projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Don't use *_bh locks anymore
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
6230c9b4 30#include <linux/security.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
f1cb9af5 36#include <net/bluetooth/smp.h>
bb58f747 37
cf2f90f5 38static const struct proto_ops l2cap_sock_ops;
80808e43
GP		 39static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
cf2f90f5 41
af6bcd82
GP		 42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43{
44 struct sock *sk = sock->sk;
4343478f 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
b62f328b 58 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
9e4425ff
GP		 84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, la.l2_cid);
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 88
9e4425ff
GP		 89 if (err < 0)
90 goto done;
af6bcd82 91
9e4425ff
GP		 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
b62f328b 95
9e4425ff 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
89bc500e
GP		 97
98 chan->state = BT_BOUND;
9e4425ff 99 sk->sk_state = BT_BOUND;
af6bcd82
GP		 100
101done:
102 release_sock(sk);
103 return err;
104}
105
4e34c50b
GP		 106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107{
108 struct sock *sk = sock->sk;
0c1bc5c6 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
acd7d370 123 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 124 return -EINVAL;
125
03a00194 126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
4e34c50b
GP		 127 if (err)
128 goto done;
129
4e34c50b
GP		 130 err = bt_sock_wait_state(sk, BT_CONNECTED,
131 sock_sndtimeo(sk, flags & O_NONBLOCK));
132done:
03a00194
GP		 133 if (sock_owned_by_user(sk))
134 release_sock(sk);
4e34c50b
GP		 135 return err;
136}
137
af6bcd82
GP		 138static int l2cap_sock_listen(struct socket *sock, int backlog)
139{
140 struct sock *sk = sock->sk;
0c1bc5c6 141 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 142 int err = 0;
143
144 BT_DBG("sk %p backlog %d", sk, backlog);
145
146 lock_sock(sk);
147
148 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
149 || sk->sk_state != BT_BOUND) {
150 err = -EBADFD;
151 goto done;
152 }
153
0c1bc5c6 154 switch (chan->mode) {
af6bcd82
GP		 155 case L2CAP_MODE_BASIC:
156 break;
157 case L2CAP_MODE_ERTM:
158 case L2CAP_MODE_STREAMING:
159 if (!disable_ertm)
160 break;
161 /* fall through */
162 default:
163 err = -ENOTSUPP;
164 goto done;
165 }
166
af6bcd82
GP		 167 sk->sk_max_ack_backlog = backlog;
168 sk->sk_ack_backlog = 0;
89bc500e
GP		 169
170 chan->state = BT_LISTEN;
af6bcd82
GP		 171 sk->sk_state = BT_LISTEN;
172
173done:
174 release_sock(sk);
175 return err;
176}
177
c47b7c72
GP		 178static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
179{
180 DECLARE_WAITQUEUE(wait, current);
181 struct sock *sk = sock->sk, *nsk;
182 long timeo;
183 int err = 0;
184
185 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
186
c47b7c72
GP		 187 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
188
189 BT_DBG("sk %p timeo %ld", sk, timeo);
190
191 /* Wait for an incoming connection. (wake-one). */
192 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 193 while (1) {
c47b7c72 194 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 195
196 if (sk->sk_state != BT_LISTEN) {
197 err = -EBADFD;
c47b7c72
GP		 198 break;
199 }
200
f9a3c20a
PH		 201 nsk = bt_accept_dequeue(sk, newsock);
202 if (nsk)
203 break;
c47b7c72 204
f9a3c20a
PH		 205 if (!timeo) {
206 err = -EAGAIN;
c47b7c72
GP		 207 break;
208 }
209
210 if (signal_pending(current)) {
211 err = sock_intr_errno(timeo);
212 break;
213 }
f9a3c20a
PH		 214
215 release_sock(sk);
216 timeo = schedule_timeout(timeo);
217 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 218 }
f9a3c20a 219 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 220 remove_wait_queue(sk_sleep(sk), &wait);
221
222 if (err)
223 goto done;
224
225 newsock->state = SS_CONNECTED;
226
