projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use correct flags for checking HCI_SSP_ENABLED bit
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
6230c9b4 30#include <linux/security.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
f1cb9af5 36#include <net/bluetooth/smp.h>
bb58f747 37
cf2f90f5 38static const struct proto_ops l2cap_sock_ops;
80808e43
GP		 39static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
cf2f90f5 41
af6bcd82
GP		 42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43{
44 struct sock *sk = sock->sk;
4343478f 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
b62f328b 58 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
9e4425ff
GP		 84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, la.l2_cid);
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 88
9e4425ff
GP		 89 if (err < 0)
90 goto done;
af6bcd82 91
9e4425ff
GP		 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
b62f328b 95
9e4425ff 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
89bc500e
GP		 97
98 chan->state = BT_BOUND;
9e4425ff 99 sk->sk_state = BT_BOUND;
af6bcd82
GP		 100
101done:
102 release_sock(sk);
103 return err;
104}
105
4e34c50b
GP		 106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107{
108 struct sock *sk = sock->sk;
0c1bc5c6 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
acd7d370 123 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 124 return -EINVAL;
125
03a00194 126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
4e34c50b 127 if (err)
b3fb611e 128 return err;
4e34c50b 129
6be36555
AE		 130 lock_sock(sk);
131
4e34c50b
GP		 132 err = bt_sock_wait_state(sk, BT_CONNECTED,
133 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 134
135 release_sock(sk);
136
4e34c50b
GP		 137 return err;
138}
139
af6bcd82
GP		 140static int l2cap_sock_listen(struct socket *sock, int backlog)
141{
142 struct sock *sk = sock->sk;
0c1bc5c6 143 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 144 int err = 0;
145
146 BT_DBG("sk %p backlog %d", sk, backlog);
147
148 lock_sock(sk);
149
150 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
151 || sk->sk_state != BT_BOUND) {
152 err = -EBADFD;
153 goto done;
154 }
155
0c1bc5c6 156 switch (chan->mode) {
af6bcd82
GP		 157 case L2CAP_MODE_BASIC:
158 break;
159 case L2CAP_MODE_ERTM:
160 case L2CAP_MODE_STREAMING:
161 if (!disable_ertm)
162 break;
163 /* fall through */
164 default:
165 err = -ENOTSUPP;
166 goto done;
167 }
168
af6bcd82
GP		 169 sk->sk_max_ack_backlog = backlog;
170 sk->sk_ack_backlog = 0;
89bc500e
GP		 171
172 chan->state = BT_LISTEN;
af6bcd82
GP		 173 sk->sk_state = BT_LISTEN;
174
175done:
176 release_sock(sk);
177 return err;
178}
179
c47b7c72
GP		 180static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
181{
182 DECLARE_WAITQUEUE(wait, current);
183 struct sock *sk = sock->sk, *nsk;
184 long timeo;
185 int err = 0;
186
187 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
188
c47b7c72
GP		 189 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
190
191 BT_DBG("sk %p timeo %ld", sk, timeo);
192
193 /* Wait for an incoming connection. (wake-one). */
194 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 195 while (1) {
c47b7c72 196 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 197
198 if (sk->sk_state != BT_LISTEN) {
199 err = -EBADFD;
c47b7c72
GP		 200 break;
201 }
202
f9a3c20a
PH		 203 nsk = bt_accept_dequeue(sk, newsock);
204 if (nsk)
205 break;
c47b7c72 206
f9a3c20a
PH		 207 if (!timeo) {
208 err = -EAGAIN;
c47b7c72
GP		 209 break;
210 }
211
212 if (signal_pending(current)) {
213 err = sock_intr_errno(timeo);
214 break;
215 }
f9a3c20a
PH		 216
217 release_sock(sk);
218 timeo = schedule_timeout(timeo);
219 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 220 }
f9a3c20a 221 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 222 remove_wait_queue(sk_sleep(sk), &wait);
223
224 if (err)
225 goto done;
226
227 newsock->state = SS_CONNECTED;
228
229 BT_DBG("new socket %p", nsk);
230
231done:
232 release_sock(sk);
233 return err;
234}
235
d7175d55
