l2cap_sock.c revision 6a974b50a1b0909803faac3c3228f7c1339d9971
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35 36#include "smp.h" 37 38static struct bt_sock_list l2cap_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 40}; 41 42static const struct proto_ops l2cap_sock_ops; 43static void l2cap_sock_init(struct sock *sk, struct sock *parent); 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 45 int proto, gfp_t prio); 46 47bool l2cap_is_socket(struct socket *sock) 48{ 49 return sock && sock->ops == &l2cap_sock_ops; 50} 51EXPORT_SYMBOL(l2cap_is_socket); 52 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 54{ 55 struct sock *sk = sock->sk; 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 57 struct sockaddr_l2 la; 58 int len, err = 0; 59 60 BT_DBG("sk %p", sk); 61 62 if (!addr || addr->sa_family != AF_BLUETOOTH) 63 return -EINVAL; 64 65 memset(&la, 0, sizeof(la)); 66 len = min_t(unsigned int, sizeof(la), alen); 67 memcpy(&la, addr, len); 68 69 if (la.l2_cid && la.l2_psm) 70 return -EINVAL; 71 72 lock_sock(sk); 73 74 if (sk->sk_state != BT_OPEN) { 75 err = -EBADFD; 76 goto done; 77 } 78 79 if (la.l2_psm) { 80 __u16 psm = __le16_to_cpu(la.l2_psm); 81 82 /* PSM must be odd and lsb of upper byte must be 0 */ 83 if ((psm & 0x0101) != 0x0001) { 84 err = -EINVAL; 85 goto done; 86 } 87 88 /* Restrict usage of well-known PSMs */ 89 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 90 err = -EACCES; 91 goto done; 92 } 93 } 94 95 if (la.l2_cid) 96 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 97 else 98 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 99 100 if (err < 0) 101 goto done; 102 103 switch (chan->chan_type) { 104 case L2CAP_CHAN_CONN_ORIENTED: 105 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 106 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 107 chan->sec_level = BT_SECURITY_SDP; 108 break; 109 } 110 111 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 112 113 chan->state = BT_BOUND; 114 sk->sk_state = BT_BOUND; 115 116done: 117 release_sock(sk); 118 return err; 119} 120 121static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 122 int alen, int flags) 123{ 124 struct sock *sk = sock->sk; 125 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 126 struct sockaddr_l2 la; 127 int len, err = 0; 128 129 BT_DBG("sk %p", sk); 130 131 if (!addr || alen < sizeof(addr->sa_family) || 132 addr->sa_family != AF_BLUETOOTH) 133 return -EINVAL; 134 135 memset(&la, 0, sizeof(la)); 136 len = min_t(unsigned int, sizeof(la), alen); 137 memcpy(&la, addr, len); 138 139 if (la.l2_cid && la.l2_psm) 140 return -EINVAL; 141 142 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 143 &la.l2_bdaddr, la.l2_bdaddr_type); 144 if (err) 145 return err; 146 147 lock_sock(sk); 148 149 err = bt_sock_wait_state(sk, BT_CONNECTED, 150 sock_sndtimeo(sk, flags & O_NONBLOCK)); 151 152 release_sock(sk); 153 154 return err; 155} 156 157static int l2cap_sock_listen(struct socket *sock, int backlog) 158{ 159 struct sock *sk = sock->sk; 160 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 161 int err = 0; 162 163 BT_DBG("sk %p backlog %d", sk, backlog); 164 165 lock_sock(sk); 166 167 if (sk->sk_state != BT_BOUND) { 168 err = -EBADFD; 169 goto done; 170 } 171 172 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 173 err = -EINVAL; 174 goto done; 175 } 176 177 switch (chan->mode) { 178 case L2CAP_MODE_BASIC: 179 break; 180 case L2CAP_MODE_ERTM: 181 case L2CAP_MODE_STREAMING: 182 if (!disable_ertm) 183 break; 184 /* fall through */ 185 default: 186 err = -ENOTSUPP; 187 goto done; 188 } 189 190 sk->sk_max_ack_backlog = backlog; 191 sk->sk_ack_backlog = 0; 192 193 chan->state = BT_LISTEN; 194 sk->sk_state = BT_LISTEN; 195 196done: 197 release_sock(sk); 198 return err; 199} 200 201static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 202 int flags) 203{ 204 DECLARE_WAITQUEUE(wait, current); 205 struct sock *sk = sock->sk, *nsk; 206 long timeo; 207 int err = 0; 208 209 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 210 211 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 212 213 BT_DBG("sk %p timeo %ld", sk, timeo); 214 215 /* Wait for an incoming connection. (wake-one). */ 216 add_wait_queue_exclusive(sk_sleep(sk), &wait); 217 while (1) { 218 set_current_state(TASK_INTERRUPTIBLE); 219 220 if (sk->sk_state != BT_LISTEN) { 221 err = -EBADFD; 222 break; 223 } 224 225 nsk = bt_accept_dequeue(sk, newsock); 226 if (nsk) 227 break; 228 229 if (!timeo) { 230 err = -EAGAIN; 231 break; 232 } 233 234 if (signal_pending(current)) { 235 err = sock_intr_errno(timeo); 236 break; 237 } 238 239 release_sock(sk); 240 timeo = schedule_timeout(timeo); 241 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 242 } 243 __set_current_state(TASK_RUNNING); 244 remove_wait_queue(sk_sleep(sk), &wait); 245 246 if (err) 247 goto done; 248 249 newsock->state = SS_CONNECTED; 250 251 BT_DBG("new socket %p", nsk); 252 253done: 254 release_sock(sk); 255 return err; 256} 257 258static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 259 int *len, int peer) 260{ 261 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 262 struct sock *sk = sock->sk; 263 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 264 265 BT_DBG("sock %p, sk %p", sock, sk); 266 267 memset(la, 0, sizeof(struct sockaddr_l2)); 268 addr->sa_family = AF_BLUETOOTH; 269 *len = sizeof(struct sockaddr_l2); 270 271 if (peer) { 272 la->l2_psm = chan->psm; 273 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 274 la->l2_cid = cpu_to_le16(chan->dcid); 275 } else { 276 la->l2_psm = chan->sport; 277 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 278 la->l2_cid = cpu_to_le16(chan->scid); 279 } 280 281 return 0; 282} 283 284static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 285 char __user *optval, int __user *optlen) 286{ 287 struct sock *sk = sock->sk; 288 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 289 struct l2cap_options opts; 290 struct l2cap_conninfo cinfo; 291 int len, err = 0; 292 u32 opt; 293 294 BT_DBG("sk %p", sk); 295 296 if (get_user(len, optlen)) 297 return -EFAULT; 298 299 lock_sock(sk); 300 301 switch (optname) { 302 case L2CAP_OPTIONS: 303 memset(&opts, 0, sizeof(opts)); 304 opts.imtu = chan->imtu; 305 opts.omtu = chan->omtu; 306 opts.flush_to = chan->flush_to; 307 opts.mode = chan->mode; 308 opts.fcs = chan->fcs; 309 opts.max_tx = chan->max_tx; 310 opts.txwin_size = chan->tx_win; 311 312 len = min_t(unsigned int, len, sizeof(opts)); 313 if (copy_to_user(optval, (char *) &opts, len)) 314 err = -EFAULT; 315 316 break; 317 318 case L2CAP_LM: 319 switch (chan->sec_level) { 320 case BT_SECURITY_LOW: 321 opt = L2CAP_LM_AUTH; 322 break; 323 case BT_SECURITY_MEDIUM: 324 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 325 break; 326 case BT_SECURITY_HIGH: 327 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 328 L2CAP_LM_SECURE; 329 break; 330 default: 331 opt = 0; 332 break; 333 } 334 335 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 336 opt |= L2CAP_LM_MASTER; 337 338 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 339 opt |= L2CAP_LM_RELIABLE; 340 341 if (put_user(opt, (u32 __user *) optval)) 342 err = -EFAULT; 343 break; 344 345 case L2CAP_CONNINFO: 346 if (sk->sk_state != BT_CONNECTED && 347 !