l2cap_sock.c revision 2d7928184c3d8724064de282be4e3c3d70f39d32
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35#include <net/bluetooth/smp.h> 36 37static struct bt_sock_list l2cap_sk_list = { 38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39}; 40 41static const struct proto_ops l2cap_sock_ops; 42static void l2cap_sock_init(struct sock *sk, struct sock *parent); 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 44 int proto, gfp_t prio); 45 46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 47{ 48 struct sock *sk = sock->sk; 49 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 50 struct sockaddr_l2 la; 51 int len, err = 0; 52 53 BT_DBG("sk %p", sk); 54 55 if (!addr || addr->sa_family != AF_BLUETOOTH) 56 return -EINVAL; 57 58 memset(&la, 0, sizeof(la)); 59 len = min_t(unsigned int, sizeof(la), alen); 60 memcpy(&la, addr, len); 61 62 if (la.l2_cid && la.l2_psm) 63 return -EINVAL; 64 65 lock_sock(sk); 66 67 if (sk->sk_state != BT_OPEN) { 68 err = -EBADFD; 69 goto done; 70 } 71 72 if (la.l2_psm) { 73 __u16 psm = __le16_to_cpu(la.l2_psm); 74 75 /* PSM must be odd and lsb of upper byte must be 0 */ 76 if ((psm & 0x0101) != 0x0001) { 77 err = -EINVAL; 78 goto done; 79 } 80 81 /* Restrict usage of well-known PSMs */ 82 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 83 err = -EACCES; 84 goto done; 85 } 86 } 87 88 if (la.l2_cid) 89 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 90 else 91 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 92 93 if (err < 0) 94 goto done; 95 96 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 97 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 98 chan->sec_level = BT_SECURITY_SDP; 99 100 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 101 102 chan->state = BT_BOUND; 103 sk->sk_state = BT_BOUND; 104 105done: 106 release_sock(sk); 107 return err; 108} 109 110static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 111 int alen, int flags) 112{ 113 struct sock *sk = sock->sk; 114 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 115 struct sockaddr_l2 la; 116 int len, err = 0; 117 118 BT_DBG("sk %p", sk); 119 120 if (!addr || alen < sizeof(addr->sa_family) || 121 addr->sa_family != AF_BLUETOOTH) 122 return -EINVAL; 123 124 memset(&la, 0, sizeof(la)); 125 len = min_t(unsigned int, sizeof(la), alen); 126 memcpy(&la, addr, len); 127 128 if (la.l2_cid && la.l2_psm) 129 return -EINVAL; 130 131 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 132 &la.l2_bdaddr, la.l2_bdaddr_type); 133 if (err) 134 return err; 135 136 lock_sock(sk); 137 138 err = bt_sock_wait_state(sk, BT_CONNECTED, 139 sock_sndtimeo(sk, flags & O_NONBLOCK)); 140 141 release_sock(sk); 142 143 return err; 144} 145 146static int l2cap_sock_listen(struct socket *sock, int backlog) 147{ 148 struct sock *sk = sock->sk; 149 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 150 int err = 0; 151 152 BT_DBG("sk %p backlog %d", sk, backlog); 153 154 lock_sock(sk); 155 156 if (sk->sk_state != BT_BOUND) { 157 err = -EBADFD; 158 goto done; 159 } 160 161 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 162 err = -EINVAL; 163 goto done; 164 } 165 166 switch (chan->mode) { 167 case L2CAP_MODE_BASIC: 168 break; 169 case L2CAP_MODE_ERTM: 170 case L2CAP_MODE_STREAMING: 171 if (!disable_ertm) 172 break; 173 /* fall through */ 174 default: 175 err = -ENOTSUPP; 176 goto done; 177 } 178 179 sk->sk_max_ack_backlog = backlog; 180 sk->sk_ack_backlog = 0; 181 182 chan->state = BT_LISTEN; 183 sk->sk_state = BT_LISTEN; 184 185done: 186 release_sock(sk); 187 return err; 188} 189 190static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 