l2cap_sock.c revision 2edf870d198adeb43d5a2a5ddfa7e3cea4fc999b
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35 36#include "smp.h" 37 38static struct bt_sock_list l2cap_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 40}; 41 42static const struct proto_ops l2cap_sock_ops; 43static void l2cap_sock_init(struct sock *sk, struct sock *parent); 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 45 int proto, gfp_t prio); 46 47bool l2cap_is_socket(struct socket *sock) 48{ 49 return sock && sock->ops == &l2cap_sock_ops; 50} 51EXPORT_SYMBOL(l2cap_is_socket); 52 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 54{ 55 struct sock *sk = sock->sk; 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 57 struct sockaddr_l2 la; 58 int len, err = 0; 59 60 BT_DBG("sk %p", sk); 61 62 if (!addr || addr->sa_family != AF_BLUETOOTH) 63 return -EINVAL; 64 65 memset(&la, 0, sizeof(la)); 66 len = min_t(unsigned int, sizeof(la), alen); 67 memcpy(&la, addr, len); 68 69 if (la.l2_cid && la.l2_psm) 70 return -EINVAL; 71 72 lock_sock(sk); 73 74 if (sk->sk_state != BT_OPEN) { 75 err = -EBADFD; 76 goto done; 77 } 78 79 if (la.l2_psm) { 80 __u16 psm = __le16_to_cpu(la.l2_psm); 81 82 /* PSM must be odd and lsb of upper byte must be 0 */ 83 if ((psm & 0x0101) != 0x0001) { 84 err = -EINVAL; 85 goto done; 86 } 87 88 /* Restrict usage of well-known PSMs */ 89 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 90 err = -EACCES; 91 goto done; 92 } 93 } 94 95 if (la.l2_cid) 96 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 97 else 98 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 99 100 if (err < 0) 101 goto done; 102 103 switch (chan->chan_type) { 104 case L2CAP_CHAN_CONN_LESS: 105 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 106 chan->sec_level = BT_SECURITY_SDP; 107 break; 108 case L2CAP_CHAN_CONN_ORIENTED: 109 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 110 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 111 chan->sec_level = BT_SECURITY_SDP; 112 break; 113 } 114 115 bacpy(&chan->src, &la.l2_bdaddr); 116 chan->src_type = la.l2_bdaddr_type; 117 118 chan->state = BT_BOUND; 119 sk->sk_state = BT_BOUND; 120 121done: 122 release_sock(sk); 123 return err; 124} 125 126static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 127 int alen, int flags) 128{ 129 struct sock *sk = sock->sk; 130 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 131 struct sockaddr_l2 la; 132 int len, err = 0; 133 134 BT_DBG("sk %p", sk); 135 136 if (!addr || alen < sizeof(addr->sa_family) || 137 addr->sa_family != AF_BLUETOOTH) 138 return -EINVAL; 139 140 memset(&la, 0, sizeof(la)); 141 len = min_t(unsigned int, sizeof(la), alen); 142 memcpy(&la, addr, len); 143 144 if (la.l2_cid && la.l2_psm) 145 return -EINVAL; 146 147 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 148 &la.l2_bdaddr, la.l2_bdaddr_type); 149 if (err) 150 return err; 151 152 lock_sock(sk); 153 154 err = bt_sock_wait_state(sk, BT_CONNECTED, 155 sock_sndtimeo(sk, flags & O_NONBLOCK)); 156 157 release_sock(sk); 158 159 return err; 160} 161 162static int l2cap_sock_listen(struct socket *sock, int backlog) 163{ 164 struct sock *sk = sock->sk; 165 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 166 int err = 0; 167 168 BT_DBG("sk %p backlog %d", sk, backlog); 169 170 lock_sock(sk); 171 172 if (sk->sk_state != BT_BOUND) { 173 err = -EBADFD; 174 goto done; 175 } 176 177 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 178 err = -EINVAL; 179 goto done; 180 } 181 182 switch (chan->mode) { 183 case L2CAP_MODE_BASIC: 184 break; 185 case L2CAP_MODE_ERTM: 186 case L2CAP_MODE_STREAMING: 187 if (!disable_ertm) 188 break; 189 /* fall through */ 190 default: 191 err = -ENOTSUPP; 192 goto done; 193 } 194 195 sk->sk_max_ack_backlog = backlog; 