l2cap_sock.c revision 5b28d95c13e876037d2c692e61862bb3e98249af
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35#include <net/bluetooth/smp.h> 36 37static struct bt_sock_list l2cap_sk_list = { 38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39}; 40 41static const struct proto_ops l2cap_sock_ops; 42static void l2cap_sock_init(struct sock *sk, struct sock *parent); 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 44 45static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 46{ 47 struct sock *sk = sock->sk; 48 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 49 struct sockaddr_l2 la; 50 int len, err = 0; 51 52 BT_DBG("sk %p", sk); 53 54 if (!addr || addr->sa_family != AF_BLUETOOTH) 55 return -EINVAL; 56 57 memset(&la, 0, sizeof(la)); 58 len = min_t(unsigned int, sizeof(la), alen); 59 memcpy(&la, addr, len); 60 61 if (la.l2_cid && la.l2_psm) 62 return -EINVAL; 63 64 lock_sock(sk); 65 66 if (sk->sk_state != BT_OPEN) { 67 err = -EBADFD; 68 goto done; 69 } 70 71 if (la.l2_psm) { 72 __u16 psm = __le16_to_cpu(la.l2_psm); 73 74 /* PSM must be odd and lsb of upper byte must be 0 */ 75 if ((psm & 0x0101) != 0x0001) { 76 err = -EINVAL; 77 goto done; 78 } 79 80 /* Restrict usage of well-known PSMs */ 81 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 82 err = -EACCES; 83 goto done; 84 } 85 } 86 87 if (la.l2_cid) 88 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 89 else 90 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 91 92 if (err < 0) 93 goto done; 94 95 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 96 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 97 chan->sec_level = BT_SECURITY_SDP; 98 99 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 100 101 chan->state = BT_BOUND; 102 sk->sk_state = BT_BOUND; 103 104done: 105 release_sock(sk); 106 return err; 107} 108 109static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 110{ 111 struct sock *sk = sock->sk; 112 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 113 struct sockaddr_l2 la; 114 int len, err = 0; 115 116 BT_DBG("sk %p", sk); 117 118 if (!addr || alen < sizeof(addr->sa_family) || 119 addr->sa_family != AF_BLUETOOTH) 120 return -EINVAL; 121 122 memset(&la, 0, sizeof(la)); 123 len = min_t(unsigned int, sizeof(la), alen); 124 memcpy(&la, addr, len); 125 126 if (la.l2_cid && la.l2_psm) 127 return -EINVAL; 128 129 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 130 &la.l2_bdaddr, la.l2_bdaddr_type); 131 if (err) 132 return err; 133 134 lock_sock(sk); 135 136 err = bt_sock_wait_state(sk, BT_CONNECTED, 137 sock_sndtimeo(sk, flags & O_NONBLOCK)); 138 139 release_sock(sk); 140 141 return err; 142} 143 144static int l2cap_sock_listen(struct socket *sock, int backlog) 145{ 146 struct sock *sk = sock->sk; 147 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 148 int err = 0; 149 150 BT_DBG("sk %p backlog %d", sk, backlog); 151 152 lock_sock(sk); 153 154 if (sk->sk_state != BT_BOUND) { 155 err = -EBADFD; 156 goto done; 157 } 158 159 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 160 err = -EINVAL; 161 goto done; 162 } 163 164 switch (chan->mode) { 165 case L2CAP_MODE_BASIC: 166 break; 167 case L2CAP_MODE_ERTM: 168 case L2CAP_MODE_STREAMING: 169 if (!disable_ertm) 170 break; 171 /* fall through */ 172 default: 173 err = -ENOTSUPP; 174 goto done; 175 } 176 177 sk->sk_max_ack_backlog = backlog; 178 sk->sk_ack_backlog = 0; 179 180 chan->state = BT_LISTEN; 181 sk->sk_state = BT_LISTEN; 182 183done: 184 release_sock(sk); 185 return err; 186} 187 188static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 