(sk->sk_state == BT_CONNECT2 && 348 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 349 err = -ENOTCONN; 350 break; 351 } 352 353 memset(&cinfo, 0, sizeof(cinfo)); 354 cinfo.hci_handle = chan->conn->hcon->handle; 355 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 356 357 len = min_t(unsigned int, len, sizeof(cinfo)); 358 if (copy_to_user(optval, (char *) &cinfo, len)) 359 err = -EFAULT; 360 361 break; 362 363 default: 364 err = -ENOPROTOOPT; 365 break; 366 } 367 368 release_sock(sk); 369 return err; 370} 371 372static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 373 char __user *optval, int __user *optlen) 374{ 375 struct sock *sk = sock->sk; 376 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 377 struct bt_security sec; 378 struct bt_power pwr; 379 int len, err = 0; 380 381 BT_DBG("sk %p", sk); 382 383 if (level == SOL_L2CAP) 384 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 385 386 if (level != SOL_BLUETOOTH) 387 return -ENOPROTOOPT; 388 389 if (get_user(len, optlen)) 390 return -EFAULT; 391 392 lock_sock(sk); 393 394 switch (optname) { 395 case BT_SECURITY: 396 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 397 chan->chan_type != L2CAP_CHAN_RAW) { 398 err = -EINVAL; 399 break; 400 } 401 402 memset(&sec, 0, sizeof(sec)); 403 if (chan->conn) { 404 sec.level = chan->conn->hcon->sec_level; 405 406 if (sk->sk_state == BT_CONNECTED) 407 sec.key_size = chan->conn->hcon->enc_key_size; 408 } else { 409 sec.level = chan->sec_level; 410 } 411 412 len = min_t(unsigned int, len, sizeof(sec)); 413 if (copy_to_user(optval, (char *) &sec, len)) 414 err = -EFAULT; 415 416 break; 417 418 case BT_DEFER_SETUP: 419 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 420 err = -EINVAL; 421 break; 422 } 423 424 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 425 (u32 __user *) optval)) 426 err = -EFAULT; 427 428 break; 429 430 case BT_FLUSHABLE: 431 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 432 (u32 __user *) optval)) 433 err = -EFAULT; 434 435 break; 436 437 case BT_POWER: 438 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 439 && sk->sk_type != SOCK_RAW) { 440 err = -EINVAL; 441 break; 442 } 443 444 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 445 446 len = min_t(unsigned int, len, sizeof(pwr)); 447 if (copy_to_user(optval, (char *) &pwr, len)) 448 err = -EFAULT; 449 450 break; 451 452 case BT_CHANNEL_POLICY: 453 if (put_user(chan->chan_policy, (u32 __user *) optval)) 454 err = -EFAULT; 455 break; 456 457 default: 458 err = -ENOPROTOOPT; 459 break; 460 } 461 462 release_sock(sk); 463 return err; 464} 465 466static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 467{ 468 switch (chan->scid) { 469 case L2CAP_CID_ATT: 470 if (mtu < L2CAP_LE_MIN_MTU) 471 return false; 472 break; 473 474 default: 475 if (mtu < L2CAP_DEFAULT_MIN_MTU) 476 return false; 477 } 478 479 return true; 480} 481 482static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 483 char __user *optval, unsigned int optlen) 484{ 485 struct sock *sk = sock->sk; 486 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 487 struct l2cap_options opts; 488 int len, err = 0; 489 u32 opt; 490 491 BT_DBG("sk %p", sk); 492 493 lock_sock(sk); 494 495 switch (optname) { 496 case L2CAP_OPTIONS: 497 if (sk->sk_state == BT_CONNECTED) { 498 err = -EINVAL; 499 break; 500 } 501 502 opts.imtu = chan->imtu; 503 opts.omtu = chan->omtu; 504 opts.flush_to = chan->flush_to; 505 opts.mode = chan->mode; 506 opts.fcs = chan->fcs; 507 opts.max_tx = chan->max_tx; 508 opts.txwin_size = chan->tx_win; 509 510 len = min_t(unsigned int, sizeof(opts), optlen); 511 if (copy_from_user((char *) &opts, optval, len)) { 512 err = -EFAULT; 513 break; 514 } 515 516 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 517 err = -EINVAL; 518 break; 519 } 520 521 if (!l2cap_valid_mtu(chan, opts.imtu)) { 