GP		 236static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
237{
238 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
239 struct sock *sk = sock->sk;
0c1bc5c6 240 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 241
242 BT_DBG("sock %p, sk %p", sock, sk);
243
244 addr->sa_family = AF_BLUETOOTH;
245 *len = sizeof(struct sockaddr_l2);
246
247 if (peer) {
fe4128e0 248 la->l2_psm = chan->psm;
d7175d55 249 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 250 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 251 } else {
0c1bc5c6 252 la->l2_psm = chan->sport;
d7175d55 253 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 254 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 255 }
256
257 return 0;
258}
259
99f4808d
GP		 260static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
261{
262 struct sock *sk = sock->sk;
4343478f 263 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 264 struct l2cap_options opts;
265 struct l2cap_conninfo cinfo;
266 int len, err = 0;
267 u32 opt;
268
269 BT_DBG("sk %p", sk);
270
271 if (get_user(len, optlen))
272 return -EFAULT;
273
274 lock_sock(sk);
275
276 switch (optname) {
277 case L2CAP_OPTIONS:
e3fb592b 278 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 279 opts.imtu = chan->imtu;
280 opts.omtu = chan->omtu;
281 opts.flush_to = chan->flush_to;
282 opts.mode = chan->mode;
47d1ec61
GP		 283 opts.fcs = chan->fcs;
284 opts.max_tx = chan->max_tx;
6327eb98 285 opts.txwin_size = chan->tx_win;
99f4808d
GP		 286
287 len = min_t(unsigned int, len, sizeof(opts));
288 if (copy_to_user(optval, (char *) &opts, len))
289 err = -EFAULT;
290
291 break;
292
293 case L2CAP_LM:
4343478f 294 switch (chan->sec_level) {
99f4808d
GP		 295 case BT_SECURITY_LOW:
296 opt = L2CAP_LM_AUTH;
297 break;
298 case BT_SECURITY_MEDIUM:
299 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
300 break;
301 case BT_SECURITY_HIGH:
302 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
303 L2CAP_LM_SECURE;
304 break;
305 default:
306 opt = 0;
307 break;
308 }
309
43bd0f32 310 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 311 opt |= L2CAP_LM_MASTER;
312
ecf61bdb 313 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 314 opt |= L2CAP_LM_RELIABLE;
315
316 if (put_user(opt, (u32 __user *) optval))
317 err = -EFAULT;
318 break;
319
320 case L2CAP_CONNINFO:
321 if (sk->sk_state != BT_CONNECTED &&
322 !(sk->sk_state == BT_CONNECT2 &&
323 bt_sk(sk)->defer_setup)) {
324 err = -ENOTCONN;
325 break;
326 }
327
8d03e971 328 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 329 cinfo.hci_handle = chan->conn->hcon->handle;
330 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 331
332 len = min_t(unsigned int, len, sizeof(cinfo));
333 if (copy_to_user(optval, (char *) &cinfo, len))
334 err = -EFAULT;
335
336 break;
337
338 default:
339 err = -ENOPROTOOPT;
340 break;
341 }
342
343 release_sock(sk);
344 return err;
345}
346
347static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
348{
349 struct sock *sk = sock->sk;
4343478f 350 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 351 struct bt_security sec;
14b12d0b 352 struct bt_power pwr;
99f4808d
GP		 353 int len, err = 0;
354
355 BT_DBG("sk %p", sk);
356
357 if (level == SOL_L2CAP)
358 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
359
360 if (level != SOL_BLUETOOTH)
361 return -ENOPROTOOPT;
362
363 if (get_user(len, optlen))
364 return -EFAULT;
365
366 lock_sock(sk);
367
368 switch (optname) {
369 case BT_SECURITY:
715ec005
GP		 370 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
371 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 372 err = -EINVAL;
373 break;
374 }
375
8f360119 376 memset(&sec, 0, sizeof(sec));
4343478f 377 sec.level = chan->sec_level;
99f4808d 378
8f360119
VCG		 379 if (sk->sk_state == BT_CONNECTED)
380 sec.key_size = chan->conn->hcon->enc_key_size;
381
99f4808d
GP		 382 len = min_t(unsigned int, len, sizeof(sec));
383 if (copy_to_user(optval, (char *) &sec, len))
384 err = -EFAULT;
385
386 break;
387
388 case BT_DEFER_SETUP:
389 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
