Bluetooth: Add SMP to User Passkey and Confirm
[linux-2.6.git] / net / bluetooth / l2cap_sock.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5    Copyright (C) 2010 Google Inc.
6    Copyright (C) 2011 ProFUSION Embedded Systems
7
8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License version 2 as
12    published by the Free Software Foundation;
13
14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25    SOFTWARE IS DISCLAIMED.
26 */
27
28 /* Bluetooth L2CAP sockets. */
29
30 #include <linux/security.h>
31 #include <linux/export.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/smp.h>
37
38 static const struct proto_ops l2cap_sock_ops;
39 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
41
42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43 {
44         struct sock *sk = sock->sk;
45         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
46         struct sockaddr_l2 la;
47         int len, err = 0;
48
49         BT_DBG("sk %p", sk);
50
51         if (!addr || addr->sa_family != AF_BLUETOOTH)
52                 return -EINVAL;
53
54         memset(&la, 0, sizeof(la));
55         len = min_t(unsigned int, sizeof(la), alen);
56         memcpy(&la, addr, len);
57
58         if (la.l2_cid && la.l2_psm)
59                 return -EINVAL;
60
61         lock_sock(sk);
62
63         if (sk->sk_state != BT_OPEN) {
64                 err = -EBADFD;
65                 goto done;
66         }
67
68         if (la.l2_psm) {
69                 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71                 /* PSM must be odd and lsb of upper byte must be 0 */
72                 if ((psm & 0x0101) != 0x0001) {
73                         err = -EINVAL;
74                         goto done;
75                 }
76
77                 /* Restrict usage of well-known PSMs */
78                 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79                         err = -EACCES;
80                         goto done;
81                 }
82         }
83
84         if (la.l2_cid)
85                 err = l2cap_add_scid(chan, la.l2_cid);
86         else
87                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
88
89         if (err < 0)
90                 goto done;
91
92         if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93                                 __le16_to_cpu(la.l2_psm) == 0x0003)
94                 chan->sec_level = BT_SECURITY_SDP;
95
96         bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
97
98         chan->state = BT_BOUND;
99         sk->sk_state = BT_BOUND;
100
101 done:
102         release_sock(sk);
103         return err;
104 }
105
106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107 {
108         struct sock *sk = sock->sk;
109         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110         struct sockaddr_l2 la;
111         int len, err = 0;
112
113         BT_DBG("sk %p", sk);
114
115         if (!addr || alen < sizeof(addr->sa_family) ||
116             addr->sa_family != AF_BLUETOOTH)
117                 return -EINVAL;
118
119         memset(&la, 0, sizeof(la));
120         len = min_t(unsigned int, sizeof(la), alen);
121         memcpy(&la, addr, len);
122
123         if (la.l2_cid && la.l2_psm)
124                 return -EINVAL;
125
126         err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
127         if (err)
128                 goto done;
129
130         err = bt_sock_wait_state(sk, BT_CONNECTED,
131                         sock_sndtimeo(sk, flags & O_NONBLOCK));
132 done:
133         if (sock_owned_by_user(sk))
134                 release_sock(sk);
135         return err;
136 }
137
138 static int l2cap_sock_listen(struct socket *sock, int backlog)
139 {
140         struct sock *sk = sock->sk;
141         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
142         int err = 0;
143
144         BT_DBG("sk %p backlog %d", sk, backlog);
145
146         lock_sock(sk);
147
148         if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
149                         || sk->sk_state != BT_BOUND) {
150                 err = -EBADFD;
151                 goto done;
152         }
153
154         switch (chan->mode) {
155         case L2CAP_MODE_BASIC:
156                 break;
157         case L2CAP_MODE_ERTM:
158         case L2CAP_MODE_STREAMING:
159                 if (!disable_ertm)
160                         break;
161                 /* fall through */
162         default:
163                 err = -ENOTSUPP;
164                 goto done;
165         }
166
167         sk->sk_max_ack_backlog = backlog;
168         sk->sk_ack_backlog = 0;
169
170         chan->state = BT_LISTEN;
171         sk->sk_state = BT_LISTEN;
172
173 done:
174         release_sock(sk);
175         return err;
176 }
177
178 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
179 {
180         DECLARE_WAITQUEUE(wait, current);
181         struct sock *sk = sock->sk, *nsk;
182         long timeo;
183         int err = 0;
184