522 err = -EINVAL; 523 break; 524 } 525 526 chan->mode = opts.mode; 527 switch (chan->mode) { 528 case L2CAP_MODE_BASIC: 529 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 530 break; 531 case L2CAP_MODE_ERTM: 532 case L2CAP_MODE_STREAMING: 533 if (!disable_ertm) 534 break; 535 /* fall through */ 536 default: 537 err = -EINVAL; 538 break; 539 } 540 541 chan->imtu = opts.imtu; 542 chan->omtu = opts.omtu; 543 chan->fcs = opts.fcs; 544 chan->max_tx = opts.max_tx; 545 chan->tx_win = opts.txwin_size; 546 chan->flush_to = opts.flush_to; 547 break; 548 549 case L2CAP_LM: 550 if (get_user(opt, (u32 __user *) optval)) { 551 err = -EFAULT; 552 break; 553 } 554 555 if (opt & L2CAP_LM_AUTH) 556 chan->sec_level = BT_SECURITY_LOW; 557 if (opt & L2CAP_LM_ENCRYPT) 558 chan->sec_level = BT_SECURITY_MEDIUM; 559 if (opt & L2CAP_LM_SECURE) 560 chan->sec_level = BT_SECURITY_HIGH; 561 562 if (opt & L2CAP_LM_MASTER) 563 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 564 else 565 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 566 567 if (opt & L2CAP_LM_RELIABLE) 568 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 569 else 570 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 571 break; 572 573 default: 574 err = -ENOPROTOOPT; 575 break; 576 } 577 578 release_sock(sk); 579 return err; 580} 581 582static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 583 char __user *optval, unsigned int optlen) 584{ 585 struct sock *sk = sock->sk; 586 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 587 struct bt_security sec; 588 struct bt_power pwr; 589 struct l2cap_conn *conn; 590 int len, err = 0; 591 u32 opt; 592 593 BT_DBG("sk %p", sk); 594 595 if (level == SOL_L2CAP) 596 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 597 598 if (level != SOL_BLUETOOTH) 599 return -ENOPROTOOPT; 600 601 lock_sock(sk); 602 603 switch (optname) { 604 case BT_SECURITY: 605 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 606 chan->chan_type != L2CAP_CHAN_RAW) { 607 err = -EINVAL; 608 break; 609 } 610 611 sec.level = BT_SECURITY_LOW; 612 613 len = min_t(unsigned int, sizeof(sec), optlen); 614 if (copy_from_user((char *) &sec, optval, len)) { 615 err = -EFAULT; 616 break; 617 } 618 619 if (sec.level < BT_SECURITY_LOW || 620 sec.level > BT_SECURITY_HIGH) { 621 err = -EINVAL; 622 break; 623 } 624 625 chan->sec_level = sec.level; 626 627 if (!chan->conn) 628 break; 629 630 conn = chan->conn; 631 632 /*change security for LE channels */ 633 if (chan->scid == L2CAP_CID_ATT) { 634 if (!conn->hcon->out) { 635 err = -EINVAL; 636 break; 637 } 638 639 if (smp_conn_security(conn->hcon, sec.level)) 640 break; 641 sk->sk_state = BT_CONFIG; 642 chan->state = BT_CONFIG; 643 644 /* or for ACL link */ 645 } else if ((sk->sk_state == BT_CONNECT2 && 646 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 647 sk->sk_state == BT_CONNECTED) { 648 if (!l2cap_chan_check_security(chan)) 649 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 650 else 651 sk->sk_state_change(sk); 652 } else { 653 err = -EINVAL; 654 } 655 break; 656 657 case BT_DEFER_SETUP: 658 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 659 err = -EINVAL; 660 break; 661 } 662 663 if (get_user(opt, (u32 __user *) optval)) { 664 err = -EFAULT; 665 break; 666 } 667 668 if (opt) 669 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 670 else 671 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 672 break; 673 674 case BT_FLUSHABLE: 675 if (get_user(opt, (u32 __user *) optval)) { 676 err = -EFAULT; 677 break; 678 } 679 680 if (opt > BT_FLUSHABLE_ON) { 681 err = -EINVAL; 682 break; 683 } 684 685 if (opt == BT_FLUSHABLE_OFF) { 686 conn = chan->conn; 687 /* proceed further