if (pi->rx_busy_skb) {
801 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
802 pi->rx_busy_skb = NULL;
803 else
804 goto done;
805 }
806
807
808
809
810
811 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
812 l2cap_chan_busy(pi->chan, 0);
813
814done:
815 release_sock(sk);
816 return err;
817}
818
819
820
821
822static void l2cap_sock_kill(struct sock *sk)
823{
824 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
825 return;
826
827 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
828
829
830
831 l2cap_chan_put(l2cap_pi(sk)->chan);
832 sock_set_flag(sk, SOCK_DEAD);
833 sock_put(sk);
834}
835
836static int l2cap_sock_shutdown(struct socket *sock, int how)
837{
838 struct sock *sk = sock->sk;
839 struct l2cap_chan *chan;
840 struct l2cap_conn *conn;
841 int err = 0;
842
843 BT_DBG("sock %p, sk %p", sock, sk);
844
845 if (!sk)
846 return 0;
847
848 chan = l2cap_pi(sk)->chan;
849 conn = chan->conn;
850
851 if (conn)
852 mutex_lock(&conn->chan_lock);
853
854 l2cap_chan_lock(chan);
855 lock_sock(sk);
856
857 if (!sk->sk_shutdown) {
858 if (chan->mode == L2CAP_MODE_ERTM)
859 err = __l2cap_wait_ack(sk);
860
861 sk->sk_shutdown = SHUTDOWN_MASK;
862
863 release_sock(sk);
864 l2cap_chan_close(chan, 0);
865 lock_sock(sk);
866
867 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
868 err = bt_sock_wait_state(sk, BT_CLOSED,
869 sk->sk_lingertime);
870 }
871
872 if (!err && sk->sk_err)
873 err = -sk->sk_err;
874
875 release_sock(sk);
876 l2cap_chan_unlock(chan);
877
878 if (conn)
879 mutex_unlock(&conn->chan_lock);
880
881 return err;
882}
883
884static int l2cap_sock_release(struct socket *sock)
885{
886 struct sock *sk = sock->sk;
887 int err;
888
889 BT_DBG("sock %p, sk %p", sock, sk);
890
891 if (!sk)
892 return 0;
893
894 bt_sock_unlink(&l2cap_sk_list, sk);
895
896 err = l2cap_sock_shutdown(sock, 2);
897
898 sock_orphan(sk);
899 l2cap_sock_kill(sk);
900 return err;
901}
902
903static void l2cap_sock_cleanup_listen(struct sock *parent)
904{
905 struct sock *sk;
906
907 BT_DBG("parent %p", parent);
908
909
910 while ((sk = bt_accept_dequeue(parent, NULL))) {
911 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
912
913 l2cap_chan_lock(chan);
914 __clear_chan_timer(chan);
915 l2cap_chan_close(chan, ECONNRESET);
916 l2cap_chan_unlock(chan);
917
918 l2cap_sock_kill(sk);
919 }
920}
921
922static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
923{
924 struct sock *sk, *parent = chan->data;
925
926
927 if (sk_acceptq_is_full(parent)) {
928 BT_DBG("backlog full %d", parent->sk_ack_backlog);
929 return NULL;
930 }
931
932 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
933 GFP_ATOMIC);
934 if (!sk)
935 return NULL;
936
937 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
938
939 l2cap_sock_init(sk, parent);
940
941 return l2cap_pi(sk)->chan;
942}
943
944static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
945{
946 int err;
947 struct sock *sk = chan->data;
948 struct l2cap_pinfo *pi = l2cap_pi(sk);
949
950 lock_sock(sk);
951
952 if (pi->rx_busy_skb) {
953 err = -ENOMEM;
954 goto done;
955 }
956
957 err = sock_queue_rcv_skb(sk, skb);
958
959
960
961
962
963
964
965
966
967
968 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
969 pi->rx_busy_skb = skb;
970 l2cap_chan_busy(pi->chan, 1);
971 err = 0;
972 }
973
974done:
975 release_sock(sk);
976
977 return err;
978}
979
980static void l2cap_sock_close_cb(struct l2cap_chan *chan)
981{
982 struct sock *sk = chan->data;
983
984 l2cap_sock_kill(sk);
985}
986
987static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
988{
989 struct sock *sk = chan->data;