390 err = -EINVAL;
391 break;
392 }
393
394 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
395 err = -EFAULT;
396
397 break;
398
399 case BT_FLUSHABLE:
d57b0e8b
AE		 400 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
401 (u32 __user *) optval))
99f4808d
GP		 402 err = -EFAULT;
403
404 break;
405
14b12d0b
JG		 406 case BT_POWER:
407 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
408 && sk->sk_type != SOCK_RAW) {
409 err = -EINVAL;
410 break;
411 }
412
15770b1a 413 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 414
415 len = min_t(unsigned int, len, sizeof(pwr));
416 if (copy_to_user(optval, (char *) &pwr, len))
417 err = -EFAULT;
418
419 break;
420
2ea66482
MM		 421 case BT_CHANNEL_POLICY:
422 if (!enable_hs) {
423 err = -ENOPROTOOPT;
424 break;
425 }
426
427 if (put_user(chan->chan_policy, (u32 __user *) optval))
428 err = -EFAULT;
429 break;
430
99f4808d
GP		 431 default:
432 err = -ENOPROTOOPT;
433 break;
434 }
435
436 release_sock(sk);
437 return err;
438}
439
33575df7
GP		 440static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
441{
442 struct sock *sk = sock->sk;
b4450035 443 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 444 struct l2cap_options opts;
445 int len, err = 0;
446 u32 opt;
447
448 BT_DBG("sk %p", sk);
449
450 lock_sock(sk);
451
452 switch (optname) {
453 case L2CAP_OPTIONS:
454 if (sk->sk_state == BT_CONNECTED) {
455 err = -EINVAL;
456 break;
457 }
458
0c1bc5c6
GP		 459 opts.imtu = chan->imtu;
460 opts.omtu = chan->omtu;
461 opts.flush_to = chan->flush_to;
462 opts.mode = chan->mode;
47d1ec61
GP		 463 opts.fcs = chan->fcs;
464 opts.max_tx = chan->max_tx;
6327eb98 465 opts.txwin_size = chan->tx_win;
33575df7
GP		 466
467 len = min_t(unsigned int, sizeof(opts), optlen);
468 if (copy_from_user((char *) &opts, optval, len)) {
469 err = -EFAULT;
470 break;
471 }
472
6327eb98 473 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 474 err = -EINVAL;
475 break;
476 }
477
0c1bc5c6
GP		 478 chan->mode = opts.mode;
479 switch (chan->mode) {
33575df7 480 case L2CAP_MODE_BASIC:
c1360a1c 481 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 482 break;
483 case L2CAP_MODE_ERTM:
484 case L2CAP_MODE_STREAMING:
485 if (!disable_ertm)
486 break;
487 /* fall through */
488 default:
489 err = -EINVAL;
490 break;
491 }
492
0c1bc5c6
GP		 493 chan->imtu = opts.imtu;
494 chan->omtu = opts.omtu;
47d1ec61
GP		 495 chan->fcs = opts.fcs;
496 chan->max_tx = opts.max_tx;
6327eb98 497 chan->tx_win = opts.txwin_size;
33575df7
GP		 498 break;
499
500 case L2CAP_LM:
501 if (get_user(opt, (u32 __user *) optval)) {
502 err = -EFAULT;
503 break;
504 }
505
506 if (opt & L2CAP_LM_AUTH)
4343478f 507 chan->sec_level = BT_SECURITY_LOW;
33575df7 508 if (opt & L2CAP_LM_ENCRYPT)
4343478f 509 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 510 if (opt & L2CAP_LM_SECURE)
4343478f 511 chan->sec_level = BT_SECURITY_HIGH;
33575df7 512
43bd0f32
AE		 513 if (opt & L2CAP_LM_MASTER)
514 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
515 else
516 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 517
518 if (opt & L2CAP_LM_RELIABLE)
519 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
520 else
521 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 522 break;
523
524 default:
525 err = -ENOPROTOOPT;
526 break;
527 }
528
529 release_sock(sk);
530 return err;
531}
532
533static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
534{
535 struct sock *sk = sock->sk;
4343478f 536 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 537 struct bt_security sec;
14b12d0b 538 struct bt_power pwr;
f1cb9af5 539 struct l2cap_conn *conn;
33575df7
GP		 540 int len, err = 0;
541 u32 opt;
542
543 BT_DBG("sk %p", sk);
544
545 if (level == SOL_L2CAP)
546 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
547
548 if (level != SOL_BLUETOOTH)
549 return -ENOPROTOOPT;
550
551 lock_sock(sk);
552
553 switch (optname) {
554 case BT_SECURITY:
715ec005
GP		 555 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
556 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 557 err = -EINVAL;