only when we have l2cap_conn and 688 No Flush support in the LM */ 689 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 690 err = -EINVAL; 691 break; 692 } 693 } 694 695 if (opt) 696 set_bit(FLAG_FLUSHABLE, &chan->flags); 697 else 698 clear_bit(FLAG_FLUSHABLE, &chan->flags); 699 break; 700 701 case BT_POWER: 702 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 703 chan->chan_type != L2CAP_CHAN_RAW) { 704 err = -EINVAL; 705 break; 706 } 707 708 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 709 710 len = min_t(unsigned int, sizeof(pwr), optlen); 711 if (copy_from_user((char *) &pwr, optval, len)) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (pwr.force_active) 717 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 718 else 719 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 720 break; 721 722 case BT_CHANNEL_POLICY: 723 if (get_user(opt, (u32 __user *) optval)) { 724 err = -EFAULT; 725 break; 726 } 727 728 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 729 err = -EINVAL; 730 break; 731 } 732 733 if (chan->mode != L2CAP_MODE_ERTM && 734 chan->mode != L2CAP_MODE_STREAMING) { 735 err = -EOPNOTSUPP; 736 break; 737 } 738 739 chan->chan_policy = (u8) opt; 740 741 if (sk->sk_state == BT_CONNECTED && 742 chan->move_role == L2CAP_MOVE_ROLE_NONE) 743 l2cap_move_start(chan); 744 745 break; 746 747 default: 748 err = -ENOPROTOOPT; 749 break; 750 } 751 752 release_sock(sk); 753 return err; 754} 755 756static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 757 struct msghdr *msg, size_t len) 758{ 759 struct sock *sk = sock->sk; 760 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 761 int err; 762 763 BT_DBG("sock %p, sk %p", sock, sk); 764 765 err = sock_error(sk); 766 if (err) 767 return err; 768 769 if (msg->msg_flags & MSG_OOB) 770 return -EOPNOTSUPP; 771 772 if (sk->sk_state != BT_CONNECTED) 773 return -ENOTCONN; 774 775 lock_sock(sk); 776 err = bt_sock_wait_ready(sk, msg->msg_flags); 777 release_sock(sk); 778 if (err) 779 return err; 780 781 l2cap_chan_lock(chan); 782 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 783 l2cap_chan_unlock(chan); 784 785 return err; 786} 787 788static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 789 struct msghdr *msg, size_t len, int flags) 790{ 791 struct sock *sk = sock->sk; 792 struct l2cap_pinfo *pi = l2cap_pi(sk); 793 int err; 794 795 lock_sock(sk); 796 797 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 798 &bt_sk(sk)->flags)) { 799 sk->sk_state = BT_CONFIG; 800 pi->chan->state = BT_CONFIG; 801 802 __l2cap_connect_rsp_defer(pi->chan); 803 err = 0; 804 goto done; 805 } 806 807 release_sock(sk); 808 809 if (sock->type == SOCK_STREAM) 810 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 811 else 812 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 813 814 if (pi->chan->mode != L2CAP_MODE_ERTM) 815 return err; 816 817 /* Attempt to put pending rx data in the socket buffer */ 818 819 lock_sock(sk); 820 821 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 822 goto done; 823 824 if (pi->rx_busy_skb) { 825 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 826 pi->rx_busy_skb = NULL; 827 else 828 goto done; 829 } 830 831 /* Restore data flow when half of the receive buffer is 832 * available. This avoids resending large numbers of 833 * frames. 834 */ 835 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 836 l2cap_chan_busy(pi->chan, 0); 837 838done: 839 release_sock(sk); 840 return err; 841} 842 843/* Kill socket (only if zapped and orphan) 844 * Must be called on unlocked socket. 