l2cap_sock.c revision 6b3af7334bd3c403647606adfb04f6e6bcf1597e
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/security.h> 31#include <linux/export.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36#include <net/bluetooth/smp.h> 37 38static const struct proto_ops l2cap_sock_ops; 39static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43{ 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101done: 102 release_sock(sk); 103 return err; 104} 105 106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107{ 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 127 &la.l2_bdaddr); 128 if (err) 129 return err; 130 131 lock_sock(sk); 132 133 err = bt_sock_wait_state(sk, BT_CONNECTED, 134 sock_sndtimeo(sk, flags & O_NONBLOCK)); 135 136 release_sock(sk); 137 138 return err; 139} 140 141static int l2cap_sock_listen(struct socket *sock, int backlog) 142{ 143 struct sock *sk = sock->sk; 144 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 145 int err = 0; 146 147 BT_DBG("sk %p backlog %d", sk, backlog); 148 149 lock_sock(sk); 150 151 if (sk->sk_state != BT_BOUND) { 152 err = -EBADFD; 153 goto done; 154 } 155 156 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 157 err = -EINVAL; 158 goto done; 159 } 160 161 switch (chan->mode) { 162 case L2CAP_MODE_BASIC: 163 break; 164 case L2CAP_MODE_ERTM: 165 case L2CAP_MODE_STREAMING: 166 if (!disable_ertm) 167 break; 168 /* fall through */ 169 default: 170 err = -ENOTSUPP; 171 goto done; 172 } 173 174 sk->sk_max_ack_backlog = backlog; 175 sk->sk_ack_backlog = 0; 176 177 chan->state = BT_LISTEN; 178 sk->sk_state = BT_LISTEN; 179 180done: 181 release_sock(sk); 182 return err; 183} 184 185static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 186{ 187 DECLARE_WAITQUEUE(wait, current); 188 struct sock *sk = sock->sk, *nsk; 189 long timeo; 190 int err = 0; 191 192 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 193 194 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 195 196 BT_DBG("sk %p timeo %ld", sk, timeo); 197 198 /* Wait for an incoming connection. (wake-one). */ 199 add_wait_queue_exclusive(sk_sleep(sk), &wait); 200 while (1) { 201 set_current_state(TASK_INTERRUPTIBLE); 202 203 if (sk->sk_state != BT_LISTEN) { 204 err = -EBADFD; 205 break; 206 } 207 208 nsk = bt_accept_dequeue(sk, newsock); 209 if (nsk) 210 break; 211 212 if (!timeo) { 213 err = -EAGAIN; 214 break; 215 } 216 217 if (signal_pending(current)) { 218 err = sock_intr_errno(timeo); 219 break; 220 } 221 222 release_sock(sk); 223 timeo = schedule_timeout(timeo); 224 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 225 } 226 __set_current_state(TASK_RUNNING); 227 remove_wait_queue(sk_sleep(sk), &wait); 228 229 if (err) 230 goto done; 231 232 newsock->state = SS_CONNECTED; 233 234 BT_DBG("new socket %p", nsk); 235 236done: 237 release_sock(sk); 238 return err; 239} 240 241static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 242{ 243 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 244 struct sock *sk = sock->sk; 245 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 246 247 BT_DBG("sock %p, sk %p", sock, sk); 248 249 addr->sa_family = AF_BLUETOOTH; 250 *len = sizeof(struct sockaddr_l2); 251 252 if (peer) { 253 la->l2_psm = chan->psm; 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 255 la->l2_cid = cpu_to_le16(chan->dcid); 256 } else { 257 la->l2_psm = chan->sport; 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 259 la->l2_cid = cpu_to_le16(chan->scid); 260 } 261 262 return 0; 263} 264 265static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 266{ 267 struct sock *sk = sock->sk; 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 269 struct l2cap_options opts; 270 struct l2cap_conninfo cinfo; 271 int len, err = 0; 272 u32 opt; 273 274 BT_DBG("sk %p", sk); 275 276 if (get_user(len, optlen)) 277 return -EFAULT; 278 279 lock_sock(sk); 280 281 switch (optname) { 282 case L2CAP_OPTIONS: 283 