227 BT_DBG("new socket %p", nsk);
228
229done:
230 release_sock(sk);
231 return err;
232}
233
d7175d55
GP		 234static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
235{
236 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
237 struct sock *sk = sock->sk;
0c1bc5c6 238 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 239
240 BT_DBG("sock %p, sk %p", sock, sk);
241
242 addr->sa_family = AF_BLUETOOTH;
243 *len = sizeof(struct sockaddr_l2);
244
245 if (peer) {
fe4128e0 246 la->l2_psm = chan->psm;
d7175d55 247 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 248 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 249 } else {
0c1bc5c6 250 la->l2_psm = chan->sport;
d7175d55 251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 252 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 253 }
254
255 return 0;
256}
257
99f4808d
GP		 258static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
259{
260 struct sock *sk = sock->sk;
4343478f 261 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 262 struct l2cap_options opts;
263 struct l2cap_conninfo cinfo;
264 int len, err = 0;
265 u32 opt;
266
267 BT_DBG("sk %p", sk);
268
269 if (get_user(len, optlen))
270 return -EFAULT;
271
272 lock_sock(sk);
273
274 switch (optname) {
275 case L2CAP_OPTIONS:
e3fb592b 276 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 277 opts.imtu = chan->imtu;
278 opts.omtu = chan->omtu;
279 opts.flush_to = chan->flush_to;
280 opts.mode = chan->mode;
47d1ec61
GP		 281 opts.fcs = chan->fcs;
282 opts.max_tx = chan->max_tx;
6327eb98 283 opts.txwin_size = chan->tx_win;
99f4808d
GP		 284
285 len = min_t(unsigned int, len, sizeof(opts));
286 if (copy_to_user(optval, (char *) &opts, len))
287 err = -EFAULT;
288
289 break;
290
291 case L2CAP_LM:
4343478f 292 switch (chan->sec_level) {
99f4808d
GP		 293 case BT_SECURITY_LOW:
294 opt = L2CAP_LM_AUTH;
295 break;
296 case BT_SECURITY_MEDIUM:
297 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
298 break;
299 case BT_SECURITY_HIGH:
300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
301 L2CAP_LM_SECURE;
302 break;
303 default:
304 opt = 0;
305 break;
306 }
307
43bd0f32 308 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 309 opt |= L2CAP_LM_MASTER;
310
ecf61bdb 311 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 312 opt |= L2CAP_LM_RELIABLE;
313
314 if (put_user(opt, (u32 __user *) optval))
315 err = -EFAULT;
316 break;
317
318 case L2CAP_CONNINFO:
319 if (sk->sk_state != BT_CONNECTED &&
320 !(sk->sk_state == BT_CONNECT2 &&
321 bt_sk(sk)->defer_setup)) {
322 err = -ENOTCONN;
323 break;
324 }
325
8d03e971 326 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 327 cinfo.hci_handle = chan->conn->hcon->handle;
328 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 329
330 len = min_t(unsigned int, len, sizeof(cinfo));
331 if (copy_to_user(optval, (char *) &cinfo, len))
332 err = -EFAULT;
333
334 break;
335
336 default:
337 err = -ENOPROTOOPT;
338 break;
339 }
340
341 release_sock(sk);
342 return err;
343}
344
345static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
346{
347 struct sock *sk = sock->sk;
4343478f 348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 349 struct bt_security sec;
14b12d0b 350 struct bt_power pwr;
99f4808d
GP		 351 int len, err = 0;
352
353 BT_DBG("sk %p", sk);
354
355 if (level == SOL_L2CAP)
356 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
357
358 if (level != SOL_BLUETOOTH)
359 return -ENOPROTOOPT;
360
361 if (get_user(len, optlen))
362 return -EFAULT;
363
364 lock_sock(sk);
365
366 switch (optname) {
367 case BT_SECURITY:
715ec005
GP		 368 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
369 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 370 err = -EINVAL;
371 break;
372 }
373
8f360119 374 memset(&sec, 0, sizeof(sec));
4343478f 375 sec.level = chan->sec_level;
99f4808d 376
8f360119
VCG		 377 if (sk->sk_state == BT_CONNECTED)
