Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
[firefly-linux-kernel-4.4.55.git] / net / bluetooth / l2cap_sock.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5    Copyright (C) 2010 Google Inc.
6    Copyright (C) 2011 ProFUSION Embedded Systems
7
8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License version 2 as
12    published by the Free Software Foundation;
13
14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25    SOFTWARE IS DISCLAIMED.
26 */
27
28 /* Bluetooth L2CAP sockets. */
29
30 #include <linux/export.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 #include <net/bluetooth/smp.h>
36
37 static struct bt_sock_list l2cap_sk_list = {
38         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
39 };
40
41 static const struct proto_ops l2cap_sock_ops;
42 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44                                      int proto, gfp_t prio);
45
46 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
47 {
48         struct sock *sk = sock->sk;
49         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
50         struct sockaddr_l2 la;
51         int len, err = 0;
52
53         BT_DBG("sk %p", sk);
54
55         if (!addr || addr->sa_family != AF_BLUETOOTH)
56                 return -EINVAL;
57
58         memset(&la, 0, sizeof(la));
59         len = min_t(unsigned int, sizeof(la), alen);
60         memcpy(&la, addr, len);
61
62         if (la.l2_cid && la.l2_psm)
63                 return -EINVAL;
64
65         lock_sock(sk);
66
67         if (sk->sk_state != BT_OPEN) {
68                 err = -EBADFD;
69                 goto done;
70         }
71
72         if (la.l2_psm) {
73                 __u16 psm = __le16_to_cpu(la.l2_psm);
74
75                 /* PSM must be odd and lsb of upper byte must be 0 */
76                 if ((psm & 0x0101) != 0x0001) {
77                         err = -EINVAL;
78                         goto done;
79                 }
80
81                 /* Restrict usage of well-known PSMs */
82                 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
83                         err = -EACCES;
84                         goto done;
85                 }
86         }
87
88         if (la.l2_cid)
89                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
90         else
91                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
92
93         if (err < 0)
94                 goto done;
95
96         if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
97             __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
98                 chan->sec_level = BT_SECURITY_SDP;
99
100         bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
101
102         chan->state = BT_BOUND;
103         sk->sk_state = BT_BOUND;
104
105 done:
106         release_sock(sk);
107         return err;
108 }
109
110 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
111                               int alen, int flags)
112 {
113         struct sock *sk = sock->sk;
114         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
115         struct sockaddr_l2 la;
116         int len, err = 0;
117
118         BT_DBG("sk %p", sk);
119
120         if (!addr || alen < sizeof(addr->sa_family) ||
121             addr->sa_family != AF_BLUETOOTH)
122                 return -EINVAL;
123
124         memset(&la, 0, sizeof(la));
125         len = min_t(unsigned int, sizeof(la), alen);
126         memcpy(&la, addr, len);
127
128         if (la.l2_cid && la.l2_psm)
129                 return -EINVAL;
130
131         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
132                                  &la.l2_bdaddr, la.l2_bdaddr_type);
133         if (err)
134                 return err;
135
136         lock_sock(sk);
137
138         err = bt_sock_wait_state(sk, BT_CONNECTED,
139                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
140
141         release_sock(sk);
142
143         return err;
144 }
145
146 static int l2cap_sock_listen(struct socket *sock, int backlog)
147 {
148         struct sock *sk = sock->sk;
149         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
150         int err = 0;
151
152         BT_DBG("sk %p backlog %d", sk, backlog);
153
154         lock_sock(sk);
155
156         if (sk->sk_state != BT_BOUND) {
157                 err = -EBADFD;
158                 goto done;
159         }
160
161         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
162                 err = -EINVAL;
163                 goto done;
164         }
165
166         switch (chan->mode) {
167         case L2CAP_MODE_BASIC:
168                 break;
169         case L2CAP_MODE_ERTM:
170         case L2CAP_MODE_STREAMING:
171                 if (!disable_ertm)
172                         break;
173                 /* fall through */
174         default:
175                 err = -ENOTSUPP;
176                 goto done;
177         }
178
179         sk->sk_max_ack_backlog = backlog;
180         sk->sk_ack_backlog = 0;
181
182         chan->state = BT_LISTEN;
183         sk->sk_state = BT_LISTEN;
184
185 done:
186         release_sock(sk);
187         return err;
188 }
189
190 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
191                              int flags)
192 {
193         DECLARE_WAITQUEUE(wait, current);
194         struct sock *sk = sock->sk, *nsk;
195         long timeo;
196         int err = 0;
197
198         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
199