558 break;
559 }
560
561 sec.level = BT_SECURITY_LOW;
562
563 len = min_t(unsigned int, sizeof(sec), optlen);
564 if (copy_from_user((char *) &sec, optval, len)) {
565 err = -EFAULT;
566 break;
567 }
568
569 if (sec.level < BT_SECURITY_LOW ||
570 sec.level > BT_SECURITY_HIGH) {
571 err = -EINVAL;
572 break;
573 }
574
4343478f 575 chan->sec_level = sec.level;
f1cb9af5 576
0bee1d60
GP		 577 if (!chan->conn)
578 break;
579
f1cb9af5 580 conn = chan->conn;
0bee1d60
GP		 581
582 /*change security for LE channels */
583 if (chan->scid == L2CAP_CID_LE_DATA) {
f1cb9af5
VCG		 584 if (!conn->hcon->out) {
585 err = -EINVAL;
586 break;
587 }
588
589 if (smp_conn_security(conn, sec.level))
590 break;
f1cb9af5 591 sk->sk_state = BT_CONFIG;
3542b854 592 chan->state = BT_CONFIG;
0bee1d60
GP		 593
594 /* or for ACL link, under defer_setup time */
595 } else if (sk->sk_state == BT_CONNECT2 &&
596 bt_sk(sk)->defer_setup) {
597 err = l2cap_chan_check_security(chan);
598 } else {
599 err = -EINVAL;
f1cb9af5 600 }
33575df7
GP		 601 break;
602
603 case BT_DEFER_SETUP:
604 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
605 err = -EINVAL;
606 break;
607 }
608
609 if (get_user(opt, (u32 __user *) optval)) {
610 err = -EFAULT;
611 break;
612 }
613
614 bt_sk(sk)->defer_setup = opt;
615 break;
616
617 case BT_FLUSHABLE:
618 if (get_user(opt, (u32 __user *) optval)) {
619 err = -EFAULT;
620 break;
621 }
622
623 if (opt > BT_FLUSHABLE_ON) {
624 err = -EINVAL;
625 break;
626 }
627
628 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 629 struct l2cap_conn *conn = chan->conn;
25985edc 630 /* proceed further only when we have l2cap_conn and
33575df7
GP		 631 No Flush support in the LM */
632 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
633 err = -EINVAL;
634 break;
635 }
636 }
637
d57b0e8b
AE		 638 if (opt)
639 set_bit(FLAG_FLUSHABLE, &chan->flags);
640 else
641 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 642 break;
643
14b12d0b
JG		 644 case BT_POWER:
645 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
646 chan->chan_type != L2CAP_CHAN_RAW) {
647 err = -EINVAL;
648 break;
649 }
650
651 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
652
653 len = min_t(unsigned int, sizeof(pwr), optlen);
654 if (copy_from_user((char *) &pwr, optval, len)) {
655 err = -EFAULT;
656 break;
657 }
15770b1a
AE		 658
659 if (pwr.force_active)
660 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
661 else
662 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 663 break;
664
2ea66482
MM		 665 case BT_CHANNEL_POLICY:
666 if (!enable_hs) {
667 err = -ENOPROTOOPT;
668 break;
669 }
670
671 if (get_user(opt, (u32 __user *) optval)) {
672 err = -EFAULT;
673 break;
674 }
675
676 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
677 err = -EINVAL;
678 break;
679 }
680
681 if (chan->mode != L2CAP_MODE_ERTM &&
682 chan->mode != L2CAP_MODE_STREAMING) {
683 err = -EOPNOTSUPP;
684 break;
685 }
686
687 chan->chan_policy = (u8) opt;
14b12d0b
JG		 688 break;
689
33575df7
GP		 690 default:
691 err = -ENOPROTOOPT;
692 break;
693 }
694
695 release_sock(sk);
696 return err;
697}
fd83ccdb
GP		 698
699static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
700{
701 struct sock *sk = sock->sk;
0c1bc5c6 702 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 703 int err;
704
705 BT_DBG("sock %p, sk %p", sock, sk);
706
707 err = sock_error(sk);
708 if (err)
709 return err;
710
711 if (msg->msg_flags & MSG_OOB)
712 return -EOPNOTSUPP;
713
714 lock_sock(sk);
715
716 if (sk->sk_state != BT_CONNECTED) {
9a91a04a
GP		 717 release_sock(sk);
718 return -ENOTCONN;
fd83ccdb
GP		 719 }
720
5e59b791 721 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
fd83ccdb 722
fd83ccdb
GP		 723 release_sock(sk);
724 return err;
725}
33575df7 726
68983259
GP		 727static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
728{
729 struct sock *sk = sock->sk;
e328140f
MM		 730 struct l2cap_pinfo *pi = l2cap_pi(sk);
731 int err;
68983259
GP		 732
733 lock_sock(sk);
734
735 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
