1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 37 #include "smp.h" 38 39 bool enable_lecoc; 40 41 static struct bt_sock_list l2cap_sk_list = { 42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 43 }; 44 45 static const struct proto_ops l2cap_sock_ops; 46 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 47 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 48 int proto, gfp_t prio); 49 50 bool l2cap_is_socket(struct socket *sock) 51 { 52 return sock && sock->ops == &l2cap_sock_ops; 53 } 54 EXPORT_SYMBOL(l2cap_is_socket); 55 56 static int l2cap_validate_bredr_psm(u16 psm) 57 { 58 /* PSM must be odd and lsb of upper byte must be 0 */ 59 if ((psm & 0x0101) != 0x0001) 60 return -EINVAL; 61 62 /* Restrict usage of well-known PSMs */ 63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 64 return -EACCES; 65 66 return 0; 67 } 68 69 static int l2cap_validate_le_psm(u16 psm) 70 { 71 /* Valid LE_PSM ranges are defined only until 0x00ff */ 72 if (psm > 0x00ff) 73 return -EINVAL; 74 75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 77 return -EACCES; 78 79 return 0; 80 } 81 82 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 83 { 84 struct sock *sk = sock->sk; 85 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 86 struct sockaddr_l2 la; 87 int len, err = 0; 88 89 BT_DBG("sk %p", sk); 90 91 if (!addr || addr->sa_family != AF_BLUETOOTH) 92 return -EINVAL; 93 94 memset(&la, 0, sizeof(la)); 95 len = min_t(unsigned int, sizeof(la), alen); 96 memcpy(&la, addr, len); 97 98 if (la.l2_cid && la.l2_psm) 99 return -EINVAL; 100 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 102 return -EINVAL; 103 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 105 if (!enable_lecoc && la.l2_psm) 106 return -EINVAL; 107 /* We only allow ATT user space socket */ 108 if (la.l2_cid && 109 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 110 return -EINVAL; 111 } 112 113 lock_sock(sk); 114 115 if (sk->sk_state != BT_OPEN) { 116 err = -EBADFD; 117 goto done; 118 } 119 120 if (la.l2_psm) { 121 __u16 psm = __le16_to_cpu(la.l2_psm); 122 123 if (la.l2_bdaddr_type == BDADDR_BREDR) 124 err = l2cap_validate_bredr_psm(psm); 125 else 126 err = l2cap_validate_le_psm(psm); 127 128 if (err) 129 goto done; 130 } 131 132 if (la.l2_cid) 133 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 134 else 135 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 136 137 if (err < 0) 138 goto done; 139 140 switch (chan->chan_type) { 141 case L2CAP_CHAN_CONN_LESS: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 143 chan->sec_level = BT_SECURITY_SDP; 144 break; 145 case L2CAP_CHAN_CONN_ORIENTED: 146 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 147 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 148 chan->sec_level = BT_SECURITY_SDP; 149 break; 150 } 151 152 bacpy(&chan->src, &la.l2_bdaddr); 153 chan->src_type = la.l2_bdaddr_type; 154 155 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 156 chan->mode = L2CAP_MODE_LE_FLOWCTL; 157 158 chan->state = BT_BOUND; 159 sk->sk_state = BT_BOUND; 160 161 done: 162 release_sock(sk); 163 return err; 164 } 165 166 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 167 int alen, int flags) 168 { 169 struct sock *sk = sock->sk; 170 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 171 struct sockaddr_l2 la; 172 int len, err = 0; 173 174 BT_DBG("sk %p", sk); 175 176 if (!addr || alen < sizeof(addr->sa_family) || 177 addr->sa_family != AF_BLUETOOTH) 178 return -EINVAL; 179 180 memset(&la, 0, sizeof(la)); 181 len = min_t(unsigned int, sizeof(la), alen); 182 memcpy(&la, addr, len); 183 184 if (la.l2_cid && la.l2_psm) 185 return -EINVAL; 186 187 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 188 return -EINVAL; 189 190 /* Check that the socket wasn't bound to something that 191 * conflicts with the address given to connect(). If chan->src 192 * is BDADDR_ANY it means bind() was never used, in which case 193 * chan->src_type and la.l2_bdaddr_type do not need to match. 194 */ 195 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 196 bdaddr_type_is_le(la.l2_bdaddr_type)) { 197 /* Old user space versions will try to incorrectly bind 198 * the ATT socket using BDADDR_BREDR. We need to accept 199 * this and fix up the source address type only when 200 * both the source CID and destination CID indicate 201 * ATT. Anything else is an invalid combination. 202 */ 203 if (chan->scid != L2CAP_CID_ATT || 204 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 205 return -EINVAL; 206 207 /* We don't have the hdev available here to make a 208 * better decision on random vs public, but since all 209 * user space versions that exhibit this issue anyway do 210 * not support random local addresses assuming public 211 * here is good enough. 