378 sec.key_size = chan->conn->hcon->enc_key_size;
379
99f4808d
GP		 380 len = min_t(unsigned int, len, sizeof(sec));
381 if (copy_to_user(optval, (char *) &sec, len))
382 err = -EFAULT;
383
384 break;
385
386 case BT_DEFER_SETUP:
387 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
388 err = -EINVAL;
389 break;
390 }
391
392 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
393 err = -EFAULT;
394
395 break;
396
397 case BT_FLUSHABLE:
d57b0e8b
AE		 398 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
399 (u32 __user *) optval))
99f4808d
GP		 400 err = -EFAULT;
401
402 break;
403
14b12d0b
JG		 404 case BT_POWER:
405 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
406 && sk->sk_type != SOCK_RAW) {
407 err = -EINVAL;
408 break;
409 }
410
15770b1a 411 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 412
413 len = min_t(unsigned int, len, sizeof(pwr));
414 if (copy_to_user(optval, (char *) &pwr, len))
415 err = -EFAULT;
416
417 break;
418
2ea66482
MM		 419 case BT_CHANNEL_POLICY:
420 if (!enable_hs) {
421 err = -ENOPROTOOPT;
422 break;
423 }
424
425 if (put_user(chan->chan_policy, (u32 __user *) optval))
426 err = -EFAULT;
427 break;
428
99f4808d
GP		 429 default:
430 err = -ENOPROTOOPT;
431 break;
432 }
433
434 release_sock(sk);
435 return err;
436}
437
33575df7
GP		 438static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
439{
440 struct sock *sk = sock->sk;
b4450035 441 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 442 struct l2cap_options opts;
443 int len, err = 0;
444 u32 opt;
445
446 BT_DBG("sk %p", sk);
447
448 lock_sock(sk);
449
450 switch (optname) {
451 case L2CAP_OPTIONS:
452 if (sk->sk_state == BT_CONNECTED) {
453 err = -EINVAL;
454 break;
455 }
456
0c1bc5c6
GP		 457 opts.imtu = chan->imtu;
458 opts.omtu = chan->omtu;
459 opts.flush_to = chan->flush_to;
460 opts.mode = chan->mode;
47d1ec61
GP		 461 opts.fcs = chan->fcs;
462 opts.max_tx = chan->max_tx;
6327eb98 463 opts.txwin_size = chan->tx_win;
33575df7
GP		 464
465 len = min_t(unsigned int, sizeof(opts), optlen);
466 if (copy_from_user((char *) &opts, optval, len)) {
467 err = -EFAULT;
468 break;
469 }
470
6327eb98 471 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 472 err = -EINVAL;
473 break;
474 }
475
0c1bc5c6
GP		 476 chan->mode = opts.mode;
477 switch (chan->mode) {
33575df7 478 case L2CAP_MODE_BASIC:
c1360a1c 479 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 480 break;
481 case L2CAP_MODE_ERTM:
482 case L2CAP_MODE_STREAMING:
483 if (!disable_ertm)
484 break;
485 /* fall through */
486 default:
487 err = -EINVAL;
488 break;
489 }
490
0c1bc5c6
GP		 491 chan->imtu = opts.imtu;
492 chan->omtu = opts.omtu;
47d1ec61
GP		 493 chan->fcs = opts.fcs;
494 chan->max_tx = opts.max_tx;
6327eb98 495 chan->tx_win = opts.txwin_size;
33575df7
GP		 496 break;
497
498 case L2CAP_LM:
499 if (get_user(opt, (u32 __user *) optval)) {
500 err = -EFAULT;
501 break;
502 }
503
504 if (opt & L2CAP_LM_AUTH)
4343478f 505 chan->sec_level = BT_SECURITY_LOW;
33575df7 506 if (opt & L2CAP_LM_ENCRYPT)
4343478f 507 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 508 if (opt & L2CAP_LM_SECURE)
4343478f 509 chan->sec_level = BT_SECURITY_HIGH;
33575df7 510
43bd0f32
AE		 511 if (opt & L2CAP_LM_MASTER)
512 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
513 else
514 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 515
516 if (opt & L2CAP_LM_RELIABLE)
517 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
518 else
519 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 520 break;
521
522 default:
523 err = -ENOPROTOOPT;
524 break;
525 }
526
527 release_sock(sk);
528 return err;
529}
530
531static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
532{
533 struct sock *sk = sock->sk;
4343478f 534 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 535 struct bt_security sec;
14b12d0b 536 struct bt_power pwr;
f1cb9af5 537 struct l2cap_conn *conn;
33575df7
GP		 538 int len, err = 0;
