l2cap_sock.c revision 1f209383f2be94e15e179da3a4cbcfeabcc2efc2
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35 36#include "smp.h" 37 38static struct bt_sock_list l2cap_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 40}; 41 42static const struct proto_ops l2cap_sock_ops; 43static void l2cap_sock_init(struct sock *sk, struct sock *parent); 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 45 int proto, gfp_t prio); 46 47bool l2cap_is_socket(struct socket *sock) 48{ 49 return sock && sock->ops == &l2cap_sock_ops; 50} 51EXPORT_SYMBOL(l2cap_is_socket); 52 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 54{ 55 struct sock *sk = sock->sk; 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 57 struct sockaddr_l2 la; 58 int len, err = 0; 59 60 BT_DBG("sk %p", sk); 61 62 if (!addr || addr->sa_family != AF_BLUETOOTH) 63 return -EINVAL; 64 65 memset(&la, 0, sizeof(la)); 66 len = min_t(unsigned int, sizeof(la), alen); 67 memcpy(&la, addr, len); 68 69 if (la.l2_cid && la.l2_psm) 70 return -EINVAL; 71 72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 73 return -EINVAL; 74 75 lock_sock(sk); 76 77 if (sk->sk_state != BT_OPEN) { 78 err = -EBADFD; 79 goto done; 80 } 81 82 if (la.l2_psm) { 83 __u16 psm = __le16_to_cpu(la.l2_psm); 84 85 /* PSM must be odd and lsb of upper byte must be 0 */ 86 if ((psm & 0x0101) != 0x0001) { 87 err = -EINVAL; 88 goto done; 89 } 90 91 /* Restrict usage of well-known PSMs */ 92 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 93 err = -EACCES; 94 goto done; 95 } 96 } 97 98 if (la.l2_cid) 99 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 100 else 101 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 102 103 if (err < 0) 104 goto done; 105 106 switch (chan->chan_type) { 107 case L2CAP_CHAN_CONN_LESS: 108 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 109 chan->sec_level = BT_SECURITY_SDP; 110 break; 111 case L2CAP_CHAN_CONN_ORIENTED: 112 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 113 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 114 chan->sec_level = BT_SECURITY_SDP; 115 break; 116 } 117 118 bacpy(&chan->src, &la.l2_bdaddr); 119 chan->src_type = la.l2_bdaddr_type; 120 121 chan->state = BT_BOUND; 122 sk->sk_state = BT_BOUND; 123 124done: 125 release_sock(sk); 126 return err; 127} 128 129static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 130 int alen, int flags) 131{ 132 struct sock *sk = sock->sk; 133 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 134 struct sockaddr_l2 la; 135 int len, err = 0; 136 137 BT_DBG("sk %p", sk); 138 139 if (!addr || alen < sizeof(addr->sa_family) || 140 addr->sa_family != AF_BLUETOOTH) 141 return -EINVAL; 142 143 memset(&la, 0, sizeof(la)); 144 len = min_t(unsigned int, sizeof(la), alen); 145 memcpy(&la, addr, len); 146 147 if (la.l2_cid && la.l2_psm) 148 return -EINVAL; 149 150 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 151 return -EINVAL; 152 153 if (chan->src_type == BDADDR_BREDR && la.l2_bdaddr_type != BDADDR_BREDR) 154 return -EINVAL; 155 156 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 157 return -EINVAL; 158 159 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 160 &la.l2_bdaddr, la.l2_bdaddr_type); 161 if (err) 162 return err; 163 164 lock_sock(sk); 165 166 err = bt_sock_wait_state(sk, BT_CONNECTED, 167 sock_sndtimeo(sk, flags & O_NONBLOCK)); 168 169 release_sock(sk); 170 171 return err; 172} 173 174static int l2cap_sock_listen(struct socket *sock, int backlog) 175{ 176 struct sock *sk = sock->sk; 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 178 int err = 0; 179 180 BT_DBG("sk %p backlog %d", sk, backlog); 181 182 lock_sock(sk); 183 184 if (sk->sk_state != BT_BOUND) { 185 err = -EBADFD; 186 goto done; 187 } 188 189 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 190 err = -EINVAL; 191 goto done; 192 } 193 194 switch (chan->mode) { 