200         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
201
202         BT_DBG("sk %p timeo %ld", sk, timeo);
203
204         /* Wait for an incoming connection. (wake-one). */
205         add_wait_queue_exclusive(sk_sleep(sk), &wait);
206         while (1) {
207                 set_current_state(TASK_INTERRUPTIBLE);
208
209                 if (sk->sk_state != BT_LISTEN) {
210                         err = -EBADFD;
211                         break;
212                 }
213
214                 nsk = bt_accept_dequeue(sk, newsock);
215                 if (nsk)
216                         break;
217
218                 if (!timeo) {
219                         err = -EAGAIN;
220                         break;
221                 }
222
223                 if (signal_pending(current)) {
224                         err = sock_intr_errno(timeo);
225                         break;
226                 }
227
228                 release_sock(sk);
229                 timeo = schedule_timeout(timeo);
230                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
231         }
232         __set_current_state(TASK_RUNNING);
233         remove_wait_queue(sk_sleep(sk), &wait);
234
235         if (err)
236                 goto done;
237
238         newsock->state = SS_CONNECTED;
239
240         BT_DBG("new socket %p", nsk);
241
242 done:
243         release_sock(sk);
244         return err;
245 }
246
247 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
248                               int *len, int peer)
249 {
250         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
251         struct sock *sk = sock->sk;
252         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
253
254         BT_DBG("sock %p, sk %p", sock, sk);
255
256         memset(la, 0, sizeof(struct sockaddr_l2));
257         addr->sa_family = AF_BLUETOOTH;
258         *len = sizeof(struct sockaddr_l2);
259
260         if (peer) {
261                 la->l2_psm = chan->psm;
262                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
263                 la->l2_cid = cpu_to_le16(chan->dcid);
264         } else {
265                 la->l2_psm = chan->sport;
266                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
267                 la->l2_cid = cpu_to_le16(chan->scid);
268         }
269
270         return 0;
271 }
272
273 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
274                                      char __user *optval, int __user *optlen)
275 {
276         struct sock *sk = sock->sk;
277         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
278         struct l2cap_options opts;
279         struct l2cap_conninfo cinfo;
280         int len, err = 0;
281         u32 opt;
282
283         BT_DBG("sk %p", sk);
284
285         if (get_user(len, optlen))
286                 return -EFAULT;
287
288         lock_sock(sk);
289
290         switch (optname) {
291         case L2CAP_OPTIONS:
292                 memset(&opts, 0, sizeof(opts));
293                 opts.imtu     = chan->imtu;
294                 opts.omtu     = chan->omtu;
295                 opts.flush_to = chan->flush_to;
296                 opts.mode     = chan->mode;
297                 opts.fcs      = chan->fcs;
298                 opts.max_tx   = chan->max_tx;
299                 opts.txwin_size = chan->tx_win;
300
301                 len = min_t(unsigned int, len, sizeof(opts));
302                 if (copy_to_user(optval, (char *) &opts, len))
303                         err = -EFAULT;
304
305                 break;
306
307         case L2CAP_LM:
308                 switch (chan->sec_level) {
309                 case BT_SECURITY_LOW:
310                         opt = L2CAP_LM_AUTH;
311                         break;
312                 case BT_SECURITY_MEDIUM:
313                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
314                         break;
315                 case BT_SECURITY_HIGH:
316                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
317                               L2CAP_LM_SECURE;
318                         break;
319                 default:
320                         opt = 0;
321                         break;
322                 }
323
324                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
325                         opt |= L2CAP_LM_MASTER;
326
327                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
328                         opt |= L2CAP_LM_RELIABLE;
329
330                 if (put_user(opt, (u32 __user *) optval))
331                         err = -EFAULT;
332                 break;
333
334         case L2CAP_CONNINFO:
335                 if (sk->sk_state != BT_CONNECTED &&
336                     !(sk->sk_state == BT_CONNECT2 &&
337                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
338                         err = -ENOTCONN;
339                         break;
340                 }
341
342                 memset(&cinfo, 0, sizeof(cinfo));
343                 cinfo.hci_handle = chan->conn->hcon->handle;
344                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
345
346                 len = min_t(unsigned int, len, sizeof(cinfo));
347                 if (copy_to_user(optval, (char *) &cinfo, len))
348                         err = -EFAULT;
349
350                 break;
351
352         default:
353                 err = -ENOPROTOOPT;
354                 break;
355         }
356
357         release_sock(sk);