539 u32 opt;
540
541 BT_DBG("sk %p", sk);
542
543 if (level == SOL_L2CAP)
544 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
545
546 if (level != SOL_BLUETOOTH)
547 return -ENOPROTOOPT;
548
549 lock_sock(sk);
550
551 switch (optname) {
552 case BT_SECURITY:
715ec005
GP		 553 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
554 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 555 err = -EINVAL;
556 break;
557 }
558
559 sec.level = BT_SECURITY_LOW;
560
561 len = min_t(unsigned int, sizeof(sec), optlen);
562 if (copy_from_user((char *) &sec, optval, len)) {
563 err = -EFAULT;
564 break;
565 }
566
567 if (sec.level < BT_SECURITY_LOW ||
568 sec.level > BT_SECURITY_HIGH) {
569 err = -EINVAL;
570 break;
571 }
572
4343478f 573 chan->sec_level = sec.level;
f1cb9af5 574
0bee1d60
GP		 575 if (!chan->conn)
576 break;
577
f1cb9af5 578 conn = chan->conn;
0bee1d60
GP		 579
580 /*change security for LE channels */
581 if (chan->scid == L2CAP_CID_LE_DATA) {
f1cb9af5
VCG		 582 if (!conn->hcon->out) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (smp_conn_security(conn, sec.level))
588 break;
f1cb9af5 589 sk->sk_state = BT_CONFIG;
0bee1d60
GP		 590
591 /* or for ACL link, under defer_setup time */
592 } else if (sk->sk_state == BT_CONNECT2 &&
593 bt_sk(sk)->defer_setup) {
594 err = l2cap_chan_check_security(chan);
595 } else {
596 err = -EINVAL;
f1cb9af5 597 }
33575df7
GP		 598 break;
599
600 case BT_DEFER_SETUP:
601 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
602 err = -EINVAL;
603 break;
604 }
605
606 if (get_user(opt, (u32 __user *) optval)) {
607 err = -EFAULT;
608 break;
609 }
610
611 bt_sk(sk)->defer_setup = opt;
612 break;
613
614 case BT_FLUSHABLE:
615 if (get_user(opt, (u32 __user *) optval)) {
616 err = -EFAULT;
617 break;
618 }
619
620 if (opt > BT_FLUSHABLE_ON) {
621 err = -EINVAL;
622 break;
623 }
624
625 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 626 struct l2cap_conn *conn = chan->conn;
25985edc 627 /* proceed further only when we have l2cap_conn and
33575df7
GP		 628 No Flush support in the LM */
629 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
630 err = -EINVAL;
631 break;
632 }
633 }
634
d57b0e8b
AE		 635 if (opt)
636 set_bit(FLAG_FLUSHABLE, &chan->flags);
637 else
638 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 639 break;
640
14b12d0b
JG		 641 case BT_POWER:
642 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
643 chan->chan_type != L2CAP_CHAN_RAW) {
644 err = -EINVAL;
645 break;
646 }
647
648 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
649
650 len = min_t(unsigned int, sizeof(pwr), optlen);
651 if (copy_from_user((char *) &pwr, optval, len)) {
652 err = -EFAULT;
653 break;
654 }
15770b1a
AE		 655
656 if (pwr.force_active)
657 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
658 else
659 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 660 break;
661
2ea66482
MM		 662 case BT_CHANNEL_POLICY:
663 if (!enable_hs) {
664 err = -ENOPROTOOPT;
665 break;
666 }
667
668 if (get_user(opt, (u32 __user *) optval)) {
669 err = -EFAULT;
670 break;
671 }
672
673 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
674 err = -EINVAL;
675 break;
676 }
677
678 if (chan->mode != L2CAP_MODE_ERTM &&
679 chan->mode != L2CAP_MODE_STREAMING) {
680 err = -EOPNOTSUPP;
681 break;
682 }
683
684 chan->chan_policy = (u8) opt;
14b12d0b
JG		 685 break;
686
33575df7
GP		 687 default:
688 err = -ENOPROTOOPT;
689 break;
690 }
691
692 release_sock(sk);
693 return err;
694}
fd83ccdb
GP		 695
696static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
697{
698 struct sock *sk = sock->sk;
0c1bc5c6 699 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 700 int err;
701
702 BT_DBG("sock %p, sk %p", sock, sk);
703
704 err = sock_error(sk);
705 if (err)
706 return err;
707
708 if (msg->msg_flags & MSG_OOB)
709 return -EOPNOTSUPP;
710
711 lock_sock(sk);
712
713 if (sk->sk_state != BT_CONNECTED) {
9a91a04a