185         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
186
187         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
188
189         BT_DBG("sk %p timeo %ld", sk, timeo);
190
191         /* Wait for an incoming connection. (wake-one). */
192         add_wait_queue_exclusive(sk_sleep(sk), &wait);
193         while (1) {
194                 set_current_state(TASK_INTERRUPTIBLE);
195
196                 if (sk->sk_state != BT_LISTEN) {
197                         err = -EBADFD;
198                         break;
199                 }
200
201                 nsk = bt_accept_dequeue(sk, newsock);
202                 if (nsk)
203                         break;
204
205                 if (!timeo) {
206                         err = -EAGAIN;
207                         break;
208                 }
209
210                 if (signal_pending(current)) {
211                         err = sock_intr_errno(timeo);
212                         break;
213                 }
214
215                 release_sock(sk);
216                 timeo = schedule_timeout(timeo);
217                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
218         }
219         __set_current_state(TASK_RUNNING);
220         remove_wait_queue(sk_sleep(sk), &wait);
221
222         if (err)
223                 goto done;
224
225         newsock->state = SS_CONNECTED;
226
227         BT_DBG("new socket %p", nsk);
228
229 done:
230         release_sock(sk);
231         return err;
232 }
233
234 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
235 {
236         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
237         struct sock *sk = sock->sk;
238         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
239
240         BT_DBG("sock %p, sk %p", sock, sk);
241
242         addr->sa_family = AF_BLUETOOTH;
243         *len = sizeof(struct sockaddr_l2);
244
245         if (peer) {
246                 la->l2_psm = chan->psm;
247                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
248                 la->l2_cid = cpu_to_le16(chan->dcid);
249         } else {
250                 la->l2_psm = chan->sport;
251                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
252                 la->l2_cid = cpu_to_le16(chan->scid);
253         }
254
255         return 0;
256 }
257
258 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
259 {
260         struct sock *sk = sock->sk;
261         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
262         struct l2cap_options opts;
263         struct l2cap_conninfo cinfo;
264         int len, err = 0;
265         u32 opt;
266
267         BT_DBG("sk %p", sk);
268
269         if (get_user(len, optlen))
270                 return -EFAULT;
271
272         lock_sock(sk);
273
274         switch (optname) {
275         case L2CAP_OPTIONS:
276                 memset(&opts, 0, sizeof(opts));
277                 opts.imtu     = chan->imtu;
278                 opts.omtu     = chan->omtu;
279                 opts.flush_to = chan->flush_to;
280                 opts.mode     = chan->mode;
281                 opts.fcs      = chan->fcs;
282                 opts.max_tx   = chan->max_tx;
283                 opts.txwin_size = chan->tx_win;
284
285                 len = min_t(unsigned int, len, sizeof(opts));
286                 if (copy_to_user(optval, (char *) &opts, len))
287                         err = -EFAULT;
288
289                 break;
290
291         case L2CAP_LM:
292                 switch (chan->sec_level) {
293                 case BT_SECURITY_LOW:
294                         opt = L2CAP_LM_AUTH;
295                         break;
296                 case BT_SECURITY_MEDIUM:
297                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
298                         break;
299                 case BT_SECURITY_HIGH:
300                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
301                                                         L2CAP_LM_SECURE;
302                         break;
303                 default:
304                         opt = 0;
305                         break;
306                 }
307
308                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
309                         opt |= L2CAP_LM_MASTER;
310
311                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
312                         opt |= L2CAP_LM_RELIABLE;
313
314                 if (put_user(opt, (u32 __user *) optval))
315                         err = -EFAULT;
316                 break;
317
318         case L2CAP_CONNINFO:
319                 if (sk->sk_state != BT_CONNECTED &&
320                                         !(sk->sk_state == BT_CONNECT2 &&
321                                                 bt_sk(sk)->defer_setup)) {
322                         err = -ENOTCONN;
323                         break;
324                 }
325
326                 memset(&cinfo, 0, sizeof(cinfo));
327                 cinfo.hci_handle = chan->conn->hcon->handle;
328                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