189{ 190 DECLARE_WAITQUEUE(wait, current); 191 struct sock *sk = sock->sk, *nsk; 192 long timeo; 193 int err = 0; 194 195 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 196 197 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 198 199 BT_DBG("sk %p timeo %ld", sk, timeo); 200 201 /* Wait for an incoming connection. (wake-one). */ 202 add_wait_queue_exclusive(sk_sleep(sk), &wait); 203 while (1) { 204 set_current_state(TASK_INTERRUPTIBLE); 205 206 if (sk->sk_state != BT_LISTEN) { 207 err = -EBADFD; 208 break; 209 } 210 211 nsk = bt_accept_dequeue(sk, newsock); 212 if (nsk) 213 break; 214 215 if (!timeo) { 216 err = -EAGAIN; 217 break; 218 } 219 220 if (signal_pending(current)) { 221 err = sock_intr_errno(timeo); 222 break; 223 } 224 225 release_sock(sk); 226 timeo = schedule_timeout(timeo); 227 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 228 } 229 __set_current_state(TASK_RUNNING); 230 remove_wait_queue(sk_sleep(sk), &wait); 231 232 if (err) 233 goto done; 234 235 newsock->state = SS_CONNECTED; 236 237 BT_DBG("new socket %p", nsk); 238 239done: 240 release_sock(sk); 241 return err; 242} 243 244static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 245{ 246 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 247 struct sock *sk = sock->sk; 248 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 249 250 BT_DBG("sock %p, sk %p", sock, sk); 251 252 addr->sa_family = AF_BLUETOOTH; 253 *len = sizeof(struct sockaddr_l2); 254 255 if (peer) { 256 la->l2_psm = chan->psm; 257 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 258 la->l2_cid = cpu_to_le16(chan->dcid); 259 } else { 260 la->l2_psm = chan->sport; 261 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 262 la->l2_cid = cpu_to_le16(chan->scid); 263 } 264 265 return 0; 266} 267 268static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 269{ 270 struct sock *sk = sock->sk; 271 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 272 struct l2cap_options opts; 273 struct l2cap_conninfo cinfo; 274 int len, err = 0; 275 u32 opt; 276 277 BT_DBG("sk %p", sk); 278 279 if (get_user(len, optlen)) 280 return -EFAULT; 281 282 lock_sock(sk); 283 284 switch (optname) { 285 case L2CAP_OPTIONS: 286 memset(&opts, 0, sizeof(opts)); 287 opts.imtu = chan->imtu; 288 opts.omtu = chan->omtu; 289 opts.flush_to = chan->flush_to; 290 opts.mode = chan->mode; 291 opts.fcs = chan->fcs; 292 opts.max_tx = chan->max_tx; 293 opts.txwin_size = chan->tx_win; 294 295 len = min_t(unsigned int, len, sizeof(opts)); 296 if (copy_to_user(optval, (char *) &opts, len)) 297 err = -EFAULT; 298 299 break; 300 301 case L2CAP_LM: 302 switch (chan->sec_level) { 303 case BT_SECURITY_LOW: 304 opt = L2CAP_LM_AUTH; 305 break; 306 case BT_SECURITY_MEDIUM: 307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 308 break; 309 case BT_SECURITY_HIGH: 310 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 311 L2CAP_LM_SECURE; 312 break; 313 default: 314 opt = 0; 315 break; 316 } 317 318 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 319 opt |= L2CAP_LM_MASTER; 320 321 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 322 opt |= L2CAP_LM_RELIABLE; 323 324 if (put_user(opt, (u32 __user *) optval)) 325 err = -EFAULT; 326 break; 327 328 case L2CAP_CONNINFO: 329 if (sk->sk_state != BT_CONNECTED && 330 !