l2cap_sock.c revision 8c1d787be4b62d2d1b6f04953eca4bcf7c839d44
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25*/ 26 27/* Bluetooth L2CAP sockets. */ 28 29#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/hci_core.h> 31#include <net/bluetooth/l2cap.h> 32 33/* ---- L2CAP timers ---- */ 34static void l2cap_sock_timeout(unsigned long arg) 35{ 36 struct sock *sk = (struct sock *) arg; 37 int reason; 38 39 BT_DBG("sock %p state %d", sk, sk->sk_state); 40 41 bh_lock_sock(sk); 42 43 if (sock_owned_by_user(sk)) { 44 /* sk is owned by user. Try again later */ 45 l2cap_sock_set_timer(sk, HZ / 5); 46 bh_unlock_sock(sk); 47 sock_put(sk); 48 return; 49 } 50 51 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 52 reason = ECONNREFUSED; 53 else if (sk->sk_state == BT_CONNECT && 54 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP) 55 reason = ECONNREFUSED; 56 else 57 reason = ETIMEDOUT; 58 59 __l2cap_sock_close(sk, reason); 60 61 bh_unlock_sock(sk); 62 63 l2cap_sock_kill(sk); 64 sock_put(sk); 65} 66 67void l2cap_sock_set_timer(struct sock *sk, long timeout) 68{ 69 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); 70 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 71} 72 73void l2cap_sock_clear_timer(struct sock *sk) 74{ 75 BT_DBG("sock %p state %d", sk, sk->sk_state); 76 sk_stop_timer(sk, &sk->sk_timer); 77} 78 79static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src) 80{ 81 struct sock *sk; 82 struct hlist_node *node; 83 sk_for_each(sk, node, &l2cap_sk_list.head) { 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 86 if (chan->sport == psm && !bacmp(&bt_sk(sk)->src, src)) 87 goto found; 88 } 89 90 sk = NULL; 91found: 92 return sk; 93} 94 95static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 96{ 97 struct sock *sk = sock->sk; 98 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 99 struct sockaddr_l2 la; 100 int len, err = 0; 101 102 BT_DBG("sk %p", sk); 103 104 if (!addr || addr->sa_family != AF_BLUETOOTH) 105 return -EINVAL; 106 107 memset(&la, 0, sizeof(la)); 108 len = min_t(unsigned int, sizeof(la), alen); 109 memcpy(&la, addr, len); 110 111 if (la.l2_cid && la.l2_psm) 112 return -EINVAL; 113 114 lock_sock(sk); 115 116 if (sk->sk_state != BT_OPEN) { 117 err = -EBADFD; 118 goto done; 119 } 120 121 if (la.l2_psm) { 122 __u16 psm = __le16_to_cpu(la.l2_psm); 123 124 /* PSM must be odd and lsb of upper byte must be 0 */ 125 if ((psm & 0x0101) != 0x0001) { 126 err = -EINVAL; 127 goto done; 128 } 129 130 /* Restrict usage of well-known PSMs */ 131 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 132 err = -EACCES; 133 goto done; 134 } 135 } 136 137 write_lock_bh(&l2cap_sk_list.lock); 138 139 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) { 140 err = -EADDRINUSE; 141 } else { 142 /* Save source address */ 143 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 144 chan->psm = la.l2_psm; 145 chan->sport = la.l2_psm; 146 sk->sk_state = BT_BOUND; 147 148 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 149 __le16_to_cpu(la.l2_psm) == 0x0003) 150 chan->sec_level = BT_SECURITY_SDP; 151 } 152 153 if (la.l2_cid) 154 chan->scid = la.l2_cid; 155 156 write_unlock_bh(&l2cap_sk_list.lock); 157 158done: 159 release_sock(sk); 160 return err; 161} 162 163static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 164{ 165 struct sock *sk = sock->sk; 166 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 167 struct sockaddr_l2 la; 168 int len, err = 0; 169 170 BT_DBG("sk %p", sk); 171 172 if (!addr || alen < sizeof(addr->sa_family) || 173 addr->sa_family != AF_BLUETOOTH) 174 return -EINVAL; 175 176 memset(&la, 0, sizeof(la)); 177 len = min_t(unsigned int, sizeof(la), alen); 178 memcpy(&la, addr, len); 179 180 if (la.l2_cid && la.l2_psm) 181 return -EINVAL; 182 183 lock_sock(sk); 184 185 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) 186 && !