191 int flags) 192{ 193 DECLARE_WAITQUEUE(wait, current); 194 struct sock *sk = sock->sk, *nsk; 195 long timeo; 196 int err = 0; 197 198 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 199 200 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 201 202 BT_DBG("sk %p timeo %ld", sk, timeo); 203 204 /* Wait for an incoming connection. (wake-one). */ 205 add_wait_queue_exclusive(sk_sleep(sk), &wait); 206 while (1) { 207 set_current_state(TASK_INTERRUPTIBLE); 208 209 if (sk->sk_state != BT_LISTEN) { 210 err = -EBADFD; 211 break; 212 } 213 214 nsk = bt_accept_dequeue(sk, newsock); 215 if (nsk) 216 break; 217 218 if (!timeo) { 219 err = -EAGAIN; 220 break; 221 } 222 223 if (signal_pending(current)) { 224 err = sock_intr_errno(timeo); 225 break; 226 } 227 228 release_sock(sk); 229 timeo = schedule_timeout(timeo); 230 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 231 } 232 __set_current_state(TASK_RUNNING); 233 remove_wait_queue(sk_sleep(sk), &wait); 234 235 if (err) 236 goto done; 237 238 newsock->state = SS_CONNECTED; 239 240 BT_DBG("new socket %p", nsk); 241 242done: 243 release_sock(sk); 244 return err; 245} 246 247static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 248 int *len, int peer) 249{ 250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 251 struct sock *sk = sock->sk; 252 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 253 254 BT_DBG("sock %p, sk %p", sock, sk); 255 256 addr->sa_family = AF_BLUETOOTH; 257 *len = sizeof(struct sockaddr_l2); 258 259 if (peer) { 260 la->l2_psm = chan->psm; 261 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 262 la->l2_cid = cpu_to_le16(chan->dcid); 263 } else { 264 la->l2_psm = chan->sport; 265 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 266 la->l2_cid = cpu_to_le16(chan->scid); 267 } 268 269 return 0; 270} 271 272static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 273 char __user *optval, int __user *optlen) 274{ 275 struct sock *sk = sock->sk; 276 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 277 struct l2cap_options opts; 278 struct l2cap_conninfo cinfo; 279 int len, err = 0; 280 u32 opt; 281 282 BT_DBG("sk %p", sk); 283 284 if (get_user(len, optlen)) 285 return -EFAULT; 286 287 lock_sock(sk); 288 289 switch (optname) { 290 case L2CAP_OPTIONS: 291 memset(&opts, 0, sizeof(opts)); 292 opts.imtu = chan->imtu; 293 opts.omtu = chan->omtu; 294 opts.flush_to = chan->flush_to; 295 opts.mode = chan->mode; 296 opts.fcs = chan->fcs; 297 opts.max_tx = chan->max_tx; 298 opts.txwin_size = chan->tx_win; 299 300 len = min_t(unsigned int, len, sizeof(opts)); 301 if (copy_to_user(optval, (char *) &opts, len)) 302 err = -EFAULT; 303 304 break; 305 306 case L2CAP_LM: 307 switch (chan->sec_level) { 308 case BT_SECURITY_LOW: 309 opt = L2CAP_LM_AUTH; 310 break; 311 case BT_SECURITY_MEDIUM: 312 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 313 break; 314 case BT_SECURITY_HIGH: 315 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 316 L2CAP_LM_SECURE; 317 break; 318 default: 319 opt = 0; 320 break; 321 } 322 323 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 324 opt |= L2CAP_LM_MASTER; 325 326 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 327 opt |= L2CAP_LM_RELIABLE; 328 329 if (put_user(opt, (u32 __user *) optval)) 330 err = -EFAULT; 331 break; 332 333 case L2CAP_CONNINFO: 334 if (sk->sk_state != BT_CONNECTED && 335 !