212 */ 213 chan->src_type = BDADDR_LE_PUBLIC; 214 } 215 216 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 217 return -EINVAL; 218 219 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 220 if (!enable_lecoc && la.l2_psm) 221 return -EINVAL; 222 /* We only allow ATT user space socket */ 223 if (la.l2_cid && 224 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 225 return -EINVAL; 226 } 227 228 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 229 chan->mode = L2CAP_MODE_LE_FLOWCTL; 230 231 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 232 &la.l2_bdaddr, la.l2_bdaddr_type); 233 if (err) 234 return err; 235 236 lock_sock(sk); 237 238 err = bt_sock_wait_state(sk, BT_CONNECTED, 239 sock_sndtimeo(sk, flags & O_NONBLOCK)); 240 241 release_sock(sk); 242 243 return err; 244 } 245 246 static int l2cap_sock_listen(struct socket *sock, int backlog) 247 { 248 struct sock *sk = sock->sk; 249 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 250 int err = 0; 251 252 BT_DBG("sk %p backlog %d", sk, backlog); 253 254 lock_sock(sk); 255 256 if (sk->sk_state != BT_BOUND) { 257 err = -EBADFD; 258 goto done; 259 } 260 261 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 262 err = -EINVAL; 263 goto done; 264 } 265 266 switch (chan->mode) { 267 case L2CAP_MODE_BASIC: 268 case L2CAP_MODE_LE_FLOWCTL: 269 break; 270 case L2CAP_MODE_ERTM: 271 case L2CAP_MODE_STREAMING: 272 if (!disable_ertm) 273 break; 274 /* fall through */ 275 default: 276 err = -ENOTSUPP; 277 goto done; 278 } 279 280 sk->sk_max_ack_backlog = backlog; 281 sk->sk_ack_backlog = 0; 282 283 chan->state = BT_LISTEN; 284 sk->sk_state = BT_LISTEN; 285 286 done: 287 release_sock(sk); 288 return err; 289 } 290 291 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 292 int flags) 293 { 294 DECLARE_WAITQUEUE(wait, current); 295 struct sock *sk = sock->sk, *nsk; 296 long timeo; 297 int err = 0; 298 299 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 300 301 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 302 303 BT_DBG("sk %p timeo %ld", sk, timeo); 304 305 /* Wait for an incoming connection. (wake-one). */ 306 add_wait_queue_exclusive(sk_sleep(sk), &wait); 307 while (1) { 308 set_current_state(TASK_INTERRUPTIBLE); 309 310 if (sk->sk_state != BT_LISTEN) { 311 err = -EBADFD; 312 break; 313 } 314 315 nsk = bt_accept_dequeue(sk, newsock); 316 if (nsk) 317 break; 318 319 if (!timeo) { 320 err = -EAGAIN; 321 break; 322 } 323 324 if (signal_pending(current)) { 325 err = sock_intr_errno(timeo); 326 break; 327 } 328 329 release_sock(sk); 330 timeo = schedule_timeout(timeo); 331 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 332 } 333 __set_current_state(TASK_RUNNING); 334 remove_wait_queue(sk_sleep(sk), &wait); 335 336 if (err) 337 goto done; 338 339 newsock->state = SS_CONNECTED; 340 341 BT_DBG("new socket %p", nsk); 342 343 done: 344 release_sock(sk); 345 return err; 346 } 347 348 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 349 int *len, int peer) 350 { 351 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 352 struct sock *sk = sock->sk; 353 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 354 355 BT_DBG("sock %p, sk %p", sock, sk); 356 357 memset(la, 0, sizeof(struct sockaddr_l2)); 358 addr->sa_family = AF_BLUETOOTH; 359 *len = sizeof(struct sockaddr_l2); 360 361 if (peer) { 362 la->l2_psm = chan->psm; 363 bacpy(&la->l2_bdaddr, &chan->dst); 364 la->l2_cid = cpu_to_le16(chan->dcid); 365 la->l2_bdaddr_type = chan->dst_type; 366 } else { 367 la->l2_psm = chan->sport; 368 bacpy(&la->l2_bdaddr, &chan->src); 369 la->l2_cid = cpu_to_le16(chan->scid); 370 la->l2_bdaddr_type = chan->src_type; 371 } 372 373 return 0; 374 } 375 376 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 377 char __user *optval, int __user *optlen) 378 { 379 struct sock *sk = sock->sk; 380 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 381 struct l2cap_options opts; 382 struct l2cap_conninfo cinfo; 383 int len, err = 0; 384 u32 opt; 385 386 BT_DBG("sk %p", sk); 387 388 if (get_user(len, optlen)) 389 return -EFAULT; 390 391 lock_sock(sk); 392 393 switch (optname) { 394 case L2CAP_OPTIONS: 395 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 396 * legacy ATT code depends on getsockopt for 397 * L2CAP_OPTIONS we need to let this pass. 398 */ 399 if (bdaddr_type_is_le(chan->src_type) && 400 chan->scid != L2CAP_CID_ATT) { 401 err = -EINVAL; 402 break; 403 } 404 405 memset(&opts, 0, sizeof(opts)); 406 opts.imtu = chan->imtu; 407 