195 case L2CAP_MODE_BASIC: 196 break; 197 case L2CAP_MODE_ERTM: 198 case L2CAP_MODE_STREAMING: 199 if (!disable_ertm) 200 break; 201 /* fall through */ 202 default: 203 err = -ENOTSUPP; 204 goto done; 205 } 206 207 sk->sk_max_ack_backlog = backlog; 208 sk->sk_ack_backlog = 0; 209 210 chan->state = BT_LISTEN; 211 sk->sk_state = BT_LISTEN; 212 213done: 214 release_sock(sk); 215 return err; 216} 217 218static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 219 int flags) 220{ 221 DECLARE_WAITQUEUE(wait, current); 222 struct sock *sk = sock->sk, *nsk; 223 long timeo; 224 int err = 0; 225 226 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 227 228 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 229 230 BT_DBG("sk %p timeo %ld", sk, timeo); 231 232 /* Wait for an incoming connection. (wake-one). */ 233 add_wait_queue_exclusive(sk_sleep(sk), &wait); 234 while (1) { 235 set_current_state(TASK_INTERRUPTIBLE); 236 237 if (sk->sk_state != BT_LISTEN) { 238 err = -EBADFD; 239 break; 240 } 241 242 nsk = bt_accept_dequeue(sk, newsock); 243 if (nsk) 244 break; 245 246 if (!timeo) { 247 err = -EAGAIN; 248 break; 249 } 250 251 if (signal_pending(current)) { 252 err = sock_intr_errno(timeo); 253 break; 254 } 255 256 release_sock(sk); 257 timeo = schedule_timeout(timeo); 258 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 259 } 260 __set_current_state(TASK_RUNNING); 261 remove_wait_queue(sk_sleep(sk), &wait); 262 263 if (err) 264 goto done; 265 266 newsock->state = SS_CONNECTED; 267 268 BT_DBG("new socket %p", nsk); 269 270done: 271 release_sock(sk); 272 return err; 273} 274 275static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 276 int *len, int peer) 277{ 278 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 279 struct sock *sk = sock->sk; 280 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 281 282 BT_DBG("sock %p, sk %p", sock, sk); 283 284 memset(la, 0, sizeof(struct sockaddr_l2)); 285 addr->sa_family = AF_BLUETOOTH; 286 *len = sizeof(struct sockaddr_l2); 287 288 if (peer) { 289 la->l2_psm = chan->psm; 290 bacpy(&la->l2_bdaddr, &chan->dst); 291 la->l2_cid = cpu_to_le16(chan->dcid); 292 la->l2_bdaddr_type = chan->dst_type; 293 } else { 294 la->l2_psm = chan->sport; 295 bacpy(&la->l2_bdaddr, &chan->src); 296 la->l2_cid = cpu_to_le16(chan->scid); 297 la->l2_bdaddr_type = chan->src_type; 298 } 299 300 return 0; 301} 302 303static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 304 char __user *optval, int __user *optlen) 305{ 306 struct sock *sk = sock->sk; 307 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 308 struct l2cap_options opts; 309 struct l2cap_conninfo cinfo; 310 int len, err = 0; 311 u32 opt; 312 313 BT_DBG("sk %p", sk); 314 315 if (get_user(len, optlen)) 316 return -EFAULT; 317 318 lock_sock(sk); 319 320 switch (optname) { 321 case L2CAP_OPTIONS: 322 memset(&opts, 0, sizeof(opts)); 323 opts.imtu = chan->imtu; 324 opts.omtu = chan->omtu; 325 opts.flush_to = chan->flush_to; 326 opts.mode = chan->mode; 327 opts.fcs = chan->fcs; 328 opts.max_tx = chan->max_tx; 329 opts.txwin_size = chan->tx_win; 330 331 len = min_t(unsigned int, len, sizeof(opts)); 332 if (copy_to_user(optval, (char *) &opts, len)) 333 err = -EFAULT; 334 335 break; 336 337 case L2CAP_LM: 338 switch (chan->sec_level) { 339 case BT_SECURITY_LOW: 340 opt = L2CAP_LM_AUTH; 341 break; 342 case BT_SECURITY_MEDIUM: 343 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 344 break; 345 case BT_SECURITY_HIGH: 346 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 347 L2CAP_LM_SECURE; 348 break; 349 default: 350 opt = 0; 351 break; 352 } 353 354 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 355 opt |= L2CAP_LM_MASTER; 356 357 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 358 opt |= L2CAP_LM_RELIABLE; 359 360 if (put_user(opt, (u32 __user *) optval)) 361 err = -EFAULT; 362 break; 363 364 case L2CAP_CONNINFO: 365 if (sk->sk_state != BT_CONNECTED && 366 !