(la.l2_psm || la.l2_cid)) { 187 err = -EINVAL; 188 goto done; 189 } 190 191 switch (chan->mode) { 192 case L2CAP_MODE_BASIC: 193 break; 194 case L2CAP_MODE_ERTM: 195 case L2CAP_MODE_STREAMING: 196 if (!disable_ertm) 197 break; 198 /* fall through */ 199 default: 200 err = -ENOTSUPP; 201 goto done; 202 } 203 204 switch (sk->sk_state) { 205 case BT_CONNECT: 206 case BT_CONNECT2: 207 case BT_CONFIG: 208 /* Already connecting */ 209 goto wait; 210 211 case BT_CONNECTED: 212 /* Already connected */ 213 err = -EISCONN; 214 goto done; 215 216 case BT_OPEN: 217 case BT_BOUND: 218 /* Can connect */ 219 break; 220 221 default: 222 err = -EBADFD; 223 goto done; 224 } 225 226 /* PSM must be odd and lsb of upper byte must be 0 */ 227 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && 228 sk->sk_type != SOCK_RAW && !la.l2_cid) { 229 err = -EINVAL; 230 goto done; 231 } 232 233 /* Set destination address and psm */ 234 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 235 chan->psm = la.l2_psm; 236 chan->dcid = la.l2_cid; 237 238 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 239 if (err) 240 goto done; 241 242wait: 243 err = bt_sock_wait_state(sk, BT_CONNECTED, 244 sock_sndtimeo(sk, flags & O_NONBLOCK)); 245done: 246 release_sock(sk); 247 return err; 248} 249 250static int l2cap_sock_listen(struct socket *sock, int backlog) 251{ 252 struct sock *sk = sock->sk; 253 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 254 int err = 0; 255 256 BT_DBG("sk %p backlog %d", sk, backlog); 257 258 lock_sock(sk); 259 260 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 261 || sk->sk_state != BT_BOUND) { 262 err = -EBADFD; 263 goto done; 264 } 265 266 switch (chan->mode) { 267 case L2CAP_MODE_BASIC: 268 break; 269 case L2CAP_MODE_ERTM: 270 case L2CAP_MODE_STREAMING: 271 if (!disable_ertm) 272 break; 273 /* fall through */ 274 default: 275 err = -ENOTSUPP; 276 goto done; 277 } 278 279 if (!chan->psm && !chan->scid) { 280 bdaddr_t *src = &bt_sk(sk)->src; 281 u16 psm; 282 283 err = -EINVAL; 284 285 write_lock_bh(&l2cap_sk_list.lock); 286 287 for (psm = 0x1001; psm < 0x1100; psm += 2) 288 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) { 289 chan->psm = cpu_to_le16(psm); 290 chan->sport = cpu_to_le16(psm); 291 err = 0; 292 break; 293 } 294 295 write_unlock_bh(&l2cap_sk_list.lock); 296 297 if (err < 0) 298 goto done; 299 } 300 301 sk->sk_max_ack_backlog = backlog; 302 sk->sk_ack_backlog = 0; 303 sk->sk_state = BT_LISTEN; 304 305done: 306 release_sock(sk); 307 return err; 308} 309 310static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 311{ 312 DECLARE_WAITQUEUE(wait, current); 313 struct sock *sk = sock->sk, *nsk; 314 long timeo; 315 int err = 0; 316 317 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 318 319 if (sk->sk_state != BT_LISTEN) { 320 err = -EBADFD; 321 goto done; 322 } 323 324 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 325 326 BT_DBG("sk %p timeo %ld", sk, timeo); 327 328 /* Wait for an incoming connection. (wake-one). */ 329 add_wait_queue_exclusive(sk_sleep(sk), &wait); 330 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 331 set_current_state(TASK_INTERRUPTIBLE); 332 if (!timeo) { 333 err = -EAGAIN; 334 break; 335 } 336 337 release_sock(sk); 338 timeo = schedule_timeout(timeo); 339 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 