memset(&opts, 0, sizeof(opts)); 284 opts.imtu = chan->imtu; 285 opts.omtu = chan->omtu; 286 opts.flush_to = chan->flush_to; 287 opts.mode = chan->mode; 288 opts.fcs = chan->fcs; 289 opts.max_tx = chan->max_tx; 290 opts.txwin_size = chan->tx_win; 291 292 len = min_t(unsigned int, len, sizeof(opts)); 293 if (copy_to_user(optval, (char *) &opts, len)) 294 err = -EFAULT; 295 296 break; 297 298 case L2CAP_LM: 299 switch (chan->sec_level) { 300 case BT_SECURITY_LOW: 301 opt = L2CAP_LM_AUTH; 302 break; 303 case BT_SECURITY_MEDIUM: 304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 305 break; 306 case BT_SECURITY_HIGH: 307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 308 L2CAP_LM_SECURE; 309 break; 310 default: 311 opt = 0; 312 break; 313 } 314 315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 316 opt |= L2CAP_LM_MASTER; 317 318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 319 opt |= L2CAP_LM_RELIABLE; 320 321 if (put_user(opt, (u32 __user *) optval)) 322 err = -EFAULT; 323 break; 324 325 case L2CAP_CONNINFO: 326 if (sk->sk_state != BT_CONNECTED && 327 !(sk->sk_state == BT_CONNECT2 && 328 bt_sk(sk)->defer_setup)) { 329 err = -ENOTCONN; 330 break; 331 } 332 333 memset(&cinfo, 0, sizeof(cinfo)); 334 cinfo.hci_handle = chan->conn->hcon->handle; 335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 336 337 len = min_t(unsigned int, len, sizeof(cinfo)); 338 if (copy_to_user(optval, (char *) &cinfo, len)) 339 err = -EFAULT; 340 341 break; 342 343 default: 344 err = -ENOPROTOOPT; 345 break; 346 } 347 348 release_sock(sk); 349 return err; 350} 351 352static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 353{ 354 struct sock *sk = sock->sk; 355 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 356 struct bt_security sec; 357 struct bt_power pwr; 358 int len, err = 0; 359 360 BT_DBG("sk %p", sk); 361 362 if (level == SOL_L2CAP) 363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 364 365 if (level != SOL_BLUETOOTH) 366 return -ENOPROTOOPT; 367 368 if (get_user(len, optlen)) 369 return -EFAULT; 370 371 lock_sock(sk); 372 373 switch (optname) { 374 case BT_SECURITY: 375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 376 chan->chan_type != L2CAP_CHAN_RAW) { 377 err = -EINVAL; 378 break; 379 } 380 381 memset(&sec, 0, sizeof(sec)); 382 sec.level = chan->sec_level; 383 384 if (sk->sk_state == BT_CONNECTED) 385 sec.key_size = chan->conn->hcon->enc_key_size; 386 387 len = min_t(unsigned int, len, sizeof(sec)); 388 if (copy_to_user(optval, (char *) &sec, len)) 389 err = -EFAULT; 390 391 break; 392 393 case BT_DEFER_SETUP: 394 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 395 err = -EINVAL; 396 break; 397 } 398 399 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 400 err = -EFAULT; 401 402 break; 403 404 case BT_FLUSHABLE: 405 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 406 (u32 __user *) optval)) 407 err = -EFAULT; 408 409 break; 410 411 case BT_POWER: 412 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 413 && sk->sk_type != SOCK_RAW) { 414 err = -EINVAL; 415 break; 416 } 417 418 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 419 420 len = min_t(unsigned int, len, sizeof(pwr)); 421 if (copy_to_user(optval, (char *) &pwr, len)) 422 err = -EFAULT; 423 424 break; 425 426 case BT_CHANNEL_POLICY: 427 if (!enable_hs) { 428 err = -ENOPROTOOPT; 429 break; 430 } 431 432 if (put_user(chan->chan_policy, (u32 __user *) optval)) 433 err = -EFAULT; 434 break; 435 436 default: 437 err = -ENOPROTOOPT; 438 break; 439 } 440 441 release_sock(sk); 442 return err; 443} 444 445static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 446{ 447 struct sock *sk = sock->sk; 448 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 449 struct l2cap_options opts; 450 int len, err = 0; 451 u32 opt; 452 453 BT_DBG("sk %p", sk); 454 455 lock_sock(sk); 456 457 switch (optname) { 458 case L2CAP_OPTIONS: 459 if (sk->sk_state == BT_CONNECTED) { 460 err = -EINVAL; 461 break; 462 } 463 464 opts.imtu = chan->imtu; 465 opts.omtu = chan->omtu; 466 opts.flush_to = chan->flush_to; 467 opts.mode = chan->mode; 468 opts.fcs = chan->fcs; 469 opts.max_tx = chan->max_tx; 470 opts.txwin_size = chan->tx_win; 471 472 len = min_t(unsigned int, sizeof(opts), optlen); 473 if (copy_from_user((char *) &opts, optval, len)) { 474 err = -EFAULT; 475 break; 476 } 477 478 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 479 err = -EINVAL; 480 break; 481 } 482 483 chan->mode = opts.mode; 484 switch (chan->mode) { 485 case L2CAP_MODE_BASIC: 486 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 487 break; 488 case L2CAP_MODE_ERTM: 489 case L2CAP_MODE_STREAMING: 490 if (!disable_ertm) 491 break; 492 /* fall through */ 493 default: 494 err = -EINVAL; 495 break; 496 } 497 498 chan->imtu = opts.imtu; 499 chan->omtu = opts.omtu; 500 chan->fcs = opts.fcs; 501 chan->max_tx = opts.max_tx; 502 chan->tx_win = opts.txwin_size; 503 break; 504 505 case L2CAP_LM: 506 if (get_user(opt, (u32 __user *) optval)) { 507 err = -EFAULT; 508 break; 509 } 510 511 if (opt & L2CAP_LM_AUTH) 512 chan->sec_level = BT_SECURITY_LOW; 513 if (opt & L2CAP_LM_ENCRYPT) 514 chan->sec_level = BT_SECURITY_MEDIUM; 515 if (opt & L2CAP_LM_SECURE) 516 chan->sec_level = BT_SECURITY_HIGH; 517 518 if (opt & L2CAP_LM_MASTER) 519 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 520 else 521 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 522 523 if (opt & L2CAP_LM_RELIABLE) 524 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 525 else 526 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 527 break; 528 529 default: 530 err = -ENOPROTOOPT; 531 break; 532 } 533 534 release_sock(sk); 535 return err; 536} 537 538static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 539{ 540 struct sock *sk = sock->sk; 541 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 542 struct bt_security sec; 543 struct bt_power pwr; 544 struct l2cap_conn *conn; 545 int len, err = 0; 546 u32 opt; 547 548 BT_DBG("sk %p", sk); 549 550 if (level == SOL_L2CAP) 551 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 552 553 if (level != SOL_BLUETOOTH) 554 return -ENOPROTOOPT; 555 556 lock_sock(sk); 557 558 switch (optname) { 559 case BT_SECURITY: 560 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 561 chan->chan_type != L2CAP_CHAN_RAW) { 562 err = -EINVAL; 563 break; 564 } 565 566 sec.level = BT_SECURITY_LOW; 567 568 len = min_t(unsigned int, sizeof(sec), optlen); 569 if (copy_from_user((char *) &sec, optval, len)) { 570 err = -EFAULT; 571 break; 572 } 573 574 if (sec.level < BT_SECURITY_LOW || 575 sec.level > BT_SECURITY_HIGH) { 576 err = -EINVAL; 577 break; 578 } 579 580 chan->sec_level = sec.level; 581 582 if (!chan->conn) 583 break; 584 585 conn = chan->conn; 586 587 /*change security for LE channels */ 588 if (chan->scid == L2CAP_CID_LE_DATA) { 589 if (!conn->hcon->out) { 590 err = -EINVAL; 591 break; 592 } 593 594 if (smp_conn_security(conn, sec.level)) 595 break; 596 sk->sk_state = BT_CONFIG; 597 chan->state = BT_CONFIG; 598 599 /* or for ACL link, under defer_setup time */ 600 } else if (sk->sk_state == BT_CONNECT2 && 601 bt_sk(sk)->defer_setup) { 602 err = l2cap_chan_check_security(chan); 603 } else { 604 err = -EINVAL; 605 } 606 break; 607 608 case BT_DEFER_SETUP: 609 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 610 err = -EINVAL; 611 break; 612 } 613 614 if (get_user(opt, (u32 __user *) optval)) { 615 err = -EFAULT; 616 break; 617 } 618 619 bt_sk(sk)->defer_setup = opt; 620 break; 621 622 case BT_FLUSHABLE: 623 if (get_user(opt, (u32 __user *) optval)) { 624 err = -EFAULT; 625 break; 626 } 627 628 if (opt > BT_FLUSHABLE_ON) { 629 err = -EINVAL; 630 break; 631 } 632 633 if (opt == BT_FLUSHABLE_OFF) { 634 struct l2cap_conn *conn = chan->conn; 635 /* proceed further only when we have l2cap_conn and 636 No Flush support