opts.omtu = chan->omtu; 408 opts.flush_to = chan->flush_to; 409 opts.mode = chan->mode; 410 opts.fcs = chan->fcs; 411 opts.max_tx = chan->max_tx; 412 opts.txwin_size = chan->tx_win; 413 414 len = min_t(unsigned int, len, sizeof(opts)); 415 if (copy_to_user(optval, (char *) &opts, len)) 416 err = -EFAULT; 417 418 break; 419 420 case L2CAP_LM: 421 switch (chan->sec_level) { 422 case BT_SECURITY_LOW: 423 opt = L2CAP_LM_AUTH; 424 break; 425 case BT_SECURITY_MEDIUM: 426 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 427 break; 428 case BT_SECURITY_HIGH: 429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 430 L2CAP_LM_SECURE; 431 break; 432 default: 433 opt = 0; 434 break; 435 } 436 437 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 438 opt |= L2CAP_LM_MASTER; 439 440 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 441 opt |= L2CAP_LM_RELIABLE; 442 443 if (put_user(opt, (u32 __user *) optval)) 444 err = -EFAULT; 445 break; 446 447 case L2CAP_CONNINFO: 448 if (sk->sk_state != BT_CONNECTED && 449 !(sk->sk_state == BT_CONNECT2 && 450 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 451 err = -ENOTCONN; 452 break; 453 } 454 455 memset(&cinfo, 0, sizeof(cinfo)); 456 cinfo.hci_handle = chan->conn->hcon->handle; 457 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 458 459 len = min_t(unsigned int, len, sizeof(cinfo)); 460 if (copy_to_user(optval, (char *) &cinfo, len)) 461 err = -EFAULT; 462 463 break; 464 465 default: 466 err = -ENOPROTOOPT; 467 break; 468 } 469 470 release_sock(sk); 471 return err; 472 } 473 474 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 475 char __user *optval, int __user *optlen) 476 { 477 struct sock *sk = sock->sk; 478 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 479 struct bt_security sec; 480 struct bt_power pwr; 481 int len, err = 0; 482 483 BT_DBG("sk %p", sk); 484 485 if (level == SOL_L2CAP) 486 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 487 488 if (level != SOL_BLUETOOTH) 489 return -ENOPROTOOPT; 490 491 if (get_user(len, optlen)) 492 return -EFAULT; 493 494 lock_sock(sk); 495 496 switch (optname) { 497 case BT_SECURITY: 498 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 499 chan->chan_type != L2CAP_CHAN_RAW) { 500 err = -EINVAL; 501 break; 502 } 503 504 memset(&sec, 0, sizeof(sec)); 505 if (chan->conn) { 506 sec.level = chan->conn->hcon->sec_level; 507 508 if (sk->sk_state == BT_CONNECTED) 509 sec.key_size = chan->conn->hcon->enc_key_size; 510 } else { 511 sec.level = chan->sec_level; 512 } 513 514 len = min_t(unsigned int, len, sizeof(sec)); 515 if (copy_to_user(optval, (char *) &sec, len)) 516 err = -EFAULT; 517 518 break; 519 520 case BT_DEFER_SETUP: 521 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 522 err = -EINVAL; 523 break; 524 } 525 526 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 527 (u32 __user *) optval)) 528 err = -EFAULT; 529 530 break; 531 532 case BT_FLUSHABLE: 533 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 534 (u32 __user *) optval)) 535 err = -EFAULT; 536 537 break; 538 539 case BT_POWER: 540 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 541 && sk->sk_type != SOCK_RAW) { 542 err = -EINVAL; 543 break; 544 } 545 546 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 547 548 len = min_t(unsigned int, len, sizeof(pwr)); 549 if (copy_to_user(optval, (char *) &pwr, len)) 550 err = -EFAULT; 551 552 break; 553 554 case BT_CHANNEL_POLICY: 555 if (put_user(chan->chan_policy, (u32 __user *) optval)) 556 err = -EFAULT; 557 break; 558 559 case BT_SNDMTU: 560 if (!enable_lecoc) { 561 err = -EPROTONOSUPPORT; 562 break; 563 } 564 565 if (!bdaddr_type_is_le(chan->src_type)) { 566 err = -EINVAL; 567 break; 568 } 569 570 if (sk->sk_state != BT_CONNECTED) { 571 err = -ENOTCONN; 572 break; 573 } 574 575 if (put_user(chan->omtu, (u16 __user *) optval)) 576 err = -EFAULT; 577 break; 578 579 case BT_RCVMTU: 580 if (!enable_lecoc) { 581 err = -EPROTONOSUPPORT; 582 break; 583 } 584 585 if (!bdaddr_type_is_le(chan->src_type)) { 586 err = -EINVAL; 587 break; 588 } 589 590 if (put_user(chan->imtu, (u16 __user *) optval)) 591 err = -EFAULT; 592 break; 593 594 default: 595 err = -ENOPROTOOPT; 596 break; 597 } 598 599 release_sock(sk); 600 return err; 601 } 602 603 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 604 { 605 switch (chan->scid) { 606 case L2CAP_CID_ATT: 607 if (mtu < L2CAP_LE_MIN_MTU) 608 return false; 609 break; 610 611 default: 612 if (mtu < L2CAP_DEFAULT_MIN_MTU) 613 return false; 614 } 615 616 return true; 617 } 618 619 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 620 char __user *optval, unsigned int