(sk->sk_state == BT_CONNECT2 && 367 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 368 err = -ENOTCONN; 369 break; 370 } 371 372 memset(&cinfo, 0, sizeof(cinfo)); 373 cinfo.hci_handle = chan->conn->hcon->handle; 374 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 375 376 len = min_t(unsigned int, len, sizeof(cinfo)); 377 if (copy_to_user(optval, (char *) &cinfo, len)) 378 err = -EFAULT; 379 380 break; 381 382 default: 383 err = -ENOPROTOOPT; 384 break; 385 } 386 387 release_sock(sk); 388 return err; 389} 390 391static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 392 char __user *optval, int __user *optlen) 393{ 394 struct sock *sk = sock->sk; 395 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 396 struct bt_security sec; 397 struct bt_power pwr; 398 int len, err = 0; 399 400 BT_DBG("sk %p", sk); 401 402 if (level == SOL_L2CAP) 403 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 404 405 if (level != SOL_BLUETOOTH) 406 return -ENOPROTOOPT; 407 408 if (get_user(len, optlen)) 409 return -EFAULT; 410 411 lock_sock(sk); 412 413 switch (optname) { 414 case BT_SECURITY: 415 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 416 chan->chan_type != L2CAP_CHAN_RAW) { 417 err = -EINVAL; 418 break; 419 } 420 421 memset(&sec, 0, sizeof(sec)); 422 if (chan->conn) { 423 sec.level = chan->conn->hcon->sec_level; 424 425 if (sk->sk_state == BT_CONNECTED) 426 sec.key_size = chan->conn->hcon->enc_key_size; 427 } else { 428 sec.level = chan->sec_level; 429 } 430 431 len = min_t(unsigned int, len, sizeof(sec)); 432 if (copy_to_user(optval, (char *) &sec, len)) 433 err = -EFAULT; 434 435 break; 436 437 case BT_DEFER_SETUP: 438 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 439 err = -EINVAL; 440 break; 441 } 442 443 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 444 (u32 __user *) optval)) 445 err = -EFAULT; 446 447 break; 448 449 case BT_FLUSHABLE: 450 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 451 (u32 __user *) optval)) 452 err = -EFAULT; 453 454 break; 455 456 case BT_POWER: 457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 458 && sk->sk_type != SOCK_RAW) { 459 err = -EINVAL; 460 break; 461 } 462 463 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 464 465 len = min_t(unsigned int, len, sizeof(pwr)); 466 if (copy_to_user(optval, (char *) &pwr, len)) 467 err = -EFAULT; 468 469 break; 470 471 case BT_CHANNEL_POLICY: 472 if (put_user(chan->chan_policy, (u32 __user *) optval)) 473 err = -EFAULT; 474 break; 475 476 default: 477 err = -ENOPROTOOPT; 478 break; 479 } 480 481 release_sock(sk); 482 return err; 483} 484 485static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 486{ 487 switch (chan->scid) { 488 case L2CAP_CID_ATT: 489 if (mtu < L2CAP_LE_MIN_MTU) 490 return false; 491 break; 492 493 default: 494 if (mtu < L2CAP_DEFAULT_MIN_MTU) 495 return false; 496 } 497 498 return true; 499} 500 501static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 502 char __user *optval, unsigned int optlen) 503{ 504 struct sock *sk = sock->sk; 505 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 506 struct l2cap_options opts; 507 int len, err = 0; 508 u32 opt; 509 510 BT_DBG("sk %p", sk); 511 512 lock_sock(sk); 513 514 switch (optname) { 515 case L2CAP_OPTIONS: 516 if (sk->sk_state == BT_CONNECTED) { 517 err = -EINVAL; 518 break; 519 } 520 521 opts.imtu = chan->imtu; 522 opts.omtu = chan->omtu; 523 opts.flush_to = chan->flush_to; 524 opts.mode = chan->mode; 525 opts.fcs = chan->fcs; 526 opts.max_tx = chan->max_tx; 527 opts.txwin_size = chan->tx_win; 528 529 len = min_t(unsigned int, sizeof(opts), optlen); 530 if (copy_from_user((char *) &opts, optval, len)) { 531 err = -EFAULT; 532 break; 533 } 534 535 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 536 err = -EINVAL; 537 