in the LM */ 637 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 638 err = -EINVAL; 639 break; 640 } 641 } 642 643 if (opt) 644 set_bit(FLAG_FLUSHABLE, &chan->flags); 645 else 646 clear_bit(FLAG_FLUSHABLE, &chan->flags); 647 break; 648 649 case BT_POWER: 650 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 651 chan->chan_type != L2CAP_CHAN_RAW) { 652 err = -EINVAL; 653 break; 654 } 655 656 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 657 658 len = min_t(unsigned int, sizeof(pwr), optlen); 659 if (copy_from_user((char *) &pwr, optval, len)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (pwr.force_active) 665 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 666 else 667 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 668 break; 669 670 case BT_CHANNEL_POLICY: 671 if (!enable_hs) { 672 err = -ENOPROTOOPT; 673 break; 674 } 675 676 if (get_user(opt, (u32 __user *) optval)) { 677 err = -EFAULT; 678 break; 679 } 680 681 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 682 err = -EINVAL; 683 break; 684 } 685 686 if (chan->mode != L2CAP_MODE_ERTM && 687 chan->mode != L2CAP_MODE_STREAMING) { 688 err = -EOPNOTSUPP; 689 break; 690 } 691 692 chan->chan_policy = (u8) opt; 693 break; 694 695 default: 696 err = -ENOPROTOOPT; 697 break; 698 } 699 700 release_sock(sk); 701 return err; 702} 703 704static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 705{ 706 struct sock *sk = sock->sk; 707 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 708 int err; 709 710 BT_DBG("sock %p, sk %p", sock, sk); 711 712 err = sock_error(sk); 713 if (err) 714 return err; 715 716 if (msg->msg_flags & MSG_OOB) 717 return -EOPNOTSUPP; 718 719 lock_sock(sk); 720 721 if (sk->sk_state != BT_CONNECTED) { 722 release_sock(sk); 723 return -ENOTCONN; 724 } 725 726 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 727 728 release_sock(sk); 729 return err; 730} 731 732static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 733{ 734 struct sock *sk = sock->sk; 735 struct l2cap_pinfo *pi = l2cap_pi(sk); 736 int err; 737 738 lock_sock(sk); 739 740 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 741 sk->sk_state = BT_CONFIG; 742 pi->chan->state = BT_CONFIG; 743 744 __l2cap_connect_rsp_defer(pi->chan); 745 release_sock(sk); 746 return 0; 747 } 748 749 release_sock(sk); 750 751 if (sock->type == SOCK_STREAM) 752 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 753 else 754 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 755 756 if (pi->chan->mode != L2CAP_MODE_ERTM) 757 return err; 758 759 /* Attempt to put pending rx data in the socket buffer */ 760 761 lock_sock(sk); 762 763 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 764 goto done; 765 766 if (pi->rx_busy_skb) { 767 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 768 pi->rx_busy_skb = NULL; 769 else 770 goto done; 771 } 772 773 /* Restore data flow when half of the receive buffer is 774 * available. This avoids resending large numbers of 775 * frames. 776 */ 777 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 778 l2cap_chan_busy(pi->chan, 0); 779 780done: 781 release_sock(sk); 782 return err; 783} 784 785/* Kill socket (only if zapped and orphan) 786 * Must be called on unlocked socket. 787 */ 788static void l2cap_sock_kill(struct sock *sk) 789{ 790 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 791 return; 792 793 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 794 795 /* Kill poor orphan */ 796 797 l2cap_chan_destroy(l2cap_pi(sk)->chan); 798 sock_set_flag(sk, SOCK_DEAD); 799 sock_put(sk); 800} 801 802static int l2cap_sock_shutdown(struct socket *sock, int how) 803{ 804 struct sock *sk = sock->sk; 805 struct l2cap_chan *chan; 806 struct l2cap_conn *conn; 807 int err = 0; 808 809 BT_DBG("sock %p, sk %p", sock, sk); 810 811 if (!sk) 812 return 0; 813 814 chan = l2cap_pi(sk)->chan; 815 conn = chan->conn; 816 817 if (conn) 818 mutex_lock(&conn->chan_lock); 