optlen) 621 { 622 struct sock *sk = sock->sk; 623 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 624 struct l2cap_options opts; 625 int len, err = 0; 626 u32 opt; 627 628 BT_DBG("sk %p", sk); 629 630 lock_sock(sk); 631 632 switch (optname) { 633 case L2CAP_OPTIONS: 634 if (bdaddr_type_is_le(chan->src_type)) { 635 err = -EINVAL; 636 break; 637 } 638 639 if (sk->sk_state == BT_CONNECTED) { 640 err = -EINVAL; 641 break; 642 } 643 644 opts.imtu = chan->imtu; 645 opts.omtu = chan->omtu; 646 opts.flush_to = chan->flush_to; 647 opts.mode = chan->mode; 648 opts.fcs = chan->fcs; 649 opts.max_tx = chan->max_tx; 650 opts.txwin_size = chan->tx_win; 651 652 len = min_t(unsigned int, sizeof(opts), optlen); 653 if (copy_from_user((char *) &opts, optval, len)) { 654 err = -EFAULT; 655 break; 656 } 657 658 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 659 err = -EINVAL; 660 break; 661 } 662 663 if (!l2cap_valid_mtu(chan, opts.imtu)) { 664 err = -EINVAL; 665 break; 666 } 667 668 chan->mode = opts.mode; 669 switch (chan->mode) { 670 case L2CAP_MODE_LE_FLOWCTL: 671 break; 672 case L2CAP_MODE_BASIC: 673 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 674 break; 675 case L2CAP_MODE_ERTM: 676 case L2CAP_MODE_STREAMING: 677 if (!disable_ertm) 678 break; 679 /* fall through */ 680 default: 681 err = -EINVAL; 682 break; 683 } 684 685 chan->imtu = opts.imtu; 686 chan->omtu = opts.omtu; 687 chan->fcs = opts.fcs; 688 chan->max_tx = opts.max_tx; 689 chan->tx_win = opts.txwin_size; 690 chan->flush_to = opts.flush_to; 691 break; 692 693 case L2CAP_LM: 694 if (get_user(opt, (u32 __user *) optval)) { 695 err = -EFAULT; 696 break; 697 } 698 699 if (opt & L2CAP_LM_AUTH) 700 chan->sec_level = BT_SECURITY_LOW; 701 if (opt & L2CAP_LM_ENCRYPT) 702 chan->sec_level = BT_SECURITY_MEDIUM; 703 if (opt & L2CAP_LM_SECURE) 704 chan->sec_level = BT_SECURITY_HIGH; 705 706 if (opt & L2CAP_LM_MASTER) 707 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 708 else 709 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 710 711 if (opt & L2CAP_LM_RELIABLE) 712 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 713 else 714 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 715 break; 716 717 default: 718 err = -ENOPROTOOPT; 719 break; 720 } 721 722 release_sock(sk); 723 return err; 724 } 725 726 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 727 char __user *optval, unsigned int optlen) 728 { 729 struct sock *sk = sock->sk; 730 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 731 struct bt_security sec; 732 struct bt_power pwr; 733 struct l2cap_conn *conn; 734 int len, err = 0; 735 u32 opt; 736 737 BT_DBG("sk %p", sk); 738 739 if (level == SOL_L2CAP) 740 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 741 742 if (level != SOL_BLUETOOTH) 743 return -ENOPROTOOPT; 744 745 lock_sock(sk); 746 747 switch (optname) { 748 case BT_SECURITY: 749 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 750 chan->chan_type != L2CAP_CHAN_RAW) { 751 err = -EINVAL; 752 break; 753 } 754 755 sec.level = BT_SECURITY_LOW; 756 757 len = min_t(unsigned int, sizeof(sec), optlen); 758 if (copy_from_user((char *) &sec, optval, len)) { 759 err = -EFAULT; 760 break; 761 } 762 763 if (sec.level < BT_SECURITY_LOW || 764 sec.level > BT_SECURITY_HIGH) { 765 err = -EINVAL; 766 break; 767 } 768 769 chan->sec_level = sec.level; 770 771 if (!chan->conn) 772 break; 773 774 conn = chan->conn; 775 776 /*change security for LE channels */ 777 if (chan->scid == L2CAP_CID_ATT) { 778 if (!conn->hcon->out) { 779 err = -EINVAL; 780 break; 781 } 782 783 if (smp_conn_security(conn->hcon, sec.level)) 784 break; 785 sk->sk_state = BT_CONFIG; 786 chan->state = BT_CONFIG; 787 788 /* or for ACL link */ 789 } else if ((sk->sk_state == BT_CONNECT2 && 790 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 791 sk->sk_state == BT_CONNECTED) { 792 if (!l2cap_chan_check_security(chan)) 793 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 794 else 795 sk->sk_state_change(sk); 796 } else { 797 err = -EINVAL; 798 } 799 break; 800 801 case BT_DEFER_SETUP: 802 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 803 err = -EINVAL; 804 break; 805 } 806 807 if (get_user(opt, (u32 __user *) optval)) { 808 err = -EFAULT; 809 break; 810 } 811 812 if (opt) { 813 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 814 set_bit(FLAG_DEFER_SETUP, &chan->flags); 815 } else { 816 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 817 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 818 } 819 break; 820 821 case BT_FLUSHABLE: 822 if (get_user(opt, (u32 __user *) optval)) { 823 err = -EFAULT; 824 break; 825 } 826 