990 struct sock *parent;
991
992 lock_sock(sk);
993
994 parent = bt_sk(sk)->parent;
995
996 sock_set_flag(sk, SOCK_ZAPPED);
997
998 switch (chan->state) {
999 case BT_OPEN:
1000 case BT_BOUND:
1001 case BT_CLOSED:
1002 break;
1003 case BT_LISTEN:
1004 l2cap_sock_cleanup_listen(sk);
1005 sk->sk_state = BT_CLOSED;
1006 chan->state = BT_CLOSED;
1007
1008 break;
1009 default:
1010 sk->sk_state = BT_CLOSED;
1011 chan->state = BT_CLOSED;
1012
1013 sk->sk_err = err;
1014
1015 if (parent) {
1016 bt_accept_unlink(sk);
1017 parent->sk_data_ready(parent, 0);
1018 } else {
1019 sk->sk_state_change(sk);
1020 }
1021
1022 break;
1023 }
1024
1025 release_sock(sk);
1026}
1027
1028static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1029{
1030 struct sock *sk = chan->data;
1031
1032 sk->sk_state = state;
1033}
1034
1035static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1036 unsigned long len, int nb)
1037{
1038 struct sk_buff *skb;
1039 int err;
1040
1041 l2cap_chan_unlock(chan);
1042 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1043 l2cap_chan_lock(chan);
1044
1045 if (!skb)
1046 return ERR_PTR(err);
1047
1048 return skb;
1049}
1050
1051static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1052{
1053 struct sock *sk = chan->data;
1054 struct sock *parent;
1055
1056 lock_sock(sk);
1057
1058 parent = bt_sk(sk)->parent;
1059
1060 BT_DBG("sk %p, parent %p", sk, parent);
1061
1062 sk->sk_state = BT_CONNECTED;
1063 sk->sk_state_change(sk);
1064
1065 if (parent)
1066 parent->sk_data_ready(parent, 0);
1067
1068 release_sock(sk);
1069}
1070
1071static struct l2cap_ops l2cap_chan_ops = {
1072 .name = "L2CAP Socket Interface",
1073 .new_connection = l2cap_sock_new_connection_cb,
1074 .recv = l2cap_sock_recv_cb,
1075 .close = l2cap_sock_close_cb,
1076 .teardown = l2cap_sock_teardown_cb,
1077 .state_change = l2cap_sock_state_change_cb,
1078 .ready = l2cap_sock_ready_cb,
1079 .alloc_skb = l2cap_sock_alloc_skb_cb,
1080};
1081
1082static void l2cap_sock_destruct(struct sock *sk)
1083{
1084 BT_DBG("sk %p", sk);
1085
1086 l2cap_chan_put(l2cap_pi(sk)->chan);
1087 if (l2cap_pi(sk)->rx_busy_skb) {
1088 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1089 l2cap_pi(sk)->rx_busy_skb = NULL;
1090 }
1091
1092 skb_queue_purge(&sk->sk_receive_queue);
1093 skb_queue_purge(&sk->sk_write_queue);
1094}
1095
1096static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1097{
1098 struct l2cap_pinfo *pi = l2cap_pi(sk);
1099 struct l2cap_chan *chan = pi->chan;
1100
1101 BT_DBG("sk %p", sk);
1102
1103 if (parent) {
1104 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1105
1106 sk->sk_type = parent->sk_type;
1107 bt_sk(sk)->flags = bt_sk(parent)->flags;
1108
1109 chan->chan_type = pchan->chan_type;
1110 chan->imtu = pchan->imtu;
1111 chan->omtu = pchan->omtu;
1112 chan->conf_state = pchan->conf_state;
1113 chan->mode = pchan->mode;
1114 chan->fcs = pchan->fcs;
1115 chan->max_tx = pchan->max_tx;
1116 chan->tx_win = pchan->tx_win;
1117 chan->tx_win_max = pchan->tx_win_max;
1118 chan->sec_level = pchan->sec_level;
1119 chan->flags = pchan->flags;
1120
1121 security_sk_clone(parent, sk);
1122 } else {
1123
1124 switch (sk->sk_type) {
1125 case SOCK_RAW:
1126 chan->chan_type = L2CAP_CHAN_RAW;
1127 break;
1128 case SOCK_DGRAM:
1129 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1130 break;
1131 case SOCK_SEQPACKET:
1132 case SOCK_STREAM:
1133 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1134 break;
1135 }
1136
1137 chan->imtu = L2CAP_DEFAULT_MTU;
1138 chan->omtu = 0;
1139 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1140 chan->mode = L2CAP_MODE_ERTM;