358         return err;
359 }
360
361 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
362                                  char __user *optval, int __user *optlen)
363 {
364         struct sock *sk = sock->sk;
365         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366         struct bt_security sec;
367         struct bt_power pwr;
368         int len, err = 0;
369
370         BT_DBG("sk %p", sk);
371
372         if (level == SOL_L2CAP)
373                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
374
375         if (level != SOL_BLUETOOTH)
376                 return -ENOPROTOOPT;
377
378         if (get_user(len, optlen))
379                 return -EFAULT;
380
381         lock_sock(sk);
382
383         switch (optname) {
384         case BT_SECURITY:
385                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
386                     chan->chan_type != L2CAP_CHAN_RAW) {
387                         err = -EINVAL;
388                         break;
389                 }
390
391                 memset(&sec, 0, sizeof(sec));
392                 if (chan->conn) {
393                         sec.level = chan->conn->hcon->sec_level;
394
395                         if (sk->sk_state == BT_CONNECTED)
396                                 sec.key_size = chan->conn->hcon->enc_key_size;
397                 } else {
398                         sec.level = chan->sec_level;
399                 }
400
401                 len = min_t(unsigned int, len, sizeof(sec));
402                 if (copy_to_user(optval, (char *) &sec, len))
403                         err = -EFAULT;
404
405                 break;
406
407         case BT_DEFER_SETUP:
408                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
409                         err = -EINVAL;
410                         break;
411                 }
412
413                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
414                              (u32 __user *) optval))
415                         err = -EFAULT;
416
417                 break;
418
419         case BT_FLUSHABLE:
420                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
421                              (u32 __user *) optval))
422                         err = -EFAULT;
423
424                 break;
425
426         case BT_POWER:
427                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
428                     && sk->sk_type != SOCK_RAW) {
429                         err = -EINVAL;
430                         break;
431                 }
432
433                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
434
435                 len = min_t(unsigned int, len, sizeof(pwr));
436                 if (copy_to_user(optval, (char *) &pwr, len))
437                         err = -EFAULT;
438
439                 break;
440
441         case BT_CHANNEL_POLICY:
442                 if (!enable_hs) {
443                         err = -ENOPROTOOPT;
444                         break;
445                 }
446
447                 if (put_user(chan->chan_policy, (u32 __user *) optval))
448                         err = -EFAULT;
449                 break;
450
451         default:
452                 err = -ENOPROTOOPT;
453                 break;
454         }
455
456         release_sock(sk);
457         return err;
458 }
459
460 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
461 {
462         switch (chan->scid) {
463         case L2CAP_CID_LE_DATA:
464                 if (mtu < L2CAP_LE_MIN_MTU)
465                         return false;
466                 break;
467
468         default:
469                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
470                         return false;
471         }
472
473         return true;
474 }
475
476 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
477                                      char __user *optval, unsigned int optlen)
478 {
479         struct sock *sk = sock->sk;
480         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
481         struct l2cap_options opts;
482         int len, err = 0;
483         u32 opt;
484
485         BT_DBG("sk %p", sk);
486
487         lock_sock(sk);
488
489         switch (optname) {
490         case L2CAP_OPTIONS:
491                 if (sk->sk_state == BT_CONNECTED) {
492                         err = -EINVAL;
493                         break;
494                 }
495
496                 opts.imtu     = chan->imtu;
497                 opts.omtu     = chan->omtu;
498                 opts.flush_to = chan->flush_to;
499                 opts.mode     = chan->mode;
500                 opts.fcs      = chan->fcs;
501                 opts.max_tx   = chan->max_tx;
502                 opts.txwin_size = chan->tx_win;
503
504                 len = min_t(unsigned int, sizeof(opts), optlen);
505                 if (copy_from_user((char *) &opts, optval, len)) {
506                         err = -EFAULT;
507                         break;
508                 }
509
510                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
511                         err = -EINVAL;
512                         break;
513                 }
514
515                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
516                         err = -EINVAL;
517                         break;
518                 }
519
520                 chan->mode = opts.mode;
521                 switch (chan->mode) {
522                 case L2CAP_MODE_BASIC:
523                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
524                         break;
525                 case L2CAP_MODE_ERTM:
526                 case L2CAP_MODE_STREAMING:
527                         if (!disable_ertm)
528                                 break;
529                         /* fall through */
530                 default:
531                         err = -EINVAL;
532                         break;
533                 }
534
535                 chan->imtu = opts.imtu;
536                 chan->omtu = opts.omtu;
537                 chan->fcs  = opts.fcs;
538                 chan->max_tx = opts.max_tx;
539                 chan->tx_win = opts.txwin_size;
540                 chan->flush_to = opts.flush_to;
541                 break;
542
543         case L2CAP_LM:
544                 if (get_user(opt, (u32 __user *) optval)) {
545                         err = -EFAULT;
546                         break;
547                 }
548
549                 if (opt & L2CAP_LM_AUTH)
550                         chan->sec_level = BT_SECURITY_LOW;
551                 if (opt & L2CAP_LM_ENCRYPT)
552                         chan->sec_level = BT_SECURITY_MEDIUM;
553                 if (opt & L2CAP_LM_SECURE)
554                         chan->sec_level = BT_SECURITY_HIGH;
555
556                 if (opt & L2CAP_LM_MASTER)
557                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
558                 else
559                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
560
561                 if (opt & L2CAP_LM_RELIABLE)
562                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
563                 else
564                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
565                 break;
566
567         default:
568                 err = -ENOPROTOOPT;
569                 break;
570         }
571
572         release_sock(sk);
573         return err;
574 }
575
576 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
577                                  char __user *optval, unsigned int optlen)
578 {
579         struct sock *sk = sock->sk;
580         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
581         struct bt_security sec;
582         struct bt_power pwr;
583         struct l2cap_conn *conn;
584         int len, err = 0;
585         u32 opt;
586
587         BT_DBG("sk %p", sk);
588
589         if (level == SOL_L2CAP)
590                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
591
592         if (level != SOL_BLUETOOTH)
593                 return -ENOPROTOOPT;
594
595         lock_sock(sk);
596
597         switch (optname) {
598         case BT_SECURITY:
599                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
600                     chan->chan_type != L2CAP_CHAN_RAW) {
601                         err = -EINVAL;
602                         break;
603                 }
604
605                 sec.level = BT_SECURITY_LOW;
606
607                 len = min_t(unsigned int, sizeof(sec), optlen);
608                 if (copy_from_user((char *) &sec, optval, len)) {
609                         err = -EFAULT;
610                         break;
611                 }
612
613                 if (sec.level < BT_SECURITY_LOW ||
614                     sec.level > BT_SECURITY_HIGH) {
615                         err = -EINVAL;
616                         break;
617                 }
618
619                 chan->sec_level = sec.level;
620
621                 if (!chan->conn)
622                         break;
623
624                 conn = chan->conn;
625
626                 /*change security for LE channels */
627                 if (chan->scid == L2CAP_CID_LE_DATA) {
628                         if (!conn->hcon->out) {
629                                 err = -EINVAL;
630                                 break;
631                         }
632
633                         if (smp_conn_security(conn->hcon, sec.level))
634                                 break;
635                         sk->sk_state = BT_CONFIG;
636                         chan->state = BT_CONFIG;
637
638                 /* or for ACL link */
639                 } else if ((sk->sk_state == BT_CONNECT2 &&
640                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
641                            sk->sk_state == BT_CONNECTED) {
642                         if (!l2cap_chan_check_security(chan))
643                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
644                         else
645                                 sk->sk_state_change(sk);
646                 } else {
647                         err = -EINVAL;
648                 }
649                 break;
650
651         case BT_DEFER_SETUP:
652                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
653                         err = -EINVAL;
654                         break;
655                 }
656
657                 if (get_user(opt, (u32 __user *) optval)) {
658                         err = -EFAULT;
659                         break;
660                 }
661
662                 if (opt)
663                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
664                 else
665                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
666                 break;
667
668         case BT_FLUSHABLE:
669                 if (get_user(opt, (u32 __user *) optval)) {
670                         err = -EFAULT;
671                         break;
672                 }
673
