l2cap_sock.c revision 644912e18ac1d27f57f6673b0236b568ff750fd1
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35#include <net/bluetooth/smp.h> 36 37static struct bt_sock_list l2cap_sk_list = { 38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39}; 40 41static const struct proto_ops l2cap_sock_ops; 42static void l2cap_sock_init(struct sock *sk, struct sock *parent); 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 44 int proto, gfp_t prio); 45 46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 47{ 48 struct sock *sk = sock->sk; 49 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 50 struct sockaddr_l2 la; 51 int len, err = 0; 52 53 BT_DBG("sk %p", sk); 54 55 if (!addr || addr->sa_family != AF_BLUETOOTH) 56 return -EINVAL; 57 58 memset(&la, 0, sizeof(la)); 59 len = min_t(unsigned int, sizeof(la), alen); 60 memcpy(&la, addr, len); 61 62 if (la.l2_cid && la.l2_psm) 63 return -EINVAL; 64 65 lock_sock(sk); 66 67 if (sk->sk_state != BT_OPEN) { 68 err = -EBADFD; 69 goto done; 70 } 71 72 if (la.l2_psm) { 73 __u16 psm = __le16_to_cpu(la.l2_psm); 74 75 /* PSM must be odd and lsb of upper byte must be 0 */ 76 if ((psm & 0x0101) != 0x0001) { 77 err = -EINVAL; 78 goto done; 79 } 80 81 /* Restrict usage of well-known PSMs */ 82 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 83 err = -EACCES; 84 goto done; 85 } 86 } 87 88 if (la.l2_cid) 89 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 90 else 91 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 92 93 if (err < 0) 94 goto done; 95 96 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 97 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 98 chan->sec_level = BT_SECURITY_SDP; 99 100 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 101 102 chan->state = BT_BOUND; 103 sk->sk_state = BT_BOUND; 104 105done: 106 release_sock(sk); 107 return err; 108} 109 110static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 111 int alen, int flags) 112{ 113 struct sock *sk = sock->sk; 114 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 115 struct sockaddr_l2 la; 116 int len, err = 0; 117 118 BT_DBG("sk %p", sk); 119 120 if (!addr || alen < sizeof(addr->sa_family) || 121 addr->sa_family != AF_BLUETOOTH) 122 return -EINVAL; 123 124 memset(&la, 0, sizeof(la)); 125 len = min_t(unsigned int, sizeof(la), alen); 126 memcpy(&la, addr, len); 127 128 if (la.l2_cid && la.l2_psm) 129 return -EINVAL; 130 131 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 132 &la.l2_bdaddr, la.l2_bdaddr_type); 133 if (err) 134 return err; 135 136 lock_sock(sk); 137 138 err = bt_sock_wait_state(sk, BT_CONNECTED, 139 sock_sndtimeo(sk, flags & O_NONBLOCK)); 140 141 release_sock(sk); 142 143 return err; 144} 145 146static int l2cap_sock_listen(struct socket *sock, int backlog) 147{ 148 struct sock *sk = sock->sk; 149 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 150 int err = 0; 151 152 BT_DBG("sk %p backlog %d", sk, backlog); 153 154 lock_sock(sk); 155 156 if (sk->sk_state != BT_BOUND) { 157 err = -EBADFD; 158 goto done; 159 } 160 161 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 162 err = -EINVAL; 163 goto done; 164 } 165 166 switch (chan->mode) { 167 case L2CAP_MODE_BASIC: 168 break; 169 case L2CAP_MODE_ERTM: 170 case L2CAP_MODE_STREAMING: 171 if (!disable_ertm) 172 break; 173 /* fall through */ 174 default: 175 err = -ENOTSUPP; 176 goto done; 177 } 178 179 sk->sk_max_ack_backlog = backlog; 180 sk->sk_ack_backlog = 0; 181 182 chan->state = BT_LISTEN; 183 sk->sk_state = BT_LISTEN; 184 185done: 186 release_sock(sk); 187 return err; 188} 189 190static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 