196 sk->sk_ack_backlog = 0; 197 198 chan->state = BT_LISTEN; 199 sk->sk_state = BT_LISTEN; 200 201done: 202 release_sock(sk); 203 return err; 204} 205 206static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 207 int flags) 208{ 209 DECLARE_WAITQUEUE(wait, current); 210 struct sock *sk = sock->sk, *nsk; 211 long timeo; 212 int err = 0; 213 214 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 215 216 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 217 218 BT_DBG("sk %p timeo %ld", sk, timeo); 219 220 /* Wait for an incoming connection. (wake-one). */ 221 add_wait_queue_exclusive(sk_sleep(sk), &wait); 222 while (1) { 223 set_current_state(TASK_INTERRUPTIBLE); 224 225 if (sk->sk_state != BT_LISTEN) { 226 err = -EBADFD; 227 break; 228 } 229 230 nsk = bt_accept_dequeue(sk, newsock); 231 if (nsk) 232 break; 233 234 if (!timeo) { 235 err = -EAGAIN; 236 break; 237 } 238 239 if (signal_pending(current)) { 240 err = sock_intr_errno(timeo); 241 break; 242 } 243 244 release_sock(sk); 245 timeo = schedule_timeout(timeo); 246 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 247 } 248 __set_current_state(TASK_RUNNING); 249 remove_wait_queue(sk_sleep(sk), &wait); 250 251 if (err) 252 goto done; 253 254 newsock->state = SS_CONNECTED; 255 256 BT_DBG("new socket %p", nsk); 257 258done: 259 release_sock(sk); 260 return err; 261} 262 263static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 264 int *len, int peer) 265{ 266 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 267 struct sock *sk = sock->sk; 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 269 270 BT_DBG("sock %p, sk %p", sock, sk); 271 272 memset(la, 0, sizeof(struct sockaddr_l2)); 273 addr->sa_family = AF_BLUETOOTH; 274 *len = sizeof(struct sockaddr_l2); 275 276 if (peer) { 277 la->l2_psm = chan->psm; 278 bacpy(&la->l2_bdaddr, &chan->dst); 279 la->l2_cid = cpu_to_le16(chan->dcid); 280 la->l2_bdaddr_type = chan->dst_type; 281 } else { 282 la->l2_psm = chan->sport; 283 bacpy(&la->l2_bdaddr, &chan->src); 284 la->l2_cid = cpu_to_le16(chan->scid); 285 la->l2_bdaddr_type = chan->src_type; 286 } 287 288 return 0; 289} 290 291static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 292 char __user *optval, int __user *optlen) 293{ 294 struct sock *sk = sock->sk; 295 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 296 struct l2cap_options opts; 297 struct l2cap_conninfo cinfo; 298 int len, err = 0; 299 u32 opt; 300 301 BT_DBG("sk %p", sk); 302 303 if (get_user(len, optlen)) 304 return -EFAULT; 305 306 lock_sock(sk); 307 308 switch (optname) { 309 case L2CAP_OPTIONS: 310 memset(&opts, 0, sizeof(opts)); 311 opts.imtu = chan->imtu; 312 opts.omtu = chan->omtu; 313 opts.flush_to = chan->flush_to; 314 opts.mode = chan->mode; 315 opts.fcs = chan->fcs; 316 opts.max_tx = chan->max_tx; 317 opts.txwin_size = chan->tx_win; 318 319 len = min_t(unsigned int, len, sizeof(opts)); 320 if (copy_to_user(optval, (char *) &opts, len)) 321 err = -EFAULT; 322 323 break; 324 325 case L2CAP_LM: 326 switch (chan->sec_level) { 327 case BT_SECURITY_LOW: 328 opt = L2CAP_LM_AUTH; 329 break; 330 case BT_SECURITY_MEDIUM: 331 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 332 break; 333 case BT_SECURITY_HIGH: 334 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 335 L2CAP_LM_SECURE; 336 break; 337 default: 338 opt = 0; 339 break; 340 } 341 342 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 343 opt |= L2CAP_LM_MASTER; 344 345 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 346 opt |= L2CAP_LM_RELIABLE; 347 348 if (put_user(opt, (u32 __user *) optval)) 349 err = -EFAULT; 350 break; 351 352 case L2CAP_CONNINFO: 353 if (sk->sk_state != BT_CONNECTED && 354 !