(sk->sk_state == BT_CONNECT2 && 336 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 337 err = -ENOTCONN; 338 break; 339 } 340 341 memset(&cinfo, 0, sizeof(cinfo)); 342 cinfo.hci_handle = chan->conn->hcon->handle; 343 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 344 345 len = min_t(unsigned int, len, sizeof(cinfo)); 346 if (copy_to_user(optval, (char *) &cinfo, len)) 347 err = -EFAULT; 348 349 break; 350 351 default: 352 err = -ENOPROTOOPT; 353 break; 354 } 355 356 release_sock(sk); 357 return err; 358} 359 360static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 361 char __user *optval, int __user *optlen) 362{ 363 struct sock *sk = sock->sk; 364 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 struct bt_security sec; 366 struct bt_power pwr; 367 int len, err = 0; 368 369 BT_DBG("sk %p", sk); 370 371 if (level == SOL_L2CAP) 372 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 373 374 if (level != SOL_BLUETOOTH) 375 return -ENOPROTOOPT; 376 377 if (get_user(len, optlen)) 378 return -EFAULT; 379 380 lock_sock(sk); 381 382 switch (optname) { 383 case BT_SECURITY: 384 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 385 chan->chan_type != L2CAP_CHAN_RAW) { 386 err = -EINVAL; 387 break; 388 } 389 390 memset(&sec, 0, sizeof(sec)); 391 if (chan->conn) { 392 sec.level = chan->conn->hcon->sec_level; 393 394 if (sk->sk_state == BT_CONNECTED) 395 sec.key_size = chan->conn->hcon->enc_key_size; 396 } else { 397 sec.level = chan->sec_level; 398 } 399 400 len = min_t(unsigned int, len, sizeof(sec)); 401 if (copy_to_user(optval, (char *) &sec, len)) 402 err = -EFAULT; 403 404 break; 405 406 case BT_DEFER_SETUP: 407 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 408 err = -EINVAL; 409 break; 410 } 411 412 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 413 (u32 __user *) optval)) 414 err = -EFAULT; 415 416 break; 417 418 case BT_FLUSHABLE: 419 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 420 (u32 __user *) optval)) 421 err = -EFAULT; 422 423 break; 424 425 case BT_POWER: 426 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 427 && sk->sk_type != SOCK_RAW) { 428 err = -EINVAL; 429 break; 430 } 431 432 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 433 434 len = min_t(unsigned int, len, sizeof(pwr)); 435 if (copy_to_user(optval, (char *) &pwr, len)) 436 err = -EFAULT; 437 438 break; 439 440 case BT_CHANNEL_POLICY: 441 if (!enable_hs) { 442 err = -ENOPROTOOPT; 443 break; 444 } 445 446 if (put_user(chan->chan_policy, (u32 __user *) optval)) 447 err = -EFAULT; 448 break; 449 450 default: 451 err = -ENOPROTOOPT; 452 break; 453 } 454 455 release_sock(sk); 456 return err; 457} 458 459static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 460{ 461 switch (chan->scid) { 462 case L2CAP_CID_LE_DATA: 463 if (mtu < L2CAP_LE_MIN_MTU) 464 return false; 465 break; 466 467 default: 468 if (mtu < L2CAP_DEFAULT_MIN_MTU) 469 return false; 470 } 471 472 return true; 473} 474 475static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 476 char __user *optval, unsigned int optlen) 477{ 478 struct sock *sk = sock->sk; 479 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 480 struct l2cap_options opts; 481 int len, err = 0; 482 u32 opt; 483 484 BT_DBG("sk %p", sk); 485 486 lock_sock(sk); 487 488 switch (optname) { 489 case L2CAP_OPTIONS: 490 if (sk->sk_state == BT_CONNECTED) { 491 err = -EINVAL; 492 break; 493 } 494 495 opts.imtu = chan->imtu; 496 opts.omtu = chan->omtu; 497 opts.flush_to = chan->flush_to; 498 opts.mode = chan->mode; 499 opts.fcs = chan->fcs; 500 opts.max_tx = chan->max_tx; 501 opts.txwin_size = chan->tx_win; 502 503 len = min_t(unsigned int, sizeof(opts), optlen); 504 if (copy_from_user((char *) &opts, optval, len)) { 505 err = -EFAULT; 506 break; 507 } 508 509 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 510 err = -EINVAL; 511 break; 512 } 