l2cap_sock.c revision 5d41ce1dd91bce01d50aff79786dc5d5eedcfab7
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25*/ 26 27/* Bluetooth L2CAP sockets. */ 28 29#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/hci_core.h> 31#include <net/bluetooth/l2cap.h> 32 33/* ---- L2CAP timers ---- */ 34static void l2cap_sock_timeout(unsigned long arg) 35{ 36 struct sock *sk = (struct sock *) arg; 37 int reason; 38 39 BT_DBG("sock %p state %d", sk, sk->sk_state); 40 41 bh_lock_sock(sk); 42 43 if (sock_owned_by_user(sk)) { 44 /* sk is owned by user. Try again later */ 45 l2cap_sock_set_timer(sk, HZ / 5); 46 bh_unlock_sock(sk); 47 sock_put(sk); 48 return; 49 } 50 51 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 52 reason = ECONNREFUSED; 53 else if (sk->sk_state == BT_CONNECT && 54 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP) 55 reason = ECONNREFUSED; 56 else 57 reason = ETIMEDOUT; 58 59 __l2cap_sock_close(sk, reason); 60 61 bh_unlock_sock(sk); 62 63 l2cap_sock_kill(sk); 64 sock_put(sk); 65} 66 67void l2cap_sock_set_timer(struct sock *sk, long timeout) 68{ 69 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); 70 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 71} 72 73void l2cap_sock_clear_timer(struct sock *sk) 74{ 75 BT_DBG("sock %p state %d", sk, sk->sk_state); 76 sk_stop_timer(sk, &sk->sk_timer); 77} 78 79static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src) 80{ 81 struct sock *sk; 82 struct hlist_node *node; 83 sk_for_each(sk, node, &l2cap_sk_list.head) 84 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src)) 85 goto found; 86 sk = NULL; 87found: 88 return sk; 89} 90 91static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 92{ 93 struct sock *sk = sock->sk; 94 struct sockaddr_l2 la; 95 int len, err = 0; 96 97 BT_DBG("sk %p", sk); 98 99 if (!addr || addr->sa_family != AF_BLUETOOTH) 100 return -EINVAL; 101 102 memset(&la, 0, sizeof(la)); 103 len = min_t(unsigned int, sizeof(la), alen); 104 memcpy(&la, addr, len); 105 106 if (la.l2_cid && la.l2_psm) 107 return -EINVAL; 108 109 lock_sock(sk); 110 111 if (sk->sk_state != BT_OPEN) { 112 err = -EBADFD; 113 goto done; 114 } 115 116 if (la.l2_psm) { 117 __u16 psm = __le16_to_cpu(la.l2_psm); 118 119 /* PSM must be odd and lsb of upper byte must be 0 */ 120 if ((psm & 0x0101) != 0x0001) { 121 err = -EINVAL; 122 goto done; 123 } 124 125 /* Restrict usage of well-known PSMs */ 126 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 127 err = -EACCES; 128 goto done; 129 } 130 } 131 132 write_lock_bh(&l2cap_sk_list.lock); 133 134 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) { 135 err = -EADDRINUSE; 136 } else { 137 /* Save source address */ 138 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 139 l2cap_pi(sk)->psm = la.l2_psm; 140 l2cap_pi(sk)->sport = la.l2_psm; 141 sk->sk_state = BT_BOUND; 142 143 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 144 __le16_to_cpu(la.l2_psm) == 0x0003) 145 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; 146 } 147 148 if (la.l2_cid) 149 l2cap_pi(sk)->scid = la.l2_cid; 150 151 write_unlock_bh(&l2cap_sk_list.lock); 152 153done: 154 release_sock(sk); 155 return err; 156} 157 158static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 159{ 160 struct sock *sk = sock->sk; 161 struct sockaddr_l2 la; 162 int len, err = 0; 163 164 BT_DBG("sk %p", sk); 165 166 if (!addr || alen < sizeof(addr->sa_family) || 167 addr->sa_family != AF_BLUETOOTH) 168 return -EINVAL; 169 170 memset(&la, 0, sizeof(la)); 171 len = min_t(unsigned int, sizeof(la), alen); 172 memcpy(&la, addr, len); 173 174 if (la.l2_cid && la.l2_psm) 175 return -EINVAL; 176 177 lock_sock(sk); 178 179 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) 180 && !