(sk->sk_state == BT_CONNECT2 && 355 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 356 err = -ENOTCONN; 357 break; 358 } 359 360 memset(&cinfo, 0, sizeof(cinfo)); 361 cinfo.hci_handle = chan->conn->hcon->handle; 362 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 363 364 len = min_t(unsigned int, len, sizeof(cinfo)); 365 if (copy_to_user(optval, (char *) &cinfo, len)) 366 err = -EFAULT; 367 368 break; 369 370 default: 371 err = -ENOPROTOOPT; 372 break; 373 } 374 375 release_sock(sk); 376 return err; 377} 378 379static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 380 char __user *optval, int __user *optlen) 381{ 382 struct sock *sk = sock->sk; 383 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 384 struct bt_security sec; 385 struct bt_power pwr; 386 int len, err = 0; 387 388 BT_DBG("sk %p", sk); 389 390 if (level == SOL_L2CAP) 391 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 392 393 if (level != SOL_BLUETOOTH) 394 return -ENOPROTOOPT; 395 396 if (get_user(len, optlen)) 397 return -EFAULT; 398 399 lock_sock(sk); 400 401 switch (optname) { 402 case BT_SECURITY: 403 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 404 chan->chan_type != L2CAP_CHAN_RAW) { 405 err = -EINVAL; 406 break; 407 } 408 409 memset(&sec, 0, sizeof(sec)); 410 if (chan->conn) { 411 sec.level = chan->conn->hcon->sec_level; 412 413 if (sk->sk_state == BT_CONNECTED) 414 sec.key_size = chan->conn->hcon->enc_key_size; 415 } else { 416 sec.level = chan->sec_level; 417 } 418 419 len = min_t(unsigned int, len, sizeof(sec)); 420 if (copy_to_user(optval, (char *) &sec, len)) 421 err = -EFAULT; 422 423 break; 424 425 case BT_DEFER_SETUP: 426 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 427 err = -EINVAL; 428 break; 429 } 430 431 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 432 (u32 __user *) optval)) 433 err = -EFAULT; 434 435 break; 436 437 case BT_FLUSHABLE: 438 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 439 (u32 __user *) optval)) 440 err = -EFAULT; 441 442 break; 443 444 case BT_POWER: 445 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 446 && sk->sk_type != SOCK_RAW) { 447 err = -EINVAL; 448 break; 449 } 450 451 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 452 453 len = min_t(unsigned int, len, sizeof(pwr)); 454 if (copy_to_user(optval, (char *) &pwr, len)) 455 err = -EFAULT; 456 457 break; 458 459 case BT_CHANNEL_POLICY: 460 if (put_user(chan->chan_policy, (u32 __user *) optval)) 461 err = -EFAULT; 462 break; 463 464 default: 465 err = -ENOPROTOOPT; 466 break; 467 } 468 469 release_sock(sk); 470 return err; 471} 472 473static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 474{ 475 switch (chan->scid) { 476 case L2CAP_CID_ATT: 477 if (mtu < L2CAP_LE_MIN_MTU) 478 return false; 479 break; 480 481 default: 482 if (mtu < L2CAP_DEFAULT_MIN_MTU) 483 return false; 484 } 485 486 return true; 487} 488 489static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 490 char __user *optval, unsigned int optlen) 491{ 492 struct sock *sk = sock->sk; 493 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 494 struct l2cap_options opts; 495 int len, err = 0; 496 u32 opt; 497 498 BT_DBG("sk %p", sk); 499 500 lock_sock(sk); 501 502 switch (optname) { 503 case L2CAP_OPTIONS: 504 if (sk->sk_state == BT_CONNECTED) { 505 err = -EINVAL; 506 break; 507 } 508 509 opts.imtu = chan->imtu; 510 opts.omtu = chan->omtu; 511 opts.flush_to = chan->flush_to; 512 opts.mode = chan->mode; 513 opts.fcs = chan->fcs; 514 opts.max_tx = chan->max_tx; 515 opts.txwin_size = chan->tx_win; 516 517 len = min_t(unsigned int, sizeof(opts), optlen); 518 if (copy_from_user((char *) &opts, optval, len)) { 519 err = -EFAULT; 520 break; 521 } 522 523 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 524 err = -EINVAL; 525 break; 526 } 527 528 if (!l2cap_valid_mtu(chan, opts.imtu)) { 529 err = -EINVAL; 530 break; 531 } 532 533 chan->mode = opts.mode; 534 switch (chan->mode) { 535 case L2CAP_MODE_BASIC: 536 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 537 break; 538 case L2CAP_MODE_ERTM: 539 case L2CAP_MODE_STREAMING: 540 if (!disable_ertm) 541 break; 542 /* fall through */ 543 default: 544 err = -EINVAL; 545 break; 546 } 547 548 chan->imtu = opts.imtu; 549 chan->omtu = opts.omtu; 550 chan->fcs = opts.fcs; 551 chan->max_tx = opts.max_tx; 552 chan->tx_win = opts.txwin_size; 553 chan->flush_to = opts.flush_to; 554 break; 555 556 case L2CAP_LM: 557 if (get_user(opt, (u32 __user *) optval)) { 558 err = -EFAULT; 559 break; 560 } 561 562 if (opt & L2CAP_LM_AUTH) 563 chan->sec_level = BT_SECURITY_LOW; 564 if (opt & L2CAP_LM_ENCRYPT) 565 chan->sec_level = BT_SECURITY_MEDIUM; 566 if (opt & L2CAP_LM_SECURE) 567 chan->sec_level = BT_SECURITY_HIGH; 568 569 if (opt & L2CAP_LM_MASTER) 570 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 571 else 572 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 573 574 if (opt & L2CAP_LM_RELIABLE) 575 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 576 else 577 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 578 break; 579 580 default: 581 err = -ENOPROTOOPT; 582 break; 583 } 584 585 release_sock(sk); 586 return err; 587} 588 589static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 590 char __user *optval, unsigned int optlen) 591{ 592 struct sock *sk = sock->sk; 593 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 594 struct bt_security sec; 595 struct bt_power pwr; 596 struct l2cap_conn *conn; 597 int len, err = 0; 598 u32 opt; 599 600 BT_DBG("sk %p", sk); 601 602 if (level == SOL_L2CAP) 603 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 604 605 if (level != SOL_BLUETOOTH) 606 return -ENOPROTOOPT; 607 608 lock_sock(sk); 609 610 switch (optname) { 611 case BT_SECURITY: 612 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 613 chan->chan_type != L2CAP_CHAN_RAW) { 614 err = -EINVAL; 615 break; 616 } 617 618 sec.level = BT_SECURITY_LOW; 619 620 len = min_t(unsigned int, sizeof(sec), optlen); 621 if (copy_from_user((char *) &sec, optval, len)) { 622 err = -EFAULT; 623 break; 624 } 625 626 if (sec.level < BT_SECURITY_LOW || 627 sec.level > BT_SECURITY_HIGH) { 628 err = -EINVAL; 629 break; 630 } 631 632 chan->sec_level = sec.level; 633 634 if (!chan->conn) 635 break; 636 637 conn = chan->conn; 638 639 /*change security for LE channels */ 640 if (chan->scid == L2CAP_CID_ATT) { 641 if (!conn->hcon->out) { 642 err = -EINVAL; 643 break; 644 } 645 646 if (smp_conn_security(conn->hcon, sec.level)) 647 break; 648 sk->sk_state = BT_CONFIG; 649 chan->state = BT_CONFIG; 650 651 /* or for ACL link */ 652 } else if ((sk->sk_state == BT_CONNECT2 && 653 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 654 sk->sk_state == BT_CONNECTED) { 655 if (!l2cap_chan_check_security(chan)) 656 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 657 else 658 sk->sk_state_change(sk); 659 } else { 660 err = -EINVAL; 661 } 662 break; 663 664 case BT_DEFER_SETUP: 665 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 666 err = -EINVAL; 667 break; 668 } 669 670 if (get_user(opt, (u32 __user *) optval)) { 671 err = -EFAULT; 672 break; 673 } 674 675 if (opt) 676 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 677 else 678 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 679 break; 680 681 case BT_FLUSHABLE: 682 if (get_user(opt, (u32 __user *) optval)) { 683 err = -EFAULT; 684 break; 685 } 686 687 if (opt > BT_FLUSHABLE_ON) { 688 err = -EINVAL; 689 break; 690 } 691 692 if (opt == BT_FLUSHABLE_OFF) { 693 conn = chan->conn; 694 /* proceed further only when we have l2cap_conn and 695 No Flush support in the LM */ 696 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 