191 int flags) 192{ 193 DECLARE_WAITQUEUE(wait, current); 194 struct sock *sk = sock->sk, *nsk; 195 long timeo; 196 int err = 0; 197 198 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 199 200 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 201 202 BT_DBG("sk %p timeo %ld", sk, timeo); 203 204 /* Wait for an incoming connection. (wake-one). */ 205 add_wait_queue_exclusive(sk_sleep(sk), &wait); 206 while (1) { 207 set_current_state(TASK_INTERRUPTIBLE); 208 209 if (sk->sk_state != BT_LISTEN) { 210 err = -EBADFD; 211 break; 212 } 213 214 nsk = bt_accept_dequeue(sk, newsock); 215 if (nsk) 216 break; 217 218 if (!timeo) { 219 err = -EAGAIN; 220 break; 221 } 222 223 if (signal_pending(current)) { 224 err = sock_intr_errno(timeo); 225 break; 226 } 227 228 release_sock(sk); 229 timeo = schedule_timeout(timeo); 230 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 231 } 232 __set_current_state(TASK_RUNNING); 233 remove_wait_queue(sk_sleep(sk), &wait); 234 235 if (err) 236 goto done; 237 238 newsock->state = SS_CONNECTED; 239 240 BT_DBG("new socket %p", nsk); 241 242done: 243 release_sock(sk); 244 return err; 245} 246 247static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 248 int *len, int peer) 249{ 250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 251 struct sock *sk = sock->sk; 252 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 253 254 BT_DBG("sock %p, sk %p", sock, sk); 255 256 addr->sa_family = AF_BLUETOOTH; 257 *len = sizeof(struct sockaddr_l2); 258 259 if (peer) { 260 la->l2_psm = chan->psm; 261 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 262 la->l2_cid = cpu_to_le16(chan->dcid); 263 } else { 264 la->l2_psm = chan->sport; 265 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 266 la->l2_cid = cpu_to_le16(chan->scid); 267 } 268 269 return 0; 270} 271 272static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 273 char __user *optval, int __user *optlen) 274{ 275 struct sock *sk = sock->sk; 276 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 277 struct l2cap_options opts; 278 struct l2cap_conninfo cinfo; 279 int len, err = 0; 280 u32 opt; 281 282 BT_DBG("sk %p", sk); 283 284 if (get_user(len, optlen)) 285 return -EFAULT; 286 287 lock_sock(sk); 288 289 switch (optname) { 290 case L2CAP_OPTIONS: 291 memset(&opts, 0, sizeof(opts)); 292 opts.imtu = chan->imtu; 293 opts.omtu = chan->omtu; 294 opts.flush_to = chan->flush_to; 295 opts.mode = chan->mode; 296 opts.fcs = chan->fcs; 297 opts.max_tx = chan->max_tx; 298 opts.txwin_size = chan->tx_win; 299 300 len = min_t(unsigned int, len, sizeof(opts)); 301 if (copy_to_user(optval, (char *) &opts, len)) 302 err = -EFAULT; 303 304 break; 305 306 case L2CAP_LM: 307 switch (chan->sec_level) { 308 case BT_SECURITY_LOW: 309 opt = L2CAP_LM_AUTH; 310 break; 311 case BT_SECURITY_MEDIUM: 312 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 313 break; 314 case BT_SECURITY_HIGH: 315 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 316 L2CAP_LM_SECURE; 317 break; 318 default: 319 opt = 0; 320 break; 321 } 322 323 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 324 opt |= L2CAP_LM_MASTER; 325 326 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 327 opt |= L2CAP_LM_RELIABLE; 328 329 if (put_user(opt, (u32 __user *) optval)) 330 err = -EFAULT; 331 break; 332 333 case L2CAP_CONNINFO: 334 if (sk->sk_state != BT_CONNECTED && 335 !