(la.l2_psm || la.l2_cid)) { 181 err = -EINVAL; 182 goto done; 183 } 184 185 switch (l2cap_pi(sk)->mode) { 186 case L2CAP_MODE_BASIC: 187 break; 188 case L2CAP_MODE_ERTM: 189 case L2CAP_MODE_STREAMING: 190 if (!disable_ertm) 191 break; 192 /* fall through */ 193 default: 194 err = -ENOTSUPP; 195 goto done; 196 } 197 198 switch (sk->sk_state) { 199 case BT_CONNECT: 200 case BT_CONNECT2: 201 case BT_CONFIG: 202 /* Already connecting */ 203 goto wait; 204 205 case BT_CONNECTED: 206 /* Already connected */ 207 err = -EISCONN; 208 goto done; 209 210 case BT_OPEN: 211 case BT_BOUND: 212 /* Can connect */ 213 break; 214 215 default: 216 err = -EBADFD; 217 goto done; 218 } 219 220 /* PSM must be odd and lsb of upper byte must be 0 */ 221 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && 222 sk->sk_type != SOCK_RAW && !la.l2_cid) { 223 err = -EINVAL; 224 goto done; 225 } 226 227 /* Set destination address and psm */ 228 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 229 l2cap_pi(sk)->psm = la.l2_psm; 230 l2cap_pi(sk)->dcid = la.l2_cid; 231 232 err = l2cap_do_connect(l2cap_pi(sk)->chan); 233 if (err) 234 goto done; 235 236wait: 237 err = bt_sock_wait_state(sk, BT_CONNECTED, 238 sock_sndtimeo(sk, flags & O_NONBLOCK)); 239done: 240 release_sock(sk); 241 return err; 242} 243 244static int l2cap_sock_listen(struct socket *sock, int backlog) 245{ 246 struct sock *sk = sock->sk; 247 int err = 0; 248 249 BT_DBG("sk %p backlog %d", sk, backlog); 250 251 lock_sock(sk); 252 253 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 254 || sk->sk_state != BT_BOUND) { 255 err = -EBADFD; 256 goto done; 257 } 258 259 switch (l2cap_pi(sk)->mode) { 260 case L2CAP_MODE_BASIC: 261 break; 262 case L2CAP_MODE_ERTM: 263 case L2CAP_MODE_STREAMING: 264 if (!disable_ertm) 265 break; 266 /* fall through */ 267 default: 268 err = -ENOTSUPP; 269 goto done; 270 } 271 272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->scid) { 273 bdaddr_t *src = &bt_sk(sk)->src; 274 u16 psm; 275 276 err = -EINVAL; 277 278 write_lock_bh(&l2cap_sk_list.lock); 279 280 for (psm = 0x1001; psm < 0x1100; psm += 2) 281 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) { 282 l2cap_pi(sk)->psm = cpu_to_le16(psm); 283 l2cap_pi(sk)->sport = cpu_to_le16(psm); 284 err = 0; 285 break; 286 } 287 288 write_unlock_bh(&l2cap_sk_list.lock); 289 290 if (err < 0) 291 goto done; 292 } 293 294 sk->sk_max_ack_backlog = backlog; 295 sk->sk_ack_backlog = 0; 296 sk->sk_state = BT_LISTEN; 297 298done: 299 release_sock(sk); 300 return err; 301} 302 303static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 304{ 305 DECLARE_WAITQUEUE(wait, current); 306 struct sock *sk = sock->sk, *nsk; 307 long timeo; 308 int err = 0; 309 310 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 311 312 if (sk->sk_state != BT_LISTEN) { 313 err = -EBADFD; 314 goto done; 315 } 316 317 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 318 319 BT_DBG("sk %p timeo %ld", sk, timeo); 320 321 /* Wait for an incoming connection. (wake-one). */ 322 add_wait_queue_exclusive(sk_sleep(sk), &wait); 323 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 324 set_current_state(TASK_INTERRUPTIBLE); 325 if (!timeo) { 326 err = -EAGAIN; 327 break; 328 } 329 330 release_sock(sk); 331 timeo = schedule_timeout(timeo); 332 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 333 334 if (sk->sk_state != BT_LISTEN) { 335 err = -EBADFD; 336 break; 337 } 338 339 if (signal_pending(current)) { 340 err = sock_intr_errno(timeo); 341 break; 342 } 343 } 344 set_current_state(TASK_RUNNING); 345 remove_wait_queue(sk_sleep(sk), &wait); 346 347 if (err) 348 goto done; 349 350 newsock->state = SS_CONNECTED; 