845 */ 846static void l2cap_sock_kill(struct sock *sk) 847{ 848 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 849 return; 850 851 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 852 853 /* Kill poor orphan */ 854 855 l2cap_chan_put(l2cap_pi(sk)->chan); 856 sock_set_flag(sk, SOCK_DEAD); 857 sock_put(sk); 858} 859 860static int l2cap_sock_shutdown(struct socket *sock, int how) 861{ 862 struct sock *sk = sock->sk; 863 struct l2cap_chan *chan; 864 struct l2cap_conn *conn; 865 int err = 0; 866 867 BT_DBG("sock %p, sk %p", sock, sk); 868 869 if (!sk) 870 return 0; 871 872 chan = l2cap_pi(sk)->chan; 873 conn = chan->conn; 874 875 if (conn) 876 mutex_lock(&conn->chan_lock); 877 878 l2cap_chan_lock(chan); 879 lock_sock(sk); 880 881 if (!sk->sk_shutdown) { 882 if (chan->mode == L2CAP_MODE_ERTM) 883 err = __l2cap_wait_ack(sk); 884 885 sk->sk_shutdown = SHUTDOWN_MASK; 886 887 release_sock(sk); 888 l2cap_chan_close(chan, 0); 889 lock_sock(sk); 890 891 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 892 err = bt_sock_wait_state(sk, BT_CLOSED, 893 sk->sk_lingertime); 894 } 895 896 if (!err && sk->sk_err) 897 err = -sk->sk_err; 898 899 release_sock(sk); 900 l2cap_chan_unlock(chan); 901 902 if (conn) 903 mutex_unlock(&conn->chan_lock); 904 905 return err; 906} 907 908static int l2cap_sock_release(struct socket *sock) 909{ 910 struct sock *sk = sock->sk; 911 int err; 912 913 BT_DBG("sock %p, sk %p", sock, sk); 914 915 if (!sk) 916 return 0; 917 918 bt_sock_unlink(&l2cap_sk_list, sk); 919 920 err = l2cap_sock_shutdown(sock, 2); 921 922 sock_orphan(sk); 923 l2cap_sock_kill(sk); 924 return err; 925} 926 927static void l2cap_sock_cleanup_listen(struct sock *parent) 928{ 929 struct sock *sk; 930 931 BT_DBG("parent %p", parent); 932 933 /* Close not yet accepted channels */ 934 while ((sk = bt_accept_dequeue(parent, NULL))) { 935 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 936 937 l2cap_chan_lock(chan); 938 __clear_chan_timer(chan); 939 l2cap_chan_close(chan, ECONNRESET); 940 l2cap_chan_unlock(chan); 941 942 l2cap_sock_kill(sk); 943 } 944} 945 946static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 947{ 948 struct sock *sk, *parent = chan->data; 949 950 /* Check for backlog size */ 951 if (sk_acceptq_is_full(parent)) { 952 BT_DBG("backlog full %d", parent->sk_ack_backlog); 953 return NULL; 954 } 955 956 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 957 GFP_ATOMIC); 958 if (!sk) 959 return NULL; 960 961 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 962 963 l2cap_sock_init(sk, parent); 964 965 bt_accept_enqueue(parent, sk); 966 967 return l2cap_pi(sk)->chan; 968} 969 970static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 971{ 972 int err; 973 struct sock *sk = chan->data; 974 struct l2cap_pinfo *pi = l2cap_pi(sk); 975 976 lock_sock(sk); 977 978 if (pi->rx_busy_skb) { 979 err = -ENOMEM; 980 goto done; 981 } 982 983 err = sock_queue_rcv_skb(sk, skb); 984 985 /* For ERTM, handle one skb that doesn't fit into the recv 986 * buffer. This is important to do because the data frames 987 * have already been acked, so the skb cannot be discarded. 988 * 989 * Notify the l2cap core that the buffer is full, so the 990 * LOCAL_BUSY state is entered and no more frames are 991 * acked and reassembled until there is buffer space 992 * available. 