(sk->sk_state == BT_CONNECT2 && 336 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 337 err = -ENOTCONN; 338 break; 339 } 340 341 memset(&cinfo, 0, sizeof(cinfo)); 342 cinfo.hci_handle = chan->conn->hcon->handle; 343 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 344 345 len = min_t(unsigned int, len, sizeof(cinfo)); 346 if (copy_to_user(optval, (char *) &cinfo, len)) 347 err = -EFAULT; 348 349 break; 350 351 default: 352 err = -ENOPROTOOPT; 353 break; 354 } 355 356 release_sock(sk); 357 return err; 358} 359 360static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 361 char __user *optval, int __user *optlen) 362{ 363 struct sock *sk = sock->sk; 364 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 struct bt_security sec; 366 struct bt_power pwr; 367 int len, err = 0; 368 369 BT_DBG("sk %p", sk); 370 371 if (level == SOL_L2CAP) 372 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 373 374 if (level != SOL_BLUETOOTH) 375 return -ENOPROTOOPT; 376 377 if (get_user(len, optlen)) 378 return -EFAULT; 379 380 lock_sock(sk); 381 382 switch (optname) { 383 case BT_SECURITY: 384 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 385 chan->chan_type != L2CAP_CHAN_RAW) { 386 err = -EINVAL; 387 break; 388 } 389 390 memset(&sec, 0, sizeof(sec)); 391 if (chan->conn) { 392 sec.level = chan->conn->hcon->sec_level; 393 394 if (sk->sk_state == BT_CONNECTED) 395 sec.key_size = chan->conn->hcon->enc_key_size; 396 } else { 397 sec.level = chan->sec_level; 398 } 399 400 len = min_t(unsigned int, len, sizeof(sec)); 401 if (copy_to_user(optval, (char *) &sec, len)) 402 err = -EFAULT; 403 404 break; 405 406 case BT_DEFER_SETUP: 407 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 408 err = -EINVAL; 409 break; 410 } 411 412 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 413 (u32 __user *) optval)) 414 err = -EFAULT; 415 416 break; 417 418 case BT_FLUSHABLE: 419 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 420 (u32 __user *) optval)) 421 err = -EFAULT; 422 423 break; 424 425 case BT_POWER: 426 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 427 && sk->sk_type != SOCK_RAW) { 428 err = -EINVAL; 429 break; 430 } 431 432 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 433 434 len = min_t(unsigned int, len, sizeof(pwr)); 435 if (copy_to_user(optval, (char *) &pwr, len)) 436 err = -EFAULT; 437 438 break; 439 440 case BT_CHANNEL_POLICY: 441 if (!enable_hs) { 442 err = -ENOPROTOOPT; 443 break; 444 } 445 446 if (put_user(chan->chan_policy, (u32 __user *) optval)) 447 err = -EFAULT; 448 break; 449 450 default: 451 err = -ENOPROTOOPT; 452 break; 453 } 454 455 release_sock(sk); 456 return err; 457} 458 459static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 460{ 461 switch (chan->scid) { 462 case L2CAP_CID_LE_DATA: 463 if (mtu < L2CAP_LE_MIN_MTU) 464 return false; 465 break; 466 467 default: 468 if (mtu < L2CAP_DEFAULT_MIN_MTU) 469 return false; 470 } 471 472 return true; 473} 474 475static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 476 char __user *optval, unsigned int optlen) 477{ 478 struct sock *sk = sock->sk; 479 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 480 struct l2cap_options opts; 481 int len, err = 0; 482 u32 opt; 483 484 BT_DBG("sk %p", sk); 485 486 lock_sock(sk); 487 488 switch (optname) { 489 case L2CAP_OPTIONS: 490 if (sk->sk_state == BT_CONNECTED) { 491 err = -EINVAL; 492 break; 493 } 494 495 opts.imtu = chan->imtu; 496 opts.omtu = chan->omtu; 497 opts.flush_to = chan->flush_to; 498 opts.mode = chan->mode; 499 opts.fcs = chan->fcs; 500 opts.max_tx = chan->max_tx; 501 opts.txwin_size = chan->tx_win; 502 503 len = min_t(unsigned int, sizeof(opts), optlen); 504 if (copy_from_user((char *) &opts, optval, len)) { 505 err = -EFAULT; 506 break; 507 } 508 509 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 510 err = -EINVAL; 511 break; 512 } 513 514 if (!l2cap_valid_mtu(chan, opts.imtu)) { 515 err = -EINVAL; 516 break; 517 } 518 519 chan->mode = opts.mode; 520 switch (chan->mode) { 521 case L2CAP_MODE_BASIC: 522 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 523 break; 524 case L2CAP_MODE_ERTM: 525 case L2CAP_MODE_STREAMING: 526 if (!disable_ertm) 527 break; 528 /* fall through */ 529 default: 530 err = -EINVAL; 531 break; 532 } 533 534 chan->imtu = opts.imtu; 535 chan->omtu = opts.omtu; 536 chan->fcs = opts.fcs; 537 chan->max_tx = opts.max_tx; 538 chan->tx_win = opts.txwin_size; 539 chan->flush_to = opts.flush_to; 540 break; 541 542 case L2CAP_LM: 543 if (get_user(opt, (u32 __user *) optval)) { 544 err = -EFAULT; 545 break; 546 } 547 548 if (opt & L2CAP_LM_AUTH) 549 chan->sec_level = BT_SECURITY_LOW; 550 if (opt & L2CAP_LM_ENCRYPT) 551 chan->sec_level = BT_SECURITY_MEDIUM; 552 if (opt & L2CAP_LM_SECURE) 553 chan->sec_level = BT_SECURITY_HIGH; 554 555 if (opt & L2CAP_LM_MASTER) 556 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 557 else 558 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 559 560 if (opt & L2CAP_LM_RELIABLE) 561 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 562 else 563 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 564 break; 565 566 default: 567 err = -ENOPROTOOPT; 568 break; 569 } 570 571 release_sock(sk); 572 return err; 573} 574 575static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 576 char __user *optval, unsigned int optlen) 577{ 578 struct sock *sk = sock->sk; 579 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 580 struct bt_security sec; 581 struct bt_power pwr; 582 struct l2cap_conn *conn; 583 int len, err = 0; 584 u32 opt; 585 586 BT_DBG("sk %p", sk); 587 588 if (level == SOL_L2CAP) 589 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 590 591 if (level != SOL_BLUETOOTH) 592 return -ENOPROTOOPT; 593 594 lock_sock(sk); 595 596 switch (optname) { 597 case BT_SECURITY: 598 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 599 chan->chan_type != L2CAP_CHAN_RAW) { 600 err = -EINVAL; 601 break; 602 } 603 604 sec.level = BT_SECURITY_LOW; 605 606 len = min_t(unsigned int, sizeof(sec), optlen); 607 if (copy_from_user((char *) &sec, optval, len)) { 608 err = -EFAULT; 609 break; 610 } 611 612 if (sec.level < BT_SECURITY_LOW || 613 sec.level > BT_SECURITY_HIGH) { 614 err = -EINVAL; 615 break; 616 } 617 618 chan->sec_level = sec.level; 619 620 if (!chan->conn) 621 break; 622 623 conn = chan->conn; 624 625 /*change security for LE channels */ 626 if (chan->scid == L2CAP_CID_LE_DATA) { 627 if (!conn->hcon->out) { 628 err = -EINVAL; 629 break; 630 } 631 632 if (smp_conn_security(conn->hcon, sec.level)) 633 break; 634 sk->sk_state = BT_CONFIG; 635 chan->state = BT_CONFIG; 636 637 /* or for ACL link */ 638 } else if ((sk->sk_state == BT_CONNECT2 && 639 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 640 sk->sk_state == BT_CONNECTED) { 641 if (!l2cap_chan_check_security(chan)) 642 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 643 else 644 sk->sk_state_change(sk); 645 } else { 646 err = -EINVAL; 647 } 648 break; 649 650 case BT_DEFER_SETUP: 651 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 652 err = -EINVAL; 653 break; 654 } 655 656 if (get_user(opt, (u32 __user *) optval)) { 657 err = -EFAULT; 658 break; 659 } 660 661 if (opt) 662 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 663 else 664 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 665 break; 666 667 case BT_FLUSHABLE: 668 if (get_user(opt, (u32 __user *) optval)) { 669 err = -EFAULT; 670 break; 671 } 672 673 if (opt > BT_FLUSHABLE_ON) { 674 err = -EINVAL; 675 break; 676 } 677 678 if (opt == BT_FLUSHABLE_OFF) { 679 struct l2cap_conn *conn = chan->conn; 680 /* proceed further only when we have l2cap_conn and 681 No Flush support in the LM */ 682 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 683 err = -EINVAL; 684 break; 685 } 686 } 687 688 if (opt) 689 set_bit(FLAG_FLUSHABLE, &chan->flags); 690 else 691 clear_bit(FLAG_FLUSHABLE, &chan->flags); 692 break; 693 694 case BT_POWER: 695 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 696 chan->chan_type != L2CAP_CHAN_RAW) { 697 err = -EINVAL; 698 break; 699 } 700 701 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 702 703 len = min_t(unsigned int, sizeof(pwr), optlen); 704 if (copy_from_user((char *) &pwr, optval, len)) { 705 err = -EFAULT; 706 break; 707 } 708 709 if (pwr.force_active) 710 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 711 else 712 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 713 break; 714 715 case BT_CHANNEL_POLICY: 716 if (!enable_hs) { 717 err = -ENOPROTOOPT; 718 break; 719 } 720 721 if (get_user(opt, (u32 __user *) optval)) { 722 err = -EFAULT; 723 break; 724 } 725 726 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 727 err = -EINVAL; 728 break; 729 } 730 731 if (chan->mode != L2CAP_MODE_ERTM && 732 chan->mode != L2CAP_MODE_STREAMING) { 733 err = -EOPNOTSUPP; 734 break; 735 } 736 737 chan->chan_policy = (u8) opt; 738 break; 739 740 default: 741 err = -ENOPROTOOPT; 742 break; 743 } 744 745 release_sock(sk); 746 return err; 747} 748 749static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 750 struct msghdr *msg, size_t len) 751{ 752 struct sock *sk = sock->sk; 753 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 754 int err; 755 756 BT_DBG("sock %p, sk %p", sock, sk); 757 758 err = sock_error(sk); 759 if (err) 760 return err; 761 762 if (msg->msg_flags & MSG_OOB) 763 return -EOPNOTSUPP; 764 765 if (sk->sk_state != BT_CONNECTED) 766 return -ENOTCONN; 767 768 l2cap_chan_lock(chan); 769 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 770 l2cap_chan_unlock(chan); 771 772 return err; 773} 774 775static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 776 struct msghdr *msg, size_t len, int flags) 777{ 778 struct sock *sk = sock->sk; 779 struct l2cap_pinfo *pi = l2cap_pi(sk); 780 int err; 781 782 lock_sock(sk); 783 784 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 785 &bt_sk(sk)->flags)) { 786 sk->sk_state = BT_CONFIG; 787 pi->chan->state = BT_CONFIG; 788 789 __l2cap_connect_rsp_defer(pi->chan); 790 release_sock(sk); 791 return 0; 792 } 793 794 release_sock(sk); 795 796 if (sock->type == SOCK_STREAM) 797 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 798 else 799 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 800 801 if (pi->chan->mode != L2CAP_MODE_ERTM) 802 return err; 803 804 /* Attempt to put pending rx data in the socket buffer */ 805 806 lock_sock(sk); 807 808 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 809 goto done; 810 811 if (pi->rx_busy_skb) { 812 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 813 pi->rx_busy_skb = NULL; 814 else 815 goto done; 816 } 817 818 /* Restore data flow when half of the receive buffer is 819 * available. This avoids resending large numbers of 820 * frames. 821 */ 822 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 823 l2cap_chan_busy(pi->chan, 0); 824 825done: 826 release_sock(sk); 827 return err; 828} 829 830/* Kill socket (only if zapped and orphan) 831 * Must be called on unlocked socket. 