GP		 714 release_sock(sk);
715 return -ENOTCONN;
fd83ccdb
GP		 716 }
717
5e59b791 718 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
fd83ccdb 719
fd83ccdb
GP		 720 release_sock(sk);
721 return err;
722}
33575df7 723
68983259
GP		 724static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
725{
726 struct sock *sk = sock->sk;
e328140f
MM		 727 struct l2cap_pinfo *pi = l2cap_pi(sk);
728 int err;
68983259
GP		 729
730 lock_sock(sk);
731
732 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
8c1d787b
GP		 733 sk->sk_state = BT_CONFIG;
734
e328140f 735 __l2cap_connect_rsp_defer(pi->chan);
68983259
GP		 736 release_sock(sk);
737 return 0;
738 }
739
740 release_sock(sk);
741
742 if (sock->type == SOCK_STREAM)
e328140f
MM		 743 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
744 else
745 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
746
747 if (pi->chan->mode != L2CAP_MODE_ERTM)
748 return err;
749
750 /* Attempt to put pending rx data in the socket buffer */
751
752 lock_sock(sk);
753
754 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
755 goto done;
756
757 if (pi->rx_busy_skb) {
758 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
759 pi->rx_busy_skb = NULL;
760 else
761 goto done;
762 }
763
764 /* Restore data flow when half of the receive buffer is
765 * available. This avoids resending large numbers of
766 * frames.
767 */
768 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
769 l2cap_chan_busy(pi->chan, 0);
68983259 770
e328140f
MM		 771done:
772 release_sock(sk);
773 return err;
68983259
GP		 774}
775
05fc1576
GP		 776/* Kill socket (only if zapped and orphan)
777 * Must be called on unlocked socket.
778 */
ba3bd0ee 779static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 780{
781 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
782 return;
783
784 BT_DBG("sk %p state %d", sk, sk->sk_state);
785
786 /* Kill poor orphan */
6ff5abbf 787
23691d75 788 l2cap_chan_destroy(l2cap_pi(sk)->chan);
05fc1576
GP		 789 sock_set_flag(sk, SOCK_DEAD);
790 sock_put(sk);
791}
792
dcba0dba
GP		 793static int l2cap_sock_shutdown(struct socket *sock, int how)
794{
795 struct sock *sk = sock->sk;
0c1bc5c6 796 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
dcba0dba
GP		 797 int err = 0;
798
799 BT_DBG("sock %p, sk %p", sock, sk);
800
801 if (!sk)
802 return 0;
803
804 lock_sock(sk);
805 if (!sk->sk_shutdown) {
0c1bc5c6 806 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 807 err = __l2cap_wait_ack(sk);
808
809 sk->sk_shutdown = SHUTDOWN_MASK;
0f852724 810 l2cap_chan_close(chan, 0);
dcba0dba
GP		 811
812 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
813 err = bt_sock_wait_state(sk, BT_CLOSED,
814 sk->sk_lingertime);
815 }
816
817 if (!err && sk->sk_err)
818 err = -sk->sk_err;
819
820 release_sock(sk);
821 return err;
822}
823
554f05bb
GP		 824static int l2cap_sock_release(struct socket *sock)
825{
826 struct sock *sk = sock->sk;
827 int err;
828
829 BT_DBG("sock %p, sk %p", sock, sk);
830
831 if (!sk)
832 return 0;
833
834 err = l2cap_sock_shutdown(sock, 2);
835
836 sock_orphan(sk);
837 l2cap_sock_kill(sk);
838 return err;
839}
840
80808e43
GP		 841static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
842{
843 struct sock *sk, *parent = data;
844
845 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
846 GFP_ATOMIC);
847 if (!sk)
848 return NULL;
849
850 l2cap_sock_init(sk, parent);
851
852 return l2cap_pi(sk)->chan;
853}
854
23070494
GP		 855static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
856{
e328140f 857 int err;
23070494 858 struct sock *sk = data;
e328140f
MM		 859 struct l2cap_pinfo *pi = l2cap_pi(sk);
860
861 if (pi->rx_busy_skb)
862 return -ENOMEM;
863
864 err = sock_queue_rcv_skb(sk, skb);
865
866 /* For ERTM, handle one skb that doesn't fit into the recv
867 * buffer. This is important to do because the data frames
868 * have already been acked, so the skb cannot be discarded.