993 */ 994 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 995 pi->rx_busy_skb = skb; 996 l2cap_chan_busy(pi->chan, 1); 997 err = 0; 998 } 999 1000done: 1001 release_sock(sk); 1002 1003 return err; 1004} 1005 1006static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1007{ 1008 struct sock *sk = chan->data; 1009 1010 l2cap_sock_kill(sk); 1011} 1012 1013static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1014{ 1015 struct sock *sk = chan->data; 1016 struct sock *parent; 1017 1018 lock_sock(sk); 1019 1020 parent = bt_sk(sk)->parent; 1021 1022 sock_set_flag(sk, SOCK_ZAPPED); 1023 1024 switch (chan->state) { 1025 case BT_OPEN: 1026 case BT_BOUND: 1027 case BT_CLOSED: 1028 break; 1029 case BT_LISTEN: 1030 l2cap_sock_cleanup_listen(sk); 1031 sk->sk_state = BT_CLOSED; 1032 chan->state = BT_CLOSED; 1033 1034 break; 1035 default: 1036 sk->sk_state = BT_CLOSED; 1037 chan->state = BT_CLOSED; 1038 1039 sk->sk_err = err; 1040 1041 if (parent) { 1042 bt_accept_unlink(sk); 1043 parent->sk_data_ready(parent, 0); 1044 } else { 1045 sk->sk_state_change(sk); 1046 } 1047 1048 break; 1049 } 1050 1051 release_sock(sk); 1052} 1053 1054static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1055{ 1056 struct sock *sk = chan->data; 1057 1058 sk->sk_state = state; 1059} 1060 1061static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1062 unsigned long len, int nb) 1063{ 1064 struct sk_buff *skb; 1065 int err; 1066 1067 l2cap_chan_unlock(chan); 1068 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1069 l2cap_chan_lock(chan); 1070 1071 if (!skb) 1072 return ERR_PTR(err); 1073 1074 return skb; 1075} 1076 1077static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1078{ 1079 struct sock *sk = chan->data; 1080 struct sock *parent; 1081 1082 lock_sock(sk); 1083 1084 parent = bt_sk(sk)->parent; 1085 1086 BT_DBG("sk %p, parent %p", sk, parent); 1087 1088 sk->sk_state = BT_CONNECTED; 1089 sk->sk_state_change(sk); 1090 1091 if (parent) 1092 parent->sk_data_ready(parent, 0); 1093 1094 release_sock(sk); 1095} 1096 1097static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1098{ 1099 struct sock *sk = chan->data; 1100 struct sock *parent = bt_sk(sk)->parent; 1101 1102 if (parent) 1103 parent->sk_data_ready(parent, 0); 1104} 1105 1106static struct l2cap_ops l2cap_chan_ops = { 1107 .name = "L2CAP Socket Interface", 1108 .new_connection = l2cap_sock_new_connection_cb, 1109 .recv = l2cap_sock_recv_cb, 1110 .close = l2cap_sock_close_cb, 1111 .teardown = l2cap_sock_teardown_cb, 1112 .state_change = l2cap_sock_state_change_cb, 1113 .ready = l2cap_sock_ready_cb, 1114 .defer = l2cap_sock_defer_cb, 1115 .alloc_skb = l2cap_sock_alloc_skb_cb, 1116}; 1117 1118static void l2cap_sock_destruct(struct sock *sk) 1119{ 1120 BT_DBG("sk %p", sk); 1121 1122 if (l2cap_pi(sk)->chan) 1123 l2cap_chan_put(l2cap_pi(sk)->chan); 1124 if (l2cap_pi(sk)->rx_busy_skb) { 1125 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1126 l2cap_pi(sk)->rx_busy_skb = NULL; 1127 } 1128 1129 skb_queue_purge(&sk->sk_receive_queue); 1130 skb_queue_purge(&sk->sk_write_queue); 1131} 1132 1133static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1134{ 1135 struct l2cap_pinfo *pi = l2cap_pi(sk); 1136 struct l2cap_chan *chan = pi->chan; 1137 1138 BT_DBG("sk %p", sk); 1139 1140 if (parent) { 1141 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1142 1143 sk->sk_type = parent->sk_type; 1144 bt_sk(sk)->flags = bt_sk(parent)->flags; 1145 1146 chan->chan_type = pchan->chan_type; 1147 chan->imtu = pchan->imtu; 1148 chan->omtu = pchan->omtu; 1149 chan->conf_state = pchan->conf_state; 1150 chan->mode = pchan->mode; 1151 chan->fcs = pchan->fcs; 1152 chan->max_tx = pchan->max_tx; 1153 chan->tx_win = pchan->tx_win; 1154 chan->tx_win_max = pchan->tx_win_max; 1155 chan->sec_level = pchan->sec_level; 1156 chan->flags = pchan->flags; 1157 1158 security_sk_clone(parent, sk); 1159 } else { 1160 1161 switch (sk->sk_type) { 1162 case SOCK_RAW: 1163 chan->chan_type = L2CAP_CHAN_RAW; 1164 break; 1165 case SOCK_DGRAM: 1166 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1167 break; 1168 case SOCK_SEQPACKET: 1169 case SOCK_STREAM: 1170 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1171 break; 1172 } 1173 1174 