674                 if (opt > BT_FLUSHABLE_ON) {
675                         err = -EINVAL;
676                         break;
677                 }
678
679                 if (opt == BT_FLUSHABLE_OFF) {
680                         struct l2cap_conn *conn = chan->conn;
681                         /* proceed further only when we have l2cap_conn and
682                            No Flush support in the LM */
683                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
684                                 err = -EINVAL;
685                                 break;
686                         }
687                 }
688
689                 if (opt)
690                         set_bit(FLAG_FLUSHABLE, &chan->flags);
691                 else
692                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
693                 break;
694
695         case BT_POWER:
696                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
697                     chan->chan_type != L2CAP_CHAN_RAW) {
698                         err = -EINVAL;
699                         break;
700                 }
701
702                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
703
704                 len = min_t(unsigned int, sizeof(pwr), optlen);
705                 if (copy_from_user((char *) &pwr, optval, len)) {
706                         err = -EFAULT;
707                         break;
708                 }
709
710                 if (pwr.force_active)
711                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
712                 else
713                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
714                 break;
715
716         case BT_CHANNEL_POLICY:
717                 if (!enable_hs) {
718                         err = -ENOPROTOOPT;
719                         break;
720                 }
721
722                 if (get_user(opt, (u32 __user *) optval)) {
723                         err = -EFAULT;
724                         break;
725                 }
726
727                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
728                         err = -EINVAL;
729                         break;
730                 }
731
732                 if (chan->mode != L2CAP_MODE_ERTM &&
733                     chan->mode != L2CAP_MODE_STREAMING) {
734                         err = -EOPNOTSUPP;
735                         break;
736                 }
737
738                 chan->chan_policy = (u8) opt;
739
740                 if (sk->sk_state == BT_CONNECTED &&
741                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
742                         l2cap_move_start(chan);
743
744                 break;
745
746         default:
747                 err = -ENOPROTOOPT;
748                 break;
749         }
750
751         release_sock(sk);
752         return err;
753 }
754
755 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
756                               struct msghdr *msg, size_t len)
757 {
758         struct sock *sk = sock->sk;
759         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
760         int err;
761
762         BT_DBG("sock %p, sk %p", sock, sk);
763
764         err = sock_error(sk);
765         if (err)
766                 return err;
767
768         if (msg->msg_flags & MSG_OOB)
769                 return -EOPNOTSUPP;
770
771         if (sk->sk_state != BT_CONNECTED)
772                 return -ENOTCONN;
773
774         l2cap_chan_lock(chan);
775         err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
776         l2cap_chan_unlock(chan);
777
778         return err;
779 }
780
781 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
782                               struct msghdr *msg, size_t len, int flags)
783 {
784         struct sock *sk = sock->sk;
785         struct l2cap_pinfo *pi = l2cap_pi(sk);
786         int err;
787
788         lock_sock(sk);
789
790         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
791                                                     &bt_sk(sk)->flags)) {
792                 sk->sk_state = BT_CONFIG;
793                 pi->chan->state = BT_CONFIG;
794
795                 __l2cap_connect_rsp_defer(pi->chan);
796                 release_sock(sk);
797                 return 0;
798         }
799
800         release_sock(sk);
801
802         if (sock->type == SOCK_STREAM)
803                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
804         else
805                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
806
807         if (pi->chan->mode != L2CAP_MODE_ERTM)
808                 return err;
809
810         /* Attempt to put pending rx data in the socket buffer */
811
812         lock_sock(sk);
813
814         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
815                 goto done;
816
817         if (pi->rx_busy_skb) {
818                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
819                         pi->rx_busy_skb = NULL;
820                 else
821                         goto done;
822         }
823
824         /* Restore data flow when half of the receive buffer is
825          * available.  This avoids resending large numbers of
826          * frames.
827          */
828         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
829                 l2cap_chan_busy(pi->chan, 0);
830
831 done:
832         release_sock(sk);
833         return err;
834 }
835
836 /* Kill socket (only if zapped and orphan)
837  * Must be called on unlocked socket.