351 352 BT_DBG("new socket %p", nsk); 353 354done: 355 release_sock(sk); 356 return err; 357} 358 359static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 360{ 361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 362 struct sock *sk = sock->sk; 363 364 BT_DBG("sock %p, sk %p", sock, sk); 365 366 addr->sa_family = AF_BLUETOOTH; 367 *len = sizeof(struct sockaddr_l2); 368 369 if (peer) { 370 la->l2_psm = l2cap_pi(sk)->psm; 371 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 372 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid); 373 } else { 374 la->l2_psm = l2cap_pi(sk)->sport; 375 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 376 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid); 377 } 378 379 return 0; 380} 381 382static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 383{ 384 struct sock *sk = sock->sk; 385 struct l2cap_options opts; 386 struct l2cap_conninfo cinfo; 387 int len, err = 0; 388 u32 opt; 389 390 BT_DBG("sk %p", sk); 391 392 if (get_user(len, optlen)) 393 return -EFAULT; 394 395 lock_sock(sk); 396 397 switch (optname) { 398 case L2CAP_OPTIONS: 399 memset(&opts, 0, sizeof(opts)); 400 opts.imtu = l2cap_pi(sk)->imtu; 401 opts.omtu = l2cap_pi(sk)->omtu; 402 opts.flush_to = l2cap_pi(sk)->flush_to; 403 opts.mode = l2cap_pi(sk)->mode; 404 opts.fcs = l2cap_pi(sk)->fcs; 405 opts.max_tx = l2cap_pi(sk)->max_tx; 406 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win; 407 408 len = min_t(unsigned int, len, sizeof(opts)); 409 if (copy_to_user(optval, (char *) &opts, len)) 410 err = -EFAULT; 411 412 break; 413 414 case L2CAP_LM: 415 switch (l2cap_pi(sk)->sec_level) { 416 case BT_SECURITY_LOW: 417 opt = L2CAP_LM_AUTH; 418 break; 419 case BT_SECURITY_MEDIUM: 420 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 421 break; 422 case BT_SECURITY_HIGH: 423 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 424 L2CAP_LM_SECURE; 425 break; 426 default: 427 opt = 0; 428 break; 429 } 430 431 if (l2cap_pi(sk)->role_switch) 432 opt |= L2CAP_LM_MASTER; 433 434 if (l2cap_pi(sk)->force_reliable) 435 opt |= L2CAP_LM_RELIABLE; 436 437 if (put_user(opt, (u32 __user *) optval)) 438 err = -EFAULT; 439 break; 440 441 case L2CAP_CONNINFO: 442 if (sk->sk_state != BT_CONNECTED && 443 !(sk->sk_state == BT_CONNECT2 && 444 bt_sk(sk)->defer_setup)) { 445 err = -ENOTCONN; 446 break; 447 } 448 449 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle; 450 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3); 451 452 len = min_t(unsigned int, len, sizeof(cinfo)); 453 if (copy_to_user(optval, (char *) &cinfo, len)) 454 err = -EFAULT; 455 456 break; 457 458 default: 459 err = -ENOPROTOOPT; 460 break; 461 } 462 463 release_sock(sk); 464 return err; 465} 466 467static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 468{ 469 struct sock *sk = sock->sk; 470 struct bt_security sec; 471 int len, err = 0; 472 473 BT_DBG("sk %p", sk); 474 475 if (level == SOL_L2CAP) 476 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 477 478 if (level != SOL_BLUETOOTH) 479 return -ENOPROTOOPT; 480 481 if (get_user(len, optlen)) 482 return -EFAULT; 483 484 lock_sock(sk); 485 486 switch (optname) { 487 case BT_SECURITY: 488 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 489 && sk->sk_type != SOCK_RAW) { 490 err = -EINVAL; 491 break; 492 } 493 494 sec.level = l2cap_pi(sk)->sec_level; 495 496 len = min_t(unsigned int, len, sizeof(sec)); 497 if (copy_to_user(optval, (char *) &sec, len)) 498 err = -EFAULT; 499 500 break; 501 502 case BT_DEFER_SETUP: 503 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 504 err = -EINVAL; 505 break; 506 } 507 508 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 509 