chan->imtu = L2CAP_DEFAULT_MTU; 1175 chan->omtu = 0; 1176 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1177 chan->mode = L2CAP_MODE_ERTM; 1178 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1179 } else { 1180 chan->mode = L2CAP_MODE_BASIC; 1181 } 1182 1183 l2cap_chan_set_defaults(chan); 1184 } 1185 1186 /* Default config options */ 1187 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1188 1189 chan->data = sk; 1190 chan->ops = &l2cap_chan_ops; 1191} 1192 1193static struct proto l2cap_proto = { 1194 .name = "L2CAP", 1195 .owner = THIS_MODULE, 1196 .obj_size = sizeof(struct l2cap_pinfo) 1197}; 1198 1199static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1200 int proto, gfp_t prio) 1201{ 1202 struct sock *sk; 1203 struct l2cap_chan *chan; 1204 1205 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1206 if (!sk) 1207 return NULL; 1208 1209 sock_init_data(sock, sk); 1210 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1211 1212 sk->sk_destruct = l2cap_sock_destruct; 1213 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1214 1215 sock_reset_flag(sk, SOCK_ZAPPED); 1216 1217 sk->sk_protocol = proto; 1218 sk->sk_state = BT_OPEN; 1219 1220 chan = l2cap_chan_create(); 1221 if (!chan) { 1222 sk_free(sk); 1223 return NULL; 1224 } 1225 1226 l2cap_chan_hold(chan); 1227 1228 chan->sk = sk; 1229 1230 l2cap_pi(sk)->chan = chan; 1231 1232 return sk; 1233} 1234 1235static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1236 int kern) 1237{ 1238 struct sock *sk; 1239 1240 BT_DBG("sock %p", sock); 1241 1242 sock->state = SS_UNCONNECTED; 1243 1244 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1245 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1246 return -ESOCKTNOSUPPORT; 1247 1248 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1249 return -EPERM; 1250 1251 sock->ops = &l2cap_sock_ops; 1252 1253 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1254 if (!sk) 1255 return -ENOMEM; 1256 1257 l2cap_sock_init(sk, NULL); 1258 bt_sock_link(&l2cap_sk_list, sk); 1259 return 0; 1260} 1261 1262static const struct proto_ops l2cap_sock_ops = { 1263 .family = PF_BLUETOOTH, 1264 .owner = THIS_MODULE, 1265 .release = l2cap_sock_release, 1266 .bind = l2cap_sock_bind, 1267 .connect = l2cap_sock_connect, 1268 .listen = l2cap_sock_listen, 1269 .accept = l2cap_sock_accept, 1270 .getname = l2cap_sock_getname, 1271 .sendmsg = l2cap_sock_sendmsg, 1272 .recvmsg = l2cap_sock_recvmsg, 1273 .poll = bt_sock_poll, 1274 .ioctl = bt_sock_ioctl, 1275 .mmap = sock_no_mmap, 1276 .socketpair = sock_no_socketpair, 1277 .shutdown = l2cap_sock_shutdown, 1278 .setsockopt = l2cap_sock_setsockopt, 1279 .getsockopt = l2cap_sock_getsockopt 1280}; 1281 1282static const struct net_proto_family l2cap_sock_family_ops = { 1283 .family = PF_BLUETOOTH, 1284 .owner = THIS_MODULE, 1285 .create = l2cap_sock_create, 1286}; 1287 1288int __init l2cap_init_sockets(void) 1289{ 1290 int err; 1291 1292 err = proto_register(&l2cap_proto, 0); 1293 if (err < 0) 1294 return err; 1295 1296 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1297 if (err < 0) { 1298 BT_ERR("L2CAP socket registration failed"); 1299 goto error; 1300 } 1301 1302 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1303 NULL); 1304 if (err < 0) { 1305 BT_ERR("Failed to create L2CAP proc file"); 1306 bt_sock_unregister(BTPROTO_L2CAP); 1307 goto error; 1308 } 1309 1310 BT_INFO("L2CAP socket layer initialized"); 1311 1312 return 0; 1313 1314error: 1315 proto_unregister(&l2cap_proto); 1316 return err; 1317} 1318 1319void l2cap_cleanup_sockets(void) 1320{ 1321 bt_procfs_cleanup(&init_net, "l2cap"); 1322 bt_sock_unregister(BTPROTO_L2CAP); 1323 proto_unregister(&l2cap_proto); 1324} 1325