513 514 if (!l2cap_valid_mtu(chan, opts.imtu)) { 515 err = -EINVAL; 516 break; 517 } 518 519 chan->mode = opts.mode; 520 switch (chan->mode) { 521 case L2CAP_MODE_BASIC: 522 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 523 break; 524 case L2CAP_MODE_ERTM: 525 case L2CAP_MODE_STREAMING: 526 if (!disable_ertm) 527 break; 528 /* fall through */ 529 default: 530 err = -EINVAL; 531 break; 532 } 533 534 chan->imtu = opts.imtu; 535 chan->omtu = opts.omtu; 536 chan->fcs = opts.fcs; 537 chan->max_tx = opts.max_tx; 538 chan->tx_win = opts.txwin_size; 539 chan->flush_to = opts.flush_to; 540 break; 541 542 case L2CAP_LM: 543 if (get_user(opt, (u32 __user *) optval)) { 544 err = -EFAULT; 545 break; 546 } 547 548 if (opt & L2CAP_LM_AUTH) 549 chan->sec_level = BT_SECURITY_LOW; 550 if (opt & L2CAP_LM_ENCRYPT) 551 chan->sec_level = BT_SECURITY_MEDIUM; 552 if (opt & L2CAP_LM_SECURE) 553 chan->sec_level = BT_SECURITY_HIGH; 554 555 if (opt & L2CAP_LM_MASTER) 556 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 557 else 558 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 559 560 if (opt & L2CAP_LM_RELIABLE) 561 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 562 else 563 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 564 break; 565 566 default: 567 err = -ENOPROTOOPT; 568 break; 569 } 570 571 release_sock(sk); 572 return err; 573} 574 575static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 576 char __user *optval, unsigned int optlen) 577{ 578 struct sock *sk = sock->sk; 579 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 580 struct bt_security sec; 581 struct bt_power pwr; 582 struct l2cap_conn *conn; 583 int len, err = 0; 584 u32 opt; 585 586 BT_DBG("sk %p", sk); 587 588 if (level == SOL_L2CAP) 589 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 590 591 if (level != SOL_BLUETOOTH) 592 return -ENOPROTOOPT; 593 594 lock_sock(sk); 595 596 switch (optname) { 597 case BT_SECURITY: 598 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 599 chan->chan_type != L2CAP_CHAN_RAW) { 600 err = -EINVAL; 601 break; 602 } 603 604 sec.level = BT_SECURITY_LOW; 605 606 len = min_t(unsigned int, sizeof(sec), optlen); 607 if (copy_from_user((char *) &sec, optval, len)) { 608 err = -EFAULT; 609 break; 610 } 611 612 if (sec.level < BT_SECURITY_LOW || 613 sec.level > BT_SECURITY_HIGH) { 614 err = -EINVAL; 615 break; 616 } 617 618 chan->sec_level = sec.level; 619 620 if (!chan->conn) 621 break; 622 623 conn = chan->conn; 624 625 /*change security for LE channels */ 626 if (chan->scid == L2CAP_CID_LE_DATA) { 627 if (!conn->hcon->out) { 628 err = -EINVAL; 629 break; 630 } 631 632 if (smp_conn_security(conn->hcon, sec.level)) 633 break; 634 sk->sk_state = BT_CONFIG; 635 chan->state = BT_CONFIG; 636 637 /* or for ACL link */ 638 } else if ((sk->sk_state == BT_CONNECT2 && 639 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 640 sk->sk_state == BT_CONNECTED) { 641 if (!l2cap_chan_check_security(chan)) 642 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 643 else 644 sk->sk_state_change(sk); 645 } else { 646 err = -EINVAL; 647 } 648 break; 649 650 case BT_DEFER_SETUP: 651 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 652 err = -EINVAL; 653 break; 654 } 655 656 if (get_user(opt, (u32 __user *) optval)) { 657 err = -EFAULT; 658 break; 659 } 660 661 if (opt) 662 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 663 else 664 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 665 break; 666 667 case BT_FLUSHABLE: 668 if (get_user(opt, (u32 __user *) optval)) { 669 err = -EFAULT; 670 break; 671 } 672 673 if (opt > BT_FLUSHABLE_ON) { 674 err = -EINVAL; 675 break; 676 } 677 678 if (opt == BT_FLUSHABLE_OFF) { 679 struct l2cap_conn *conn = chan->conn; 680 /* proceed further only when we have l2cap_conn and 681 No Flush support in the LM */ 682 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 683 err = -EINVAL; 684 break; 685 } 686 } 687 688 if (opt) 689 set_bit(FLAG_FLUSHABLE, &chan->flags); 690 else 691 clear_bit(FLAG_FLUSHABLE, &chan->flags); 692 break; 693 694 case BT_POWER: 695 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 696 chan->chan_type != L2CAP_CHAN_RAW) { 697 err = -EINVAL; 698 break; 699 } 700 701 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 702 703 len = min_t(unsigned int, sizeof(pwr), optlen); 704 if (copy_from_user((char *) &pwr, optval, len)) { 705 err = -EFAULT; 706 break; 707 } 708 709 if (pwr.force_active) 710 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 711 else 712 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 713 break; 714 715 case BT_CHANNEL_POLICY: 716 if (!enable_hs) { 717 err = -ENOPROTOOPT; 718 break; 719 } 720 721 if (get_user(opt, (u32 __user *) optval)) { 722 err = -EFAULT; 723 break; 724 } 725 726 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 727 err = -EINVAL; 728 break; 729 } 730 731 if (chan->mode != L2CAP_MODE_ERTM && 732 chan->mode != L2CAP_MODE_STREAMING) { 733 err = -EOPNOTSUPP; 734 break; 735 } 736 737 chan->chan_policy = (u8) opt; 738 break; 739 740 default: 741 err = -ENOPROTOOPT; 742 break; 743 } 744 745 release_sock(sk); 746 return err; 747} 748 749static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 750 struct msghdr *msg, size_t len) 751{ 752 struct sock *sk = sock->sk; 753 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 754 int err; 755 756 BT_DBG("sock %p, sk %p", sock, sk); 757 758 err = sock_error(sk); 759 if (err) 760 return err; 761 762 if (msg->msg_flags & MSG_OOB) 763 return -EOPNOTSUPP; 764 765 if (sk->sk_state != BT_CONNECTED) 766 return -ENOTCONN; 767 768 l2cap_chan_lock(chan); 769 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 770 l2cap_chan_unlock(chan); 771 772 return err; 773} 774 775static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 776 struct msghdr *msg, size_t len, int flags) 777{ 778 struct sock *sk = sock->sk; 779 struct l2cap_pinfo *pi = l2cap_pi(sk); 780 int err; 781 782 lock_sock(sk); 783 784 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 785 &bt_sk(sk)->flags)) { 786 sk->sk_state = BT_CONFIG; 787 pi->chan->state = BT_CONFIG; 788 789 __l2cap_connect_rsp_defer(pi->chan); 790 release_sock(sk); 791 return 0; 792 } 793 794 release_sock(sk); 795 796 if (sock->type == SOCK_STREAM) 797 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 798 else 799 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 800 801 if (pi->chan->mode != L2CAP_MODE_ERTM) 802 return err; 803 804 /* Attempt to put pending rx data in the socket buffer */ 805 806 lock_sock(sk); 807 808 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 809 goto done; 810 811 if (pi->rx_busy_skb) { 812 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 813 pi->rx_busy_skb = NULL; 814 else 815 goto done; 816 } 817 818 /* Restore data flow when half of the receive buffer is 819 * available. This avoids resending large numbers of 820 * frames. 821 */ 822 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 823 l2cap_chan_busy(pi->chan, 0); 824 825done: 826 release_sock(sk); 827 return err; 828} 829 830/* Kill socket (only if zapped and orphan) 831 * Must be called on unlocked socket. 