1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 37 #include "smp.h" 38 39 static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41 }; 42 43 static const struct proto_ops l2cap_sock_ops; 44 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio); 47 48 bool l2cap_is_socket(struct socket *sock) 49 { 50 return sock && sock->ops == &l2cap_sock_ops; 51 } 52 EXPORT_SYMBOL(l2cap_is_socket); 53 54 static int l2cap_validate_bredr_psm(u16 psm) 55 { 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65 } 66 67 static int l2cap_validate_le_psm(u16 psm) 68 { 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78 } 79 80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81 { 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 103 /* We only allow ATT user space socket */ 104 if (la.l2_cid && 105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 106 return -EINVAL; 107 } 108 109 lock_sock(sk); 110 111 if (sk->sk_state != BT_OPEN) { 112 err = -EBADFD; 113 goto done; 114 } 115 116 if (la.l2_psm) { 117 __u16 psm = __le16_to_cpu(la.l2_psm); 118 119 if (la.l2_bdaddr_type == BDADDR_BREDR) 120 err = l2cap_validate_bredr_psm(psm); 121 else 122 err = l2cap_validate_le_psm(psm); 123 124 if (err) 125 goto done; 126 } 127 128 if (la.l2_cid) 129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 130 else 131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 132 133 if (err < 0) 134 goto done; 135 136 switch (chan->chan_type) { 137 case L2CAP_CHAN_CONN_LESS: 138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 139 chan->sec_level = BT_SECURITY_SDP; 140 break; 141 case L2CAP_CHAN_CONN_ORIENTED: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 144 chan->sec_level = BT_SECURITY_SDP; 145 break; 146 case L2CAP_CHAN_RAW: 147 chan->sec_level = BT_SECURITY_SDP; 148 break; 149 case L2CAP_CHAN_FIXED: 150 /* Fixed channels default to the L2CAP core not holding a 151 * hci_conn reference for them. For fixed channels mapping to 152 * L2CAP sockets we do want to hold a reference so set the 153 * appropriate flag to request it. 154 */ 155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 156 break; 157 } 158 159 bacpy(&chan->src, &la.l2_bdaddr); 160 chan->src_type = la.l2_bdaddr_type; 161 162 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 163 chan->mode = L2CAP_MODE_LE_FLOWCTL; 164 165 chan->state = BT_BOUND; 166 sk->sk_state = BT_BOUND; 167 168 done: 169 release_sock(sk); 170 return err; 171 } 172 173 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 174 int alen, int flags) 175 { 176 struct sock *sk = sock->sk; 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 178 struct sockaddr_l2 la; 179 int len, err = 0; 180 181 BT_DBG("sk %p", sk); 182 183 if (!addr || alen < sizeof(addr->sa_family) || 184 addr->sa_family != AF_BLUETOOTH) 185 return -EINVAL; 186 187 memset(&la, 0, sizeof(la)); 188 len = min_t(unsigned int, sizeof(la), alen); 189 memcpy(&la, addr, len); 190 191 if (la.l2_cid && la.l2_psm) 192 return -EINVAL; 193 194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 195 return -EINVAL; 196 197 /* Check that the socket wasn't bound to something that 198 * conflicts with the address given to connect(). If chan->src 199 * is BDADDR_ANY it means bind() was never used, in which case 200 * chan->src_type and la.l2_bdaddr_type do not need to match. 201 */ 202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 203 bdaddr_type_is_le(la.l2_bdaddr_type)) { 204 /* Old user space versions will try to incorrectly bind 205 * the ATT socket using BDADDR_BREDR. We need to accept 206 * this and fix up the source address type only when 207 * both the source CID and destination CID indicate 208 * ATT. Anything else is an invalid combination. 209 */ 210 if (chan->scid != L2CAP_CID_ATT || 211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 212 return -EINVAL; 213 214 /* We don't have the hdev available here to make a 215 * better decision on random vs public, but since all 216 * user space versions that exhibit this issue anyway do 217 * not support random local addresses assuming public 218 * here is good enough. 