697 err = -EINVAL; 698 break; 699 } 700 } 701 702 if (opt) 703 set_bit(FLAG_FLUSHABLE, &chan->flags); 704 else 705 clear_bit(FLAG_FLUSHABLE, &chan->flags); 706 break; 707 708 case BT_POWER: 709 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 710 chan->chan_type != L2CAP_CHAN_RAW) { 711 err = -EINVAL; 712 break; 713 } 714 715 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 716 717 len = min_t(unsigned int, sizeof(pwr), optlen); 718 if (copy_from_user((char *) &pwr, optval, len)) { 719 err = -EFAULT; 720 break; 721 } 722 723 if (pwr.force_active) 724 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 725 else 726 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 727 break; 728 729 case BT_CHANNEL_POLICY: 730 if (get_user(opt, (u32 __user *) optval)) { 731 err = -EFAULT; 732 break; 733 } 734 735 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 736 err = -EINVAL; 737 break; 738 } 739 740 if (chan->mode != L2CAP_MODE_ERTM && 741 chan->mode != L2CAP_MODE_STREAMING) { 742 err = -EOPNOTSUPP; 743 break; 744 } 745 746 chan->chan_policy = (u8) opt; 747 748 if (sk->sk_state == BT_CONNECTED && 749 chan->move_role == L2CAP_MOVE_ROLE_NONE) 750 l2cap_move_start(chan); 751 752 break; 753 754 default: 755 err = -ENOPROTOOPT; 756 break; 757 } 758 759 release_sock(sk); 760 return err; 761} 762 763static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 764 struct msghdr *msg, size_t len) 765{ 766 struct sock *sk = sock->sk; 767 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 768 int err; 769 770 BT_DBG("sock %p, sk %p", sock, sk); 771 772 err = sock_error(sk); 773 if (err) 774 return err; 775 776 if (msg->msg_flags & MSG_OOB) 777 return -EOPNOTSUPP; 778 779 if (sk->sk_state != BT_CONNECTED) 780 return -ENOTCONN; 781 782 lock_sock(sk); 783 err = bt_sock_wait_ready(sk, msg->msg_flags); 784 release_sock(sk); 785 if (err) 786 return err; 787 788 l2cap_chan_lock(chan); 789 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 790 l2cap_chan_unlock(chan); 791 792 return err; 793} 794 795static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 796 struct msghdr *msg, size_t len, int flags) 797{ 798 struct sock *sk = sock->sk; 799 struct l2cap_pinfo *pi = l2cap_pi(sk); 800 int err; 801 802 lock_sock(sk); 803 804 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 805 &bt_sk(sk)->flags)) { 806 sk->sk_state = BT_CONFIG; 807 pi->chan->state = BT_CONFIG; 808 809 __l2cap_connect_rsp_defer(pi->chan); 810 err = 0; 811 goto done; 812 } 813 814 release_sock(sk); 815 816 if (sock->type == SOCK_STREAM) 817 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 818 else 819 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 820 821 if (pi->chan->mode != L2CAP_MODE_ERTM) 822 return err; 823 824 /* Attempt to put pending rx data in the socket buffer */ 825 826 lock_sock(sk); 827 828 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 829 goto done; 830 831 if (pi->rx_busy_skb) { 832 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 833 pi->rx_busy_skb = NULL; 834 else 835 goto done; 836 } 837 838 /* Restore data flow when half of the receive buffer is 839 * available. This avoids resending large numbers of 840 * frames. 841 */ 842 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 843 l2cap_chan_busy(pi->chan, 0); 844 845done: 846 release_sock(sk); 847 return err; 848} 849 850/* Kill socket (only if zapped and orphan) 851 * Must be called on unlocked socket. 