832 */ 833static void l2cap_sock_kill(struct sock *sk) 834{ 835 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 836 return; 837 838 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 839 840 /* Kill poor orphan */ 841 842 l2cap_chan_put(l2cap_pi(sk)->chan); 843 sock_set_flag(sk, SOCK_DEAD); 844 sock_put(sk); 845} 846 847static int l2cap_sock_shutdown(struct socket *sock, int how) 848{ 849 struct sock *sk = sock->sk; 850 struct l2cap_chan *chan; 851 struct l2cap_conn *conn; 852 int err = 0; 853 854 BT_DBG("sock %p, sk %p", sock, sk); 855 856 if (!sk) 857 return 0; 858 859 chan = l2cap_pi(sk)->chan; 860 conn = chan->conn; 861 862 if (conn) 863 mutex_lock(&conn->chan_lock); 864 865 l2cap_chan_lock(chan); 866 lock_sock(sk); 867 868 if (!sk->sk_shutdown) { 869 if (chan->mode == L2CAP_MODE_ERTM) 870 err = __l2cap_wait_ack(sk); 871 872 sk->sk_shutdown = SHUTDOWN_MASK; 873 874 release_sock(sk); 875 l2cap_chan_close(chan, 0); 876 lock_sock(sk); 877 878 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 879 err = bt_sock_wait_state(sk, BT_CLOSED, 880 sk->sk_lingertime); 881 } 882 883 if (!err && sk->sk_err) 884 err = -sk->sk_err; 885 886 release_sock(sk); 887 l2cap_chan_unlock(chan); 888 889 if (conn) 890 mutex_unlock(&conn->chan_lock); 891 892 return err; 893} 894 895static int l2cap_sock_release(struct socket *sock) 896{ 897 struct sock *sk = sock->sk; 898 int err; 899 900 BT_DBG("sock %p, sk %p", sock, sk); 901 902 if (!sk) 903 return 0; 904 905 bt_sock_unlink(&l2cap_sk_list, sk); 906 907 err = l2cap_sock_shutdown(sock, 2); 908 909 sock_orphan(sk); 910 l2cap_sock_kill(sk); 911 return err; 912} 913 914static void l2cap_sock_cleanup_listen(struct sock *parent) 915{ 916 struct sock *sk; 917 918 BT_DBG("parent %p", parent); 919 920 /* Close not yet accepted channels */ 921 while ((sk = bt_accept_dequeue(parent, NULL))) { 922 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 923 924 l2cap_chan_lock(chan); 925 __clear_chan_timer(chan); 926 l2cap_chan_close(chan, ECONNRESET); 927 l2cap_chan_unlock(chan); 928 929 l2cap_sock_kill(sk); 930 } 931} 932 933static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 934{ 935 struct sock *sk, *parent = chan->data; 936 937 /* Check for backlog size */ 938 if (sk_acceptq_is_full(parent)) { 939 BT_DBG("backlog full %d", parent->sk_ack_backlog); 940 return NULL; 941 } 942 943 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 944 GFP_ATOMIC); 945 if (!sk) 946 return NULL; 947 948 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 949 950 l2cap_sock_init(sk, parent); 951 952 return l2cap_pi(sk)->chan; 953} 954 955static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 956{ 957 int err; 958 struct sock *sk = chan->data; 959 struct l2cap_pinfo *pi = l2cap_pi(sk); 960 961 lock_sock(sk); 962 963 if (pi->rx_busy_skb) { 964 err = -ENOMEM; 965 goto done; 966 } 967 968 err = sock_queue_rcv_skb(sk, skb); 969 970 /* For ERTM, handle one skb that doesn't fit into the recv 971 * buffer. This is important to do because the data frames 972 * have already been acked, so the skb cannot be discarded. 973 * 974 * Notify the l2cap core that the buffer is full, so the 975 * LOCAL_BUSY state is entered and no more frames are 976 * acked and reassembled until there is buffer space 977 * available. 