219 */ 220 chan->src_type = BDADDR_LE_PUBLIC; 221 } 222 223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 224 return -EINVAL; 225 226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 227 /* We only allow ATT user space socket */ 228 if (la.l2_cid && 229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 230 return -EINVAL; 231 } 232 233 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 234 chan->mode = L2CAP_MODE_LE_FLOWCTL; 235 236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 237 &la.l2_bdaddr, la.l2_bdaddr_type); 238 if (err) 239 return err; 240 241 lock_sock(sk); 242 243 err = bt_sock_wait_state(sk, BT_CONNECTED, 244 sock_sndtimeo(sk, flags & O_NONBLOCK)); 245 246 release_sock(sk); 247 248 return err; 249 } 250 251 static int l2cap_sock_listen(struct socket *sock, int backlog) 252 { 253 struct sock *sk = sock->sk; 254 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 255 int err = 0; 256 257 BT_DBG("sk %p backlog %d", sk, backlog); 258 259 lock_sock(sk); 260 261 if (sk->sk_state != BT_BOUND) { 262 err = -EBADFD; 263 goto done; 264 } 265 266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 267 err = -EINVAL; 268 goto done; 269 } 270 271 switch (chan->mode) { 272 case L2CAP_MODE_BASIC: 273 case L2CAP_MODE_LE_FLOWCTL: 274 break; 275 case L2CAP_MODE_ERTM: 276 case L2CAP_MODE_STREAMING: 277 if (!disable_ertm) 278 break; 279 /* fall through */ 280 default: 281 err = -EOPNOTSUPP; 282 goto done; 283 } 284 285 sk->sk_max_ack_backlog = backlog; 286 sk->sk_ack_backlog = 0; 287 288 /* Listening channels need to use nested locking in order not to 289 * cause lockdep warnings when the created child channels end up 290 * being locked in the same thread as the parent channel. 291 */ 292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 293 294 chan->state = BT_LISTEN; 295 sk->sk_state = BT_LISTEN; 296 297 done: 298 release_sock(sk); 299 return err; 300 } 301 302 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 303 int flags) 304 { 305 DECLARE_WAITQUEUE(wait, current); 306 struct sock *sk = sock->sk, *nsk; 307 long timeo; 308 int err = 0; 309 310 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 311 312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 313 314 BT_DBG("sk %p timeo %ld", sk, timeo); 315 316 /* Wait for an incoming connection. (wake-one). */ 317 add_wait_queue_exclusive(sk_sleep(sk), &wait); 318 while (1) { 319 set_current_state(TASK_INTERRUPTIBLE); 320 321 if (sk->sk_state != BT_LISTEN) { 322 err = -EBADFD; 323 break; 324 } 325 326 nsk = bt_accept_dequeue(sk, newsock); 327 if (nsk) 328 break; 329 330 if (!timeo) { 331 err = -EAGAIN; 332 break; 333 } 334 335 if (signal_pending(current)) { 336 err = sock_intr_errno(timeo); 337 break; 338 } 339 340 release_sock(sk); 341 timeo = schedule_timeout(timeo); 342 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 343 } 344 __set_current_state(TASK_RUNNING); 345 remove_wait_queue(sk_sleep(sk), &wait); 346 347 if (err) 348 goto done; 349 350 newsock->state = SS_CONNECTED; 351 352 BT_DBG("new socket %p", nsk); 353 354 done: 355 release_sock(sk); 356 return err; 357 } 358 359 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 360 int *len, int peer) 361 { 362 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 363 struct sock *sk = sock->sk; 364 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 366 BT_DBG("sock %p, sk %p", sock, sk); 367 368 if (peer && sk->sk_state != BT_CONNECTED && 369 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 370 sk->sk_state != BT_CONFIG) 371 return -ENOTCONN; 372 373 memset(la, 0, sizeof(struct sockaddr_l2)); 374 addr->sa_family = AF_BLUETOOTH; 375 *len = sizeof(struct sockaddr_l2); 376 377 la->l2_psm = chan->psm; 378 379 if (peer) { 380 bacpy(&la->l2_bdaddr, &chan->dst); 381 la->l2_cid = cpu_to_le16(chan->dcid); 382 la->l2_bdaddr_type = chan->dst_type; 383 } else { 384 bacpy(&la->l2_bdaddr, &chan->src); 385 la->l2_cid = cpu_to_le16(chan->scid); 386 la->l2_bdaddr_type = chan->src_type; 387 } 388 389 return 0; 390 } 391 392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 393 char __user *optval, int __user *optlen) 394 { 395 struct sock *sk = sock->sk; 396 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 397 struct l2cap_options opts; 398 struct l2cap_conninfo cinfo; 399 int len, err = 0; 400 u32 opt; 401 402 BT_DBG("sk %p", sk); 403 404 if (get_user(len, optlen)) 405 return -EFAULT; 406 407 lock_sock(sk); 408 409 switch (optname) { 410 case L2CAP_OPTIONS: 411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 412 * legacy ATT code depends on getsockopt for 413 * L2CAP_OPTIONS we need to let this pass. 414 */ 415 if (bdaddr_type_is_le(chan->src_type) && 416 chan->scid != L2CAP_CID_ATT) { 417 err = -EINVAL; 418 break; 419 } 420 421 memset(&opts, 0, sizeof(opts)); 422 opts.imtu = chan->imtu; 423 opts.omtu = chan->omtu; 424 opts.flush_to = chan->flush_to; 425 opts.mode = chan->mode; 426 opts.fcs = chan->fcs; 427 opts.max_tx = chan->max_tx; 428 opts.txwin_size = chan->tx_win; 429 430 len = min_t(unsigned int, len, sizeof(opts)); 431 if (copy_to_user(optval, (char *) &opts, len)) 432 err = -EFAULT; 433 434 break; 435 436 case L2CAP_LM: 437 switch (chan->sec_level) { 438 case BT_SECURITY_LOW: 439 opt = L2CAP_LM_AUTH; 440 break; 441 case BT_SECURITY_MEDIUM: 442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 443 break; 444 case BT_SECURITY_HIGH: 445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 446 L2CAP_LM_SECURE; 447 break; 448 case BT_SECURITY_FIPS: 449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 450 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 451 break; 452 default: 453 opt = 0; 454 break; 455 } 456 457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 458 opt |= L2CAP_LM_MASTER; 459 460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 461 opt |= L2CAP_LM_RELIABLE; 462 463 if (put_user(opt, (u32 __user *) optval)) 464 err = -EFAULT; 465 466 break; 467 468 case L2CAP_CONNINFO: 469 if (sk->sk_state != BT_CONNECTED && 470 !