869 *
870 * Notify the l2cap core that the buffer is full, so the
871 * LOCAL_BUSY state is entered and no more frames are
872 * acked and reassembled until there is buffer space
873 * available.
874 */
875 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
876 pi->rx_busy_skb = skb;
877 l2cap_chan_busy(pi->chan, 1);
878 err = 0;
879 }
23070494 880
e328140f 881 return err;
23070494
GP		 882}
883
ba3bd0ee
GP		 884static void l2cap_sock_close_cb(void *data)
885{
886 struct sock *sk = data;
887
888 l2cap_sock_kill(sk);
889}
890
89bc500e
GP		 891static void l2cap_sock_state_change_cb(void *data, int state)
892{
893 struct sock *sk = data;
894
895 sk->sk_state = state;
896}
897
80808e43
GP		 898static struct l2cap_ops l2cap_chan_ops = {
899 .name = "L2CAP Socket Interface",
900 .new_connection = l2cap_sock_new_connection_cb,
23070494 901 .recv = l2cap_sock_recv_cb,
ba3bd0ee 902 .close = l2cap_sock_close_cb,
89bc500e 903 .state_change = l2cap_sock_state_change_cb,
80808e43
GP		 904};
905
bb58f747
GP		 906static void l2cap_sock_destruct(struct sock *sk)
907{
908 BT_DBG("sk %p", sk);
909
e328140f
MM		 910 if (l2cap_pi(sk)->rx_busy_skb) {
911 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
912 l2cap_pi(sk)->rx_busy_skb = NULL;
913 }
914
bb58f747
GP		 915 skb_queue_purge(&sk->sk_receive_queue);
916 skb_queue_purge(&sk->sk_write_queue);
917}
918
80808e43 919static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747
GP		 920{
921 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 922 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 923
924 BT_DBG("sk %p", sk);
925
926 if (parent) {
b4450035
GP		 927 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
928
bb58f747
GP		 929 sk->sk_type = parent->sk_type;
930 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
931
715ec005 932 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 933 chan->imtu = pchan->imtu;
934 chan->omtu = pchan->omtu;
b4450035 935 chan->conf_state = pchan->conf_state;
0c1bc5c6 936 chan->mode = pchan->mode;
47d1ec61
GP		 937 chan->fcs = pchan->fcs;
938 chan->max_tx = pchan->max_tx;
939 chan->tx_win = pchan->tx_win;
6b3c7104 940 chan->tx_win_max = pchan->tx_win_max;
4343478f 941 chan->sec_level = pchan->sec_level;
d57b0e8b 942 chan->flags = pchan->flags;
6230c9b4
PM		 943
944 security_sk_clone(parent, sk);
bb58f747 945 } else {
715ec005
GP		 946
947 switch (sk->sk_type) {
948 case SOCK_RAW:
949 chan->chan_type = L2CAP_CHAN_RAW;
950 break;
951 case SOCK_DGRAM:
952 chan->chan_type = L2CAP_CHAN_CONN_LESS;
953 break;
954 case SOCK_SEQPACKET:
955 case SOCK_STREAM:
956 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
957 break;
958 }
959
0c1bc5c6
GP		 960 chan->imtu = L2CAP_DEFAULT_MTU;
961 chan->omtu = 0;
bb58f747 962 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 963 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 964 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 965 } else {
0c1bc5c6 966 chan->mode = L2CAP_MODE_BASIC;
bb58f747 967 }
47d1ec61
GP		 968 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
969 chan->fcs = L2CAP_FCS_CRC16;
970 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
6b3c7104 971 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
4343478f 972 chan->sec_level = BT_SECURITY_LOW;
d57b0e8b 973 chan->flags = 0;
15770b1a 974 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
bb58f747
GP		 975 }
976
977 /* Default config options */