329
330                 len = min_t(unsigned int, len, sizeof(cinfo));
331                 if (copy_to_user(optval, (char *) &cinfo, len))
332                         err = -EFAULT;
333
334                 break;
335
336         default:
337                 err = -ENOPROTOOPT;
338                 break;
339         }
340
341         release_sock(sk);
342         return err;
343 }
344
345 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
346 {
347         struct sock *sk = sock->sk;
348         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
349         struct bt_security sec;
350         struct bt_power pwr;
351         int len, err = 0;
352
353         BT_DBG("sk %p", sk);
354
355         if (level == SOL_L2CAP)
356                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
357
358         if (level != SOL_BLUETOOTH)
359                 return -ENOPROTOOPT;
360
361         if (get_user(len, optlen))
362                 return -EFAULT;
363
364         lock_sock(sk);
365
366         switch (optname) {
367         case BT_SECURITY:
368                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
369                                         chan->chan_type != L2CAP_CHAN_RAW) {
370                         err = -EINVAL;
371                         break;
372                 }
373
374                 memset(&sec, 0, sizeof(sec));
375                 sec.level = chan->sec_level;
376
377                 if (sk->sk_state == BT_CONNECTED)
378                         sec.key_size = chan->conn->hcon->enc_key_size;
379
380                 len = min_t(unsigned int, len, sizeof(sec));
381                 if (copy_to_user(optval, (char *) &sec, len))
382                         err = -EFAULT;
383
384                 break;
385
386         case BT_DEFER_SETUP:
387                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
388                         err = -EINVAL;
389                         break;
390                 }
391
392                 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
393                         err = -EFAULT;
394
395                 break;
396
397         case BT_FLUSHABLE:
398                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
399                                                 (u32 __user *) optval))
400                         err = -EFAULT;
401
402                 break;
403
404         case BT_POWER:
405                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
406                                 && sk->sk_type != SOCK_RAW) {
407                         err = -EINVAL;
408                         break;
409                 }
410
411                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
412
413                 len = min_t(unsigned int, len, sizeof(pwr));
414                 if (copy_to_user(optval, (char *) &pwr, len))
415                         err = -EFAULT;
416
417                 break;
418
419         case BT_CHANNEL_POLICY:
420                 if (!enable_hs) {
421                         err = -ENOPROTOOPT;
422                         break;
423                 }
424
425                 if (put_user(chan->chan_policy, (u32 __user *) optval))
426                         err = -EFAULT;
427                 break;
428
429         default:
430                 err = -ENOPROTOOPT;
431                 break;
432         }
433
434         release_sock(sk);
435         return err;
436 }
437
438 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
439 {
440         struct sock *sk = sock->sk;
441         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
442         struct l2cap_options opts;
443         int len, err = 0;
444         u32 opt;
445
446         BT_DBG("sk %p", sk);
447
448         lock_sock(sk);
449
450         switch (optname) {
451         case L2CAP_OPTIONS:
452                 if (sk->sk_state == BT_CONNECTED) {
453                         err = -EINVAL;
454                         break;
455                 }
456
457                 opts.imtu     = chan->imtu;
458                 opts.omtu     = chan->omtu;
459                 opts.flush_to = chan->flush_to;
460                 opts.mode     = chan->mode;
461                 opts.fcs      = chan->fcs;
462                 opts.max_tx   = chan->max_tx;
463                 opts.txwin_size = chan->tx_win;
464
465                 len = min_t(unsigned int, sizeof(opts), optlen);
466                 if (copy_from_user((char *) &opts, optval, len)) {
467                         err = -EFAULT;
468                         break;
469                 }
470
471                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
472                         err = -EINVAL;
473                         break;
474                 }
475
476                 chan->mode = opts.mode;
477                 switch (chan->mode) {
478                 case L2CAP_MODE_BASIC:
479                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
480                         break;