340 341 if (sk->sk_state != BT_LISTEN) { 342 err = -EBADFD; 343 break; 344 } 345 346 if (signal_pending(current)) { 347 err = sock_intr_errno(timeo); 348 break; 349 } 350 } 351 set_current_state(TASK_RUNNING); 352 remove_wait_queue(sk_sleep(sk), &wait); 353 354 if (err) 355 goto done; 356 357 newsock->state = SS_CONNECTED; 358 359 BT_DBG("new socket %p", nsk); 360 361done: 362 release_sock(sk); 363 return err; 364} 365 366static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 367{ 368 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 369 struct sock *sk = sock->sk; 370 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 371 372 BT_DBG("sock %p, sk %p", sock, sk); 373 374 addr->sa_family = AF_BLUETOOTH; 375 *len = sizeof(struct sockaddr_l2); 376 377 if (peer) { 378 la->l2_psm = chan->psm; 379 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 380 la->l2_cid = cpu_to_le16(chan->dcid); 381 } else { 382 la->l2_psm = chan->sport; 383 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 384 la->l2_cid = cpu_to_le16(chan->scid); 385 } 386 387 return 0; 388} 389 390static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 391{ 392 struct sock *sk = sock->sk; 393 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 394 struct l2cap_options opts; 395 struct l2cap_conninfo cinfo; 396 int len, err = 0; 397 u32 opt; 398 399 BT_DBG("sk %p", sk); 400 401 if (get_user(len, optlen)) 402 return -EFAULT; 403 404 lock_sock(sk); 405 406 switch (optname) { 407 case L2CAP_OPTIONS: 408 memset(&opts, 0, sizeof(opts)); 409 opts.imtu = chan->imtu; 410 opts.omtu = chan->omtu; 411 opts.flush_to = chan->flush_to; 412 opts.mode = chan->mode; 413 opts.fcs = chan->fcs; 414 opts.max_tx = chan->max_tx; 415 opts.txwin_size = (__u16)chan->tx_win; 416 417 len = min_t(unsigned int, len, sizeof(opts)); 418 if (copy_to_user(optval, (char *) &opts, len)) 419 err = -EFAULT; 420 421 break; 422 423 case L2CAP_LM: 424 switch (chan->sec_level) { 425 case BT_SECURITY_LOW: 426 opt = L2CAP_LM_AUTH; 427 break; 428 case BT_SECURITY_MEDIUM: 429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 430 break; 431 case BT_SECURITY_HIGH: 432 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 433 L2CAP_LM_SECURE; 434 break; 435 default: 436 opt = 0; 437 break; 438 } 439 440 if (chan->role_switch) 441 opt |= L2CAP_LM_MASTER; 442 443 if (chan->force_reliable) 444 opt |= L2CAP_LM_RELIABLE; 445 446 if (put_user(opt, (u32 __user *) optval)) 447 err = -EFAULT; 448 break; 449 450 case L2CAP_CONNINFO: 451 if (sk->sk_state != BT_CONNECTED && 452 !(sk->sk_state == BT_CONNECT2 && 453 bt_sk(sk)->defer_setup)) { 454 err = -ENOTCONN; 455 break; 456 } 457 458 cinfo.hci_handle = chan->conn->hcon->handle; 459 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 460 461 len = min_t(unsigned int, len, sizeof(cinfo)); 462 if (copy_to_user(optval, (char *) &cinfo, len)) 463 err = -EFAULT; 464 465 break; 466 467 default: 468 err = -ENOPROTOOPT; 469 break; 470 } 471 472 release_sock(sk); 473 return err; 474} 475 476static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 477{ 478 struct sock *sk = sock->sk; 479 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 480 struct bt_security sec; 481 int len, err = 0; 482 483 BT_DBG("sk %p", sk); 484 485 if (level == SOL_L2CAP) 486 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 487 488 if (level != SOL_BLUETOOTH) 489 return -ENOPROTOOPT; 490 491 if (get_user(len, optlen)) 492 return -EFAULT; 493 494 lock_sock(sk); 495 496 switch (optname) { 497 case BT_SECURITY: 498 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 