(sk->sk_state == BT_CONNECT2 && 331 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 332 err = -ENOTCONN; 333 break; 334 } 335 336 memset(&cinfo, 0, sizeof(cinfo)); 337 cinfo.hci_handle = chan->conn->hcon->handle; 338 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 339 340 len = min_t(unsigned int, len, sizeof(cinfo)); 341 if (copy_to_user(optval, (char *) &cinfo, len)) 342 err = -EFAULT; 343 344 break; 345 346 default: 347 err = -ENOPROTOOPT; 348 break; 349 } 350 351 release_sock(sk); 352 return err; 353} 354 355static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 356{ 357 struct sock *sk = sock->sk; 358 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 359 struct bt_security sec; 360 struct bt_power pwr; 361 int len, err = 0; 362 363 BT_DBG("sk %p", sk); 364 365 if (level == SOL_L2CAP) 366 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 367 368 if (level != SOL_BLUETOOTH) 369 return -ENOPROTOOPT; 370 371 if (get_user(len, optlen)) 372 return -EFAULT; 373 374 lock_sock(sk); 375 376 switch (optname) { 377 case BT_SECURITY: 378 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 379 chan->chan_type != L2CAP_CHAN_RAW) { 380 err = -EINVAL; 381 break; 382 } 383 384 memset(&sec, 0, sizeof(sec)); 385 if (chan->conn) 386 sec.level = chan->conn->hcon->sec_level; 387 else 388 sec.level = chan->sec_level; 389 390 if (sk->sk_state == BT_CONNECTED) 391 sec.key_size = chan->conn->hcon->enc_key_size; 392 393 len = min_t(unsigned int, len, sizeof(sec)); 394 if (copy_to_user(optval, (char *) &sec, len)) 395 err = -EFAULT; 396 397 break; 398 399 case BT_DEFER_SETUP: 400 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 401 err = -EINVAL; 402 break; 403 } 404 405 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 406 (u32 __user *) optval)) 407 err = -EFAULT; 408 409 break; 410 411 case BT_FLUSHABLE: 412 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 413 (u32 __user *) optval)) 414 err = -EFAULT; 415 416 break; 417 418 case BT_POWER: 419 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 420 && sk->sk_type != SOCK_RAW) { 421 err = -EINVAL; 422 break; 423 } 424 425 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 426 427 len = min_t(unsigned int, len, sizeof(pwr)); 428 if (copy_to_user(optval, (char *) &pwr, len)) 429 err = -EFAULT; 430 431 break; 432 433 case BT_CHANNEL_POLICY: 434 if (!enable_hs) { 435 err = -ENOPROTOOPT; 436 break; 437 } 438 439 if (put_user(chan->chan_policy, (u32 __user *) optval)) 440 err = -EFAULT; 441 break; 442 443 default: 444 err = -ENOPROTOOPT; 445 break; 446 } 447 448 release_sock(sk); 449 return err; 450} 451 452static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 453{ 454 switch (chan->scid) { 455 case L2CAP_CID_LE_DATA: 456 if (mtu < L2CAP_LE_MIN_MTU) 457 return false; 458 break; 459 460 default: 461 if (mtu < L2CAP_DEFAULT_MIN_MTU) 462 return false; 463 } 464 465 return true; 466} 467 468static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 469{ 470 struct sock *sk = sock->sk; 471 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 472 struct l2cap_options opts; 473 int len, err = 0; 474 u32 opt; 475 476 BT_DBG("sk %p", sk); 477 478 lock_sock(sk); 479 480 switch (optname) { 481 case L2CAP_OPTIONS: 482 if (sk->sk_state == BT_CONNECTED) { 483 err = -EINVAL; 484 break; 485 } 486 487 opts.imtu = chan->imtu; 488 opts.omtu = chan->omtu; 489 opts.flush_to = chan->flush_to; 490 opts.mode = chan->mode; 491 opts.fcs = chan->fcs; 492 opts.max_tx = chan->max_tx; 493 opts.txwin_size = chan->tx_win; 494 495 len = min_t(unsigned int, sizeof(opts), optlen); 496 if (copy_from_user((char *) &opts, optval, len)) { 497 err = -EFAULT; 498 break; 499 } 500 501 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 502 err = -EINVAL; 503 break; 504 } 505 506 if (!l2cap_valid_mtu(chan, opts.imtu)) { 