819 820 l2cap_chan_lock(chan); 821 lock_sock(sk); 822 823 if (!sk->sk_shutdown) { 824 if (chan->mode == L2CAP_MODE_ERTM) 825 err = __l2cap_wait_ack(sk); 826 827 sk->sk_shutdown = SHUTDOWN_MASK; 828 829 release_sock(sk); 830 l2cap_chan_close(chan, 0); 831 lock_sock(sk); 832 833 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 834 err = bt_sock_wait_state(sk, BT_CLOSED, 835 sk->sk_lingertime); 836 } 837 838 if (!err && sk->sk_err) 839 err = -sk->sk_err; 840 841 release_sock(sk); 842 l2cap_chan_unlock(chan); 843 844 if (conn) 845 mutex_unlock(&conn->chan_lock); 846 847 return err; 848} 849 850static int l2cap_sock_release(struct socket *sock) 851{ 852 struct sock *sk = sock->sk; 853 int err; 854 855 BT_DBG("sock %p, sk %p", sock, sk); 856 857 if (!sk) 858 return 0; 859 860 err = l2cap_sock_shutdown(sock, 2); 861 862 sock_orphan(sk); 863 l2cap_sock_kill(sk); 864 return err; 865} 866 867static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 868{ 869 struct sock *sk, *parent = data; 870 871 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 872 GFP_ATOMIC); 873 if (!sk) 874 return NULL; 875 876 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 877 878 l2cap_sock_init(sk, parent); 879 880 return l2cap_pi(sk)->chan; 881} 882 883static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 884{ 885 int err; 886 struct sock *sk = data; 887 struct l2cap_pinfo *pi = l2cap_pi(sk); 888 889 lock_sock(sk); 890 891 if (pi->rx_busy_skb) { 892 err = -ENOMEM; 893 goto done; 894 } 895 896 err = sock_queue_rcv_skb(sk, skb); 897 898 /* For ERTM, handle one skb that doesn't fit into the recv 899 * buffer. This is important to do because the data frames 900 * have already been acked, so the skb cannot be discarded. 901 * 902 * Notify the l2cap core that the buffer is full, so the 903 * LOCAL_BUSY state is entered and no more frames are 904 * acked and reassembled until there is buffer space 905 * available. 906 */ 907 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 908 pi->rx_busy_skb = skb; 909 l2cap_chan_busy(pi->chan, 1); 910 err = 0; 911 } 912 913done: 914 release_sock(sk); 915 916 return err; 917} 918 919static void l2cap_sock_close_cb(void *data) 920{ 921 struct sock *sk = data; 922 923 l2cap_sock_kill(sk); 924} 925 926static void l2cap_sock_state_change_cb(void *data, int state) 927{ 928 struct sock *sk = data; 929 930 sk->sk_state = state; 931} 932 933static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 934 unsigned long len, int nb) 935{ 936 struct sk_buff *skb; 937 int err; 938 939 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 940 if (!skb) 941 return ERR_PTR(err); 942 943 return skb; 944} 945 946static struct l2cap_ops l2cap_chan_ops = { 947 .name = "L2CAP Socket Interface", 948 .new_connection = l2cap_sock_new_connection_cb, 949 .recv = l2cap_sock_recv_cb, 950 .close = l2cap_sock_close_cb, 951 .state_change = l2cap_sock_state_change_cb, 952 .alloc_skb = l2cap_sock_alloc_skb_cb, 953}; 954 955static void l2cap_sock_destruct(struct sock *sk) 956{ 957 BT_DBG("sk %p", sk); 958 959 if (l2cap_pi(sk)->rx_busy_skb) { 960 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 961 l2cap_pi(sk)->rx_busy_skb = NULL; 962 } 963 964 skb_queue_purge(&sk->sk_receive_queue); 965 skb_queue_purge(&sk->sk_write_queue); 966} 967 968static void l2cap_sock_init(struct sock *sk, struct sock *parent) 969{ 970 struct l2cap_pinfo *pi = l2cap_pi(sk); 971 struct l2cap_chan *chan = pi->chan; 972 973 BT_DBG("sk %p", sk); 974 975 if (parent) { 976 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 977 978 sk->sk_type = parent->sk_type; 979 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 980 981 chan->chan_type = pchan->chan_type; 982 chan->imtu = pchan->imtu; 983 chan->omtu = pchan->omtu; 984 chan->conf_state = pchan->conf_state; 985 chan->mode = pchan->mode; 986 chan->fcs = pchan->fcs; 987 chan->max_tx = pchan->max_tx; 988 chan->tx_win = pchan->tx_win; 