481                 case L2CAP_MODE_ERTM:
482                 case L2CAP_MODE_STREAMING:
483                         if (!disable_ertm)
484                                 break;
485                         /* fall through */
486                 default:
487                         err = -EINVAL;
488                         break;
489                 }
490
491                 chan->imtu = opts.imtu;
492                 chan->omtu = opts.omtu;
493                 chan->fcs  = opts.fcs;
494                 chan->max_tx = opts.max_tx;
495                 chan->tx_win = opts.txwin_size;
496                 break;
497
498         case L2CAP_LM:
499                 if (get_user(opt, (u32 __user *) optval)) {
500                         err = -EFAULT;
501                         break;
502                 }
503
504                 if (opt & L2CAP_LM_AUTH)
505                         chan->sec_level = BT_SECURITY_LOW;
506                 if (opt & L2CAP_LM_ENCRYPT)
507                         chan->sec_level = BT_SECURITY_MEDIUM;
508                 if (opt & L2CAP_LM_SECURE)
509                         chan->sec_level = BT_SECURITY_HIGH;
510
511                 if (opt & L2CAP_LM_MASTER)
512                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
513                 else
514                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
515
516                 if (opt & L2CAP_LM_RELIABLE)
517                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
518                 else
519                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
520                 break;
521
522         default:
523                 err = -ENOPROTOOPT;
524                 break;
525         }
526
527         release_sock(sk);
528         return err;
529 }
530
531 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
532 {
533         struct sock *sk = sock->sk;
534         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
535         struct bt_security sec;
536         struct bt_power pwr;
537         struct l2cap_conn *conn;
538         int len, err = 0;
539         u32 opt;
540
541         BT_DBG("sk %p", sk);
542
543         if (level == SOL_L2CAP)
544                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
545
546         if (level != SOL_BLUETOOTH)
547                 return -ENOPROTOOPT;
548
549         lock_sock(sk);
550
551         switch (optname) {
552         case BT_SECURITY:
553                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
554                                         chan->chan_type != L2CAP_CHAN_RAW) {
555                         err = -EINVAL;
556                         break;
557                 }
558
559                 sec.level = BT_SECURITY_LOW;
560
561                 len = min_t(unsigned int, sizeof(sec), optlen);
562                 if (copy_from_user((char *) &sec, optval, len)) {
563                         err = -EFAULT;
564                         break;
565                 }
566
567                 if (sec.level < BT_SECURITY_LOW ||
568                                         sec.level > BT_SECURITY_HIGH) {
569                         err = -EINVAL;
570                         break;
571                 }
572
573                 chan->sec_level = sec.level;
574
575                 if (!chan->conn)
576                         break;
577
578                 conn = chan->conn;
579
580                 /*change security for LE channels */
581                 if (chan->scid == L2CAP_CID_LE_DATA) {
582                         if (!conn->hcon->out) {
583                                 err = -EINVAL;
584                                 break;
585                         }
586
587                         if (smp_conn_security(conn, sec.level))
588                                 break;
589                         sk->sk_state = BT_CONFIG;
590
591                 /* or for ACL link, under defer_setup time */
592                 } else if (sk->sk_state == BT_CONNECT2 &&
593                                         bt_sk(sk)->defer_setup) {
594                         err = l2cap_chan_check_security(chan);
595                 } else {
596                         err = -EINVAL;
597                 }
598                 break;
599
600         case BT_DEFER_SETUP:
601                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
602                         err = -EINVAL;
603                         break;
604                 }
605
606                 if (get_user(opt, (u32 __user *) optval)) {
607                         err = -EFAULT;
608                         break;
609                 }
610
611                 bt_sk(sk)->defer_setup = opt;
612                 break;
613
614         case BT_FLUSHABLE:
615                 if (get_user(opt, (u32 __user *) optval)) {
616                         err = -EFAULT;
617                         break;
618                 }
619
620                 if (opt > BT_FLUSHABLE_ON) {
621                         err = -EINVAL;
622                         break;