978 */ 979 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 980 pi->rx_busy_skb = skb; 981 l2cap_chan_busy(pi->chan, 1); 982 err = 0; 983 } 984 985done: 986 release_sock(sk); 987 988 return err; 989} 990 991static void l2cap_sock_close_cb(struct l2cap_chan *chan) 992{ 993 struct sock *sk = chan->data; 994 995 l2cap_sock_kill(sk); 996} 997 998static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 999{ 1000 struct sock *sk = chan->data; 1001 struct sock *parent; 1002 1003 lock_sock(sk); 1004 1005 parent = bt_sk(sk)->parent; 1006 1007 sock_set_flag(sk, SOCK_ZAPPED); 1008 1009 switch (chan->state) { 1010 case BT_OPEN: 1011 case BT_BOUND: 1012 case BT_CLOSED: 1013 break; 1014 case BT_LISTEN: 1015 l2cap_sock_cleanup_listen(sk); 1016 sk->sk_state = BT_CLOSED; 1017 chan->state = BT_CLOSED; 1018 1019 break; 1020 default: 1021 sk->sk_state = BT_CLOSED; 1022 chan->state = BT_CLOSED; 1023 1024 sk->sk_err = err; 1025 1026 if (parent) { 1027 bt_accept_unlink(sk); 1028 parent->sk_data_ready(parent, 0); 1029 } else { 1030 sk->sk_state_change(sk); 1031 } 1032 1033 break; 1034 } 1035 1036 release_sock(sk); 1037} 1038 1039static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1040{ 1041 struct sock *sk = chan->data; 1042 1043 sk->sk_state = state; 1044} 1045 1046static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1047 unsigned long len, int nb) 1048{ 1049 struct sk_buff *skb; 1050 int err; 1051 1052 l2cap_chan_unlock(chan); 1053 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1054 l2cap_chan_lock(chan); 1055 1056 if (!skb) 1057 return ERR_PTR(err); 1058 1059 return skb; 1060} 1061 1062static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1063{ 1064 struct sock *sk = chan->data; 1065 struct sock *parent; 1066 1067 lock_sock(sk); 1068 1069 parent = bt_sk(sk)->parent; 1070 1071 BT_DBG("sk %p, parent %p", sk, parent); 1072 1073 sk->sk_state = BT_CONNECTED; 1074 sk->sk_state_change(sk); 1075 1076 if (parent) 1077 parent->sk_data_ready(parent, 0); 1078 1079 release_sock(sk); 1080} 1081 1082static struct l2cap_ops l2cap_chan_ops = { 1083 .name = "L2CAP Socket Interface", 1084 .new_connection = l2cap_sock_new_connection_cb, 1085 .recv = l2cap_sock_recv_cb, 1086 .close = l2cap_sock_close_cb, 1087 .teardown = l2cap_sock_teardown_cb, 1088 .state_change = l2cap_sock_state_change_cb, 1089 .ready = l2cap_sock_ready_cb, 1090 .alloc_skb = l2cap_sock_alloc_skb_cb, 1091}; 1092 1093static void l2cap_sock_destruct(struct sock *sk) 1094{ 1095 BT_DBG("sk %p", sk); 1096 1097 if (l2cap_pi(sk)->chan) 1098 l2cap_chan_put(l2cap_pi(sk)->chan); 1099 if (l2cap_pi(sk)->rx_busy_skb) { 1100 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1101 l2cap_pi(sk)->rx_busy_skb = NULL; 1102 } 1103 1104 skb_queue_purge(&sk->sk_receive_queue); 1105 skb_queue_purge(&sk->sk_write_queue); 1106} 1107 1108static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1109{ 1110 struct l2cap_pinfo *pi = l2cap_pi(sk); 1111 struct l2cap_chan *chan = pi->chan; 1112 1113 BT_DBG("sk %p", sk); 1114 1115 if (parent) { 1116 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1117 1118 sk->sk_type = parent->sk_type; 1119 bt_sk(sk)->flags = bt_sk(parent)->flags; 1120 1121 chan->chan_type = pchan->chan_type; 1122 chan->imtu = pchan->imtu; 1123 chan->omtu = pchan->omtu; 1124 chan->conf_state = pchan->conf_state; 1125 chan->mode = pchan->mode; 1126 chan->fcs = pchan->fcs; 1127 chan->max_tx = pchan->max_tx; 1128 chan->tx_win = pchan->tx_win; 1129 chan->tx_win_max = pchan->tx_win_max; 1130 chan->sec_level = pchan->sec_level; 1131 chan->flags = pchan->flags; 1132 1133 security_sk_clone(parent, sk); 1134 } else { 1135 1136 switch (sk->sk_type) { 1137 case SOCK_RAW: 1138 chan->chan_type = L2CAP_CHAN_RAW; 1139 break; 1140 case SOCK_DGRAM: 1141 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1142 break; 1143 case SOCK_SEQPACKET: 1144 case SOCK_STREAM: 1145 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1146 break; 1147 } 1148 1149 chan->imtu = L2CAP_DEFAULT_MTU; 1150 chan->omtu = 0; 1151 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1152 chan->mode = L2CAP_MODE_ERTM; 