989 chan->tx_win_max = pchan->tx_win_max; 990 chan->sec_level = pchan->sec_level; 991 chan->flags = pchan->flags; 992 993 security_sk_clone(parent, sk); 994 } else { 995 996 switch (sk->sk_type) { 997 case SOCK_RAW: 998 chan->chan_type = L2CAP_CHAN_RAW; 999 break; 1000 case SOCK_DGRAM: 1001 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1002 break; 1003 case SOCK_SEQPACKET: 1004 case SOCK_STREAM: 1005 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1006 break; 1007 } 1008 1009 chan->imtu = L2CAP_DEFAULT_MTU; 1010 chan->omtu = 0; 1011 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1012 chan->mode = L2CAP_MODE_ERTM; 1013 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1014 } else { 1015 chan->mode = L2CAP_MODE_BASIC; 1016 } 1017 1018 l2cap_chan_set_defaults(chan); 1019 } 1020 1021 /* Default config options */ 1022 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1023 1024 chan->data = sk; 1025 chan->ops = &l2cap_chan_ops; 1026} 1027 1028static struct proto l2cap_proto = { 1029 .name = "L2CAP", 1030 .owner = THIS_MODULE, 1031 .obj_size = sizeof(struct l2cap_pinfo) 1032}; 1033 1034static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1035{ 1036 struct sock *sk; 1037 struct l2cap_chan *chan; 1038 1039 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1040 if (!sk) 1041 return NULL; 1042 1043 sock_init_data(sock, sk); 1044 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1045 1046 sk->sk_destruct = l2cap_sock_destruct; 1047 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1048 1049 sock_reset_flag(sk, SOCK_ZAPPED); 1050 1051 sk->sk_protocol = proto; 1052 sk->sk_state = BT_OPEN; 1053 1054 chan = l2cap_chan_create(); 1055 if (!chan) { 1056 l2cap_sock_kill(sk); 1057 return NULL; 1058 } 1059 1060 chan->sk = sk; 1061 1062 l2cap_pi(sk)->chan = chan; 1063 1064 return sk; 1065} 1066 1067static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1068 int kern) 1069{ 1070 struct sock *sk; 1071 1072 BT_DBG("sock %p", sock); 1073 1074 sock->state = SS_UNCONNECTED; 1075 1076 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1077 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1078 return -ESOCKTNOSUPPORT; 1079 1080 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1081 return -EPERM; 1082 1083 sock->ops = &l2cap_sock_ops; 1084 1085 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1086 if (!sk) 1087 return -ENOMEM; 1088 1089 l2cap_sock_init(sk, NULL); 1090 return 0; 1091} 1092 1093static const struct proto_ops l2cap_sock_ops = { 1094 .family = PF_BLUETOOTH, 1095 .owner = THIS_MODULE, 1096 .release = l2cap_sock_release, 1097 .bind = l2cap_sock_bind, 1098 .connect = l2cap_sock_connect, 1099 .listen = l2cap_sock_listen, 1100 .accept = l2cap_sock_accept, 1101 .getname = l2cap_sock_getname, 1102 .sendmsg = l2cap_sock_sendmsg, 1103 .recvmsg = l2cap_sock_recvmsg, 1104 .poll = bt_sock_poll, 1105 .ioctl = bt_sock_ioctl, 1106 .mmap = sock_no_mmap, 1107 .socketpair = sock_no_socketpair, 1108 .shutdown = l2cap_sock_shutdown, 1109 .setsockopt = l2cap_sock_setsockopt, 1110 .getsockopt = l2cap_sock_getsockopt 1111}; 1112 1113static const struct net_proto_family l2cap_sock_family_ops = { 1114 .family = PF_BLUETOOTH, 1115 .owner = THIS_MODULE, 1116 .create = l2cap_sock_create, 1117}; 1118 1119int __init l2cap_init_sockets(void) 1120{ 1121 int err; 1122 1123 err = proto_register(&l2cap_proto, 0); 1124 if (err < 0) 1125 return err; 1126 1127 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1128 if (err < 0) 1129 goto error; 1130 1131 BT_INFO("L2CAP socket layer initialized"); 1132 1133 return 0; 1134 1135error: 1136 BT_ERR("L2CAP socket registration failed"); 1137 proto_unregister(&l2cap_proto); 1138 return err; 1139} 1140 1141void l2cap_cleanup_sockets(void) 1142{ 1143 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1144 BT_ERR("L2CAP socket unregistration failed"); 1145 1146 proto_unregister(&l2cap_proto); 1147} 1148