(sk->sk_state == BT_CONNECT2 && 471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 472 err = -ENOTCONN; 473 break; 474 } 475 476 memset(&cinfo, 0, sizeof(cinfo)); 477 cinfo.hci_handle = chan->conn->hcon->handle; 478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 479 480 len = min_t(unsigned int, len, sizeof(cinfo)); 481 if (copy_to_user(optval, (char *) &cinfo, len)) 482 err = -EFAULT; 483 484 break; 485 486 default: 487 err = -ENOPROTOOPT; 488 break; 489 } 490 491 release_sock(sk); 492 return err; 493 } 494 495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 496 char __user *optval, int __user *optlen) 497 { 498 struct sock *sk = sock->sk; 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 500 struct bt_security sec; 501 struct bt_power pwr; 502 int len, err = 0; 503 504 BT_DBG("sk %p", sk); 505 506 if (level == SOL_L2CAP) 507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 508 509 if (level != SOL_BLUETOOTH) 510 return -ENOPROTOOPT; 511 512 if (get_user(len, optlen)) 513 return -EFAULT; 514 515 lock_sock(sk); 516 517 switch (optname) { 518 case BT_SECURITY: 519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 520 chan->chan_type != L2CAP_CHAN_FIXED && 521 chan->chan_type != L2CAP_CHAN_RAW) { 522 err = -EINVAL; 523 break; 524 } 525 526 memset(&sec, 0, sizeof(sec)); 527 if (chan->conn) { 528 sec.level = chan->conn->hcon->sec_level; 529 530 if (sk->sk_state == BT_CONNECTED) 531 sec.key_size = chan->conn->hcon->enc_key_size; 532 } else { 533 sec.level = chan->sec_level; 534 } 535 536 len = min_t(unsigned int, len, sizeof(sec)); 537 if (copy_to_user(optval, (char *) &sec, len)) 538 err = -EFAULT; 539 540 break; 541 542 case BT_DEFER_SETUP: 543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 544 err = -EINVAL; 545 break; 546 } 547 548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 549 (u32 __user *) optval)) 550 err = -EFAULT; 551 552 break; 553 554 case BT_FLUSHABLE: 555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 556 (u32 __user *) optval)) 557 err = -EFAULT; 558 559 break; 560 561 case BT_POWER: 562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 563 && sk->sk_type != SOCK_RAW) { 564 err = -EINVAL; 565 break; 566 } 567 568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 569 570 len = min_t(unsigned int, len, sizeof(pwr)); 571 if (copy_to_user(optval, (char *) &pwr, len)) 572 err = -EFAULT; 573 574 break; 575 576 case BT_CHANNEL_POLICY: 577 if (put_user(chan->chan_policy, (u32 __user *) optval)) 578 err = -EFAULT; 579 break; 580 581 case BT_SNDMTU: 582 if (!bdaddr_type_is_le(chan->src_type)) { 583 err = -EINVAL; 584 break; 585 } 586 587 if (sk->sk_state != BT_CONNECTED) { 588 err = -ENOTCONN; 589 break; 590 } 591 592 if (put_user(chan->omtu, (u16 __user *) optval)) 593 err = -EFAULT; 594 break; 595 596 case BT_RCVMTU: 597 if (!bdaddr_type_is_le(chan->src_type)) { 598 err = -EINVAL; 599 break; 600 } 601 602 if (put_user(chan->imtu, (u16 __user *) optval)) 603 err = -EFAULT; 604 break; 605 606 default: 607 err = -ENOPROTOOPT; 608 break; 609 } 610 611 release_sock(sk); 612 return err; 613 } 614 615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 616 { 617 switch (chan->scid) { 618 case L2CAP_CID_ATT: 619 if (mtu < L2CAP_LE_MIN_MTU) 620 return false; 621 break; 622 623 default: 624 if (mtu < L2CAP_DEFAULT_MIN_MTU) 625 return false; 626 } 627 628 return true; 629 } 630 631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 632 char __user *optval, unsigned int optlen) 633 { 634 struct sock *sk = sock->sk; 635 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 636 struct l2cap_options opts; 637 int len, err = 0; 638 u32 opt; 639 640 BT_DBG("sk %p", sk); 641 642 lock_sock(sk); 643 644 switch (optname) { 645 case L2CAP_OPTIONS: 646 if (bdaddr_type_is_le(chan->src_type)) { 647 err = -EINVAL; 648 break; 649 } 650 651 if (sk->sk_state == BT_CONNECTED) { 652 err = -EINVAL; 653 break; 654 } 655 656 opts.imtu = chan->imtu; 657 opts.omtu = chan->omtu; 658 opts.flush_to = chan->flush_to; 659 opts.mode = chan->mode; 660 opts.fcs = chan->fcs; 661 opts.max_tx = chan->max_tx; 662 opts.txwin_size = chan->tx_win; 663 664 len = min_t(unsigned int, sizeof(opts), optlen); 665 if (copy_from_user((char *) &opts, optval, len)) { 666 err = -EFAULT; 667 break; 668 } 669 670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 671 err = -EINVAL; 672 break; 673 } 674 675 if (!l2cap_valid_mtu(chan, opts.imtu)) { 676 err = -EINVAL; 677 break; 678 } 679 680 chan->mode = opts.mode; 681 switch (chan->mode) { 682 case L2CAP_MODE_LE_FLOWCTL: 683 break; 684 case L2CAP_MODE_BASIC: 685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 686 break; 687 case L2CAP_MODE_ERTM: 688 case L2CAP_MODE_STREAMING: 689 if (!disable_ertm) 690 break; 691 /* fall through */ 692 default: 693 err = -EINVAL; 694 break; 695 } 696 697 chan->imtu = opts.imtu; 698 chan->omtu = opts.omtu; 699 chan->fcs = opts.fcs; 700 chan->max_tx = opts.max_tx; 701 chan->tx_win = opts.txwin_size; 702 chan->flush_to = opts.flush_to; 703 break; 704 705 case L2CAP_LM: 706 if (get_user(opt, (u32 __user *) optval)) { 707 err = -EFAULT; 708 break; 709 } 710 711 if (opt & L2CAP_LM_FIPS) { 712 err = -EINVAL; 713 break; 714 } 715 716 if (opt & L2CAP_LM_AUTH) 717 chan->sec_level = BT_SECURITY_LOW; 718 if (opt & L2CAP_LM_ENCRYPT) 719 chan->sec_level = BT_SECURITY_MEDIUM; 720 if (opt & L2CAP_LM_SECURE) 721 chan->sec_level = BT_SECURITY_HIGH; 722 723 if (opt & L2CAP_LM_MASTER) 724 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 725 else 726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 727 728 if (opt & L2CAP_LM_RELIABLE) 729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 730 else 731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 732 break; 733 734 default: 735 err = -ENOPROTOOPT; 736 break; 737 } 738 739 release_sock(sk); 740 return err; 741 } 742 743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 744 char __user *optval, unsigned int optlen) 745 { 746 struct sock *sk = sock->sk; 747 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 748 struct bt_security sec; 749 struct bt_power pwr; 750 struct l2cap_conn *conn; 751 int len, err = 0; 752 u32 opt; 753 754 BT_DBG("sk %p", sk); 755 756 if (level == SOL_L2CAP) 757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 758 759 if (level != SOL_BLUETOOTH) 760 return -ENOPROTOOPT; 761 762 lock_sock(sk); 763 764 switch (optname) { 765 case BT_SECURITY: 766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 767 chan->chan_type != L2CAP_CHAN_FIXED && 768 chan->chan_type != L2CAP_CHAN_RAW) { 769 err = -EINVAL; 770 break; 771 } 772 773 sec.level = BT_SECURITY_LOW; 774 775 len = min_t(unsigned int, sizeof(sec), optlen); 776 if (copy_from_user((char *) &sec, optval, len)) { 777 err = -EFAULT; 778 break; 779 } 780 781 if (sec.level < BT_SECURITY_LOW || 782 sec.level > BT_SECURITY_HIGH) { 783 err = -EINVAL; 784 break; 785 } 786 787 chan->sec_level = sec.level; 788 789 if (!chan->conn) 790 break; 791 792 conn = chan->conn; 793 794 /*change security for LE channels */ 795 if (chan->scid == L2CAP_CID_ATT) { 796 if (smp_conn_security(conn->hcon, sec.level)) 797 break; 798 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 799 sk->sk_state = BT_CONFIG; 800 chan->state = BT_CONFIG; 801 802 /* or for ACL link */ 803 } else if ((sk->sk_state == BT_CONNECT2 && 804 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 805 sk->sk_state == BT_CONNECTED) { 806 if (!l2cap_chan_check_security(chan, true)) 807 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 808 else 809 sk->sk_state_change(sk); 810 } else { 811 err = -EINVAL; 812 } 813 break; 814 815 case BT_DEFER_SETUP: 816 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 817 err = -EINVAL; 818 break; 819 } 820 821 if (get_user(opt, (u32 __user *) optval)) { 822 err = -EFAULT; 823 break; 824 } 825 826 if (opt) { 827 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 828 set_bit(FLAG_DEFER_SETUP, &chan->flags); 829 } else { 830 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 831 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 832 } 833 break; 834 835 case BT_FLUSHABLE: 836 if (get_user(opt, (u32 __user *) optval)) { 837 err = -EFAULT; 838 break; 839 } 840 841 if (opt > BT_FLUSHABLE_ON) { 842 err = -EINVAL; 843 break; 844 } 845 846 if (opt == BT_FLUSHABLE_OFF) { 847 conn = chan->conn; 848 /* proceed further only when we have l2cap_conn and 849 No Flush support in the LM */ 850 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 851 err = -EINVAL; 852 break; 853 } 854 } 855 856 if (opt) 857 set_bit(FLAG_FLUSHABLE, &chan->flags); 858 else 859 clear_bit(FLAG_FLUSHABLE, &chan->flags); 860 break; 861 862 case BT_POWER: 863 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 