499 && sk->sk_type != SOCK_RAW) { 500 err = -EINVAL; 501 break; 502 } 503 504 sec.level = chan->sec_level; 505 506 len = min_t(unsigned int, len, sizeof(sec)); 507 if (copy_to_user(optval, (char *) &sec, len)) 508 err = -EFAULT; 509 510 break; 511 512 case BT_DEFER_SETUP: 513 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 514 err = -EINVAL; 515 break; 516 } 517 518 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 519 err = -EFAULT; 520 521 break; 522 523 case BT_FLUSHABLE: 524 if (put_user(chan->flushable, (u32 __user *) optval)) 525 err = -EFAULT; 526 527 break; 528 529 default: 530 err = -ENOPROTOOPT; 531 break; 532 } 533 534 release_sock(sk); 535 return err; 536} 537 538static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 539{ 540 struct sock *sk = sock->sk; 541 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 542 struct l2cap_options opts; 543 int len, err = 0; 544 u32 opt; 545 546 BT_DBG("sk %p", sk); 547 548 lock_sock(sk); 549 550 switch (optname) { 551 case L2CAP_OPTIONS: 552 if (sk->sk_state == BT_CONNECTED) { 553 err = -EINVAL; 554 break; 555 } 556 557 opts.imtu = chan->imtu; 558 opts.omtu = chan->omtu; 559 opts.flush_to = chan->flush_to; 560 opts.mode = chan->mode; 561 opts.fcs = chan->fcs; 562 opts.max_tx = chan->max_tx; 563 opts.txwin_size = (__u16)chan->tx_win; 564 565 len = min_t(unsigned int, sizeof(opts), optlen); 566 if (copy_from_user((char *) &opts, optval, len)) { 567 err = -EFAULT; 568 break; 569 } 570 571 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 572 err = -EINVAL; 573 break; 574 } 575 576 chan->mode = opts.mode; 577 switch (chan->mode) { 578 case L2CAP_MODE_BASIC: 579 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; 580 break; 581 case L2CAP_MODE_ERTM: 582 case L2CAP_MODE_STREAMING: 583 if (!disable_ertm) 584 break; 585 /* fall through */ 586 default: 587 err = -EINVAL; 588 break; 589 } 590 591 chan->imtu = opts.imtu; 592 chan->omtu = opts.omtu; 593 chan->fcs = opts.fcs; 594 chan->max_tx = opts.max_tx; 595 chan->tx_win = (__u8)opts.txwin_size; 596 break; 597 598 case L2CAP_LM: 599 if (get_user(opt, (u32 __user *) optval)) { 600 err = -EFAULT; 601 break; 602 } 603 604 if (opt & L2CAP_LM_AUTH) 605 chan->sec_level = BT_SECURITY_LOW; 606 if (opt & L2CAP_LM_ENCRYPT) 607 chan->sec_level = BT_SECURITY_MEDIUM; 608 if (opt & L2CAP_LM_SECURE) 609 chan->sec_level = BT_SECURITY_HIGH; 610 611 chan->role_switch = (opt & L2CAP_LM_MASTER); 612 chan->force_reliable = (opt & L2CAP_LM_RELIABLE); 613 break; 614 615 default: 616 err = -ENOPROTOOPT; 617 break; 618 } 619 620 release_sock(sk); 621 return err; 622} 623 624static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 625{ 626 struct sock *sk = sock->sk; 627 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 628 struct bt_security sec; 629 int len, err = 0; 630 u32 opt; 631 632 BT_DBG("sk %p", sk); 633 634 if (level == SOL_L2CAP) 635 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 636 637 if (level != SOL_BLUETOOTH) 638 return -ENOPROTOOPT; 639 640 lock_sock(sk); 641 642 switch (optname) { 643 case BT_SECURITY: 644 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 645 && sk->sk_type != SOCK_RAW) { 646 err = -EINVAL; 647 break; 648 } 649 650 sec.level = BT_SECURITY_LOW; 651 652 len = min_t(unsigned int, sizeof(sec), optlen); 653 if (copy_from_user((char *) &sec, optval, len)) { 654 err = -EFAULT; 655 break; 656 } 657 658 if (sec.level < BT_SECURITY_LOW || 659 sec.level > BT_SECURITY_HIGH) { 660 err = -EINVAL; 661 break; 662 } 663 664 chan->sec_level = sec.level; 665 break; 666 667 case BT_DEFER_SETUP: 