827 if (opt > BT_FLUSHABLE_ON) { 828 err = -EINVAL; 829 break; 830 } 831 832 if (opt == BT_FLUSHABLE_OFF) { 833 conn = chan->conn; 834 /* proceed further only when we have l2cap_conn and 835 No Flush support in the LM */ 836 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 837 err = -EINVAL; 838 break; 839 } 840 } 841 842 if (opt) 843 set_bit(FLAG_FLUSHABLE, &chan->flags); 844 else 845 clear_bit(FLAG_FLUSHABLE, &chan->flags); 846 break; 847 848 case BT_POWER: 849 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 850 chan->chan_type != L2CAP_CHAN_RAW) { 851 err = -EINVAL; 852 break; 853 } 854 855 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 856 857 len = min_t(unsigned int, sizeof(pwr), optlen); 858 if (copy_from_user((char *) &pwr, optval, len)) { 859 err = -EFAULT; 860 break; 861 } 862 863 if (pwr.force_active) 864 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 865 else 866 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 867 break; 868 869 case BT_CHANNEL_POLICY: 870 if (get_user(opt, (u32 __user *) optval)) { 871 err = -EFAULT; 872 break; 873 } 874 875 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 876 err = -EINVAL; 877 break; 878 } 879 880 if (chan->mode != L2CAP_MODE_ERTM && 881 chan->mode != L2CAP_MODE_STREAMING) { 882 err = -EOPNOTSUPP; 883 break; 884 } 885 886 chan->chan_policy = (u8) opt; 887 888 if (sk->sk_state == BT_CONNECTED && 889 chan->move_role == L2CAP_MOVE_ROLE_NONE) 890 l2cap_move_start(chan); 891 892 break; 893 894 case BT_SNDMTU: 895 if (!enable_lecoc) { 896 err = -EPROTONOSUPPORT; 897 break; 898 } 899 900 if (!bdaddr_type_is_le(chan->src_type)) { 901 err = -EINVAL; 902 break; 903 } 904 905 /* Setting is not supported as it's the remote side that 906 * decides this. 907 */ 908 err = -EPERM; 909 break; 910 911 case BT_RCVMTU: 912 if (!enable_lecoc) { 913 err = -EPROTONOSUPPORT; 914 break; 915 } 916 917 if (!bdaddr_type_is_le(chan->src_type)) { 918 err = -EINVAL; 919 break; 920 } 921 922 if (sk->sk_state == BT_CONNECTED) { 923 err = -EISCONN; 924 break; 925 } 926 927 if (get_user(opt, (u32 __user *) optval)) { 928 err = -EFAULT; 929 break; 930 } 931 932 chan->imtu = opt; 933 break; 934 935 default: 936 err = -ENOPROTOOPT; 937 break; 938 } 939 940 release_sock(sk); 941 return err; 942 } 943 944 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 945 struct msghdr *msg, size_t len) 946 { 947 struct sock *sk = sock->sk; 948 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 949 int err; 950 951 BT_DBG("sock %p, sk %p", sock, sk); 952 953 err = sock_error(sk); 954 if (err) 955 return err; 956 957 if (msg->msg_flags & MSG_OOB) 958 return -EOPNOTSUPP; 959 960 if (sk->sk_state != BT_CONNECTED) 961 return -ENOTCONN; 962 963 lock_sock(sk); 964 err = bt_sock_wait_ready(sk, msg->msg_flags); 965 release_sock(sk); 966 if (err) 967 return err; 968 969 l2cap_chan_lock(chan); 970 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 971 l2cap_chan_unlock(chan); 972 973 return err; 974 } 975 976 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 977 struct msghdr *msg, size_t len, int flags) 978 { 979 struct sock *sk = sock->sk; 980 struct l2cap_pinfo *pi = l2cap_pi(sk); 981 int err; 982 983 lock_sock(sk); 984 985 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 986 &bt_sk(sk)->flags)) { 987 if (bdaddr_type_is_le(pi->chan->src_type)) { 988 sk->sk_state = BT_CONNECTED; 989 pi->chan->state = BT_CONNECTED; 990 __l2cap_le_connect_rsp_defer(pi->chan); 991 } else { 992 sk->sk_state = BT_CONFIG; 993 pi->chan->state = BT_CONFIG; 994 __l2cap_connect_rsp_defer(pi->chan); 995 } 996 997 err = 0; 998 goto done; 999 } 1000 1001 release_sock(sk); 1002 1003 if (sock->type == SOCK_STREAM) 1004 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1005 else 1006 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1007 1008 if (pi->chan->mode != L2CAP_MODE_ERTM) 1009 return err; 1010 1011 /* Attempt to put pending rx data in the socket buffer */ 1012 1013 lock_sock(sk); 1014 1015 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1016 goto done; 1017 1018 if (pi->rx_busy_skb) { 1019 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1020 pi->rx_busy_skb = NULL; 1021 else 1022 goto done; 1023 } 1024 1025 /* Restore data flow when half of the receive buffer is 1026 * available. This avoids resending large numbers of 1027 * frames. 1028 */ 1029 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1030 l2cap_chan_busy(pi->chan, 0); 1031 1032 done: 1033 release_sock(sk); 1034 return err; 1035 } 1036 1037 /* Kill socket (only if zapped and orphan) 1038 * Must be called on unlocked socket. 