8c1d787b 736 sk->sk_state = BT_CONFIG;
3542b854 737 pi->chan->state = BT_CONFIG;
8c1d787b 738
e328140f 739 __l2cap_connect_rsp_defer(pi->chan);
68983259
GP		 740 release_sock(sk);
741 return 0;
742 }
743
744 release_sock(sk);
745
746 if (sock->type == SOCK_STREAM)
e328140f
MM		 747 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
748 else
749 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
750
751 if (pi->chan->mode != L2CAP_MODE_ERTM)
752 return err;
753
754 /* Attempt to put pending rx data in the socket buffer */
755
756 lock_sock(sk);
757
758 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
759 goto done;
760
761 if (pi->rx_busy_skb) {
762 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
763 pi->rx_busy_skb = NULL;
764 else
765 goto done;
766 }
767
768 /* Restore data flow when half of the receive buffer is
769 * available. This avoids resending large numbers of
770 * frames.
771 */
772 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
773 l2cap_chan_busy(pi->chan, 0);
68983259 774
e328140f
MM		 775done:
776 release_sock(sk);
777 return err;
68983259
GP		 778}
779
05fc1576
GP		 780/* Kill socket (only if zapped and orphan)
781 * Must be called on unlocked socket.
782 */
ba3bd0ee 783static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 784{
785 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
786 return;
787
e05dcc32 788 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 789
790 /* Kill poor orphan */
6ff5abbf 791
23691d75 792 l2cap_chan_destroy(l2cap_pi(sk)->chan);
05fc1576
GP		 793 sock_set_flag(sk, SOCK_DEAD);
794 sock_put(sk);
795}
796
dcba0dba
GP		 797static int l2cap_sock_shutdown(struct socket *sock, int how)
798{
799 struct sock *sk = sock->sk;
7ddb6e0f 800 struct l2cap_chan *chan;
3df91ea2 801 struct l2cap_conn *conn;
dcba0dba
GP		 802 int err = 0;
803
804 BT_DBG("sock %p, sk %p", sock, sk);
805
806 if (!sk)
807 return 0;
808
7ddb6e0f 809 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 810 conn = chan->conn;
811
812 if (conn)
813 mutex_lock(&conn->chan_lock);
7ddb6e0f 814
6be36555 815 l2cap_chan_lock(chan);
dcba0dba 816 lock_sock(sk);
6be36555 817
dcba0dba 818 if (!sk->sk_shutdown) {
0c1bc5c6 819 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 820 err = __l2cap_wait_ack(sk);
821
822 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 823
6be36555 824 release_sock(sk);
0f852724 825 l2cap_chan_close(chan, 0);
6be36555 826 lock_sock(sk);
dcba0dba
GP		 827
828 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
829 err = bt_sock_wait_state(sk, BT_CLOSED,
830 sk->sk_lingertime);
831 }
832
833 if (!err && sk->sk_err)
834 err = -sk->sk_err;
835
836 release_sock(sk);
6be36555 837 l2cap_chan_unlock(chan);
3df91ea2
AE		 838
839 if (conn)
840 mutex_unlock(&conn->chan_lock);
841
dcba0dba
GP		 842 return err;
843}
844
554f05bb
GP		 845static int l2cap_sock_release(struct socket *sock)
846{
847 struct sock *sk = sock->sk;
848 int err;
849
850 BT_DBG("sock %p, sk %p", sock, sk);
851
852 if (!sk)
853 return 0;
854
855 err = l2cap_sock_shutdown(sock, 2);
856
857 sock_orphan(sk);
858 l2cap_sock_kill(sk);
859 return err;
860}
861
80808e43
GP		 862static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
863{
864 struct sock *sk, *parent = data;
865
866 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
867 GFP_ATOMIC);
868 if (!sk)
869 return NULL;
870
d22015aa
OP		 871 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
872
80808e43
GP		 873 l2cap_sock_init(sk, parent);
874
875 return l2cap_pi(sk)->chan;
876}
877
23070494
GP		 878static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
879{
e328140f 880 int err;
23070494 881 struct sock *sk = data;
e328140f
MM		 882 struct l2cap_pinfo *pi = l2cap_pi(sk);
883
6be36555
AE		 884 lock_sock(sk);
885
886 if (pi->rx_busy_skb) {
887 err = -ENOMEM;
888 goto done;
889 }
e328140f
MM		 890
891 err = sock_queue_rcv_skb(sk, skb);
892
893 /* For ERTM, handle one skb that doesn't fit into the recv
894 * buffer. This is important to do because the data frames
895 * have already been acked, so the skb cannot be discarded.