832 */ 833static void l2cap_sock_kill(struct sock *sk) 834{ 835 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 836 return; 837 838 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 839 840 /* Kill poor orphan */ 841 842 l2cap_chan_put(l2cap_pi(sk)->chan); 843 sock_set_flag(sk, SOCK_DEAD); 844 sock_put(sk); 845} 846 847static int l2cap_sock_shutdown(struct socket *sock, int how) 848{ 849 struct sock *sk = sock->sk; 850 struct l2cap_chan *chan; 851 struct l2cap_conn *conn; 852 int err = 0; 853 854 BT_DBG("sock %p, sk %p", sock, sk); 855 856 if (!sk) 857 return 0; 858 859 chan = l2cap_pi(sk)->chan; 860 conn = chan->conn; 861 862 if (conn) 863 mutex_lock(&conn->chan_lock); 864 865 l2cap_chan_lock(chan); 866 lock_sock(sk); 867 868 if (!sk->sk_shutdown) { 869 if (chan->mode == L2CAP_MODE_ERTM) 870 err = __l2cap_wait_ack(sk); 871 872 sk->sk_shutdown = SHUTDOWN_MASK; 873 874 release_sock(sk); 875 l2cap_chan_close(chan, 0); 876 lock_sock(sk); 877 878 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 879 err = bt_sock_wait_state(sk, BT_CLOSED, 880 sk->sk_lingertime); 881 } 882 883 if (!err && sk->sk_err) 884 err = -sk->sk_err; 885 886 release_sock(sk); 887 l2cap_chan_unlock(chan); 888 889 if (conn) 890 mutex_unlock(&conn->chan_lock); 891 892 return err; 893} 894 895static int l2cap_sock_release(struct socket *sock) 896{ 897 struct sock *sk = sock->sk; 898 int err; 899 900 BT_DBG("sock %p, sk %p", sock, sk); 901 902 if (!sk) 903 return 0; 904 905 bt_sock_unlink(&l2cap_sk_list, sk); 906 907 err = l2cap_sock_shutdown(sock, 2); 908 909 sock_orphan(sk); 910 l2cap_sock_kill(sk); 911 return err; 912} 913 914static void l2cap_sock_cleanup_listen(struct sock *parent) 915{ 916 struct sock *sk; 917 918 BT_DBG("parent %p", parent); 919 920 /* Close not yet accepted channels */ 921 while ((sk = bt_accept_dequeue(parent, NULL))) { 922 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 923 924 l2cap_chan_lock(chan); 925 __clear_chan_timer(chan); 926 l2cap_chan_close(chan, ECONNRESET); 927 l2cap_chan_unlock(chan); 928 929 l2cap_sock_kill(sk); 930 } 931} 932 933static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 934{ 935 struct sock *sk, *parent = chan->data; 936 937 /* Check for backlog size */ 938 if (sk_acceptq_is_full(parent)) { 939 BT_DBG("backlog full %d", parent->sk_ack_backlog); 940 return NULL; 941 } 942 943 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 944 GFP_ATOMIC); 945 if (!sk) 946 return NULL; 947 948 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 949 950 l2cap_sock_init(sk, parent); 951 952 bt_accept_enqueue(parent, sk); 953 954 return l2cap_pi(sk)->chan; 955} 956 957static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 958{ 959 int err; 960 struct sock *sk = chan->data; 961 struct l2cap_pinfo *pi = l2cap_pi(sk); 962 963 lock_sock(sk); 964 965 if (pi->rx_busy_skb) { 966 err = -ENOMEM; 967 goto done; 968 } 969 970 err = sock_queue_rcv_skb(sk, skb); 971 972 /* For ERTM, handle one skb that doesn't fit into the recv 973 * buffer. This is important to do because the data frames 974 * have already been acked, so the skb cannot be discarded. 975 * 976 * Notify the l2cap core that the buffer is full, so the 977 * LOCAL_BUSY state is entered and no more frames are 978 * acked and reassembled until there is buffer space 979 * available. 