1039 */ 1040 static void l2cap_sock_kill(struct sock *sk) 1041 { 1042 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1043 return; 1044 1045 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1046 1047 /* Kill poor orphan */ 1048 1049 l2cap_chan_put(l2cap_pi(sk)->chan); 1050 sock_set_flag(sk, SOCK_DEAD); 1051 sock_put(sk); 1052 } 1053 1054 static int __l2cap_wait_ack(struct sock *sk) 1055 { 1056 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1057 DECLARE_WAITQUEUE(wait, current); 1058 int err = 0; 1059 int timeo = HZ/5; 1060 1061 add_wait_queue(sk_sleep(sk), &wait); 1062 set_current_state(TASK_INTERRUPTIBLE); 1063 while (chan->unacked_frames > 0 && chan->conn) { 1064 if (!timeo) 1065 timeo = HZ/5; 1066 1067 if (signal_pending(current)) { 1068 err = sock_intr_errno(timeo); 1069 break; 1070 } 1071 1072 release_sock(sk); 1073 timeo = schedule_timeout(timeo); 1074 lock_sock(sk); 1075 set_current_state(TASK_INTERRUPTIBLE); 1076 1077 err = sock_error(sk); 1078 if (err) 1079 break; 1080 } 1081 set_current_state(TASK_RUNNING); 1082 remove_wait_queue(sk_sleep(sk), &wait); 1083 return err; 1084 } 1085 1086 static int l2cap_sock_shutdown(struct socket *sock, int how) 1087 { 1088 struct sock *sk = sock->sk; 1089 struct l2cap_chan *chan; 1090 struct l2cap_conn *conn; 1091 int err = 0; 1092 1093 BT_DBG("sock %p, sk %p", sock, sk); 1094 1095 if (!sk) 1096 return 0; 1097 1098 chan = l2cap_pi(sk)->chan; 1099 conn = chan->conn; 1100 1101 if (conn) 1102 mutex_lock(&conn->chan_lock); 1103 1104 l2cap_chan_lock(chan); 1105 lock_sock(sk); 1106 1107 if (!sk->sk_shutdown) { 1108 if (chan->mode == L2CAP_MODE_ERTM) 1109 err = __l2cap_wait_ack(sk); 1110 1111 sk->sk_shutdown = SHUTDOWN_MASK; 1112 1113 release_sock(sk); 1114 l2cap_chan_close(chan, 0); 1115 lock_sock(sk); 1116 1117 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1118 err = bt_sock_wait_state(sk, BT_CLOSED, 1119 sk->sk_lingertime); 1120 } 1121 1122 if (!err && sk->sk_err) 1123 err = -sk->sk_err; 1124 1125 release_sock(sk); 1126 l2cap_chan_unlock(chan); 1127 1128 if (conn) 1129 mutex_unlock(&conn->chan_lock); 1130 1131 return err; 1132 } 1133 1134 static int l2cap_sock_release(struct socket *sock) 1135 { 1136 struct sock *sk = sock->sk; 1137 int err; 1138 1139 BT_DBG("sock %p, sk %p", sock, sk); 1140 1141 if (!sk) 1142 return 0; 1143 1144 bt_sock_unlink(&l2cap_sk_list, sk); 1145 1146 err = l2cap_sock_shutdown(sock, 2); 1147 1148 sock_orphan(sk); 1149 l2cap_sock_kill(sk); 1150 return err; 1151 } 1152 1153 static void l2cap_sock_cleanup_listen(struct sock *parent) 1154 { 1155 struct sock *sk; 1156 1157 BT_DBG("parent %p", parent); 1158 1159 /* Close not yet accepted channels */ 1160 while ((sk = bt_accept_dequeue(parent, NULL))) { 1161 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1162 1163 l2cap_chan_lock(chan); 1164 __clear_chan_timer(chan); 1165 l2cap_chan_close(chan, ECONNRESET); 1166 l2cap_chan_unlock(chan); 1167 1168 l2cap_sock_kill(sk); 1169 } 1170 } 1171 1172 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1173 { 1174 struct sock *sk, *parent = chan->data; 1175 1176 lock_sock(parent); 1177 1178 /* Check for backlog size */ 1179 if (sk_acceptq_is_full(parent)) { 1180 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1181 return NULL; 1182 } 1183 1184 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1185 GFP_ATOMIC); 1186 if (!sk) 1187 return NULL; 1188 1189 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1190 1191 l2cap_sock_init(sk, parent); 1192 1193 bt_accept_enqueue(parent, sk); 1194 1195 release_sock(parent); 1196 1197 return l2cap_pi(sk)->chan; 1198 } 1199 1200 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1201 { 1202 struct sock *sk = chan->data; 1203 int err; 1204 1205 lock_sock(sk); 1206 1207 if (l2cap_pi(sk)->rx_busy_skb) { 1208 err = -ENOMEM; 1209 goto done; 1210 } 1211 1212 err = sock_queue_rcv_skb(sk, skb); 1213 1214 /* For ERTM, handle one skb that doesn't fit into the recv 1215 * buffer. This is important to do because the data frames 1216 * have already been acked, so the skb cannot be discarded. 1217 * 1218 * Notify the l2cap core that the buffer is full, so the 1219 * LOCAL_BUSY state is entered and no more frames are 1220 * acked and reassembled until there is buffer space 1221 * available. 