break; 538 } 539 540 if (!l2cap_valid_mtu(chan, opts.imtu)) { 541 err = -EINVAL; 542 break; 543 } 544 545 chan->mode = opts.mode; 546 switch (chan->mode) { 547 case L2CAP_MODE_BASIC: 548 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 549 break; 550 case L2CAP_MODE_ERTM: 551 case L2CAP_MODE_STREAMING: 552 if (!disable_ertm) 553 break; 554 /* fall through */ 555 default: 556 err = -EINVAL; 557 break; 558 } 559 560 chan->imtu = opts.imtu; 561 chan->omtu = opts.omtu; 562 chan->fcs = opts.fcs; 563 chan->max_tx = opts.max_tx; 564 chan->tx_win = opts.txwin_size; 565 chan->flush_to = opts.flush_to; 566 break; 567 568 case L2CAP_LM: 569 if (get_user(opt, (u32 __user *) optval)) { 570 err = -EFAULT; 571 break; 572 } 573 574 if (opt & L2CAP_LM_AUTH) 575 chan->sec_level = BT_SECURITY_LOW; 576 if (opt & L2CAP_LM_ENCRYPT) 577 chan->sec_level = BT_SECURITY_MEDIUM; 578 if (opt & L2CAP_LM_SECURE) 579 chan->sec_level = BT_SECURITY_HIGH; 580 581 if (opt & L2CAP_LM_MASTER) 582 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 583 else 584 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 585 586 if (opt & L2CAP_LM_RELIABLE) 587 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 588 else 589 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 590 break; 591 592 default: 593 err = -ENOPROTOOPT; 594 break; 595 } 596 597 release_sock(sk); 598 return err; 599} 600 601static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 602 char __user *optval, unsigned int optlen) 603{ 604 struct sock *sk = sock->sk; 605 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 606 struct bt_security sec; 607 struct bt_power pwr; 608 struct l2cap_conn *conn; 609 int len, err = 0; 610 u32 opt; 611 612 BT_DBG("sk %p", sk); 613 614 if (level == SOL_L2CAP) 615 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 616 617 if (level != SOL_BLUETOOTH) 618 return -ENOPROTOOPT; 619 620 lock_sock(sk); 621 622 switch (optname) { 623 case BT_SECURITY: 624 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 625 chan->chan_type != L2CAP_CHAN_RAW) { 626 err = -EINVAL; 627 break; 628 } 629 630 sec.level = BT_SECURITY_LOW; 631 632 len = min_t(unsigned int, sizeof(sec), optlen); 633 if (copy_from_user((char *) &sec, optval, len)) { 634 err = -EFAULT; 635 break; 636 } 637 638 if (sec.level < BT_SECURITY_LOW || 639 sec.level > BT_SECURITY_HIGH) { 640 err = -EINVAL; 641 break; 642 } 643 644 chan->sec_level = sec.level; 645 646 if (!chan->conn) 647 break; 648 649 conn = chan->conn; 650 651 /*change security for LE channels */ 652 if (chan->scid == L2CAP_CID_ATT) { 653 if (!conn->hcon->out) { 654 err = -EINVAL; 655 break; 656 } 657 658 if (smp_conn_security(conn->hcon, sec.level)) 659 break; 660 sk->sk_state = BT_CONFIG; 661 chan->state = BT_CONFIG; 662 663 /* or for ACL link */ 664 } else if ((sk->sk_state == BT_CONNECT2 && 665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 666 sk->sk_state == BT_CONNECTED) { 667 if (!l2cap_chan_check_security(chan)) 668 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 669 else 670 sk->sk_state_change(sk); 671 } else { 672 err = -EINVAL; 673 } 674 break; 675 676 case BT_DEFER_SETUP: 677 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 678 err = -EINVAL; 679 break; 680 } 681 682 if (get_user(opt, (u32 __user *) optval)) { 683 err = -EFAULT; 684 break; 685 } 686 687 if (opt) { 688 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 689 set_bit(FLAG_DEFER_SETUP, &chan->flags); 690 } else { 691 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 692 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 693 } 694 break; 695 696 case BT_FLUSHABLE: 697 if (get_user(opt, (u32 __user *) optval)) { 698 err = -EFAULT; 699 break; 700 } 701 702 if (opt > BT_FLUSHABLE_ON) { 703 err = -EINVAL; 704 break; 705 } 706 707 if (opt == BT_FLUSHABLE_OFF) { 708 conn = chan->conn; 709 /* proceed further only