980 */ 981 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 982 pi->rx_busy_skb = skb; 983 l2cap_chan_busy(pi->chan, 1); 984 err = 0; 985 } 986 987done: 988 release_sock(sk); 989 990 return err; 991} 992 993static void l2cap_sock_close_cb(struct l2cap_chan *chan) 994{ 995 struct sock *sk = chan->data; 996 997 l2cap_sock_kill(sk); 998} 999 1000static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1001{ 1002 struct sock *sk = chan->data; 1003 struct sock *parent; 1004 1005 lock_sock(sk); 1006 1007 parent = bt_sk(sk)->parent; 1008 1009 sock_set_flag(sk, SOCK_ZAPPED); 1010 1011 switch (chan->state) { 1012 case BT_OPEN: 1013 case BT_BOUND: 1014 case BT_CLOSED: 1015 break; 1016 case BT_LISTEN: 1017 l2cap_sock_cleanup_listen(sk); 1018 sk->sk_state = BT_CLOSED; 1019 chan->state = BT_CLOSED; 1020 1021 break; 1022 default: 1023 sk->sk_state = BT_CLOSED; 1024 chan->state = BT_CLOSED; 1025 1026 sk->sk_err = err; 1027 1028 if (parent) { 1029 bt_accept_unlink(sk); 1030 parent->sk_data_ready(parent, 0); 1031 } else { 1032 sk->sk_state_change(sk); 1033 } 1034 1035 break; 1036 } 1037 1038 release_sock(sk); 1039} 1040 1041static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1042{ 1043 struct sock *sk = chan->data; 1044 1045 sk->sk_state = state; 1046} 1047 1048static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1049 unsigned long len, int nb) 1050{ 1051 struct sk_buff *skb; 1052 int err; 1053 1054 l2cap_chan_unlock(chan); 1055 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1056 l2cap_chan_lock(chan); 1057 1058 if (!skb) 1059 return ERR_PTR(err); 1060 1061 return skb; 1062} 1063 1064static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1065{ 1066 struct sock *sk = chan->data; 1067 struct sock *parent; 1068 1069 lock_sock(sk); 1070 1071 parent = bt_sk(sk)->parent; 1072 1073 BT_DBG("sk %p, parent %p", sk, parent); 1074 1075 sk->sk_state = BT_CONNECTED; 1076 sk->sk_state_change(sk); 1077 1078 if (parent) 1079 parent->sk_data_ready(parent, 0); 1080 1081 release_sock(sk); 1082} 1083 1084static struct l2cap_ops l2cap_chan_ops = { 1085 .name = "L2CAP Socket Interface", 1086 .new_connection = l2cap_sock_new_connection_cb, 1087 .recv = l2cap_sock_recv_cb, 1088 .close = l2cap_sock_close_cb, 1089 .teardown = l2cap_sock_teardown_cb, 1090 .state_change = l2cap_sock_state_change_cb, 1091 .ready = l2cap_sock_ready_cb, 1092 .alloc_skb = l2cap_sock_alloc_skb_cb, 1093}; 1094 1095static void l2cap_sock_destruct(struct sock *sk) 1096{ 1097 BT_DBG("sk %p", sk); 1098 1099 if (l2cap_pi(sk)->chan) 1100 l2cap_chan_put(l2cap_pi(sk)->chan); 1101 if (l2cap_pi(sk)->rx_busy_skb) { 1102 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1103 l2cap_pi(sk)->rx_busy_skb = NULL; 1104 } 1105 1106 skb_queue_purge(&sk->sk_receive_queue); 1107 skb_queue_purge(&sk->sk_write_queue); 1108} 1109 1110static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1111{ 1112 struct l2cap_pinfo *pi = l2cap_pi(sk); 1113 struct l2cap_chan *chan = pi->chan; 1114 1115 BT_DBG("sk %p", sk); 1116 1117 if (parent) { 1118 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1119 1120 sk->sk_type = parent->sk_type; 1121 bt_sk(sk)->flags = bt_sk(parent)->flags; 1122 1123 chan->chan_type = pchan->chan_type; 1124 chan->imtu = pchan->imtu; 1125 chan->omtu = pchan->omtu; 1126 chan->conf_state = pchan->conf_state; 1127 chan->mode = pchan->mode; 1128 chan->fcs = pchan->fcs; 1129 chan->max_tx = pchan->max_tx; 1130 chan->tx_win = pchan->tx_win; 1131 chan->tx_win_max = pchan->tx_win_max; 1132 chan->sec_level = pchan->sec_level; 1133 chan->flags = pchan->flags; 1134 1135 security_sk_clone(parent, sk); 1136 } else { 1137 1138 switch (sk->sk_type) { 1139 case SOCK_RAW: 1140 chan->chan_type = L2CAP_CHAN_RAW; 1141 break; 1142 case SOCK_DGRAM: 1143 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1144 break; 1145 case SOCK_SEQPACKET: 1146 case SOCK_STREAM: 1147 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1148 break; 1149 } 1150 1151 chan->imtu = L2CAP_DEFAULT_MTU; 1152 chan->omtu = 0; 1153 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1154 chan->mode = L2CAP_MODE_ERTM; 