1222 */ 1223 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1224 l2cap_pi(sk)->rx_busy_skb = skb; 1225 l2cap_chan_busy(chan, 1); 1226 err = 0; 1227 } 1228 1229 done: 1230 release_sock(sk); 1231 1232 return err; 1233 } 1234 1235 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1236 { 1237 struct sock *sk = chan->data; 1238 1239 l2cap_sock_kill(sk); 1240 } 1241 1242 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1243 { 1244 struct sock *sk = chan->data; 1245 struct sock *parent; 1246 1247 lock_sock(sk); 1248 1249 parent = bt_sk(sk)->parent; 1250 1251 sock_set_flag(sk, SOCK_ZAPPED); 1252 1253 switch (chan->state) { 1254 case BT_OPEN: 1255 case BT_BOUND: 1256 case BT_CLOSED: 1257 break; 1258 case BT_LISTEN: 1259 l2cap_sock_cleanup_listen(sk); 1260 sk->sk_state = BT_CLOSED; 1261 chan->state = BT_CLOSED; 1262 1263 break; 1264 default: 1265 sk->sk_state = BT_CLOSED; 1266 chan->state = BT_CLOSED; 1267 1268 sk->sk_err = err; 1269 1270 if (parent) { 1271 bt_accept_unlink(sk); 1272 parent->sk_data_ready(parent, 0); 1273 } else { 1274 sk->sk_state_change(sk); 1275 } 1276 1277 break; 1278 } 1279 1280 release_sock(sk); 1281 } 1282 1283 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1284 int err) 1285 { 1286 struct sock *sk = chan->data; 1287 1288 sk->sk_state = state; 1289 1290 if (err) 1291 sk->sk_err = err; 1292 } 1293 1294 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1295 unsigned long len, int nb) 1296 { 1297 struct sock *sk = chan->data; 1298 struct sk_buff *skb; 1299 int err; 1300 1301 l2cap_chan_unlock(chan); 1302 skb = bt_skb_send_alloc(sk, len, nb, &err); 1303 l2cap_chan_lock(chan); 1304 1305 if (!skb) 1306 return ERR_PTR(err); 1307 1308 bt_cb(skb)->chan = chan; 1309 1310 return skb; 1311 } 1312 1313 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1314 { 1315 struct sock *sk = chan->data; 1316 struct sock *parent; 1317 1318 lock_sock(sk); 1319 1320 parent = bt_sk(sk)->parent; 1321 1322 BT_DBG("sk %p, parent %p", sk, parent); 1323 1324 sk->sk_state = BT_CONNECTED; 1325 sk->sk_state_change(sk); 1326 1327 if (parent) 1328 parent->sk_data_ready(parent, 0); 1329 1330 release_sock(sk); 1331 } 1332 1333 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1334 { 1335 struct sock *parent, *sk = chan->data; 1336 1337 lock_sock(sk); 1338 1339 parent = bt_sk(sk)->parent; 1340 if (parent) 1341 parent->sk_data_ready(parent, 0); 1342 1343 release_sock(sk); 1344 } 1345 1346 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1347 { 1348 struct sock *sk = chan->data; 1349 1350 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1351 sk->sk_state_change(sk); 1352 } 1353 1354 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1355 { 1356 struct sock *sk = chan->data; 1357 1358 lock_sock(sk); 1359 sk->sk_shutdown = SHUTDOWN_MASK; 1360 release_sock(sk); 1361 } 1362 1363 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1364 { 1365 struct sock *sk = chan->data; 1366 1367 return sk->sk_sndtimeo; 1368 } 1369 1370 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1371 { 1372 struct sock *sk = chan->data; 1373 1374 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1375 sk->sk_state_change(sk); 1376 } 1377 1378 static struct l2cap_ops l2cap_chan_ops = { 1379 .name = "L2CAP Socket Interface", 1380 .new_connection = l2cap_sock_new_connection_cb, 1381 .recv = l2cap_sock_recv_cb, 1382 .close = l2cap_sock_close_cb, 1383 .teardown = l2cap_sock_teardown_cb, 1384 .state_change = l2cap_sock_state_change_cb, 1385 .ready = l2cap_sock_ready_cb, 1386 .defer = l2cap_sock_defer_cb, 1387 .resume = l2cap_sock_resume_cb, 1388 .suspend = l2cap_sock_suspend_cb, 1389 .set_shutdown = l2cap_sock_set_shutdown_cb, 1390 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1391 .alloc_skb = l2cap_sock_alloc_skb_cb, 1392 }; 1393 1394 static void l2cap_sock_destruct(struct sock *sk) 1395 { 1396 BT_DBG("sk %p", sk); 1397 1398 if (l2cap_pi(sk)->chan) 1399 l2cap_chan_put(l2cap_pi(sk)->chan); 1400 1401 if (l2cap_pi(sk)->rx_busy_skb) { 1402 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1403 l2cap_pi(sk)->rx_busy_skb = NULL; 1404 } 1405 1406 skb_queue_purge(&sk->sk_receive_queue); 1407 skb_queue_purge(&sk->sk_write_queue); 1408 } 1409 1410 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1411 int *msg_namelen) 1412 { 1413 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name; 1414 1415 memset(la, 0, sizeof(struct sockaddr_l2)); 1416 la->l2_family = AF_BLUETOOTH; 1417 la->l2_psm = bt_cb(skb)->psm; 1418 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1419 1420 *msg_namelen = sizeof(struct sockaddr_l2); 1421 } 1422 1423 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1424 { 1425 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1426 1427 BT_DBG("sk %p", sk); 1428 1429 if (parent) { 1430 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1431 1432 sk->sk_type = parent->sk_type; 1433 bt_sk(sk)->flags = bt_sk(parent)->flags; 1434 1435 chan->chan_type = pchan->chan_type; 1436 chan->imtu = pchan->imtu; 1437 chan->omtu = pchan->omtu; 1438 chan->conf_state = pchan->conf_state; 1439 chan->mode = pchan->mode; 1440 chan->fcs = pchan->fcs; 1441 chan->max_tx = pchan->max_tx; 1442 chan->tx_win = pchan->tx_win; 1443 chan->tx_win_max = pchan->tx_win_max; 1444 chan->sec_level = pchan->sec_level; 1445 chan->flags = pchan->flags; 1446 chan->tx_credits = pchan->tx_credits; 1447 chan->rx_credits = pchan->rx_credits; 1448 1449 security_sk_clone(parent, sk); 1450 } else { 1451 switch (sk->sk_type) { 1452 case SOCK_RAW: 1453 chan->chan_type = L2CAP_CHAN_RAW; 1454 break; 1455 case SOCK_DGRAM: 1456 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1457 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1458 break; 1459 case SOCK_SEQPACKET: 1460 case SOCK_STREAM: 1461 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1462 break; 1463 } 1464 1465 chan->imtu = L2CAP_DEFAULT_MTU; 1466 chan->omtu = 0; 1467 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1468 chan->mode = L2CAP_MODE_ERTM; 1469 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1470 } else { 1471 chan->mode = L2CAP_MODE_BASIC; 1472 } 1473 1474 l2cap_chan_set_defaults(chan); 1475 } 1476 1477 /* Default config options */ 1478 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1479 1480 chan->data = sk; 1481 chan->ops = &l2cap_chan_ops; 1482 } 1483 1484 static struct proto l2cap_proto = { 1485 .name = "L2CAP", 1486 .owner = THIS_MODULE, 1487 .obj_size = sizeof(struct l2cap_pinfo) 1488 }; 1489 1490 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1491 int proto, gfp_t prio) 1492 { 1493 struct sock *sk; 1494 struct l2cap_chan *chan; 1495 1496 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1497 if (!sk) 1498 return NULL; 1499 1500 sock_init_data(sock, sk); 1501 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1502 1503 sk->sk_destruct = l2cap_sock_destruct; 1504 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1505 1506 sock_reset_flag(sk, SOCK_ZAPPED); 1507 1508 sk->sk_protocol = proto; 1509 sk->sk_state = BT_OPEN; 1510 1511 chan = l2cap_chan_create(); 1512 if (!chan) { 1513 sk_free(sk); 1514 return NULL; 1515 } 1516 1517 l2cap_chan_hold(chan); 1518 1519 l2cap_pi(sk)->chan = chan; 1520 1521 return sk; 1522 } 1523 1524 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1525 int kern) 1526 { 1527 struct sock *sk; 1528 1529 BT_DBG("sock %p", sock); 1530 1531 sock->state = SS_UNCONNECTED; 1532 1533 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1534 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1535 return -ESOCKTNOSUPPORT; 1536 1537 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1538 return -EPERM; 1539 1540 sock->ops = &l2cap_sock_ops; 1541 1542 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1543 if (!sk) 1544 return -ENOMEM; 1545 1546 l2cap_sock_init(sk, NULL); 1547 bt_sock_link(&l2cap_sk_list, sk); 1548 return 0; 1549 } 1550 1551 static const struct proto_ops l2cap_sock_ops = { 1552 .family = PF_BLUETOOTH, 1553 .owner = THIS_MODULE, 1554 .release = l2cap_sock_release, 1555 .bind = l2cap_sock_bind, 1556 .connect = l2cap_sock_connect, 1557 .listen = l2cap_sock_listen, 1558 .accept = l2cap_sock_accept, 1559 .getname = l2cap_sock_getname, 1560 .sendmsg = l2cap_sock_sendmsg, 1561 .recvmsg = l2cap_sock_recvmsg, 1562 .poll = bt_sock_poll, 1563 .ioctl = bt_sock_ioctl, 1564 .mmap = sock_no_mmap, 1565 .socketpair = sock_no_socketpair, 1566 .shutdown = l2cap_sock_shutdown, 1567 .setsockopt = l2cap_sock_setsockopt, 1568 .getsockopt = l2cap_sock_getsockopt 1569 }; 1570 1571 static const struct net_proto_family l2cap_sock_family_ops = { 1572 .family = PF_BLUETOOTH, 1573 .owner = THIS_MODULE, 1574 .create = l2cap_sock_create, 1575 }; 1576 1577 int __init l2cap_init_sockets(void) 1578 { 1579 int err; 1580 1581 err = proto_register(&l2cap_proto, 0); 1582 if (err < 0) 1583 return err; 1584 1585 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1586 if (err < 0) { 1587 BT_ERR("L2CAP socket registration failed"); 1588 goto error; 1589 } 1590 1591 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1592 NULL); 1593 if (err < 0) { 1594 BT_ERR("Failed to create L2CAP proc file"); 1595 bt_sock_unregister(BTPROTO_L2CAP); 1596 goto error; 1597 } 1598 1599 BT_INFO("L2CAP socket layer initialized"); 1600 1601 return 0; 1602 1603 error: 1604 proto_unregister(&l2cap_proto); 1605 return err; 1606 } 1607 1608 void l2cap_cleanup_sockets(void) 1609 { 1610 bt_procfs_cleanup(&init_net, "l2cap"); 1611 bt_sock_unregister(BTPROTO_L2CAP); 1612 proto_unregister(&l2cap_proto); 1613 } 1614 1615 module_param(enable_lecoc, bool, 0644); 1616 MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC"); 1617