623                 }
624
625                 if (opt == BT_FLUSHABLE_OFF) {
626                         struct l2cap_conn *conn = chan->conn;
627                         /* proceed further only when we have l2cap_conn and
628                            No Flush support in the LM */
629                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
630                                 err = -EINVAL;
631                                 break;
632                         }
633                 }
634
635                 if (opt)
636                         set_bit(FLAG_FLUSHABLE, &chan->flags);
637                 else
638                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
639                 break;
640
641         case BT_POWER:
642                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
643                                         chan->chan_type != L2CAP_CHAN_RAW) {
644                         err = -EINVAL;
645                         break;
646                 }
647
648                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
649
650                 len = min_t(unsigned int, sizeof(pwr), optlen);
651                 if (copy_from_user((char *) &pwr, optval, len)) {
652                         err = -EFAULT;
653                         break;
654                 }
655
656                 if (pwr.force_active)
657                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
658                 else
659                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
660                 break;
661
662         case BT_CHANNEL_POLICY:
663                 if (!enable_hs) {
664                         err = -ENOPROTOOPT;
665                         break;
666                 }
667
668                 if (get_user(opt, (u32 __user *) optval)) {
669                         err = -EFAULT;
670                         break;
671                 }
672
673                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
674                         err = -EINVAL;
675                         break;
676                 }
677
678                 if (chan->mode != L2CAP_MODE_ERTM &&
679                                 chan->mode != L2CAP_MODE_STREAMING) {
680                         err = -EOPNOTSUPP;
681                         break;
682                 }
683
684                 chan->chan_policy = (u8) opt;
685                 break;
686
687         default:
688                 err = -ENOPROTOOPT;
689                 break;
690         }
691
692         release_sock(sk);
693         return err;
694 }
695
696 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
697 {
698         struct sock *sk = sock->sk;
699         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
700         int err;
701
702         BT_DBG("sock %p, sk %p", sock, sk);
703
704         err = sock_error(sk);
705         if (err)
706                 return err;
707
708         if (msg->msg_flags & MSG_OOB)
709                 return -EOPNOTSUPP;
710
711         lock_sock(sk);
712
713         if (sk->sk_state != BT_CONNECTED) {
714                 release_sock(sk);
715                 return -ENOTCONN;
716         }
717
718         err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
719
720         release_sock(sk);
721         return err;
722 }
723
724 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
725 {
726         struct sock *sk = sock->sk;
727         struct l2cap_pinfo *pi = l2cap_pi(sk);
728         int err;
729
730         lock_sock(sk);
731
732         if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
733                 sk->sk_state = BT_CONFIG;
734
735                 __l2cap_connect_rsp_defer(pi->chan);
736                 release_sock(sk);
737                 return 0;
738         }
739
740         release_sock(sk);
741
742         if (sock->type == SOCK_STREAM)
743                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
744         else
745                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
746
747         if (pi->chan->mode != L2CAP_MODE_ERTM)
748                 return err;
749
750         /* Attempt to put pending rx data in the socket buffer */
751
752         lock_sock(sk);
753
754         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
755                 goto done;
756
757         if (pi->rx_busy_skb) {
758                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
759                         pi->rx_busy_skb = NULL;
760                 else
761                         goto done;
762         }
763
764         /* Restore data flow when half of the receive buffer is
765          * available.  This avoids resending large numbers of
766          * frames.
767          */
768         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
769                 l2cap_chan_busy(pi->chan, 0);
770
771 done:
772         release_sock(sk);
773         return err;
774 }
775
776 /* Kill socket (only if zapped and orphan)
777  * Must be called on unlocked socket.