when we have l2cap_conn and 710 No Flush support in the LM */ 711 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 712 err = -EINVAL; 713 break; 714 } 715 } 716 717 if (opt) 718 set_bit(FLAG_FLUSHABLE, &chan->flags); 719 else 720 clear_bit(FLAG_FLUSHABLE, &chan->flags); 721 break; 722 723 case BT_POWER: 724 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 725 chan->chan_type != L2CAP_CHAN_RAW) { 726 err = -EINVAL; 727 break; 728 } 729 730 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 731 732 len = min_t(unsigned int, sizeof(pwr), optlen); 733 if (copy_from_user((char *) &pwr, optval, len)) { 734 err = -EFAULT; 735 break; 736 } 737 738 if (pwr.force_active) 739 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 740 else 741 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 742 break; 743 744 case BT_CHANNEL_POLICY: 745 if (get_user(opt, (u32 __user *) optval)) { 746 err = -EFAULT; 747 break; 748 } 749 750 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 751 err = -EINVAL; 752 break; 753 } 754 755 if (chan->mode != L2CAP_MODE_ERTM && 756 chan->mode != L2CAP_MODE_STREAMING) { 757 err = -EOPNOTSUPP; 758 break; 759 } 760 761 chan->chan_policy = (u8) opt; 762 763 if (sk->sk_state == BT_CONNECTED && 764 chan->move_role == L2CAP_MOVE_ROLE_NONE) 765 l2cap_move_start(chan); 766 767 break; 768 769 default: 770 err = -ENOPROTOOPT; 771 break; 772 } 773 774 release_sock(sk); 775 return err; 776} 777 778static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 779 struct msghdr *msg, size_t len) 780{ 781 struct sock *sk = sock->sk; 782 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 783 int err; 784 785 BT_DBG("sock %p, sk %p", sock, sk); 786 787 err = sock_error(sk); 788 if (err) 789 return err; 790 791 if (msg->msg_flags & MSG_OOB) 792 return -EOPNOTSUPP; 793 794 if (sk->sk_state != BT_CONNECTED) 795 return -ENOTCONN; 796 797 lock_sock(sk); 798 err = bt_sock_wait_ready(sk, msg->msg_flags); 799 release_sock(sk); 800 if (err) 801 return err; 802 803 l2cap_chan_lock(chan); 804 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 805 l2cap_chan_unlock(chan); 806 807 return err; 808} 809 810static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 811 struct msghdr *msg, size_t len, int flags) 812{ 813 struct sock *sk = sock->sk; 814 struct l2cap_pinfo *pi = l2cap_pi(sk); 815 int err; 816 817 lock_sock(sk); 818 819 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 820 &bt_sk(sk)->flags)) { 821 sk->sk_state = BT_CONFIG; 822 pi->chan->state = BT_CONFIG; 823 824 __l2cap_connect_rsp_defer(pi->chan); 825 err = 0; 826 goto done; 827 } 828 829 release_sock(sk); 830 831 if (sock->type == SOCK_STREAM) 832 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 833 else 834 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 835 836 if (pi->chan->mode != L2CAP_MODE_ERTM) 837 return err; 838 839 /* Attempt to put pending rx data in the socket buffer */ 840 841 lock_sock(sk); 842 843 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 844 goto done; 845 846 if (pi->rx_busy_skb) { 847 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 848 pi->rx_busy_skb = NULL; 849 else 850 goto done; 851 } 852 853 /* Restore data flow when half of the receive buffer is 854 * available. This avoids resending large numbers of 855 * frames. 856 */ 857 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 858 l2cap_chan_busy(pi->chan, 0); 859 860done: 861 release_sock(sk); 862 return err; 863} 864 865/* Kill socket (only if zapped and orphan) 866 * Must be called on unlocked socket. 