507 err = -EINVAL; 508 break; 509 } 510 511 chan->mode = opts.mode; 512 switch (chan->mode) { 513 case L2CAP_MODE_BASIC: 514 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 515 break; 516 case L2CAP_MODE_ERTM: 517 case L2CAP_MODE_STREAMING: 518 if (!disable_ertm) 519 break; 520 /* fall through */ 521 default: 522 err = -EINVAL; 523 break; 524 } 525 526 chan->imtu = opts.imtu; 527 chan->omtu = opts.omtu; 528 chan->fcs = opts.fcs; 529 chan->max_tx = opts.max_tx; 530 chan->tx_win = opts.txwin_size; 531 break; 532 533 case L2CAP_LM: 534 if (get_user(opt, (u32 __user *) optval)) { 535 err = -EFAULT; 536 break; 537 } 538 539 if (opt & L2CAP_LM_AUTH) 540 chan->sec_level = BT_SECURITY_LOW; 541 if (opt & L2CAP_LM_ENCRYPT) 542 chan->sec_level = BT_SECURITY_MEDIUM; 543 if (opt & L2CAP_LM_SECURE) 544 chan->sec_level = BT_SECURITY_HIGH; 545 546 if (opt & L2CAP_LM_MASTER) 547 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 548 else 549 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 550 551 if (opt & L2CAP_LM_RELIABLE) 552 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 553 else 554 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 555 break; 556 557 default: 558 err = -ENOPROTOOPT; 559 break; 560 } 561 562 release_sock(sk); 563 return err; 564} 565 566static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 567{ 568 struct sock *sk = sock->sk; 569 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 570 struct bt_security sec; 571 struct bt_power pwr; 572 struct l2cap_conn *conn; 573 int len, err = 0; 574 u32 opt; 575 576 BT_DBG("sk %p", sk); 577 578 if (level == SOL_L2CAP) 579 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 580 581 if (level != SOL_BLUETOOTH) 582 return -ENOPROTOOPT; 583 584 lock_sock(sk); 585 586 switch (optname) { 587 case BT_SECURITY: 588 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 589 chan->chan_type != L2CAP_CHAN_RAW) { 590 err = -EINVAL; 591 break; 592 } 593 594 sec.level = BT_SECURITY_LOW; 595 596 len = min_t(unsigned int, sizeof(sec), optlen); 597 if (copy_from_user((char *) &sec, optval, len)) { 598 err = -EFAULT; 599 break; 600 } 601 602 if (sec.level < BT_SECURITY_LOW || 603 sec.level > BT_SECURITY_HIGH) { 604 err = -EINVAL; 605 break; 606 } 607 608 chan->sec_level = sec.level; 609 610 if (!chan->conn) 611 break; 612 613 conn = chan->conn; 614 615 /*change security for LE channels */ 616 if (chan->scid == L2CAP_CID_LE_DATA) { 617 if (!conn->hcon->out) { 618 err = -EINVAL; 619 break; 620 } 621 622 if (smp_conn_security(conn, sec.level)) 623 break; 624 sk->sk_state = BT_CONFIG; 625 chan->state = BT_CONFIG; 626 627 /* or for ACL link */ 628 } else if ((sk->sk_state == BT_CONNECT2 && 629 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 630 sk->sk_state == BT_CONNECTED) { 631 if (!l2cap_chan_check_security(chan)) 632 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 633 else 634 sk->sk_state_change(sk); 635 } else { 636 err = -EINVAL; 637 } 638 break; 639 640 case BT_DEFER_SETUP: 641 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 642 err = -EINVAL; 643 break; 644 } 645 646 if (get_user(opt, (u32 __user *) optval)) { 647 err = -EFAULT; 648 break; 649 } 650 651 if (opt) 652 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 653 else 654 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 655 break; 656 657 case BT_FLUSHABLE: 658 if (get_user(opt, (u32 __user *) optval)) { 659 err = -EFAULT; 660 break; 661 } 662 663 if (opt > BT_FLUSHABLE_ON) { 664 err = -EINVAL; 665 break; 666 } 667 668 if (opt == BT_FLUSHABLE_OFF) { 