0c1bc5c6 978 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 979
980 chan->data = sk;
981 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 982}
983
984static struct proto l2cap_proto = {
985 .name = "L2CAP",
986 .owner = THIS_MODULE,
987 .obj_size = sizeof(struct l2cap_pinfo)
988};
989
80808e43 990static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
bb58f747
GP		 991{
992 struct sock *sk;
dc50a06d 993 struct l2cap_chan *chan;
bb58f747
GP		 994
995 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
996 if (!sk)
997 return NULL;
998
999 sock_init_data(sock, sk);
1000 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1001
1002 sk->sk_destruct = l2cap_sock_destruct;
6be6b11f 1003 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1004
1005 sock_reset_flag(sk, SOCK_ZAPPED);
1006
1007 sk->sk_protocol = proto;
1008 sk->sk_state = BT_OPEN;
1009
dc50a06d
GP		 1010 chan = l2cap_chan_create(sk);
1011 if (!chan) {
1012 l2cap_sock_kill(sk);
1013 return NULL;
1014 }
1015
1016 l2cap_pi(sk)->chan = chan;
1017
bb58f747
GP		 1018 return sk;
1019}
1020
1021static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1022 int kern)
1023{
1024 struct sock *sk;
1025
1026 BT_DBG("sock %p", sock);
1027
1028 sock->state = SS_UNCONNECTED;
1029
1030 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1031 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1032 return -ESOCKTNOSUPPORT;
1033
1034 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1035 return -EPERM;
1036
1037 sock->ops = &l2cap_sock_ops;
1038
1039 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1040 if (!sk)
1041 return -ENOMEM;
1042
1043 l2cap_sock_init(sk, NULL);
1044 return 0;
1045}
1046
cf2f90f5 1047static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1048 .family = PF_BLUETOOTH,
1049 .owner = THIS_MODULE,
1050 .release = l2cap_sock_release,
1051 .bind = l2cap_sock_bind,
1052 .connect = l2cap_sock_connect,
1053 .listen = l2cap_sock_listen,
1054 .accept = l2cap_sock_accept,
1055 .getname = l2cap_sock_getname,
1056 .sendmsg = l2cap_sock_sendmsg,
1057 .recvmsg = l2cap_sock_recvmsg,
1058 .poll = bt_sock_poll,
1059 .ioctl = bt_sock_ioctl,
1060 .mmap = sock_no_mmap,
1061 .socketpair = sock_no_socketpair,
1062 .shutdown = l2cap_sock_shutdown,
1063 .setsockopt = l2cap_sock_setsockopt,
1064 .getsockopt = l2cap_sock_getsockopt
1065};
1066
bb58f747
GP		 1067static const struct net_proto_family l2cap_sock_family_ops = {
1068 .family = PF_BLUETOOTH,
1069 .owner = THIS_MODULE,
1070 .create = l2cap_sock_create,
1071};
1072
1073int __init l2cap_init_sockets(void)
1074{
e2174ca4 1075 int err;
bb58f747 1076
e2174ca4
GP		 1077 err = proto_register(&l2cap_proto, 0);
1078 if (err < 0)
1079 return err;
bb58f747 1080
e2174ca4
GP		 1081 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1082 if (err < 0)
1083 goto error;
bb58f747 1084
e2174ca4 1085 BT_INFO("L2CAP socket layer initialized");
bb58f747 1086
e2174ca4 1087 return 0;
bb58f747
GP		 1088
1089error:
e2174ca4
GP		 1090 BT_ERR("L2CAP socket registration failed");
1091 proto_unregister(&l2cap_proto);
1092 return err;
bb58f747
GP		 1093}
1094
1095void l2cap_cleanup_sockets(void)
1096{
e2174ca4
GP		 1097 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1098 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1099
e2174ca4 1100 proto_unregister(&l2cap_proto);
bb58f747 1101}
kernel source for telekom puls (alcatel/mediatek)