864 chan->chan_type != L2CAP_CHAN_RAW) { 865 err = -EINVAL; 866 break; 867 } 868 869 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 870 871 len = min_t(unsigned int, sizeof(pwr), optlen); 872 if (copy_from_user((char *) &pwr, optval, len)) { 873 err = -EFAULT; 874 break; 875 } 876 877 if (pwr.force_active) 878 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 879 else 880 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 881 break; 882 883 case BT_CHANNEL_POLICY: 884 if (get_user(opt, (u32 __user *) optval)) { 885 err = -EFAULT; 886 break; 887 } 888 889 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 890 err = -EINVAL; 891 break; 892 } 893 894 if (chan->mode != L2CAP_MODE_ERTM && 895 chan->mode != L2CAP_MODE_STREAMING) { 896 err = -EOPNOTSUPP; 897 break; 898 } 899 900 chan->chan_policy = (u8) opt; 901 902 if (sk->sk_state == BT_CONNECTED && 903 chan->move_role == L2CAP_MOVE_ROLE_NONE) 904 l2cap_move_start(chan); 905 906 break; 907 908 case BT_SNDMTU: 909 if (!bdaddr_type_is_le(chan->src_type)) { 910 err = -EINVAL; 911 break; 912 } 913 914 /* Setting is not supported as it's the remote side that 915 * decides this. 916 */ 917 err = -EPERM; 918 break; 919 920 case BT_RCVMTU: 921 if (!bdaddr_type_is_le(chan->src_type)) { 922 err = -EINVAL; 923 break; 924 } 925 926 if (sk->sk_state == BT_CONNECTED) { 927 err = -EISCONN; 928 break; 929 } 930 931 if (get_user(opt, (u32 __user *) optval)) { 932 err = -EFAULT; 933 break; 934 } 935 936 chan->imtu = opt; 937 break; 938 939 default: 940 err = -ENOPROTOOPT; 941 break; 942 } 943 944 release_sock(sk); 945 return err; 946 } 947 948 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 949 struct msghdr *msg, size_t len) 950 { 951 struct sock *sk = sock->sk; 952 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 953 int err; 954 955 BT_DBG("sock %p, sk %p", sock, sk); 956 957 err = sock_error(sk); 958 if (err) 959 return err; 960 961 if (msg->msg_flags & MSG_OOB) 962 return -EOPNOTSUPP; 963 964 if (sk->sk_state != BT_CONNECTED) 965 return -ENOTCONN; 966 967 lock_sock(sk); 968 err = bt_sock_wait_ready(sk, msg->msg_flags); 969 release_sock(sk); 970 if (err) 971 return err; 972 973 l2cap_chan_lock(chan); 974 err = l2cap_chan_send(chan, msg, len); 975 l2cap_chan_unlock(chan); 976 977 return err; 978 } 979 980 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 981 struct msghdr *msg, size_t len, int flags) 982 { 983 struct sock *sk = sock->sk; 984 struct l2cap_pinfo *pi = l2cap_pi(sk); 985 int err; 986 987 lock_sock(sk); 988 989 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 990 &bt_sk(sk)->flags)) { 991 if (bdaddr_type_is_le(pi->chan->src_type)) { 992 sk->sk_state = BT_CONNECTED; 993 pi->chan->state = BT_CONNECTED; 994 __l2cap_le_connect_rsp_defer(pi->chan); 995 } else { 996 sk->sk_state = BT_CONFIG; 997 pi->chan->state = BT_CONFIG; 998 __l2cap_connect_rsp_defer(pi->chan); 999 } 1000 1001 err = 0; 1002 goto done; 1003 } 1004 1005 release_sock(sk); 1006 1007 if (sock->type == SOCK_STREAM) 1008 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1009 else 1010 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1011 1012 if (pi->chan->mode != L2CAP_MODE_ERTM) 1013 return err; 1014 1015 /* Attempt to put pending rx data in the socket buffer */ 1016 1017 lock_sock(sk); 1018 1019 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1020 goto done; 1021 1022 if (pi->rx_busy_skb) { 1023 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1024 pi->rx_busy_skb = NULL; 1025 else 1026 goto done; 1027 } 1028 1029 /* Restore data flow when half of the receive buffer is 1030 * available. This avoids resending large numbers of 1031 * frames. 1032 */ 1033 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1034 l2cap_chan_busy(pi->chan, 0); 1035 1036 done: 1037 release_sock(sk); 1038 return err; 1039 } 1040 1041 /* Kill socket (only if zapped and orphan) 1042 * Must be called on unlocked socket. 1043 */ 1044 static void l2cap_sock_kill(struct sock *sk) 1045 { 1046 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1047 return; 1048 1049 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1050 1051 /* Kill poor orphan */ 1052 1053 l2cap_chan_put(l2cap_pi(sk)->chan); 1054 sock_set_flag(sk, SOCK_DEAD); 1055 sock_put(sk); 1056 } 1057 1058 static int __l2cap_wait_ack(struct sock *sk) 1059 { 1060 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1061 DECLARE_WAITQUEUE(wait, current); 1062 int err = 0; 1063 int timeo = HZ/5; 1064 1065 add_wait_queue(sk_sleep(sk), &wait); 1066 set_current_state(TASK_INTERRUPTIBLE); 1067 while (chan->unacked_frames > 0 && chan->conn) { 1068 if (!timeo) 1069 timeo = HZ/5; 1070 1071 if (signal_pending(current)) { 1072 err = sock_intr_errno(timeo); 1073 break; 1074 } 1075 1076 release_sock(sk); 1077 timeo = schedule_timeout(timeo); 1078 lock_sock(sk); 1079 set_current_state(TASK_INTERRUPTIBLE); 1080 1081 err = sock_error(sk); 1082 if (err) 1083 break; 1084 } 1085 set_current_state(TASK_RUNNING); 1086 remove_wait_queue(sk_sleep(sk), &wait); 1087 return err; 1088 } 1089 1090 static int l2cap_sock_shutdown(struct socket *sock, int how) 1091 { 1092 struct sock *sk = sock->sk; 1093 struct l2cap_chan *chan; 1094 struct l2cap_conn *conn; 1095 int err = 0; 1096 1097 BT_DBG("sock %p, sk %p", sock, sk); 1098 1099 if (!sk) 1100 return 0; 1101 1102 chan = l2cap_pi(sk)->chan; 1103 conn = chan->conn; 1104 1105 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1106 1107 if (conn) 1108 mutex_lock(&conn->chan_lock); 1109 1110 l2cap_chan_lock(chan); 1111 lock_sock(sk); 1112 1113 if (!sk->sk_shutdown) { 1114 if (chan->mode == L2CAP_MODE_ERTM) 1115 err = __l2cap_wait_ack(sk); 1116 1117 sk->sk_shutdown = SHUTDOWN_MASK; 1118 1119 release_sock(sk); 1120 l2cap_chan_close(chan, 0); 1121 lock_sock(sk); 1122 1123 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1124 !(current->flags & PF_EXITING)) 1125 err = bt_sock_wait_state(sk, BT_CLOSED, 1126 sk->sk_lingertime); 1127 } 1128 1129 if (!err && sk->sk_err) 1130 err = -sk->sk_err; 1131 1132 release_sock(sk); 1133 l2cap_chan_unlock(chan); 1134 1135 if (conn) 1136 mutex_unlock(&conn->chan_lock); 1137 1138 return err; 1139 } 1140 1141 static int l2cap_sock_release(struct socket *sock) 1142 { 1143 struct sock *sk = sock->sk; 1144 int err; 1145 1146 BT_DBG("sock %p, sk %p", sock, sk); 1147 1148 if (!sk) 1149 return 0; 1150 1151 bt_sock_unlink(&l2cap_sk_list, sk); 1152 1153 err = l2cap_sock_shutdown(sock, 2); 1154 1155 sock_orphan(sk); 1156 l2cap_sock_kill(sk); 1157 return err; 1158 } 1159 1160 static void l2cap_sock_cleanup_listen(struct sock *parent) 1161 { 1162 struct sock *sk; 1163 1164 BT_DBG("parent %p state %s", parent, 1165 state_to_string(parent->sk_state)); 1166 1167 /* Close not yet accepted channels */ 1168 while ((sk = bt_accept_dequeue(parent, NULL))) { 1169 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1170 1171 BT_DBG("child chan %p state %s", chan, 1172 state_to_string(chan->state)); 1173 1174 l2cap_chan_lock(chan); 1175 __clear_chan_timer(chan); 1176 l2cap_chan_close(chan, ECONNRESET); 1177 l2cap_chan_unlock(chan); 1178 1179 l2cap_sock_kill(sk); 1180 } 1181 } 1182 1183 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1184 { 1185 struct sock *sk, *parent = chan->data; 1186 1187 lock_sock(parent); 1188 1189 /* Check for backlog size */ 1190 if (sk_acceptq_is_full(parent)) { 1191 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1192 release_sock(parent); 1193 return NULL; 1194 } 1195 1196 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1197 GFP_ATOMIC); 1198 if (!sk) { 1199 release_sock(parent); 1200 return NULL; 1201 } 1202 1203 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1204 1205 l2cap_sock_init(sk, parent); 1206 1207 bt_accept_enqueue(parent, sk); 1208 1209 release_sock(parent); 1210 1211 return l2cap_pi(sk)->chan; 1212 } 1213 1214 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1215 { 1216 struct sock *sk = chan->data; 1217 int err; 1218 1219 lock_sock(sk); 1220 1221 if (l2cap_pi(sk)->rx_busy_skb) { 1222 err = -ENOMEM; 1223 goto done; 1224 } 1225 1226 err = sock_queue_rcv_skb(sk, skb); 1227 1228 /* For ERTM, handle one skb that doesn't fit into the recv 1229 * buffer. This is important to do because the data frames 1230 * have already been acked, so the skb cannot be discarded. 1231 * 1232 * Notify the l2cap core that the buffer is full, so the 1233 * LOCAL_BUSY state is entered and no more frames are 1234 * acked and reassembled until there is buffer space 1235 * available. 1236 */ 1237 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1238 l2cap_pi(sk)->rx_busy_skb = skb; 1239 l2cap_chan_busy(chan, 1); 1240 err = 0; 1241 } 1242 1243 done: 1244 release_sock(sk); 1245 1246 return err; 1247 } 1248 1249 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1250 { 1251 struct sock *sk = chan->data; 1252 1253 l2cap_sock_kill(sk); 1254 } 1255 1256 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1257 { 1258 struct sock *sk = chan->data; 1259 struct sock *parent; 1260 1261 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1262 1263 /* This callback can be called both for server (BT_LISTEN) 1264 * sockets as well as "normal" ones. To avoid lockdep warnings 1265 * with child socket locking (through l2cap_sock_cleanup_listen) 1266 * we need separation into separate nesting levels. The simplest 1267 * way to accomplish this is to inherit the nesting level used 1268 * for the channel. 