838  */
839 static void l2cap_sock_kill(struct sock *sk)
840 {
841         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
842                 return;
843
844         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
845
846         /* Kill poor orphan */
847
848         l2cap_chan_put(l2cap_pi(sk)->chan);
849         sock_set_flag(sk, SOCK_DEAD);
850         sock_put(sk);
851 }
852
853 static int l2cap_sock_shutdown(struct socket *sock, int how)
854 {
855         struct sock *sk = sock->sk;
856         struct l2cap_chan *chan;
857         struct l2cap_conn *conn;
858         int err = 0;
859
860         BT_DBG("sock %p, sk %p", sock, sk);
861
862         if (!sk)
863                 return 0;
864
865         chan = l2cap_pi(sk)->chan;
866         conn = chan->conn;
867
868         if (conn)
869                 mutex_lock(&conn->chan_lock);
870
871         l2cap_chan_lock(chan);
872         lock_sock(sk);
873
874         if (!sk->sk_shutdown) {
875                 if (chan->mode == L2CAP_MODE_ERTM)
876                         err = __l2cap_wait_ack(sk);
877
878                 sk->sk_shutdown = SHUTDOWN_MASK;
879
880                 release_sock(sk);
881                 l2cap_chan_close(chan, 0);
882                 lock_sock(sk);
883
884                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
885                         err = bt_sock_wait_state(sk, BT_CLOSED,
886                                                  sk->sk_lingertime);
887         }
888
889         if (!err && sk->sk_err)
890                 err = -sk->sk_err;
891
892         release_sock(sk);
893         l2cap_chan_unlock(chan);
894
895         if (conn)
896                 mutex_unlock(&conn->chan_lock);
897
898         return err;
899 }
900
901 static int l2cap_sock_release(struct socket *sock)
902 {
903         struct sock *sk = sock->sk;
904         int err;
905
906         BT_DBG("sock %p, sk %p", sock, sk);
907
908         if (!sk)
909                 return 0;
910
911         bt_sock_unlink(&l2cap_sk_list, sk);
912
913         err = l2cap_sock_shutdown(sock, 2);
914
915         sock_orphan(sk);
916         l2cap_sock_kill(sk);
917         return err;
918 }
919
920 static void l2cap_sock_cleanup_listen(struct sock *parent)
921 {
922         struct sock *sk;
923
924         BT_DBG("parent %p", parent);
925
926         /* Close not yet accepted channels */
927         while ((sk = bt_accept_dequeue(parent, NULL))) {
928                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
929
930                 l2cap_chan_lock(chan);
931                 __clear_chan_timer(chan);
932                 l2cap_chan_close(chan, ECONNRESET);
933                 l2cap_chan_unlock(chan);
934
935                 l2cap_sock_kill(sk);
936         }
937 }
938
939 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
940 {
941         struct sock *sk, *parent = chan->data;
942
943         /* Check for backlog size */
944         if (sk_acceptq_is_full(parent)) {
945                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
946                 return NULL;
947         }
948
949         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
950                               GFP_ATOMIC);
951         if (!sk)
952                 return NULL;
953
954         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
955
956         l2cap_sock_init(sk, parent);
957
958         bt_accept_enqueue(parent, sk);
959
960         return l2cap_pi(sk)->chan;
961 }
962
963 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
964 {
965         int err;
966         struct sock *sk = chan->data;
967         struct l2cap_pinfo *pi = l2cap_pi(sk);
968
969         lock_sock(sk);
970
971         if (pi->rx_busy_skb) {
972                 err = -ENOMEM;
973                 goto done;
974         }
975
976         err = sock_queue_rcv_skb(sk, skb);
977
978         /* For ERTM, handle one skb that doesn't fit into the recv
979          * buffer.  This is important to do because the data frames
980          * have already been acked, so the skb cannot be discarded.
981          *
982          * Notify the l2cap core that the buffer is full, so the
983          * LOCAL_BUSY state is entered and no more frames are
984          * acked and reassembled until there is buffer space
985          * available.