1153 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1154 } else { 1155 chan->mode = L2CAP_MODE_BASIC; 1156 } 1157 1158 l2cap_chan_set_defaults(chan); 1159 } 1160 1161 /* Default config options */ 1162 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1163 1164 chan->data = sk; 1165 chan->ops = &l2cap_chan_ops; 1166} 1167 1168static struct proto l2cap_proto = { 1169 .name = "L2CAP", 1170 .owner = THIS_MODULE, 1171 .obj_size = sizeof(struct l2cap_pinfo) 1172}; 1173 1174static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1175 int proto, gfp_t prio) 1176{ 1177 struct sock *sk; 1178 struct l2cap_chan *chan; 1179 1180 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1181 if (!sk) 1182 return NULL; 1183 1184 sock_init_data(sock, sk); 1185 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1186 1187 sk->sk_destruct = l2cap_sock_destruct; 1188 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1189 1190 sock_reset_flag(sk, SOCK_ZAPPED); 1191 1192 sk->sk_protocol = proto; 1193 sk->sk_state = BT_OPEN; 1194 1195 chan = l2cap_chan_create(); 1196 if (!chan) { 1197 sk_free(sk); 1198 return NULL; 1199 } 1200 1201 l2cap_chan_hold(chan); 1202 1203 chan->sk = sk; 1204 1205 l2cap_pi(sk)->chan = chan; 1206 1207 return sk; 1208} 1209 1210static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1211 int kern) 1212{ 1213 struct sock *sk; 1214 1215 BT_DBG("sock %p", sock); 1216 1217 sock->state = SS_UNCONNECTED; 1218 1219 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1220 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1221 return -ESOCKTNOSUPPORT; 1222 1223 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1224 return -EPERM; 1225 1226 sock->ops = &l2cap_sock_ops; 1227 1228 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1229 if (!sk) 1230 return -ENOMEM; 1231 1232 l2cap_sock_init(sk, NULL); 1233 bt_sock_link(&l2cap_sk_list, sk); 1234 return 0; 1235} 1236 1237static const struct proto_ops l2cap_sock_ops = { 1238 .family = PF_BLUETOOTH, 1239 .owner = THIS_MODULE, 1240 .release = l2cap_sock_release, 1241 .bind = l2cap_sock_bind, 1242 .connect = l2cap_sock_connect, 1243 .listen = l2cap_sock_listen, 1244 .accept = l2cap_sock_accept, 1245 .getname = l2cap_sock_getname, 1246 .sendmsg = l2cap_sock_sendmsg, 1247 .recvmsg = l2cap_sock_recvmsg, 1248 .poll = bt_sock_poll, 1249 .ioctl = bt_sock_ioctl, 1250 .mmap = sock_no_mmap, 1251 .socketpair = sock_no_socketpair, 1252 .shutdown = l2cap_sock_shutdown, 1253 .setsockopt = l2cap_sock_setsockopt, 1254 .getsockopt = l2cap_sock_getsockopt 1255}; 1256 1257static const struct net_proto_family l2cap_sock_family_ops = { 1258 .family = PF_BLUETOOTH, 1259 .owner = THIS_MODULE, 1260 .create = l2cap_sock_create, 1261}; 1262 1263int __init l2cap_init_sockets(void) 1264{ 1265 int err; 1266 1267 err = proto_register(&l2cap_proto, 0); 1268 if (err < 0) 1269 return err; 1270 1271 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1272 if (err < 0) { 1273 BT_ERR("L2CAP socket registration failed"); 1274 goto error; 1275 } 1276 1277 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, 1278 NULL); 1279 if (err < 0) { 1280 BT_ERR("Failed to create L2CAP proc file"); 1281 bt_sock_unregister(BTPROTO_L2CAP); 1282 goto error; 1283 } 1284 1285 BT_INFO("L2CAP socket layer initialized"); 1286 1287 return 0; 1288 1289error: 1290 proto_unregister(&l2cap_proto); 1291 return err; 1292} 1293 1294void l2cap_cleanup_sockets(void) 1295{ 1296 bt_procfs_cleanup(&init_net, "l2cap"); 1297 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1298 BT_ERR("L2CAP socket unregistration failed"); 1299 1300 proto_unregister(&l2cap_proto); 1301} 1302