852 */ 853static void l2cap_sock_kill(struct sock *sk) 854{ 855 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 856 return; 857 858 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 859 860 /* Kill poor orphan */ 861 862 l2cap_chan_put(l2cap_pi(sk)->chan); 863 sock_set_flag(sk, SOCK_DEAD); 864 sock_put(sk); 865} 866 867static int l2cap_sock_shutdown(struct socket *sock, int how) 868{ 869 struct sock *sk = sock->sk; 870 struct l2cap_chan *chan; 871 struct l2cap_conn *conn; 872 int err = 0; 873 874 BT_DBG("sock %p, sk %p", sock, sk); 875 876 if (!sk) 877 return 0; 878 879 chan = l2cap_pi(sk)->chan; 880 conn = chan->conn; 881 882 if (conn) 883 mutex_lock(&conn->chan_lock); 884 885 l2cap_chan_lock(chan); 886 lock_sock(sk); 887 888 if (!sk->sk_shutdown) { 889 if (chan->mode == L2CAP_MODE_ERTM) 890 err = __l2cap_wait_ack(sk); 891 892 sk->sk_shutdown = SHUTDOWN_MASK; 893 894 release_sock(sk); 895 l2cap_chan_close(chan, 0); 896 lock_sock(sk); 897 898 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 899 err = bt_sock_wait_state(sk, BT_CLOSED, 900 sk->sk_lingertime); 901 } 902 903 if (!err && sk->sk_err) 904 err = -sk->sk_err; 905 906 release_sock(sk); 907 l2cap_chan_unlock(chan); 908 909 if (conn) 910 mutex_unlock(&conn->chan_lock); 911 912 return err; 913} 914 915static int l2cap_sock_release(struct socket *sock) 916{ 917 struct sock *sk = sock->sk; 918 int err; 919 920 BT_DBG("sock %p, sk %p", sock, sk); 921 922 if (!sk) 923 return 0; 924 925 bt_sock_unlink(&l2cap_sk_list, sk); 926 927 err = l2cap_sock_shutdown(sock, 2); 928 929 sock_orphan(sk); 930 l2cap_sock_kill(sk); 931 return err; 932} 933 934static void l2cap_sock_cleanup_listen(struct sock *parent) 935{ 936 struct sock *sk; 937 938 BT_DBG("parent %p", parent); 939 940 /* Close not yet accepted channels */ 941 while ((sk = bt_accept_dequeue(parent, NULL))) { 942 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 943 944 l2cap_chan_lock(chan); 945 __clear_chan_timer(chan); 946 l2cap_chan_close(chan, ECONNRESET); 947 l2cap_chan_unlock(chan); 948 949 l2cap_sock_kill(sk); 950 } 951} 952 953static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 954{ 955 struct sock *sk, *parent = chan->data; 956 957 /* Check for backlog size */ 958 if (sk_acceptq_is_full(parent)) { 959 BT_DBG("backlog full %d", parent->sk_ack_backlog); 960 return NULL; 961 } 962 963 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 964 GFP_ATOMIC); 965 if (!sk) 966 return NULL; 967 968 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 969 970 l2cap_sock_init(sk, parent); 971 972 bt_accept_enqueue(parent, sk); 973 974 return l2cap_pi(sk)->chan; 975} 976 977static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 978{ 979 struct sock *sk = chan->data; 980 int err; 981 982 lock_sock(sk); 983 984 if (l2cap_pi(sk)->rx_busy_skb) { 985 err = -ENOMEM; 986 goto done; 987 } 988 989 err = sock_queue_rcv_skb(sk, skb); 990 991 /* For ERTM, handle one skb that doesn't fit into the recv 992 * buffer. This is important to do because the data frames 993 * have already been acked, so the skb cannot be discarded. 994 * 995 * Notify the l2cap core that the buffer is full, so the 996 * LOCAL_BUSY state is entered and no more frames are 997 * acked and reassembled until there is buffer space 998 * available. 999 */ 1000 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1001 l2cap_pi(sk)->rx_busy_skb = skb; 1002 l2cap_chan_busy(chan, 1); 1003 err = 0; 1004 } 1005 1006done: 1007 release_sock(sk); 1008 1009 return err; 1010} 1011 1012static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1013{ 1014 struct sock *sk = chan->data; 1015 1016 l2cap_sock_kill(sk); 1017} 1018 1019static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1020{ 1021 struct sock *sk = chan->data; 1022 struct sock *parent; 1023 1024 lock_sock(sk); 1025 1026 parent = bt_sk(sk)->parent; 1027 1028 sock_set_flag(sk, SOCK_ZAPPED); 1029 1030 switch (chan->state) { 1031 case BT_OPEN: 1032 case BT_BOUND: 1033 case BT_CLOSED: 1034 break; 1035 case BT_LISTEN: 1036 l2cap_sock_cleanup_listen(sk); 1037 sk->sk_state = BT_CLOSED; 1038 chan->state = BT_CLOSED; 1039 1040 break; 1041 default: 1042 sk->sk_state = BT_CLOSED; 1043 chan->state = BT_CLOSED; 1044 1045 sk->sk_err = err; 1046 1047 if (parent) { 1048 bt_accept_unlink(sk); 1049 parent->sk_data_ready(parent, 0); 1050 } else { 1051 sk->sk_state_change(sk); 1052 } 1053 1054 break; 1055 } 1056 1057 release_sock(sk); 1058} 1059 1060static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1061{ 1062 struct sock *sk = chan->data; 1063 1064 sk->sk_state = state; 1065} 1066 1067static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1068 unsigned long len, int nb) 1069{ 1070 struct sk_buff *skb; 1071 int err; 1072 1073 l2cap_chan_unlock(chan); 1074 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1075 l2cap_chan_lock(chan); 1076 1077 if (!skb) 1078 return ERR_PTR(err); 1079 1080 return skb; 1081} 1082 1083static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1084{ 1085 struct sock *sk = chan->data; 1086 struct sock *parent; 1087 1088 lock_sock(sk); 1089 1090 parent = bt_sk(sk)->parent; 1091 1092 BT_DBG("sk %p, parent %p", sk, parent); 1093 1094 sk->sk_state = BT_CONNECTED; 1095 sk->sk_state_change(sk); 1096 1097 if (parent) 1098 parent->sk_data_ready(parent, 0); 1099 1100 release_sock(sk); 1101} 1102 1103static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1104{ 1105 struct sock *sk = chan->data; 1106 struct sock *parent = bt_sk(sk)->parent; 1107 1108 if (parent) 1109 parent->sk_data_ready(parent, 0); 1110} 1111 1112static struct l2cap_ops l2cap_chan_ops = { 1113 .name = "L2CAP Socket Interface", 1114 .new_connection = l2cap_sock_new_connection_cb, 1115 .recv = l2cap_sock_recv_cb, 1116 .close = l2cap_sock_close_cb, 1117 .teardown = l2cap_sock_teardown_cb, 1118 .state_change = l2cap_sock_state_change_cb, 1119 .ready = l2cap_sock_ready_cb, 1120 .defer = l2cap_sock_defer_cb, 1121 .alloc_skb = l2cap_sock_alloc_skb_cb, 1122}; 1123 1124static void l2cap_sock_destruct(struct sock *sk) 1125{ 1126 BT_DBG("sk %p", sk); 1127 1128 if (l2cap_pi(sk)->chan) 1129 l2cap_chan_put(l2cap_pi(sk)->chan); 1130 1131 if (l2cap_pi(sk)->rx_busy_skb) { 1132 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1133 l2cap_pi(sk)->rx_busy_skb = NULL; 1134 } 1135 1136 skb_queue_purge(&sk->sk_receive_queue); 1137 skb_queue_purge(&sk->sk_write_queue); 1138} 1139 1140static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1141 int *msg_namelen) 1142{ 1143 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name; 1144 1145 memset(la, 0, sizeof(struct sockaddr_l2)); 1146 la->l2_family = AF_BLUETOOTH; 1147 la->l2_psm = bt_cb(skb)->psm; 1148 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1149 1150 *msg_namelen = sizeof(struct sockaddr_l2); 1151} 1152 1153static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1154{ 1155 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1156 1157 BT_DBG("sk %p", sk); 1158 1159 if (parent) { 1160 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1161 1162 sk->sk_type = parent->sk_type; 1163 bt_sk(sk)->flags = bt_sk(parent)->flags; 1164 1165 chan->chan_type = pchan->chan_type; 1166 chan->imtu = pchan->imtu; 1167 chan->omtu = pchan->omtu; 1168 chan->conf_state = pchan->conf_state; 1169 chan->mode = pchan->mode; 1170 chan->fcs = pchan->fcs; 1171 chan->max_tx = pchan->max_tx; 1172 chan->tx_win = pchan->tx_win; 1173 chan->tx_win_max = pchan->tx_win_max; 1174 chan->sec_level = pchan->sec_level; 1175 chan->flags = pchan->flags; 1176 1177 security_sk_clone(parent, sk); 1178 } else { 1179 switch (sk->sk_type) { 1180 case SOCK_RAW: 1181 chan->chan_type = L2CAP_CHAN_RAW; 1182 break; 1183 case SOCK_DGRAM: 1184 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1185 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1186 break; 1187 case SOCK_SEQPACKET: 1188 case SOCK_STREAM: 1189 