err = -EFAULT; 510 511 break; 512 513 case BT_FLUSHABLE: 514 if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval)) 515 err = -EFAULT; 516 517 break; 518 519 default: 520 err = -ENOPROTOOPT; 521 break; 522 } 523 524 release_sock(sk); 525 return err; 526} 527 528static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 529{ 530 struct sock *sk = sock->sk; 531 struct l2cap_options opts; 532 int len, err = 0; 533 u32 opt; 534 535 BT_DBG("sk %p", sk); 536 537 lock_sock(sk); 538 539 switch (optname) { 540 case L2CAP_OPTIONS: 541 if (sk->sk_state == BT_CONNECTED) { 542 err = -EINVAL; 543 break; 544 } 545 546 opts.imtu = l2cap_pi(sk)->imtu; 547 opts.omtu = l2cap_pi(sk)->omtu; 548 opts.flush_to = l2cap_pi(sk)->flush_to; 549 opts.mode = l2cap_pi(sk)->mode; 550 opts.fcs = l2cap_pi(sk)->fcs; 551 opts.max_tx = l2cap_pi(sk)->max_tx; 552 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win; 553 554 len = min_t(unsigned int, sizeof(opts), optlen); 555 if (copy_from_user((char *) &opts, optval, len)) { 556 err = -EFAULT; 557 break; 558 } 559 560 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 561 err = -EINVAL; 562 break; 563 } 564 565 l2cap_pi(sk)->mode = opts.mode; 566 switch (l2cap_pi(sk)->mode) { 567 case L2CAP_MODE_BASIC: 568 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; 569 break; 570 case L2CAP_MODE_ERTM: 571 case L2CAP_MODE_STREAMING: 572 if (!disable_ertm) 573 break; 574 /* fall through */ 575 default: 576 err = -EINVAL; 577 break; 578 } 579 580 l2cap_pi(sk)->imtu = opts.imtu; 581 l2cap_pi(sk)->omtu = opts.omtu; 582 l2cap_pi(sk)->fcs = opts.fcs; 583 l2cap_pi(sk)->max_tx = opts.max_tx; 584 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size; 585 break; 586 587 case L2CAP_LM: 588 if (get_user(opt, (u32 __user *) optval)) { 589 err = -EFAULT; 590 break; 591 } 592 593 if (opt & L2CAP_LM_AUTH) 594 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW; 595 if (opt & L2CAP_LM_ENCRYPT) 596 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 597 if (opt & L2CAP_LM_SECURE) 598 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH; 599 600 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER); 601 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE); 602 break; 603 604 default: 605 err = -ENOPROTOOPT; 606 break; 607 } 608 609 release_sock(sk); 610 return err; 611} 612 613static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 614{ 615 struct sock *sk = sock->sk; 616 struct bt_security sec; 617 int len, err = 0; 618 u32 opt; 619 620 BT_DBG("sk %p", sk); 621 622 if (level == SOL_L2CAP) 623 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 624 625 if (level != SOL_BLUETOOTH) 626 return -ENOPROTOOPT; 627 628 lock_sock(sk); 629 630 switch (optname) { 631 case BT_SECURITY: 632 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 633 && sk->sk_type != SOCK_RAW) { 634 err = -EINVAL; 635 break; 636 } 637 638 sec.level = BT_SECURITY_LOW; 639 640 len = min_t(unsigned int, sizeof(sec), optlen); 641 if (copy_from_user((char *) &sec, optval, len)) { 642 err = -EFAULT; 643 break; 644 } 645 646 if (sec.level < BT_SECURITY_LOW || 647 sec.level > BT_SECURITY_HIGH) { 648 err = -EINVAL; 649 break; 650 } 651 652 l2cap_pi(sk)->sec_level = sec.level; 653 break; 654 655 case BT_DEFER_SETUP: 656 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 657 err = -EINVAL; 658 break; 659 } 660 661 if (get_user(opt, (u32 __user *) optval)) { 662 err = -EFAULT; 663 break; 664 } 665 666 bt_sk(sk)->defer_setup = opt; 667 break; 668 669 case BT_FLUSHABLE: 670 if (get_user(opt, (u32 __user *) optval)) { 671 err = -EFAULT; 672 break; 673 } 674 675 if (opt > BT_FLUSHABLE_ON) { 676 err = -EINVAL; 677 break; 678 } 679 680 if (opt == BT_FLUSHABLE_OFF) { 681 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 682 /* proceed futher only when we have l2cap_conn and 683 No Flush support in the LM */ 684 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 685 err = -EINVAL; 686 break; 687 } 688 } 689 690 l2cap_pi(sk)->flushable = opt; 691 break; 692 693 default: 694 err = -ENOPROTOOPT; 695 break; 696 } 697 698 release_sock(sk); 699 return err; 700} 701 702static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 703{ 704 struct sock *sk = sock->sk; 705 struct l2cap_pinfo *pi = l2cap_pi(sk); 706 struct sk_buff *skb; 707 u16 control; 708 int err; 709 710 BT_DBG("sock %p, sk %p", sock, sk); 711 712 err = sock_error(sk); 713 if (err) 714 return err; 715 716 if (msg->msg_flags & MSG_OOB) 717 return -EOPNOTSUPP; 718 719 lock_sock(sk); 720 721 if (sk->sk_state != BT_CONNECTED) { 722 err = -ENOTCONN; 723 goto done; 724 } 725 726 /* Connectionless channel */ 727 if (sk->sk_type == SOCK_DGRAM) { 728 skb = l2cap_create_connless_pdu(sk, msg, len); 729 if (IS_ERR(skb)) { 730 err = PTR_ERR(skb); 731 } else { 732 l2cap_do_send(sk, skb); 733 err = len; 734 } 735 goto done; 736 } 737 738 switch (pi->mode) { 739 case L2CAP_MODE_BASIC: 740 /* Check outgoing MTU */ 741 if (len > pi->omtu) { 742 err = -EMSGSIZE; 743 goto done; 744 } 745 746 /* Create a basic PDU */ 747 skb = l2cap_create_basic_pdu(sk, msg, len); 748 if (IS_ERR(skb)) { 749 err = PTR_ERR(skb); 750 goto done; 751 } 752 753 l2cap_do_send(sk, skb); 754 err = len; 755 break; 756 757 case L2CAP_MODE_ERTM: 758 case L2CAP_MODE_STREAMING: 759 /* Entire SDU fits into one PDU */ 760 if (len <= pi->chan->remote_mps) { 761 control = L2CAP_SDU_UNSEGMENTED; 762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 763 if (IS_ERR(skb)) { 764 err = PTR_ERR(skb); 765 goto done; 766 } 767 __skb_queue_tail(&pi->chan->tx_q, skb); 768 769 if (pi->chan->tx_send_head == NULL) 770 pi->chan->tx_send_head = skb; 771 772 } else { 773 /* Segment SDU into multiples PDUs */ 774 err = l2cap_sar_segment_sdu(pi->chan, msg, len); 775 if (err < 0) 776 goto done; 777 } 778 779 if (pi->mode == L2CAP_MODE_STREAMING) { 780 l2cap_streaming_send(pi->chan); 781 err = len; 782 break; 783 } 784 785 if ((pi->chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && 786 (pi->chan->conn_state & L2CAP_CONN_WAIT_F)) { 787 err = len; 788 break; 789 } 790 err = l2cap_ertm_send(pi->chan); 791 792 if (err >= 0) 793 err = len; 794 break; 795 796 default: 797 BT_DBG("bad state %1.1x", pi->mode); 798 err = -EBADFD; 799 } 800 801done: 802 release_sock(sk); 803 return err; 804} 805 806static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 807{ 808 struct sock *sk = sock->sk; 809 810 lock_sock(sk); 811 812 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 813 __l2cap_connect_rsp_defer(sk); 814 release_sock(sk); 815 return 0; 816 } 817 818 release_sock(sk); 819 820 if (sock->type == SOCK_STREAM) 821 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 822 823 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 824} 825 826/* Kill socket (only if zapped and orphan) 827 * Must be called on unlocked socket. 828 */ 829void l2cap_sock_kill(struct sock *sk) 830{ 831 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 832 return; 833 834 BT_DBG("sk %p state %d", sk, sk->sk_state); 835 836 /* Kill poor orphan */ 837 bt_sock_unlink(&l2cap_sk_list, sk); 838 sock_set_flag(sk, SOCK_DEAD); 839 sock_put(sk); 840} 841 842/* Must be called on unlocked socket. */ 843static void l2cap_sock_close(struct sock *sk) 844{ 845 l2cap_sock_clear_timer(sk); 846 lock_sock(sk); 847 __l2cap_sock_close(sk, ECONNRESET); 848 release_sock(sk); 849 l2cap_sock_kill(sk); 850} 851 852static void