668 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 669 err = -EINVAL; 670 break; 671 } 672 673 if (get_user(opt, (u32 __user *) optval)) { 674 err = -EFAULT; 675 break; 676 } 677 678 bt_sk(sk)->defer_setup = opt; 679 break; 680 681 case BT_FLUSHABLE: 682 if (get_user(opt, (u32 __user *) optval)) { 683 err = -EFAULT; 684 break; 685 } 686 687 if (opt > BT_FLUSHABLE_ON) { 688 err = -EINVAL; 689 break; 690 } 691 692 if (opt == BT_FLUSHABLE_OFF) { 693 struct l2cap_conn *conn = chan->conn; 694 /* proceed futher only when we have l2cap_conn and 695 No Flush support in the LM */ 696 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 697 err = -EINVAL; 698 break; 699 } 700 } 701 702 chan->flushable = opt; 703 break; 704 705 default: 706 err = -ENOPROTOOPT; 707 break; 708 } 709 710 release_sock(sk); 711 return err; 712} 713 714static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 715{ 716 struct sock *sk = sock->sk; 717 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 718 struct sk_buff *skb; 719 u16 control; 720 int err; 721 722 BT_DBG("sock %p, sk %p", sock, sk); 723 724 err = sock_error(sk); 725 if (err) 726 return err; 727 728 if (msg->msg_flags & MSG_OOB) 729 return -EOPNOTSUPP; 730 731 lock_sock(sk); 732 733 if (sk->sk_state != BT_CONNECTED) { 734 err = -ENOTCONN; 735 goto done; 736 } 737 738 /* Connectionless channel */ 739 if (sk->sk_type == SOCK_DGRAM) { 740 skb = l2cap_create_connless_pdu(chan, msg, len); 741 if (IS_ERR(skb)) { 742 err = PTR_ERR(skb); 743 } else { 744 l2cap_do_send(chan, skb); 745 err = len; 746 } 747 goto done; 748 } 749 750 switch (chan->mode) { 751 case L2CAP_MODE_BASIC: 752 /* Check outgoing MTU */ 753 if (len > chan->omtu) { 754 err = -EMSGSIZE; 755 goto done; 756 } 757 758 /* Create a basic PDU */ 759 skb = l2cap_create_basic_pdu(chan, msg, len); 760 if (IS_ERR(skb)) { 761 err = PTR_ERR(skb); 762 goto done; 763 } 764 765 l2cap_do_send(chan, skb); 766 err = len; 767 break; 768 769 case L2CAP_MODE_ERTM: 770 case L2CAP_MODE_STREAMING: 771 /* Entire SDU fits into one PDU */ 772 if (len <= chan->remote_mps) { 773 control = L2CAP_SDU_UNSEGMENTED; 774 skb = l2cap_create_iframe_pdu(chan, msg, len, control, 775 0); 776 if (IS_ERR(skb)) { 777 err = PTR_ERR(skb); 778 goto done; 779 } 780 __skb_queue_tail(&chan->tx_q, skb); 781 782 if (chan->tx_send_head == NULL) 783 chan->tx_send_head = skb; 784 785 } else { 786 /* Segment SDU into multiples PDUs */ 787 err = l2cap_sar_segment_sdu(chan, msg, len); 788 if (err < 0) 789 goto done; 790 } 791 792 if (chan->mode == L2CAP_MODE_STREAMING) { 793 l2cap_streaming_send(chan); 794 err = len; 795 break; 796 } 797 798 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && 799 (chan->conn_state & L2CAP_CONN_WAIT_F)) { 800 err = len; 801 break; 802 } 803 err = l2cap_ertm_send(chan); 804 805 if (err >= 0) 806 err = len; 807 break; 808 809 default: 810 BT_DBG("bad state %1.1x", chan->mode); 811 err = -EBADFD; 812 } 813 814done: 815 release_sock(sk); 816 return err; 817} 818 819static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 820{ 821 struct sock *sk = sock->sk; 822 823 lock_sock(sk); 824 825 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 826 sk->sk_state = BT_CONFIG; 827 828 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan); 829 release_sock(sk); 830 return 0; 831 } 832 833 release_sock(sk); 834 835 if (sock->type == SOCK_STREAM) 836 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 837 838 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 839} 840 841/* Kill socket (only if zapped and orphan) 842 * Must be called on unlocked socket. 