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1190 break; 1191 } 1192 1193 chan->imtu = L2CAP_DEFAULT_MTU; 1194 chan->omtu = 0; 1195 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1196 chan->mode = L2CAP_MODE_ERTM; 1197 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1198 } else { 1199 chan->mode = L2CAP_MODE_BASIC; 1200 } 1201 1202 l2cap_chan_set_defaults(chan); 1203 } 1204 1205 /* Default config options */ 1206 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1207 1208 chan->data = sk; 1209 chan->ops = &l2cap_chan_ops; 1210} 1211 1212static struct proto l2cap_proto = { 1213 .name = "L2CAP", 1214 .owner = THIS_MODULE, 1215 .obj_size = sizeof(struct l2cap_pinfo) 1216}; 1217 1218static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1219 int proto, gfp_t prio) 1220{ 1221 struct sock *sk; 1222 struct l2cap_chan *chan; 1223 1224 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1225 if (!sk) 1226 return NULL; 1227 1228 sock_init_data(sock, sk); 1229 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1230 1231 sk->sk_destruct = l2cap_sock_destruct; 1232 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1233 1234 sock_reset_flag(sk, SOCK_ZAPPED); 1235 1236 sk->sk_protocol = proto; 1237 sk->sk_state = BT_OPEN; 1238 1239 chan = l2cap_chan_create(); 1240 if (!chan) { 1241 sk_free(sk); 1242 return NULL; 1243 } 1244 1245 l2cap_chan_hold(chan); 1246 1247 chan->sk = sk; 1248 1249 l2cap_pi(sk)->chan = chan; 1250 1251 return sk; 1252} 1253 1254static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1255 int kern) 1256{ 1257 struct sock *sk; 1258 1259 BT_DBG("sock %p", sock); 1260 1261 sock->state = SS_UNCONNECTED; 1262 1263 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1264 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1265 return -ESOCKTNOSUPPORT; 1266 1267 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1268 return -EPERM; 1269 1270 sock->ops = &l2cap_sock_ops; 1271 1272 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1273 if (!sk) 1274 return -ENOMEM; 1275 1276 l2cap_sock_init(sk, NULL); 1277 bt_sock_link(&l2cap_sk_list, sk); 1278 return 0; 1279} 1280 1281static const struct proto_ops l2cap_sock_ops = { 1282 .family = PF_BLUETOOTH, 1283 .owner = THIS_MODULE, 1284 .release = l2cap_sock_release, 1285 .bind = l2cap_sock_bind, 1286 .connect = l2cap_sock_connect, 1287 .listen = l2cap_sock_listen, 1288 .accept = l2cap_sock_accept, 1289 .getname = l2cap_sock_getname, 1290 .sendmsg = l2cap_sock_sendmsg, 1291 .recvmsg = l2cap_sock_recvmsg, 1292 .poll = bt_sock_poll, 1293 .ioctl = bt_sock_ioctl, 1294 .mmap = sock_no_mmap, 1295 .socketpair = sock_no_socketpair, 1296 .shutdown = l2cap_sock_shutdown, 1297 .setsockopt = l2cap_sock_setsockopt, 1298 .getsockopt = l2cap_sock_getsockopt 1299}; 1300 1301static const struct net_proto_family l2cap_sock_family_ops = { 1302 .family = PF_BLUETOOTH, 1303 .owner = THIS_MODULE, 1304 .create = l2cap_sock_create, 1305}; 1306 1307int __init l2cap_init_sockets(void) 1308{ 1309 int err; 1310 1311 err = proto_register(&l2cap_proto, 0); 1312 if (err < 0) 1313 return err; 1314 1315 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1316 if (err < 0) { 1317 BT_ERR("L2CAP socket registration failed"); 1318 goto error; 1319 } 1320 1321 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1322 NULL); 1323 if (err < 0) { 1324 BT_ERR("Failed to create L2CAP proc file"); 1325 bt_sock_unregister(BTPROTO_L2CAP); 1326 goto error; 1327 } 1328 1329 BT_INFO("L2CAP socket layer initialized"); 1330 1331 return 0; 1332 1333error: 1334 proto_unregister(&l2cap_proto); 1335 return err; 1336} 1337 1338void l2cap_cleanup_sockets(void) 1339{ 1340 bt_procfs_cleanup(&init_net, "l2cap"); 1341 bt_sock_unregister(BTPROTO_L2CAP); 1342 proto_unregister(&l2cap_proto); 1343} 1344