1155 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1156 } else { 1157 chan->mode = L2CAP_MODE_BASIC; 1158 } 1159 1160 l2cap_chan_set_defaults(chan); 1161 } 1162 1163 /* Default config options */ 1164 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1165 1166 chan->data = sk; 1167 chan->ops = &l2cap_chan_ops; 1168} 1169 1170static struct proto l2cap_proto = { 1171 .name = "L2CAP", 1172 .owner = THIS_MODULE, 1173 .obj_size = sizeof(struct l2cap_pinfo) 1174}; 1175 1176static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1177 int proto, gfp_t prio) 1178{ 1179 struct sock *sk; 1180 struct l2cap_chan *chan; 1181 1182 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1183 if (!sk) 1184 return NULL; 1185 1186 sock_init_data(sock, sk); 1187 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1188 1189 sk->sk_destruct = l2cap_sock_destruct; 1190 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1191 1192 sock_reset_flag(sk, SOCK_ZAPPED); 1193 1194 sk->sk_protocol = proto; 1195 sk->sk_state = BT_OPEN; 1196 1197 chan = l2cap_chan_create(); 1198 if (!chan) { 1199 sk_free(sk); 1200 return NULL; 1201 } 1202 1203 l2cap_chan_hold(chan); 1204 1205 chan->sk = sk; 1206 1207 l2cap_pi(sk)->chan = chan; 1208 1209 return sk; 1210} 1211 1212static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1213 int kern) 1214{ 1215 struct sock *sk; 1216 1217 BT_DBG("sock %p", sock); 1218 1219 sock->state = SS_UNCONNECTED; 1220 1221 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1222 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1223 return -ESOCKTNOSUPPORT; 1224 1225 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1226 return -EPERM; 1227 1228 sock->ops = &l2cap_sock_ops; 1229 1230 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1231 if (!sk) 1232 return -ENOMEM; 1233 1234 l2cap_sock_init(sk, NULL); 1235 bt_sock_link(&l2cap_sk_list, sk); 1236 return 0; 1237} 1238 1239static const struct proto_ops l2cap_sock_ops = { 1240 .family = PF_BLUETOOTH, 1241 .owner = THIS_MODULE, 1242 .release = l2cap_sock_release, 1243 .bind = l2cap_sock_bind, 1244 .connect = l2cap_sock_connect, 1245 .listen = l2cap_sock_listen, 1246 .accept = l2cap_sock_accept, 1247 .getname = l2cap_sock_getname, 1248 .sendmsg = l2cap_sock_sendmsg, 1249 .recvmsg = l2cap_sock_recvmsg, 1250 .poll = bt_sock_poll, 1251 .ioctl = bt_sock_ioctl, 1252 .mmap = sock_no_mmap, 1253 .socketpair = sock_no_socketpair, 1254 .shutdown = l2cap_sock_shutdown, 1255 .setsockopt = l2cap_sock_setsockopt, 1256 .getsockopt = l2cap_sock_getsockopt 1257}; 1258 1259static const struct net_proto_family l2cap_sock_family_ops = { 1260 .family = PF_BLUETOOTH, 1261 .owner = THIS_MODULE, 1262 .create = l2cap_sock_create, 1263}; 1264 1265int __init l2cap_init_sockets(void) 1266{ 1267 int err; 1268 1269 err = proto_register(&l2cap_proto, 0); 1270 if (err < 0) 1271 return err; 1272 1273 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1274 if (err < 0) { 1275 BT_ERR("L2CAP socket registration failed"); 1276 goto error; 1277 } 1278 1279 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, 1280 NULL); 1281 if (err < 0) { 1282 BT_ERR("Failed to create L2CAP proc file"); 1283 bt_sock_unregister(BTPROTO_L2CAP); 1284 goto error; 1285 } 1286 1287 BT_INFO("L2CAP socket layer initialized"); 1288 1289 return 0; 1290 1291error: 1292 proto_unregister(&l2cap_proto); 1293 return err; 1294} 1295 1296void l2cap_cleanup_sockets(void) 1297{ 1298 bt_procfs_cleanup(&init_net, "l2cap"); 1299 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1300 BT_ERR("L2CAP socket unregistration failed"); 1301 1302 proto_unregister(&l2cap_proto); 1303} 1304