986          */
987         if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
988                 pi->rx_busy_skb = skb;
989                 l2cap_chan_busy(pi->chan, 1);
990                 err = 0;
991         }
992
993 done:
994         release_sock(sk);
995
996         return err;
997 }
998
999 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1000 {
1001         struct sock *sk = chan->data;
1002
1003         l2cap_sock_kill(sk);
1004 }
1005
1006 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1007 {
1008         struct sock *sk = chan->data;
1009         struct sock *parent;
1010
1011         lock_sock(sk);
1012
1013         parent = bt_sk(sk)->parent;
1014
1015         sock_set_flag(sk, SOCK_ZAPPED);
1016
1017         switch (chan->state) {
1018         case BT_OPEN:
1019         case BT_BOUND:
1020         case BT_CLOSED:
1021                 break;
1022         case BT_LISTEN:
1023                 l2cap_sock_cleanup_listen(sk);
1024                 sk->sk_state = BT_CLOSED;
1025                 chan->state = BT_CLOSED;
1026
1027                 break;
1028         default:
1029                 sk->sk_state = BT_CLOSED;
1030                 chan->state = BT_CLOSED;
1031
1032                 sk->sk_err = err;
1033
1034                 if (parent) {
1035                         bt_accept_unlink(sk);
1036                         parent->sk_data_ready(parent, 0);
1037                 } else {
1038                         sk->sk_state_change(sk);
1039                 }
1040
1041                 break;
1042         }
1043
1044         release_sock(sk);
1045 }
1046
1047 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1048 {
1049         struct sock *sk = chan->data;
1050
1051         sk->sk_state = state;
1052 }
1053
1054 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1055                                                unsigned long len, int nb)
1056 {
1057         struct sk_buff *skb;
1058         int err;
1059
1060         l2cap_chan_unlock(chan);
1061         skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1062         l2cap_chan_lock(chan);
1063
1064         if (!skb)
1065                 return ERR_PTR(err);
1066
1067         return skb;
1068 }
1069
1070 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1071 {
1072         struct sock *sk = chan->data;
1073         struct sock *parent;
1074
1075         lock_sock(sk);
1076
1077         parent = bt_sk(sk)->parent;
1078
1079         BT_DBG("sk %p, parent %p", sk, parent);
1080
1081         sk->sk_state = BT_CONNECTED;
1082         sk->sk_state_change(sk);
1083
1084         if (parent)
1085                 parent->sk_data_ready(parent, 0);
1086
1087         release_sock(sk);
1088 }
1089
1090 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1091 {
1092         struct sock *sk = chan->data;
1093         struct sock *parent = bt_sk(sk)->parent;
1094
1095         if (parent)
1096                 parent->sk_data_ready(parent, 0);
1097 }
1098
1099 static struct l2cap_ops l2cap_chan_ops = {
1100         .name           = "L2CAP Socket Interface",
1101         .new_connection = l2cap_sock_new_connection_cb,
1102         .recv           = l2cap_sock_recv_cb,
1103         .close          = l2cap_sock_close_cb,
1104         .teardown       = l2cap_sock_teardown_cb,
1105         .state_change   = l2cap_sock_state_change_cb,
1106         .ready          = l2cap_sock_ready_cb,
1107         .defer          = l2cap_sock_defer_cb,
1108         .alloc_skb      = l2cap_sock_alloc_skb_cb,
1109 };
1110
1111 static void l2cap_sock_destruct(struct sock *sk)
1112 {
1113         BT_DBG("sk %p", sk);
1114
1115         if (l2cap_pi(sk)->chan)
1116                 l2cap_chan_put(l2cap_pi(sk)->chan);
1117         if (l2cap_pi(sk)->rx_busy_skb) {
1118                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1119                 l2cap_pi(sk)->rx_busy_skb = NULL;
1120         }
1121
1122         skb_queue_purge(&sk->sk_receive_queue);
1123         skb_queue_purge(&sk->sk_write_queue);
1124 }
1125
1126 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1127 {
1128         struct l2cap_pinfo *pi = l2cap_pi(sk);
1129         struct l2cap_chan *chan = pi->chan;
1130
1131         BT_DBG("sk %p", sk);
1132
1133         if (parent) {
1134                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1135
1136                 sk->sk_type = parent->sk_type;
1137                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1138
1139                 chan->chan_type = pchan->chan_type;
1140                 chan->imtu = pchan->imtu;
1141                 chan->omtu = pchan->omtu;
1142                 chan->conf_state = pchan->conf_state;
1143                 chan->mode = pchan->mode;
1144                 chan->fcs  = pchan->fcs;
1145                 chan->max_tx = pchan->max_tx;
1146                 chan->tx_win = pchan->tx_win;
1147                 chan->tx_win_max = pchan->tx_win_max;
1148                 chan->sec_level = pchan->sec_level;
1149                 chan->flags = pchan->flags;
1150
1151                 security_sk_clone(parent, sk);
1152         } else {
1153
1154                 switch (sk->sk_type) {
1155                 case SOCK_RAW:
1156                         chan->chan_type = L2CAP_CHAN_RAW;
1157                         break;
1158                 case SOCK_DGRAM:
1159                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1160                         break;
1161                 case SOCK_SEQPACKET:
1162                 case SOCK_STREAM:
1163                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1164                         break;
1165                 }
1166
1167                 chan->imtu = L2CAP_DEFAULT_MTU;
1168                 chan->omtu = 0;
1169                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1170                         chan->mode = L2CAP_MODE_ERTM;
1171                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1172                 } else {
1173                         chan->mode = L2CAP_MODE_BASIC;
1174                 }
1175
1176                 l2cap_chan_set_defaults(chan);
1177         }
1178
1179         /* Default config options */
1180         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1181
1182         chan->data = sk;
1183         chan->ops = &l2cap_chan_ops;
1184 }
1185
1186 static struct proto l2cap_proto = {
1187         .name           = "L2CAP",
1188         .owner          = THIS_MODULE,
1189         .obj_size       = sizeof(struct l2cap_pinfo)
1190 };
1191
1192 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1193                                      int proto, gfp_t prio)
1194 {
1195         struct sock *sk;
1196         struct l2cap_chan *chan;
1197
1198         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1199         if (!sk)
1200                 return NULL;
1201
1202         sock_init_data(sock, sk);
1203         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1204
1205         sk->sk_destruct = l2cap_sock_destruct;
1206         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1207
1208         sock_reset_flag(sk, SOCK_ZAPPED);
1209
1210         sk->sk_protocol = proto;
1211         sk->sk_state = BT_OPEN;
1212
1213         chan = l2cap_chan_create();
1214         if (!chan) {
1215                 sk_free(sk);
1216                 return NULL;
1217         }
1218
1219         l2cap_chan_hold(chan);
1220
1221         chan->sk = sk;
1222
1223         l2cap_pi(sk)->chan = chan;
1224
1225         return sk;
1226 }
1227
1228 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1229                              int kern)
1230 {
1231         struct sock *sk;
1232
1233         BT_DBG("sock %p", sock);
1234
1235         sock->state = SS_UNCONNECTED;
1236
1237         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1238             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1239                 return -ESOCKTNOSUPPORT;
1240
1241         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1242                 return -EPERM;
1243
1244         sock->ops = &l2cap_sock_ops;
1245
1246         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1247         if (!sk)
1248                 return -ENOMEM;
1249
1250         l2cap_sock_init(sk, NULL);
1251         bt_sock_link(&l2cap_sk_list, sk);
1252         return 0;
1253 }
1254
1255 static const struct proto_ops l2cap_sock_ops = {
1256         .family         = PF_BLUETOOTH,
1257         .owner          = THIS_MODULE,
1258         .release        = l2cap_sock_release,
1259         .bind           = l2cap_sock_bind,
1260         .connect        = l2cap_sock_connect,
1261         .listen         = l2cap_sock_listen,
1262         .accept         = l2cap_sock_accept,
1263         .getname        = l2cap_sock_getname,
1264         .sendmsg        = l2cap_sock_sendmsg,
1265         .recvmsg        = l2cap_sock_recvmsg,
1266         .poll           = bt_sock_poll,
1267         .ioctl          = bt_sock_ioctl,
1268         .mmap           = sock_no_mmap,
1269         .socketpair     = sock_no_socketpair,
1270         .shutdown       = l2cap_sock_shutdown,
1271         .setsockopt     = l2cap_sock_setsockopt,
1272         .getsockopt     = l2cap_sock_getsockopt
1273 };
1274
1275 static const struct net_proto_family l2cap_sock_family_ops = {
1276         .family = PF_BLUETOOTH,
1277         .owner  = THIS_MODULE,
1278         .create = l2cap_sock_create,
1279 };
1280
1281 int __init l2cap_init_sockets(void)
1282 {
1283         int err;
1284
1285         err = proto_register(&l2cap_proto, 0);
1286         if (err < 0)
1287                 return err;
1288
1289         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1290         if (err < 0) {
1291                 BT_ERR("L2CAP socket registration failed");
1292                 goto error;
1293         }
1294
1295         err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list,
1296                              NULL);
1297         if (err < 0) {
1298                 BT_ERR("Failed to create L2CAP proc file");
1299                 bt_sock_unregister(BTPROTO_L2CAP);
1300                 goto error;
1301         }
1302
1303         BT_INFO("L2CAP socket layer initialized");
1304
1305         return 0;
1306
1307 error:
1308         proto_unregister(&l2cap_proto);
1309         return err;
1310 }
1311
1312 void l2cap_cleanup_sockets(void)
1313 {
1314         bt_procfs_cleanup(&init_net, "l2cap");
1315         if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1316                 BT_ERR("L2CAP socket unregistration failed");
1317
1318         proto_unregister(&l2cap_proto);
1319 }