778  */
779 static void l2cap_sock_kill(struct sock *sk)
780 {
781         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
782                 return;
783
784         BT_DBG("sk %p state %d", sk, sk->sk_state);
785
786         /* Kill poor orphan */
787
788         l2cap_chan_destroy(l2cap_pi(sk)->chan);
789         sock_set_flag(sk, SOCK_DEAD);
790         sock_put(sk);
791 }
792
793 static int l2cap_sock_shutdown(struct socket *sock, int how)
794 {
795         struct sock *sk = sock->sk;
796         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
797         int err = 0;
798
799         BT_DBG("sock %p, sk %p", sock, sk);
800
801         if (!sk)
802                 return 0;
803
804         lock_sock(sk);
805         if (!sk->sk_shutdown) {
806                 if (chan->mode == L2CAP_MODE_ERTM)
807                         err = __l2cap_wait_ack(sk);
808
809                 sk->sk_shutdown = SHUTDOWN_MASK;
810                 l2cap_chan_close(chan, 0);
811
812                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
813                         err = bt_sock_wait_state(sk, BT_CLOSED,
814                                                         sk->sk_lingertime);
815         }
816
817         if (!err && sk->sk_err)
818                 err = -sk->sk_err;
819
820         release_sock(sk);
821         return err;
822 }
823
824 static int l2cap_sock_release(struct socket *sock)
825 {
826         struct sock *sk = sock->sk;
827         int err;
828
829         BT_DBG("sock %p, sk %p", sock, sk);
830
831         if (!sk)
832                 return 0;
833
834         err = l2cap_sock_shutdown(sock, 2);
835
836         sock_orphan(sk);
837         l2cap_sock_kill(sk);
838         return err;
839 }
840
841 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
842 {
843         struct sock *sk, *parent = data;
844
845         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
846                                                                 GFP_ATOMIC);
847         if (!sk)
848                 return NULL;
849
850         l2cap_sock_init(sk, parent);
851
852         return l2cap_pi(sk)->chan;
853 }
854
855 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
856 {
857         int err;
858         struct sock *sk = data;
859         struct l2cap_pinfo *pi = l2cap_pi(sk);
860
861         if (pi->rx_busy_skb)
862                 return -ENOMEM;
863
864         err = sock_queue_rcv_skb(sk, skb);
865
866         /* For ERTM, handle one skb that doesn't fit into the recv
867          * buffer.  This is important to do because the data frames
868          * have already been acked, so the skb cannot be discarded.
869          *
870          * Notify the l2cap core that the buffer is full, so the
871          * LOCAL_BUSY state is entered and no more frames are
872          * acked and reassembled until there is buffer space
873          * available.
874          */
875         if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
876                 pi->rx_busy_skb = skb;
877                 l2cap_chan_busy(pi->chan, 1);
878                 err = 0;
879         }
880
881         return err;
882 }
883
884 static void l2cap_sock_close_cb(void *data)
885 {
886         struct sock *sk = data;
887
888         l2cap_sock_kill(sk);
889 }
890
891 static void l2cap_sock_state_change_cb(void *data, int state)
892 {
893         struct sock *sk = data;
894
895         sk->sk_state = state;
896 }
897
898 static struct l2cap_ops l2cap_chan_ops = {
899         .name           = "L2CAP Socket Interface",
900         .new_connection = l2cap_sock_new_connection_cb,
901         .recv           = l2cap_sock_recv_cb,
902         .close          = l2cap_sock_close_cb,
903         .state_change   = l2cap_sock_state_change_cb,
904 };
905
906 static void l2cap_sock_destruct(struct sock *sk)
907 {
908         BT_DBG("sk %p", sk);
909
910         if (l2cap_pi(sk)->rx_busy_skb) {
911                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
912                 l2cap_pi(sk)->rx_busy_skb = NULL;
913         }
914
915         skb_queue_purge(&sk->sk_receive_queue);
916         skb_queue_purge(&sk->sk_write_queue);
917 }
918
919 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
920 {
921         struct l2cap_pinfo *pi = l2cap_pi(sk);
922         struct l2cap_chan *chan = pi->chan;
923
924         BT_DBG("sk %p", sk);
925
926         if (parent) {
927                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
928
929                 sk->sk_type = parent->sk_type;
930                 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
931
932                 chan->chan_type = pchan->chan_type;
933                 chan->imtu = pchan->imtu;
934                 chan->omtu = pchan->omtu;
935                 chan->conf_state = pchan->conf_state;
936                 chan->mode = pchan->mode;
937                 chan->fcs  = pchan->fcs;
938                 chan->max_tx = pchan->max_tx;
939                 chan->tx_win = pchan->tx_win;
940                 chan->tx_win_max = pchan->tx_win_max;
941                 chan->sec_level = pchan->sec_level;
942                 chan->flags = pchan->flags;
943
944                 security_sk_clone(parent, sk);
945         } else {
946
947                 switch (sk->sk_type) {