669 struct l2cap_conn *conn = chan->conn; 670 /* proceed further only when we have l2cap_conn and 671 No Flush support in the LM */ 672 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 673 err = -EINVAL; 674 break; 675 } 676 } 677 678 if (opt) 679 set_bit(FLAG_FLUSHABLE, &chan->flags); 680 else 681 clear_bit(FLAG_FLUSHABLE, &chan->flags); 682 break; 683 684 case BT_POWER: 685 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 686 chan->chan_type != L2CAP_CHAN_RAW) { 687 err = -EINVAL; 688 break; 689 } 690 691 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 692 693 len = min_t(unsigned int, sizeof(pwr), optlen); 694 if (copy_from_user((char *) &pwr, optval, len)) { 695 err = -EFAULT; 696 break; 697 } 698 699 if (pwr.force_active) 700 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 701 else 702 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 703 break; 704 705 case BT_CHANNEL_POLICY: 706 if (!enable_hs) { 707 err = -ENOPROTOOPT; 708 break; 709 } 710 711 if (get_user(opt, (u32 __user *) optval)) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 717 err = -EINVAL; 718 break; 719 } 720 721 if (chan->mode != L2CAP_MODE_ERTM && 722 chan->mode != L2CAP_MODE_STREAMING) { 723 err = -EOPNOTSUPP; 724 break; 725 } 726 727 chan->chan_policy = (u8) opt; 728 break; 729 730 default: 731 err = -ENOPROTOOPT; 732 break; 733 } 734 735 release_sock(sk); 736 return err; 737} 738 739static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 740{ 741 struct sock *sk = sock->sk; 742 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 743 int err; 744 745 BT_DBG("sock %p, sk %p", sock, sk); 746 747 err = sock_error(sk); 748 if (err) 749 return err; 750 751 if (msg->msg_flags & MSG_OOB) 752 return -EOPNOTSUPP; 753 754 if (sk->sk_state != BT_CONNECTED) 755 return -ENOTCONN; 756 757 l2cap_chan_lock(chan); 758 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 759 l2cap_chan_unlock(chan); 760 761 return err; 762} 763 764static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 765{ 766 struct sock *sk = sock->sk; 767 struct l2cap_pinfo *pi = l2cap_pi(sk); 768 int err; 769 770 lock_sock(sk); 771 772 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 773 &bt_sk(sk)->flags)) { 774 sk->sk_state = BT_CONFIG; 775 pi->chan->state = BT_CONFIG; 776 777 __l2cap_connect_rsp_defer(pi->chan); 778 release_sock(sk); 779 return 0; 780 } 781 782 release_sock(sk); 783 784 if (sock->type == SOCK_STREAM) 785 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 786 else 787 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 788 789 if (pi->chan->mode != L2CAP_MODE_ERTM) 790 return err; 791 792 /* Attempt to put pending rx data in the socket buffer */ 793 794 lock_sock(sk); 795 796 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 797 goto done; 798 799 if (pi->rx_busy_skb) { 800 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 801 pi->rx_busy_skb = NULL; 802 else 803 goto done; 804 } 805 806 /* Restore data flow when half of the receive buffer is 807 * available. This avoids resending large numbers of 808 * frames. 809 */ 810 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 811 l2cap_chan_busy(pi->chan, 0); 812 813done: 814 release_sock(sk); 815 return err; 816} 817 818/* Kill socket (only if zapped and orphan) 819 * Must be called on unlocked socket. 