896 *
897 * Notify the l2cap core that the buffer is full, so the
898 * LOCAL_BUSY state is entered and no more frames are
899 * acked and reassembled until there is buffer space
900 * available.
901 */
902 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
903 pi->rx_busy_skb = skb;
904 l2cap_chan_busy(pi->chan, 1);
905 err = 0;
906 }
23070494 907
6be36555
AE		 908done:
909 release_sock(sk);
910
e328140f 911 return err;
23070494
GP		 912}
913
ba3bd0ee
GP		 914static void l2cap_sock_close_cb(void *data)
915{
916 struct sock *sk = data;
917
918 l2cap_sock_kill(sk);
919}
920
89bc500e
GP		 921static void l2cap_sock_state_change_cb(void *data, int state)
922{
923 struct sock *sk = data;
924
925 sk->sk_state = state;
926}
927
2f7719ce 928static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
04124681
GP		 929 unsigned long len, int nb,
930 int *err)
2f7719ce
AE		 931{
932 struct sock *sk = chan->sk;
933
934 return bt_skb_send_alloc(sk, len, nb, err);
935}
936
80808e43
GP		 937static struct l2cap_ops l2cap_chan_ops = {
938 .name = "L2CAP Socket Interface",
939 .new_connection = l2cap_sock_new_connection_cb,
23070494 940 .recv = l2cap_sock_recv_cb,
ba3bd0ee 941 .close = l2cap_sock_close_cb,
89bc500e 942 .state_change = l2cap_sock_state_change_cb,
2f7719ce 943 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 944};
945
bb58f747
GP		 946static void l2cap_sock_destruct(struct sock *sk)
947{
948 BT_DBG("sk %p", sk);
949
e328140f
MM		 950 if (l2cap_pi(sk)->rx_busy_skb) {
951 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
952 l2cap_pi(sk)->rx_busy_skb = NULL;
953 }
954
bb58f747
GP		 955 skb_queue_purge(&sk->sk_receive_queue);
956 skb_queue_purge(&sk->sk_write_queue);
957}
958
80808e43 959static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747
GP		 960{
961 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 962 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 963
964 BT_DBG("sk %p", sk);
965
966 if (parent) {
b4450035
GP		 967 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
968
bb58f747
GP		 969 sk->sk_type = parent->sk_type;
970 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
971
715ec005 972 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 973 chan->imtu = pchan->imtu;
974 chan->omtu = pchan->omtu;
b4450035 975 chan->conf_state = pchan->conf_state;
0c1bc5c6 976 chan->mode = pchan->mode;
47d1ec61
GP		 977 chan->fcs = pchan->fcs;
978 chan->max_tx = pchan->max_tx;
979 chan->tx_win = pchan->tx_win;
6b3c7104 980 chan->tx_win_max = pchan->tx_win_max;
4343478f 981 chan->sec_level = pchan->sec_level;
d57b0e8b 982 chan->flags = pchan->flags;
6230c9b4
PM		 983
984 security_sk_clone(parent, sk);
bb58f747 985 } else {
715ec005
GP		 986
987 switch (sk->sk_type) {
988 case SOCK_RAW:
989 chan->chan_type = L2CAP_CHAN_RAW;
990 break;
991 case SOCK_DGRAM:
992 chan->chan_type = L2CAP_CHAN_CONN_LESS;
993 break;
994 case SOCK_SEQPACKET:
995 case SOCK_STREAM:
996 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
997 break;
998 }
999
0c1bc5c6
GP		 1000 chan->imtu = L2CAP_DEFAULT_MTU;
1001 chan->omtu = 0;
bb58f747 1002 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1003 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1004 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1005 } else {
0c1bc5c6 1006 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1007 }
47d1ec61
GP		 1008 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
1009 chan->fcs = L2CAP_FCS_CRC16;
1010 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
6b3c7104 1011 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