843 */ 844void l2cap_sock_kill(struct sock *sk) 845{ 846 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 847 return; 848 849 BT_DBG("sk %p state %d", sk, sk->sk_state); 850 851 /* Kill poor orphan */ 852 bt_sock_unlink(&l2cap_sk_list, sk); 853 sock_set_flag(sk, SOCK_DEAD); 854 sock_put(sk); 855} 856 857/* Must be called on unlocked socket. */ 858static void l2cap_sock_close(struct sock *sk) 859{ 860 l2cap_sock_clear_timer(sk); 861 lock_sock(sk); 862 __l2cap_sock_close(sk, ECONNRESET); 863 release_sock(sk); 864 l2cap_sock_kill(sk); 865} 866 867static void l2cap_sock_cleanup_listen(struct sock *parent) 868{ 869 struct sock *sk; 870 871 BT_DBG("parent %p", parent); 872 873 /* Close not yet accepted channels */ 874 while ((sk = bt_accept_dequeue(parent, NULL))) 875 l2cap_sock_close(sk); 876 877 parent->sk_state = BT_CLOSED; 878 sock_set_flag(parent, SOCK_ZAPPED); 879} 880 881void __l2cap_sock_close(struct sock *sk, int reason) 882{ 883 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 884 struct l2cap_conn *conn = chan->conn; 885 886 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 887 888 switch (sk->sk_state) { 889 case BT_LISTEN: 890 l2cap_sock_cleanup_listen(sk); 891 break; 892 893 case BT_CONNECTED: 894 case BT_CONFIG: 895 if ((sk->sk_type == SOCK_SEQPACKET || 896 sk->sk_type == SOCK_STREAM) && 897 conn->hcon->type == ACL_LINK) { 898 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 899 l2cap_send_disconn_req(conn, chan, reason); 900 } else 901 l2cap_chan_del(chan, reason); 902 break; 903 904 case BT_CONNECT2: 905 if ((sk->sk_type == SOCK_SEQPACKET || 906 sk->sk_type == SOCK_STREAM) && 907 conn->hcon->type == ACL_LINK) { 908 struct l2cap_conn_rsp rsp; 909 __u16 result; 910 911 if (bt_sk(sk)->defer_setup) 912 result = L2CAP_CR_SEC_BLOCK; 913 else 914 result = L2CAP_CR_BAD_PSM; 915 916 rsp.scid = cpu_to_le16(chan->dcid); 917 rsp.dcid = cpu_to_le16(chan->scid); 918 rsp.result = cpu_to_le16(result); 919 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 920 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 921 sizeof(rsp), &rsp); 922 } 923 924 l2cap_chan_del(chan, reason); 925 break; 926 927 case BT_CONNECT: 928 case BT_DISCONN: 929 l2cap_chan_del(chan, reason); 930 break; 931 932 default: 933 sock_set_flag(sk, SOCK_ZAPPED); 934 break; 935 } 936} 937 938static int l2cap_sock_shutdown(struct socket *sock, int how) 939{ 940 struct sock *sk = sock->sk; 941 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 942 int err = 0; 943 944 BT_DBG("sock %p, sk %p", sock, sk); 945 946 if (!sk) 947 return 0; 948 949 lock_sock(sk); 950 if (!sk->sk_shutdown) { 951 if (chan->mode == L2CAP_MODE_ERTM) 952 err = __l2cap_wait_ack(sk); 953 954 sk->sk_shutdown = SHUTDOWN_MASK; 955 l2cap_sock_clear_timer(sk); 956 __l2cap_sock_close(sk, 0); 957 958 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 959 err = bt_sock_wait_state(sk, BT_CLOSED, 960 sk->sk_lingertime); 961 } 962 963 if (!err && sk->sk_err) 964 err = -sk->sk_err; 965 966 release_sock(sk); 967 return err; 968} 969 970static int l2cap_sock_release(struct socket *sock) 971{ 972 struct sock *sk = sock->sk; 973 int err; 974 975 BT_DBG("sock %p, sk %p", sock, sk); 976 977 if (!sk) 978 return 0; 979 980 err = l2cap_sock_shutdown(sock, 2); 981 982 sock_orphan(sk); 983 l2cap_sock_kill(sk); 984 return err; 985} 986 987static void l2cap_sock_destruct(struct sock *sk) 988{ 989 BT_DBG("sk %p", sk); 990 991 skb_queue_purge(&sk->sk_receive_queue); 992 skb_queue_purge(&sk->sk_write_queue); 993} 994 995void l2cap_sock_init(struct sock *sk, struct sock *parent) 996{ 