820 */ 821static void l2cap_sock_kill(struct sock *sk) 822{ 823 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 824 return; 825 826 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 827 828 /* Kill poor orphan */ 829 830 l2cap_chan_put(l2cap_pi(sk)->chan); 831 sock_set_flag(sk, SOCK_DEAD); 832 sock_put(sk); 833} 834 835static int l2cap_sock_shutdown(struct socket *sock, int how) 836{ 837 struct sock *sk = sock->sk; 838 struct l2cap_chan *chan; 839 struct l2cap_conn *conn; 840 int err = 0; 841 842 BT_DBG("sock %p, sk %p", sock, sk); 843 844 if (!sk) 845 return 0; 846 847 chan = l2cap_pi(sk)->chan; 848 conn = chan->conn; 849 850 if (conn) 851 mutex_lock(&conn->chan_lock); 852 853 l2cap_chan_lock(chan); 854 lock_sock(sk); 855 856 if (!sk->sk_shutdown) { 857 if (chan->mode == L2CAP_MODE_ERTM) 858 err = __l2cap_wait_ack(sk); 859 860 sk->sk_shutdown = SHUTDOWN_MASK; 861 862 release_sock(sk); 863 l2cap_chan_close(chan, 0); 864 lock_sock(sk); 865 866 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 867 err = bt_sock_wait_state(sk, BT_CLOSED, 868 sk->sk_lingertime); 869 } 870 871 if (!err && sk->sk_err) 872 err = -sk->sk_err; 873 874 release_sock(sk); 875 l2cap_chan_unlock(chan); 876 877 if (conn) 878 mutex_unlock(&conn->chan_lock); 879 880 return err; 881} 882 883static int l2cap_sock_release(struct socket *sock) 884{ 885 struct sock *sk = sock->sk; 886 int err; 887 888 BT_DBG("sock %p, sk %p", sock, sk); 889 890 if (!sk) 891 return 0; 892 893 bt_sock_unlink(&l2cap_sk_list, sk); 894 895 err = l2cap_sock_shutdown(sock, 2); 896 897 sock_orphan(sk); 898 l2cap_sock_kill(sk); 899 return err; 900} 901 902static void l2cap_sock_cleanup_listen(struct sock *parent) 903{ 904 struct sock *sk; 905 906 BT_DBG("parent %p", parent); 907 908 /* Close not yet accepted channels */ 909 while ((sk = bt_accept_dequeue(parent, NULL))) { 910 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 911 912 l2cap_chan_lock(chan); 913 __clear_chan_timer(chan); 914 l2cap_chan_close(chan, ECONNRESET); 915 l2cap_chan_unlock(chan); 916 917 l2cap_sock_kill(sk); 918 } 919} 920 921static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 922{ 923 struct sock *sk, *parent = chan->data; 924 925 /* Check for backlog size */ 926 if (sk_acceptq_is_full(parent)) { 927 BT_DBG("backlog full %d", parent->sk_ack_backlog); 928 return NULL; 929 } 930 931 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 932 GFP_ATOMIC); 933 if (!sk) 934 return NULL; 935 936 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 937 938 l2cap_sock_init(sk, parent); 939 940 return l2cap_pi(sk)->chan; 941} 942 943static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 944{ 945 int err; 946 struct sock *sk = chan->data; 947 struct l2cap_pinfo *pi = l2cap_pi(sk); 948 949 lock_sock(sk); 950 951 if (pi->rx_busy_skb) { 952 err = -ENOMEM; 953 goto done; 954 } 955 956 err = sock_queue_rcv_skb(sk, skb); 957 958 /* For ERTM, handle one skb that doesn't fit into the recv 959 * buffer. This is important to do because the data frames 960 * have already been acked, so the skb cannot be discarded. 961 * 962 * Notify the l2cap core that the buffer is full, so the 963 * LOCAL_BUSY state is entered and no more frames are 964 * acked and reassembled until there is buffer space 965 * available. 