948                 case SOCK_RAW:
949                         chan->chan_type = L2CAP_CHAN_RAW;
950                         break;
951                 case SOCK_DGRAM:
952                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
953                         break;
954                 case SOCK_SEQPACKET:
955                 case SOCK_STREAM:
956                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
957                         break;
958                 }
959
960                 chan->imtu = L2CAP_DEFAULT_MTU;
961                 chan->omtu = 0;
962                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
963                         chan->mode = L2CAP_MODE_ERTM;
964                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
965                 } else {
966                         chan->mode = L2CAP_MODE_BASIC;
967                 }
968                 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
969                 chan->fcs  = L2CAP_FCS_CRC16;
970                 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
971                 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
972                 chan->sec_level = BT_SECURITY_LOW;
973                 chan->flags = 0;
974                 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
975         }
976
977         /* Default config options */
978         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
979
980         chan->data = sk;
981         chan->ops = &l2cap_chan_ops;
982 }
983
984 static struct proto l2cap_proto = {
985         .name           = "L2CAP",
986         .owner          = THIS_MODULE,
987         .obj_size       = sizeof(struct l2cap_pinfo)
988 };
989
990 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
991 {
992         struct sock *sk;
993         struct l2cap_chan *chan;
994
995         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
996         if (!sk)
997                 return NULL;
998
999         sock_init_data(sock, sk);
1000         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1001
1002         sk->sk_destruct = l2cap_sock_destruct;
1003         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1004
1005         sock_reset_flag(sk, SOCK_ZAPPED);
1006
1007         sk->sk_protocol = proto;
1008         sk->sk_state = BT_OPEN;
1009
1010         chan = l2cap_chan_create(sk);
1011         if (!chan) {
1012                 l2cap_sock_kill(sk);
1013                 return NULL;
1014         }
1015
1016         l2cap_pi(sk)->chan = chan;
1017
1018         return sk;
1019 }
1020
1021 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1022                              int kern)
1023 {
1024         struct sock *sk;
1025
1026         BT_DBG("sock %p", sock);
1027
1028         sock->state = SS_UNCONNECTED;
1029
1030         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1031                         sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1032                 return -ESOCKTNOSUPPORT;
1033
1034         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1035                 return -EPERM;
1036
1037         sock->ops = &l2cap_sock_ops;
1038
1039         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1040         if (!sk)
1041                 return -ENOMEM;
1042
1043         l2cap_sock_init(sk, NULL);
1044         return 0;
1045 }
1046
1047 static const struct proto_ops l2cap_sock_ops = {
1048         .family         = PF_BLUETOOTH,
1049         .owner          = THIS_MODULE,
1050         .release        = l2cap_sock_release,
1051         .bind           = l2cap_sock_bind,
1052         .connect        = l2cap_sock_connect,
1053         .listen         = l2cap_sock_listen,
1054         .accept         = l2cap_sock_accept,
1055         .getname        = l2cap_sock_getname,
1056         .sendmsg        = l2cap_sock_sendmsg,
1057         .recvmsg        = l2cap_sock_recvmsg,
1058         .poll           = bt_sock_poll,
1059         .ioctl          = bt_sock_ioctl,
1060         .mmap           = sock_no_mmap,
1061         .socketpair     = sock_no_socketpair,
1062         .shutdown       = l2cap_sock_shutdown,
1063         .setsockopt     = l2cap_sock_setsockopt,
1064         .getsockopt     = l2cap_sock_getsockopt
1065 };
1066
1067 static const struct net_proto_family l2cap_sock_family_ops = {
1068         .family = PF_BLUETOOTH,
1069         .owner  = THIS_MODULE,
1070         .create = l2cap_sock_create,
1071 };
1072
1073 int __init l2cap_init_sockets(void)
1074 {
1075         int err;
1076
1077         err = proto_register(&l2cap_proto, 0);
1078         if (err < 0)
1079                 return err;
1080
1081         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1082         if (err < 0)
1083                 goto error;
1084
1085         BT_INFO("L2CAP socket layer initialized");
1086
1087         return 0;
1088
1089 error:
1090         BT_ERR("L2CAP socket registration failed");
1091         proto_unregister(&l2cap_proto);
1092         return err;
1093 }
1094
1095 void l2cap_cleanup_sockets(void)
1096 {
1097         if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1098                 BT_ERR("L2CAP socket unregistration failed");
1099
1100         proto_unregister(&l2cap_proto);
1101 }