867 */ 868static void l2cap_sock_kill(struct sock *sk) 869{ 870 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 871 return; 872 873 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 874 875 /* Kill poor orphan */ 876 877 l2cap_chan_put(l2cap_pi(sk)->chan); 878 sock_set_flag(sk, SOCK_DEAD); 879 sock_put(sk); 880} 881 882static int l2cap_sock_shutdown(struct socket *sock, int how) 883{ 884 struct sock *sk = sock->sk; 885 struct l2cap_chan *chan; 886 struct l2cap_conn *conn; 887 int err = 0; 888 889 BT_DBG("sock %p, sk %p", sock, sk); 890 891 if (!sk) 892 return 0; 893 894 chan = l2cap_pi(sk)->chan; 895 conn = chan->conn; 896 897 if (conn) 898 mutex_lock(&conn->chan_lock); 899 900 l2cap_chan_lock(chan); 901 lock_sock(sk); 902 903 if (!sk->sk_shutdown) { 904 if (chan->mode == L2CAP_MODE_ERTM) 905 err = __l2cap_wait_ack(sk); 906 907 sk->sk_shutdown = SHUTDOWN_MASK; 908 909 release_sock(sk); 910 l2cap_chan_close(chan, 0); 911 lock_sock(sk); 912 913 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 914 err = bt_sock_wait_state(sk, BT_CLOSED, 915 sk->sk_lingertime); 916 } 917 918 if (!err && sk->sk_err) 919 err = -sk->sk_err; 920 921 release_sock(sk); 922 l2cap_chan_unlock(chan); 923 924 if (conn) 925 mutex_unlock(&conn->chan_lock); 926 927 return err; 928} 929 930static int l2cap_sock_release(struct socket *sock) 931{ 932 struct sock *sk = sock->sk; 933 int err; 934 935 BT_DBG("sock %p, sk %p", sock, sk); 936 937 if (!sk) 938 return 0; 939 940 bt_sock_unlink(&l2cap_sk_list, sk); 941 942 err = l2cap_sock_shutdown(sock, 2); 943 944 sock_orphan(sk); 945 l2cap_sock_kill(sk); 946 return err; 947} 948 949static void l2cap_sock_cleanup_listen(struct sock *parent) 950{ 951 struct sock *sk; 952 953 BT_DBG("parent %p", parent); 954 955 /* Close not yet accepted channels */ 956 while ((sk = bt_accept_dequeue(parent, NULL))) { 957 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 958 959 l2cap_chan_lock(chan); 960 __clear_chan_timer(chan); 961 l2cap_chan_close(chan, ECONNRESET); 962 l2cap_chan_unlock(chan); 963 964 l2cap_sock_kill(sk); 965 } 966} 967 968static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 969{ 970 struct sock *sk, *parent = chan->data; 971 972 /* Check for backlog size */ 973 if (sk_acceptq_is_full(parent)) { 974 BT_DBG("backlog full %d", parent->sk_ack_backlog); 975 return NULL; 976 } 977 978 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 979 GFP_ATOMIC); 980 if (!sk) 981 return NULL; 982 983 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 984 985 l2cap_sock_init(sk, parent); 986 987 bt_accept_enqueue(parent, sk); 988 989 return l2cap_pi(sk)->chan; 990} 991 992static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 993{ 994 struct sock *sk = chan->data; 995 int err; 996 997 lock_sock(sk); 998 999 if (l2cap_pi(sk)->rx_busy_skb) { 1000 err = -ENOMEM; 1001 goto done; 1002 } 1003 1004 err = sock_queue_rcv_skb(sk, skb); 1005 1006 /* For ERTM, handle one skb that doesn't fit into the recv 1007 * buffer. This is important to do because the data frames 1008 * have already been acked, so the skb cannot be discarded. 1009 * 1010 * Notify the l2cap core that the buffer is full, so the 1011 * LOCAL_BUSY state is entered and no more frames are 1012 * acked and reassembled until there is buffer space 1013 * available. 1014 */ 1015 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1016 l2cap_pi(sk)->rx_busy_skb = skb; 1017 l2cap_chan_busy(chan, 1); 1018 err = 0; 1019 } 1020 1021done: 1022 release_sock(sk); 1023 1024 return err; 1025} 1026 1027static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1028{ 1029 struct sock *sk = chan->data; 1030 1031 l2cap_sock_kill(sk); 1032} 1033 1034static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1035{ 1036 struct sock *sk = chan->data; 1037 struct sock *parent; 1038 1039 lock_sock(sk); 1040 1041 parent = bt_sk(sk)->parent; 1042 1043 sock_set_flag(sk, SOCK_ZAPPED); 1044 1045 switch (chan->state) { 1046 case BT_OPEN: 1047 case BT_BOUND: 1048 case BT_CLOSED: 1049 break; 1050 case BT_LISTEN: 1051 l2cap_sock_cleanup_listen(sk); 1052 sk->sk_state = BT_CLOSED; 1053 chan->state = BT_CLOSED; 1054 1055 break; 1056 default: 1057 sk->sk_state = BT_CLOSED; 1058 chan->state = BT_CLOSED; 1059 1060 sk->sk_err = err; 1061 1062 if (parent) { 1063 bt_accept_unlink(sk); 1064 parent->sk_data_ready(parent, 0); 1065 } else { 1066 sk->sk_state_change(sk); 1067 } 1068 1069 break; 1070 } 1071 1072 release_sock(sk); 1073} 1074 1075static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1076{ 1077 struct sock *sk = chan->data; 1078 1079 sk->sk_state = state; 1080} 1081 1082static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1083 unsigned long len, int nb) 1084{ 1085 struct sk_buff *skb; 1086 int err; 1087 1088 l2cap_chan_unlock(chan); 1089 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1090 l2cap_chan_lock(chan); 1091 1092 if (!skb) 1093 return ERR_PTR(err); 1094 1095 return skb; 1096} 1097 1098static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1099{ 1100 struct sock *sk = chan->data; 1101 struct sock *parent; 1102 1103 lock_sock(sk); 1104 1105 parent = bt_sk(sk)->parent; 1106 1107 BT_DBG("sk %p, parent %p", sk, parent); 1108 1109 sk->sk_state = BT_CONNECTED; 1110 sk->sk_state_change(sk); 1111 1112 if (parent) 1113 parent->sk_data_ready(parent, 0); 1114 1115 release_sock(sk); 1116} 1117 1118static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1119{ 1120 struct sock *sk = chan->data; 1121 struct sock *parent = bt_sk(sk)->parent; 1122 1123 if (parent) 1124 parent->sk_data_ready(parent, 0); 1125} 1126 1127static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1128{ 1129 struct sock *sk = chan->data; 1130 1131 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1132 sk->sk_state_change(sk); 1133} 1134 1135static struct l2cap_ops l2cap_chan_ops = { 1136 .name = "L2CAP Socket Interface", 1137 .new_connection = l2cap_sock_new_connection_cb, 1138 .recv = l2cap_sock_recv_cb, 1139 .close = l2cap_sock_close_cb, 1140 .teardown = l2cap_sock_teardown_cb, 1141 .state_change = l2cap_sock_state_change_cb, 1142 .ready = l2cap_sock_ready_cb, 1143 .defer = l2cap_sock_defer_cb, 1144 .resume = l2cap_sock_resume_cb, 1145 .alloc_skb = l2cap_sock_alloc_skb_cb, 1146}; 1147 1148static void l2cap_sock_destruct(struct sock *sk) 1149{ 1150 BT_DBG("sk %p", sk); 1151 1152 if (l2cap_pi(sk)->chan) 1153 l2cap_chan_put(l2cap_pi(sk)->chan); 1154 1155 if (l2cap_pi(sk)->rx_busy_skb) { 1156 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1157 l2cap_pi(sk)->rx_busy_skb = NULL; 1158 } 1159 1160 skb_queue_purge(&sk->sk_receive_queue); 1161 skb_queue_purge(&sk->sk_write_queue); 1162} 1163 1164static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1165 int *msg_namelen) 1166{ 1167 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name; 1168 1169 memset(la, 0, sizeof(struct sockaddr_l2)); 1170 la->l2_family = AF_BLUETOOTH; 1171 la->l2_psm = bt_cb(skb)->psm; 1172 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1173 1174 *msg_namelen = sizeof(struct sockaddr_l2); 1175} 1176 1177static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1178{ 1179 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1180 1181 BT_DBG("sk %p", sk); 1182 1183 if (parent) { 1184 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1185 1186 sk->sk_type = parent->sk_type; 1187 bt_sk(sk)->flags = bt_sk(parent)->flags; 1188 1189 chan->chan_type = pchan->chan_type; 1190 chan->imtu = pchan->imtu; 1191 chan->omtu = pchan->omtu; 1192 chan->conf_state = pchan->conf_state; 1193 chan->mode = pchan->mode; 1194 chan->fcs = pchan->fcs; 1195 chan->max_tx = pchan->max_tx; 1196 chan->tx_win = pchan->tx_win; 1197 chan->tx_win_max = pchan->tx_win_max; 1198 chan->sec_level = pchan->sec_level; 1199 chan->flags = pchan->flags; 1200 1201 security_sk_clone(parent, sk); 1202 } else { 1203 switch (sk->sk_type) { 1204 case SOCK_RAW: 1205 chan->chan_type = L2CAP_CHAN_RAW; 1206 break; 1207 case SOCK_DGRAM: 1208 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1209 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1210 