1141 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1142 } else {
1143 chan->mode = L2CAP_MODE_BASIC;
1144 }
1145
1146 l2cap_chan_set_defaults(chan);
1147 }
1148
1149
1150 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1151
1152 chan->data = sk;
1153 chan->ops = &l2cap_chan_ops;
1154}
1155
1156static struct proto l2cap_proto = {
1157 .name = "L2CAP",
1158 .owner = THIS_MODULE,
1159 .obj_size = sizeof(struct l2cap_pinfo)
1160};
1161
1162static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1163{
1164 struct sock *sk;
1165 struct l2cap_chan *chan;
1166
1167 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1168 if (!sk)
1169 return NULL;
1170
1171 sock_init_data(sock, sk);
1172 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1173
1174 sk->sk_destruct = l2cap_sock_destruct;
1175 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1176
1177 sock_reset_flag(sk, SOCK_ZAPPED);
1178
1179 sk->sk_protocol = proto;
1180 sk->sk_state = BT_OPEN;
1181
1182 chan = l2cap_chan_create();
1183 if (!chan) {
1184 sk_free(sk);
1185 return NULL;
1186 }
1187
1188 l2cap_chan_hold(chan);
1189
1190 chan->sk = sk;
1191
1192 l2cap_pi(sk)->chan = chan;
1193
1194 return sk;
1195}
1196
1197static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1198 int kern)
1199{
1200 struct sock *sk;
1201
1202 BT_DBG("sock %p", sock);
1203
1204 sock->state = SS_UNCONNECTED;
1205
1206 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1207 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1208 return -ESOCKTNOSUPPORT;
1209
1210 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1211 return -EPERM;
1212
1213 sock->ops = &l2cap_sock_ops;
1214
1215 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1216 if (!sk)
1217 return -ENOMEM;
1218
1219 l2cap_sock_init(sk, NULL);
1220 bt_sock_link(&l2cap_sk_list, sk);
1221 return 0;
1222}
1223
1224static const struct proto_ops l2cap_sock_ops = {
1225 .family = PF_BLUETOOTH,
1226 .owner = THIS_MODULE,
1227 .release = l2cap_sock_release,
1228 .bind = l2cap_sock_bind,
1229 .connect = l2cap_sock_connect,
1230 .listen = l2cap_sock_listen,
1231 .accept = l2cap_sock_accept,
1232 .getname = l2cap_sock_getname,
1233 .sendmsg = l2cap_sock_sendmsg,
1234 .recvmsg = l2cap_sock_recvmsg,
1235 .poll = bt_sock_poll,
1236 .ioctl = bt_sock_ioctl,
1237 .mmap = sock_no_mmap,
1238 .socketpair = sock_no_socketpair,
1239 .shutdown = l2cap_sock_shutdown,
1240 .setsockopt = l2cap_sock_setsockopt,
1241 .getsockopt = l2cap_sock_getsockopt
1242};
1243
1244static const struct net_proto_family l2cap_sock_family_ops = {
1245 .family = PF_BLUETOOTH,
1246 .owner = THIS_MODULE,
1247 .create = l2cap_sock_create,
1248};
1249
1250int __init l2cap_init_sockets(void)
1251{
1252 int err;
1253
1254 err = proto_register(&l2cap_proto, 0);
1255 if (err < 0)
1256 return err;
1257
1258 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1259 if (err < 0) {
1260 BT_ERR("L2CAP socket registration failed");
1261 goto error;
1262 }
1263
1264 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL);
1265 if (err < 0) {
1266 BT_ERR("Failed to create L2CAP proc file");
1267 bt_sock_unregister(BTPROTO_L2CAP);
1268 goto error;
1269 }
1270
1271 BT_INFO("L2CAP socket layer initialized");
1272
1273 return 0;
1274
1275error:
1276 proto_unregister(&l2cap_proto);
1277 return err;
1278}
1279
1280void l2cap_cleanup_sockets(void)
1281{
1282 bt_procfs_cleanup(&init_net, "l2cap");
1283 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1284 BT_ERR("L2CAP socket unregistration failed");
1285
1286 proto_unregister(&l2cap_proto);
1287}
1288