1269 */ 1270 lock_sock_nested(sk, atomic_read(&chan->nesting)); 1271 1272 parent = bt_sk(sk)->parent; 1273 1274 sock_set_flag(sk, SOCK_ZAPPED); 1275 1276 switch (chan->state) { 1277 case BT_OPEN: 1278 case BT_BOUND: 1279 case BT_CLOSED: 1280 break; 1281 case BT_LISTEN: 1282 l2cap_sock_cleanup_listen(sk); 1283 sk->sk_state = BT_CLOSED; 1284 chan->state = BT_CLOSED; 1285 1286 break; 1287 default: 1288 sk->sk_state = BT_CLOSED; 1289 chan->state = BT_CLOSED; 1290 1291 sk->sk_err = err; 1292 1293 if (parent) { 1294 bt_accept_unlink(sk); 1295 parent->sk_data_ready(parent); 1296 } else { 1297 sk->sk_state_change(sk); 1298 } 1299 1300 break; 1301 } 1302 1303 release_sock(sk); 1304 } 1305 1306 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1307 int err) 1308 { 1309 struct sock *sk = chan->data; 1310 1311 sk->sk_state = state; 1312 1313 if (err) 1314 sk->sk_err = err; 1315 } 1316 1317 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1318 unsigned long hdr_len, 1319 unsigned long len, int nb) 1320 { 1321 struct sock *sk = chan->data; 1322 struct sk_buff *skb; 1323 int err; 1324 1325 l2cap_chan_unlock(chan); 1326 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1327 l2cap_chan_lock(chan); 1328 1329 if (!skb) 1330 return ERR_PTR(err); 1331 1332 skb->priority = sk->sk_priority; 1333 1334 bt_cb(skb)->chan = chan; 1335 1336 return skb; 1337 } 1338 1339 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1340 { 1341 struct sock *sk = chan->data; 1342 struct sock *parent; 1343 1344 lock_sock(sk); 1345 1346 parent = bt_sk(sk)->parent; 1347 1348 BT_DBG("sk %p, parent %p", sk, parent); 1349 1350 sk->sk_state = BT_CONNECTED; 1351 sk->sk_state_change(sk); 1352 1353 if (parent) 1354 parent->sk_data_ready(parent); 1355 1356 release_sock(sk); 1357 } 1358 1359 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1360 { 1361 struct sock *parent, *sk = chan->data; 1362 1363 lock_sock(sk); 1364 1365 parent = bt_sk(sk)->parent; 1366 if (parent) 1367 parent->sk_data_ready(parent); 1368 1369 release_sock(sk); 1370 } 1371 1372 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1373 { 1374 struct sock *sk = chan->data; 1375 1376 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1377 sk->sk_state = BT_CONNECTED; 1378 chan->state = BT_CONNECTED; 1379 } 1380 1381 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1382 sk->sk_state_change(sk); 1383 } 1384 1385 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1386 { 1387 struct sock *sk = chan->data; 1388 1389 lock_sock(sk); 1390 sk->sk_shutdown = SHUTDOWN_MASK; 1391 release_sock(sk); 1392 } 1393 1394 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1395 { 1396 struct sock *sk = chan->data; 1397 1398 return sk->sk_sndtimeo; 1399 } 1400 1401 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1402 { 1403 struct sock *sk = chan->data; 1404 1405 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1406 sk->sk_state_change(sk); 1407 } 1408 1409 static const struct l2cap_ops l2cap_chan_ops = { 1410 .name = "L2CAP Socket Interface", 1411 .new_connection = l2cap_sock_new_connection_cb, 1412 .recv = l2cap_sock_recv_cb, 1413 .close = l2cap_sock_close_cb, 1414 .teardown = l2cap_sock_teardown_cb, 1415 .state_change = l2cap_sock_state_change_cb, 1416 .ready = l2cap_sock_ready_cb, 1417 .defer = l2cap_sock_defer_cb, 1418 .resume = l2cap_sock_resume_cb, 1419 .suspend = l2cap_sock_suspend_cb, 1420 .set_shutdown = l2cap_sock_set_shutdown_cb, 1421 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1422 .alloc_skb = l2cap_sock_alloc_skb_cb, 1423 }; 1424 1425 static void l2cap_sock_destruct(struct sock *sk) 1426 { 1427 BT_DBG("sk %p", sk); 1428 1429 if (l2cap_pi(sk)->chan) 1430 l2cap_chan_put(l2cap_pi(sk)->chan); 1431 1432 if (l2cap_pi(sk)->rx_busy_skb) { 1433 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1434 l2cap_pi(sk)->rx_busy_skb = NULL; 1435 } 1436 1437 skb_queue_purge(&sk->sk_receive_queue); 1438 skb_queue_purge(&sk->sk_write_queue); 1439 } 1440 1441 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1442 int *msg_namelen) 1443 { 1444 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1445 1446 memset(la, 0, sizeof(struct sockaddr_l2)); 1447 la->l2_family = AF_BLUETOOTH; 1448 la->l2_psm = bt_cb(skb)->psm; 1449 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1450 1451 *msg_namelen = sizeof(struct sockaddr_l2); 1452 } 1453 1454 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1455 { 1456 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1457 1458 BT_DBG("sk %p", sk); 1459 1460 if (parent) { 1461 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1462 1463 sk->sk_type = parent->sk_type; 1464 bt_sk(sk)->flags = bt_sk(parent)->flags; 1465 1466 chan->chan_type = pchan->chan_type; 1467 chan->imtu = pchan->imtu; 1468 chan->omtu = pchan->omtu; 1469 chan->conf_state = pchan->conf_state; 1470 chan->mode = pchan->mode; 1471 chan->fcs = pchan->fcs; 1472 chan->max_tx = pchan->max_tx; 1473 chan->tx_win = pchan->tx_win; 1474 chan->tx_win_max = pchan->tx_win_max; 1475 chan->sec_level = pchan->sec_level; 1476 chan->flags = pchan->flags; 1477 chan->tx_credits = pchan->tx_credits; 1478 chan->rx_credits = pchan->rx_credits; 1479 1480 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1481 chan->scid = pchan->scid; 1482 chan->dcid = pchan->scid; 1483 } 1484 1485 security_sk_clone(parent, sk); 1486 } else { 1487 switch (sk->sk_type) { 1488 case SOCK_RAW: 1489 chan->chan_type = L2CAP_CHAN_RAW; 1490 break; 1491 case SOCK_DGRAM: 1492 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1493 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1494 break; 1495 case SOCK_SEQPACKET: 1496 case SOCK_STREAM: 1497 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1498 break; 1499 } 1500 1501 chan->imtu = L2CAP_DEFAULT_MTU; 1502 chan->omtu = 0; 1503 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1504 chan->mode = L2CAP_MODE_ERTM; 1505 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1506 } else { 1507 chan->mode = L2CAP_MODE_BASIC; 1508 } 1509 1510 l2cap_chan_set_defaults(chan); 1511 } 1512 1513 /* Default config options */ 1514 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1515 1516 chan->data = sk; 1517 chan->ops = &l2cap_chan_ops; 1518 } 1519 1520 static struct proto l2cap_proto = { 1521 .name = "L2CAP", 1522 .owner = THIS_MODULE, 1523 .obj_size = sizeof(struct l2cap_pinfo) 1524 }; 1525 1526 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1527 int proto, gfp_t prio) 1528 { 1529 struct sock *sk; 1530 struct l2cap_chan *chan; 1531 1532 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1533 if (!sk) 1534 return NULL; 1535 1536 sock_init_data(sock, sk); 1537 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1538 1539 sk->sk_destruct = l2cap_sock_destruct; 1540 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1541 1542 sock_reset_flag(sk, SOCK_ZAPPED); 1543 1544 sk->sk_protocol = proto; 1545 sk->sk_state = BT_OPEN; 1546 1547 chan = l2cap_chan_create(); 1548 if (!chan) { 1549 sk_free(sk); 1550 return NULL; 1551 } 1552 1553 l2cap_chan_hold(chan); 1554 1555 l2cap_pi(sk)->chan = chan; 1556 1557 return sk; 1558 } 1559 1560 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1561 int kern) 1562 { 1563 struct sock *sk; 1564 1565 BT_DBG("sock %p", sock); 1566 1567 sock->state = SS_UNCONNECTED; 1568 1569 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1570 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1571 return -ESOCKTNOSUPPORT; 1572 1573 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1574 return -EPERM; 1575 1576 sock->ops = &l2cap_sock_ops; 1577 1578 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1579 if (!sk) 1580 return -ENOMEM; 1581 1582 l2cap_sock_init(sk, NULL); 1583 bt_sock_link(&l2cap_sk_list, sk); 1584 return 0; 1585 } 1586 1587 static const struct proto_ops l2cap_sock_ops = { 1588 .family = PF_BLUETOOTH, 1589 .owner = THIS_MODULE, 1590 .release = l2cap_sock_release, 1591 .bind = l2cap_sock_bind, 1592 .connect = l2cap_sock_connect, 1593 .listen = l2cap_sock_listen, 1594 .accept = l2cap_sock_accept, 1595 .getname = l2cap_sock_getname, 1596 .sendmsg = l2cap_sock_sendmsg, 1597 .recvmsg = l2cap_sock_recvmsg, 1598 .poll = bt_sock_poll, 1599 .ioctl = bt_sock_ioctl, 1600 .mmap = sock_no_mmap, 1601 .socketpair = sock_no_socketpair, 1602 .shutdown = l2cap_sock_shutdown, 1603 .setsockopt = l2cap_sock_setsockopt, 1604 .getsockopt = l2cap_sock_getsockopt 1605 }; 1606 1607 static const struct net_proto_family l2cap_sock_family_ops = { 1608 .family = PF_BLUETOOTH, 1609 .owner = THIS_MODULE, 1610 .create = l2cap_sock_create, 1611 }; 1612 1613 int __init l2cap_init_sockets(void) 1614 { 1615 int err; 1616 1617 err = proto_register(&l2cap_proto, 0); 1618 if (err < 0) 1619 return err; 1620 1621 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1622 if (err < 0) { 1623 BT_ERR("L2CAP socket registration failed"); 1624 goto error; 1625 } 1626 1627 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1628 NULL); 1629 if (err < 0) { 1630 BT_ERR("Failed to create L2CAP proc file"); 1631 bt_sock_unregister(BTPROTO_L2CAP); 1632 goto error; 1633 } 1634 1635 BT_INFO("L2CAP socket layer initialized"); 1636 1637 return 0; 1638 1639 error: 1640 proto_unregister(&l2cap_proto); 1641 return err; 1642 } 1643 1644 void l2cap_cleanup_sockets(void) 1645 { 1646 bt_procfs_cleanup(&init_net, "l2cap"); 1647 bt_sock_unregister(BTPROTO_L2CAP); 1648 proto_unregister(&l2cap_proto); 1649 } 1650