l2cap_sock_cleanup_listen(struct sock *parent) 853{ 854 struct sock *sk; 855 856 BT_DBG("parent %p", parent); 857 858 /* Close not yet accepted channels */ 859 while ((sk = bt_accept_dequeue(parent, NULL))) 860 l2cap_sock_close(sk); 861 862 parent->sk_state = BT_CLOSED; 863 sock_set_flag(parent, SOCK_ZAPPED); 864} 865 866void __l2cap_sock_close(struct sock *sk, int reason) 867{ 868 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 869 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 870 871 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 872 873 switch (sk->sk_state) { 874 case BT_LISTEN: 875 l2cap_sock_cleanup_listen(sk); 876 break; 877 878 case BT_CONNECTED: 879 case BT_CONFIG: 880 if ((sk->sk_type == SOCK_SEQPACKET || 881 sk->sk_type == SOCK_STREAM) && 882 conn->hcon->type == ACL_LINK) { 883 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 884 l2cap_send_disconn_req(conn, chan, reason); 885 } else 886 l2cap_chan_del(chan, reason); 887 break; 888 889 case BT_CONNECT2: 890 if ((sk->sk_type == SOCK_SEQPACKET || 891 sk->sk_type == SOCK_STREAM) && 892 conn->hcon->type == ACL_LINK) { 893 struct l2cap_conn_rsp rsp; 894 __u16 result; 895 896 if (bt_sk(sk)->defer_setup) 897 result = L2CAP_CR_SEC_BLOCK; 898 else 899 result = L2CAP_CR_BAD_PSM; 900 901 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 902 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 903 rsp.result = cpu_to_le16(result); 904 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 905 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 906 sizeof(rsp), &rsp); 907 } 908 909 l2cap_chan_del(chan, reason); 910 break; 911 912 case BT_CONNECT: 913 case BT_DISCONN: 914 l2cap_chan_del(chan, reason); 915 break; 916 917 default: 918 sock_set_flag(sk, SOCK_ZAPPED); 919 break; 920 } 921} 922 923static int l2cap_sock_shutdown(struct socket *sock, int how) 924{ 925 struct sock *sk = sock->sk; 926 int err = 0; 927 928 BT_DBG("sock %p, sk %p", sock, sk); 929 930 if (!sk) 931 return 0; 932 933 lock_sock(sk); 934 if (!sk->sk_shutdown) { 935 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 936 err = __l2cap_wait_ack(sk); 937 938 sk->sk_shutdown = SHUTDOWN_MASK; 939 l2cap_sock_clear_timer(sk); 940 __l2cap_sock_close(sk, 0); 941 942 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 943 err = bt_sock_wait_state(sk, BT_CLOSED, 944 sk->sk_lingertime); 945 } 946 947 if (!err && sk->sk_err) 948 err = -sk->sk_err; 949 950 release_sock(sk); 951 return err; 952} 953 954static int l2cap_sock_release(struct socket *sock) 955{ 956 struct sock *sk = sock->sk; 957 int err; 958 959 BT_DBG("sock %p, sk %p", sock, sk); 960 961 if (!sk) 962 return 0; 963 964 err = l2cap_sock_shutdown(sock, 2); 965 966 sock_orphan(sk); 967 l2cap_sock_kill(sk); 968 return err; 969} 970 971static void l2cap_sock_destruct(struct sock *sk) 972{ 973 BT_DBG("sk %p", sk); 974 975 skb_queue_purge(&sk->sk_receive_queue); 976 skb_queue_purge(&sk->sk_write_queue); 977} 978 979void l2cap_sock_init(struct sock *sk, struct sock *parent) 980{ 981 struct l2cap_pinfo *pi = l2cap_pi(sk); 982 983 BT_DBG("sk %p", sk); 984 985 if (parent) { 986 sk->sk_type = parent->sk_type; 987 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 988 989 pi->imtu = l2cap_pi(parent)->imtu; 990 pi->omtu = l2cap_pi(parent)->omtu; 991 pi->conf_state = l2cap_pi(parent)->conf_state; 992 pi->mode = l2cap_pi(parent)->mode; 993 pi->fcs = l2cap_pi(parent)->fcs; 994 pi->max_tx = l2cap_pi(parent)->max_tx; 995 pi->tx_win = l2cap_pi(parent)->tx_win; 996 pi->sec_level = l2cap_pi(parent)->sec_level; 997 pi->role_switch = l2cap_pi(parent)->role_switch; 998 pi->force_reliable = l2cap_pi(parent)->force_reliable; 999 pi->flushable = l2cap_pi(parent)->flushable; 1000 } else { 1001 pi->imtu = L2CAP_DEFAULT_MTU; 1002 pi->omtu = 0; 1003 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1004 pi->mode = L2CAP_MODE_ERTM; 1005 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE; 1006 } else { 1007 pi->mode = L2CAP_MODE_BASIC; 1008 } 1009 pi->max_tx = L2CAP_DEFAULT_MAX_TX; 1010 pi->fcs = L2CAP_FCS_CRC16; 1011 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1012 pi->sec_level = BT_SECURITY_LOW; 1013 pi->role_switch = 0; 1014 pi->force_reliable = 0; 1015 pi->flushable = BT_FLUSHABLE_OFF; 1016 } 1017 1018 /* Default config options */ 1019 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1020} 1021 1022static struct proto l2cap_proto = { 1023 .name = "L2CAP", 1024 .owner = THIS_MODULE, 1025 .obj_size = sizeof(struct l2cap_pinfo) 1026}; 1027 1028struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1029{ 1030 struct sock *sk; 1031 1032 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1033 if (!sk) 1034 return NULL; 1035 1036 sock_init_data(sock, sk); 1037 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1038 1039 sk->sk_destruct = l2cap_sock_destruct; 1040 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 1041 1042 sock_reset_flag(sk, SOCK_ZAPPED); 1043 1044 sk->sk_protocol = proto; 1045 sk->sk_state = BT_OPEN; 1046 1047 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); 1048 1049 bt_sock_link(&l2cap_sk_list, sk); 1050 return sk; 1051} 1052 1053static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1054 int kern) 1055{ 1056 struct sock *sk; 1057 struct l2cap_chan *chan; 1058 1059 BT_DBG("sock %p", sock); 1060 1061 sock->state = SS_UNCONNECTED; 1062 1063 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1064 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1065 return -ESOCKTNOSUPPORT; 1066 1067 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1068 return -EPERM; 1069 1070 sock->ops = &l2cap_sock_ops; 1071 1072 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1073 if (!sk) 1074 return -ENOMEM; 1075 1076 chan = l2cap_chan_alloc(sk); 1077 if (!chan) { 1078 l2cap_sock_kill(sk); 1079 return -ENOMEM; 1080 } 1081 1082 l2cap_pi(sk)->chan = chan; 1083 1084 l2cap_sock_init(sk, NULL); 1085 return 0; 1086} 1087 1088const struct proto_ops l2cap_sock_ops = { 1089 .family = PF_BLUETOOTH, 1090 .owner = THIS_MODULE, 1091 .release = l2cap_sock_release, 1092 .bind = l2cap_sock_bind, 1093 .connect = l2cap_sock_connect, 1094 .listen = l2cap_sock_listen, 1095 .accept = l2cap_sock_accept, 1096 .getname = l2cap_sock_getname, 1097 .sendmsg = l2cap_sock_sendmsg, 1098 .recvmsg = l2cap_sock_recvmsg, 1099 .poll = bt_sock_poll, 1100 .ioctl = bt_sock_ioctl, 1101 .mmap = sock_no_mmap, 1102 .socketpair = sock_no_socketpair, 1103 .shutdown = l2cap_sock_shutdown, 1104 .setsockopt = l2cap_sock_setsockopt, 1105 .getsockopt = l2cap_sock_getsockopt 1106}; 1107 1108static const struct net_proto_family l2cap_sock_family_ops = { 1109 .family = PF_BLUETOOTH, 1110 .owner = THIS_MODULE, 1111 .create = l2cap_sock_create, 1112}; 1113 1114int __init l2cap_init_sockets(void) 1115{ 1116 int err; 1117 1118 err = proto_register(&l2cap_proto, 0); 1119 if (err < 0) 1120 return err; 1121 1122 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1123 if (err < 0) 1124 goto error; 1125 1126 BT_INFO("L2CAP socket layer initialized"); 1127 1128 return 0; 1129 1130error: 1131 BT_ERR("L2CAP socket registration failed"); 1132 proto_unregister(&l2cap_proto); 1133 return err; 1134} 1135 1136void l2cap_cleanup_sockets(void) 1137{ 1138 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1139 BT_ERR("L2CAP socket unregistration failed"); 1140 1141 proto_unregister(&l2cap_proto); 1142} 1143