break; 1211 case SOCK_SEQPACKET: 1212 case SOCK_STREAM: 1213 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1214 break; 1215 } 1216 1217 chan->imtu = L2CAP_DEFAULT_MTU; 1218 chan->omtu = 0; 1219 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1220 chan->mode = L2CAP_MODE_ERTM; 1221 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1222 } else { 1223 chan->mode = L2CAP_MODE_BASIC; 1224 } 1225 1226 l2cap_chan_set_defaults(chan); 1227 } 1228 1229 /* Default config options */ 1230 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1231 1232 chan->data = sk; 1233 chan->ops = &l2cap_chan_ops; 1234} 1235 1236static struct proto l2cap_proto = { 1237 .name = "L2CAP", 1238 .owner = THIS_MODULE, 1239 .obj_size = sizeof(struct l2cap_pinfo) 1240}; 1241 1242static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1243 int proto, gfp_t prio) 1244{ 1245 struct sock *sk; 1246 struct l2cap_chan *chan; 1247 1248 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1249 if (!sk) 1250 return NULL; 1251 1252 sock_init_data(sock, sk); 1253 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1254 1255 sk->sk_destruct = l2cap_sock_destruct; 1256 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1257 1258 sock_reset_flag(sk, SOCK_ZAPPED); 1259 1260 sk->sk_protocol = proto; 1261 sk->sk_state = BT_OPEN; 1262 1263 chan = l2cap_chan_create(); 1264 if (!chan) { 1265 sk_free(sk); 1266 return NULL; 1267 } 1268 1269 l2cap_chan_hold(chan); 1270 1271 chan->sk = sk; 1272 1273 l2cap_pi(sk)->chan = chan; 1274 1275 return sk; 1276} 1277 1278static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1279 int kern) 1280{ 1281 struct sock *sk; 1282 1283 BT_DBG("sock %p", sock); 1284 1285 sock->state = SS_UNCONNECTED; 1286 1287 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1288 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1289 return -ESOCKTNOSUPPORT; 1290 1291 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1292 return -EPERM; 1293 1294 sock->ops = &l2cap_sock_ops; 1295 1296 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1297 if (!sk) 1298 return -ENOMEM; 1299 1300 l2cap_sock_init(sk, NULL); 1301 bt_sock_link(&l2cap_sk_list, sk); 1302 return 0; 1303} 1304 1305static const struct proto_ops l2cap_sock_ops = { 1306 .family = PF_BLUETOOTH, 1307 .owner = THIS_MODULE, 1308 .release = l2cap_sock_release, 1309 .bind = l2cap_sock_bind, 1310 .connect = l2cap_sock_connect, 1311 .listen = l2cap_sock_listen, 1312 .accept = l2cap_sock_accept, 1313 .getname = l2cap_sock_getname, 1314 .sendmsg = l2cap_sock_sendmsg, 1315 .recvmsg = l2cap_sock_recvmsg, 1316 .poll = bt_sock_poll, 1317 .ioctl = bt_sock_ioctl, 1318 .mmap = sock_no_mmap, 1319 .socketpair = sock_no_socketpair, 1320 .shutdown = l2cap_sock_shutdown, 1321 .setsockopt = l2cap_sock_setsockopt, 1322 .getsockopt = l2cap_sock_getsockopt 1323}; 1324 1325static const struct net_proto_family l2cap_sock_family_ops = { 1326 .family = PF_BLUETOOTH, 1327 .owner = THIS_MODULE, 1328 .create = l2cap_sock_create, 1329}; 1330 1331int __init l2cap_init_sockets(void) 1332{ 1333 int err; 1334 1335 err = proto_register(&l2cap_proto, 0); 1336 if (err < 0) 1337 return err; 1338 1339 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1340 if (err < 0) { 1341 BT_ERR("L2CAP socket registration failed"); 1342 goto error; 1343 } 1344 1345 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1346 NULL); 1347 if (err < 0) { 1348 BT_ERR("Failed to create L2CAP proc file"); 1349 bt_sock_unregister(BTPROTO_L2CAP); 1350 goto error; 1351 } 1352 1353 BT_INFO("L2CAP socket layer initialized"); 1354 1355 return 0; 1356 1357error: 1358 proto_unregister(&l2cap_proto); 1359 return err; 1360} 1361 1362void l2cap_cleanup_sockets(void) 1363{ 1364 bt_procfs_cleanup(&init_net, "l2cap"); 1365 bt_sock_unregister(BTPROTO_L2CAP); 1366 proto_unregister(&l2cap_proto); 1367} 1368