4343478f 1012 chan->sec_level = BT_SECURITY_LOW;
d57b0e8b 1013 chan->flags = 0;
15770b1a 1014 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
bb58f747
GP		 1015 }
1016
1017 /* Default config options */
0c1bc5c6 1018 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1019
1020 chan->data = sk;
1021 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1022}
1023
1024static struct proto l2cap_proto = {
1025 .name = "L2CAP",
1026 .owner = THIS_MODULE,
1027 .obj_size = sizeof(struct l2cap_pinfo)
1028};
1029
80808e43 1030static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
bb58f747
GP		 1031{
1032 struct sock *sk;
dc50a06d 1033 struct l2cap_chan *chan;
bb58f747
GP		 1034
1035 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1036 if (!sk)
1037 return NULL;
1038
1039 sock_init_data(sock, sk);
1040 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1041
1042 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1043 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1044
1045 sock_reset_flag(sk, SOCK_ZAPPED);
1046
1047 sk->sk_protocol = proto;
1048 sk->sk_state = BT_OPEN;
1049
dc50a06d
GP		 1050 chan = l2cap_chan_create(sk);
1051 if (!chan) {
1052 l2cap_sock_kill(sk);
1053 return NULL;
1054 }
1055
1056 l2cap_pi(sk)->chan = chan;
1057
bb58f747
GP		 1058 return sk;
1059}
1060
1061static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1062 int kern)
1063{
1064 struct sock *sk;
1065
1066 BT_DBG("sock %p", sock);
1067
1068 sock->state = SS_UNCONNECTED;
1069
1070 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1071 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1072 return -ESOCKTNOSUPPORT;
1073
1074 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1075 return -EPERM;
1076
1077 sock->ops = &l2cap_sock_ops;
1078
1079 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1080 if (!sk)
1081 return -ENOMEM;
1082
1083 l2cap_sock_init(sk, NULL);
1084 return 0;
1085}
1086
cf2f90f5 1087static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1088 .family = PF_BLUETOOTH,
1089 .owner = THIS_MODULE,
1090 .release = l2cap_sock_release,
1091 .bind = l2cap_sock_bind,
1092 .connect = l2cap_sock_connect,
1093 .listen = l2cap_sock_listen,
1094 .accept = l2cap_sock_accept,
1095 .getname = l2cap_sock_getname,
1096 .sendmsg = l2cap_sock_sendmsg,
1097 .recvmsg = l2cap_sock_recvmsg,
1098 .poll = bt_sock_poll,
1099 .ioctl = bt_sock_ioctl,
1100 .mmap = sock_no_mmap,
1101 .socketpair = sock_no_socketpair,
1102 .shutdown = l2cap_sock_shutdown,
1103 .setsockopt = l2cap_sock_setsockopt,
1104 .getsockopt = l2cap_sock_getsockopt
1105};
1106
bb58f747
GP		 1107static const struct net_proto_family l2cap_sock_family_ops = {
1108 .family = PF_BLUETOOTH,
1109 .owner = THIS_MODULE,
1110 .create = l2cap_sock_create,
1111};
1112
1113int __init l2cap_init_sockets(void)
1114{
e2174ca4 1115 int err;
bb58f747 1116
e2174ca4
GP		 1117 err = proto_register(&l2cap_proto, 0);
1118 if (err < 0)
1119 return err;
bb58f747 1120
e2174ca4
GP		 1121 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1122 if (err < 0)
1123 goto error;
bb58f747 1124
e2174ca4 1125 BT_INFO("L2CAP socket layer initialized");
bb58f747 1126
e2174ca4 1127 return 0;
bb58f747
GP		 1128
1129error:
e2174ca4
GP		 1130 BT_ERR("L2CAP socket registration failed");
1131 proto_unregister(&l2cap_proto);
1132 return err;
bb58f747
GP		 1133}
1134
1135void l2cap_cleanup_sockets(void)
1136{
e2174ca4
GP		 1137 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1138 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1139
e2174ca4 1140 proto_unregister(&l2cap_proto);
bb58f747 1141}
kernel source for telekom puls (alcatel/mediatek)