966 */ 967 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 968 pi->rx_busy_skb = skb; 969 l2cap_chan_busy(pi->chan, 1); 970 err = 0; 971 } 972 973done: 974 release_sock(sk); 975 976 return err; 977} 978 979static void l2cap_sock_close_cb(struct l2cap_chan *chan) 980{ 981 struct sock *sk = chan->data; 982 983 l2cap_sock_kill(sk); 984} 985 986static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 987{ 988 struct sock *sk = chan->data; 989 struct sock *parent; 990 991 lock_sock(sk); 992 993 parent = bt_sk(sk)->parent; 994 995 sock_set_flag(sk, SOCK_ZAPPED); 996 997 switch (chan->state) { 998 case BT_OPEN: 999 case BT_BOUND: 1000 case BT_CLOSED: 1001 break; 1002 case BT_LISTEN: 1003 l2cap_sock_cleanup_listen(sk); 1004 sk->sk_state = BT_CLOSED; 1005 chan->state = BT_CLOSED; 1006 1007 break; 1008 default: 1009 sk->sk_state = BT_CLOSED; 1010 chan->state = BT_CLOSED; 1011 1012 sk->sk_err = err; 1013 1014 if (parent) { 1015 bt_accept_unlink(sk); 1016 parent->sk_data_ready(parent, 0); 1017 } else { 1018 sk->sk_state_change(sk); 1019 } 1020 1021 break; 1022 } 1023 1024 release_sock(sk); 1025} 1026 1027static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1028{ 1029 struct sock *sk = chan->data; 1030 1031 sk->sk_state = state; 1032} 1033 1034static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1035 unsigned long len, int nb) 1036{ 1037 struct sk_buff *skb; 1038 int err; 1039 1040 l2cap_chan_unlock(chan); 1041 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1042 l2cap_chan_lock(chan); 1043 1044 if (!skb) 1045 return ERR_PTR(err); 1046 1047 return skb; 1048} 1049 1050static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1051{ 1052 struct sock *sk = chan->data; 1053 struct sock *parent; 1054 1055 lock_sock(sk); 1056 1057 parent = bt_sk(sk)->parent; 1058 1059 BT_DBG("sk %p, parent %p", sk, parent); 1060 1061 sk->sk_state = BT_CONNECTED; 1062 sk->sk_state_change(sk); 1063 1064 if (parent) 1065 parent->sk_data_ready(parent, 0); 1066 1067 release_sock(sk); 1068} 1069 1070static struct l2cap_ops l2cap_chan_ops = { 1071 .name = "L2CAP Socket Interface", 1072 .new_connection = l2cap_sock_new_connection_cb, 1073 .recv = l2cap_sock_recv_cb, 1074 .close = l2cap_sock_close_cb, 1075 .teardown = l2cap_sock_teardown_cb, 1076 .state_change = l2cap_sock_state_change_cb, 1077 .ready = l2cap_sock_ready_cb, 1078 .alloc_skb = l2cap_sock_alloc_skb_cb, 1079}; 1080 1081static void l2cap_sock_destruct(struct sock *sk) 1082{ 1083 BT_DBG("sk %p", sk); 1084 1085 l2cap_chan_put(l2cap_pi(sk)->chan); 1086 if (l2cap_pi(sk)->rx_busy_skb) { 1087 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1088 l2cap_pi(sk)->rx_busy_skb = NULL; 1089 } 1090 1091 skb_queue_purge(&sk->sk_receive_queue); 1092 skb_queue_purge(&sk->sk_write_queue); 1093} 1094 1095static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1096{ 1097 struct l2cap_pinfo *pi = l2cap_pi(sk); 1098 struct l2cap_chan *chan = pi->chan; 1099 1100 BT_DBG("sk %p", sk); 1101 1102 if (parent) { 1103 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1104 1105 sk->sk_type = parent->sk_type; 1106 bt_sk(sk)->flags = bt_sk(parent)->flags; 1107 1108 chan->chan_type = pchan->chan_type; 1109 chan->imtu = pchan->imtu; 1110 chan->omtu = pchan->omtu; 1111 chan->conf_state = pchan->conf_state; 1112 chan->mode = pchan->mode; 1113 chan->fcs = pchan->fcs; 1114 chan->max_tx = pchan->max_tx; 1115 chan->tx_win = pchan->tx_win; 1116 chan->tx_win_max = pchan->tx_win_max; 1117 chan->sec_level = pchan->sec_level; 1118 chan->flags = pchan->flags; 1119 1120 security_sk_clone(parent, sk); 1121 } else { 1122 1123 switch (sk->sk_type) { 1124 case SOCK_RAW: 1125 chan->chan_type = L2CAP_CHAN_RAW; 1126 break; 1127 case SOCK_DGRAM: 1128 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1129 break; 1130 case SOCK_SEQPACKET: 1131 case SOCK_STREAM: 1132 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1133 break; 1134 } 1135 1136 chan->imtu = L2CAP_DEFAULT_MTU; 1137 chan->omtu = 0; 1138 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1139 chan->mode = L2CAP_MODE_ERTM; 1140 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1141 } else { 1142 chan->mode = L2CAP_MODE_BASIC; 1143 } 1144 1145 l2cap_chan_set_defaults(chan); 1146 } 1147 1148 /* Default config options */ 1149 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1150 1151 chan->data = sk; 1152 chan->ops = &l2cap_chan_ops; 1153} 1154 1155static struct proto l2cap_proto = { 1156 .name = "L2CAP", 1157 .owner = THIS_MODULE, 1158 .obj_size = sizeof(struct l2cap_pinfo) 1159}; 1160 1161static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1162{ 1163 struct sock *sk; 1164 struct l2cap_chan *chan; 1165 1166 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1167 if (!sk) 1168 return NULL; 1169 1170 sock_init_data(sock, sk); 1171 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1172 1173 sk->sk_destruct = l2cap_sock_destruct; 1174 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1175 1176 sock_reset_flag(sk, SOCK_ZAPPED); 1177 1178 sk->sk_protocol = proto; 1179 sk->sk_state = BT_OPEN; 1180 1181 chan = l2cap_chan_create(); 1182 if (!chan) { 1183 l2cap_sock_kill(sk); 1184 return NULL; 1185 } 1186 1187 l2cap_chan_hold(chan); 1188 1189 chan->sk = sk; 1190 1191 l2cap_pi(sk)->chan = chan; 1192 1193 return sk; 1194} 1195 1196static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1197 int kern) 1198{ 1199 struct sock *sk; 1200 1201 BT_DBG("sock %p", sock); 1202 1203 sock->state = SS_UNCONNECTED; 1204 1205 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1206 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1207 return -ESOCKTNOSUPPORT; 1208 1209 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1210 return -EPERM; 1211 1212 sock->ops = &l2cap_sock_ops; 1213 1214 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1215 if (!sk) 1216 return -ENOMEM; 1217 1218 l2cap_sock_init(sk, NULL); 1219 bt_sock_link(&l2cap_sk_list, sk); 1220 return 0; 1221} 1222 1223static const struct proto_ops l2cap_sock_ops = { 1224 .family = PF_BLUETOOTH, 1225 .owner = THIS_MODULE, 1226 .release = l2cap_sock_release, 1227 .bind = l2cap_sock_bind, 1228 .connect = l2cap_sock_connect, 1229 .listen = l2cap_sock_listen, 1230 .accept = l2cap_sock_accept, 1231 .getname = l2cap_sock_getname, 1232 .sendmsg = l2cap_sock_sendmsg, 1233 .recvmsg = l2cap_sock_recvmsg, 1234 .poll = bt_sock_poll, 1235 .ioctl = bt_sock_ioctl, 1236 .mmap = sock_no_mmap, 1237 .socketpair = sock_no_socketpair, 1238 .shutdown = l2cap_sock_shutdown, 1239 .setsockopt = l2cap_sock_setsockopt, 1240 .getsockopt = l2cap_sock_getsockopt 1241}; 1242 1243static const struct net_proto_family l2cap_sock_family_ops = { 1244 .family = PF_BLUETOOTH, 1245 .owner = THIS_MODULE, 1246 .create = l2cap_sock_create, 1247}; 1248 1249int __init l2cap_init_sockets(void) 1250{ 1251 int err; 1252 1253 err = proto_register(&l2cap_proto, 0); 1254 if (err < 0) 1255 return err; 1256 1257 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1258 if (err < 0) { 1259 BT_ERR("L2CAP socket registration failed"); 1260 goto error; 1261 } 1262 1263 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL); 1264 if (err < 0) { 1265 BT_ERR("Failed to create L2CAP proc file"); 1266 bt_sock_unregister(BTPROTO_L2CAP); 1267 goto error; 1268 } 1269 1270 BT_INFO("L2CAP socket layer initialized"); 1271 1272 return 0; 1273 1274error: 1275 proto_unregister(&l2cap_proto); 1276 return err; 1277} 1278 1279void l2cap_cleanup_sockets(void) 1280{ 1281 bt_procfs_cleanup(&init_net, "l2cap"); 1282 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1283 BT_ERR("L2CAP socket unregistration failed"); 1284 1285 proto_unregister(&l2cap_proto); 1286} 1287