997 struct l2cap_pinfo *pi = l2cap_pi(sk); 998 struct l2cap_chan *chan = pi->chan; 999 1000 BT_DBG("sk %p", sk); 1001 1002 if (parent) { 1003 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1004 1005 sk->sk_type = parent->sk_type; 1006 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 1007 1008 chan->imtu = pchan->imtu; 1009 chan->omtu = pchan->omtu; 1010 chan->conf_state = pchan->conf_state; 1011 chan->mode = pchan->mode; 1012 chan->fcs = pchan->fcs; 1013 chan->max_tx = pchan->max_tx; 1014 chan->tx_win = pchan->tx_win; 1015 chan->sec_level = pchan->sec_level; 1016 chan->role_switch = pchan->role_switch; 1017 chan->force_reliable = pchan->force_reliable; 1018 chan->flushable = pchan->flushable; 1019 } else { 1020 chan->imtu = L2CAP_DEFAULT_MTU; 1021 chan->omtu = 0; 1022 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1023 chan->mode = L2CAP_MODE_ERTM; 1024 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE; 1025 } else { 1026 chan->mode = L2CAP_MODE_BASIC; 1027 } 1028 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 1029 chan->fcs = L2CAP_FCS_CRC16; 1030 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1031 chan->sec_level = BT_SECURITY_LOW; 1032 chan->role_switch = 0; 1033 chan->force_reliable = 0; 1034 chan->flushable = BT_FLUSHABLE_OFF; 1035 } 1036 1037 /* Default config options */ 1038 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1039} 1040 1041static struct proto l2cap_proto = { 1042 .name = "L2CAP", 1043 .owner = THIS_MODULE, 1044 .obj_size = sizeof(struct l2cap_pinfo) 1045}; 1046 1047struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1048{ 1049 struct sock *sk; 1050 1051 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1052 if (!sk) 1053 return NULL; 1054 1055 sock_init_data(sock, sk); 1056 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1057 1058 sk->sk_destruct = l2cap_sock_destruct; 1059 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 1060 1061 sock_reset_flag(sk, SOCK_ZAPPED); 1062 1063 sk->sk_protocol = proto; 1064 sk->sk_state = BT_OPEN; 1065 1066 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); 1067 1068 bt_sock_link(&l2cap_sk_list, sk); 1069 return sk; 1070} 1071 1072static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1073 int kern) 1074{ 1075 struct sock *sk; 1076 struct l2cap_chan *chan; 1077 1078 BT_DBG("sock %p", sock); 1079 1080 sock->state = SS_UNCONNECTED; 1081 1082 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1083 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1084 return -ESOCKTNOSUPPORT; 1085 1086 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1087 return -EPERM; 1088 1089 sock->ops = &l2cap_sock_ops; 1090 1091 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1092 if (!sk) 1093 return -ENOMEM; 1094 1095 chan = l2cap_chan_alloc(sk); 1096 if (!chan) { 1097 l2cap_sock_kill(sk); 1098 return -ENOMEM; 1099 } 1100 1101 l2cap_pi(sk)->chan = chan; 1102 1103 l2cap_sock_init(sk, NULL); 1104 return 0; 1105} 1106 1107const struct proto_ops l2cap_sock_ops = { 1108 .family = PF_BLUETOOTH, 1109 .owner = THIS_MODULE, 1110 .release = l2cap_sock_release, 1111 .bind = l2cap_sock_bind, 1112 .connect = l2cap_sock_connect, 1113 .listen = l2cap_sock_listen, 1114 .accept = l2cap_sock_accept, 1115 .getname = l2cap_sock_getname, 1116 .sendmsg = l2cap_sock_sendmsg, 1117 .recvmsg = l2cap_sock_recvmsg, 1118 .poll = bt_sock_poll, 1119 .ioctl = bt_sock_ioctl, 1120 .mmap = sock_no_mmap, 1121 .socketpair = sock_no_socketpair, 1122 .shutdown = l2cap_sock_shutdown, 1123 .setsockopt = l2cap_sock_setsockopt, 1124 .getsockopt = l2cap_sock_getsockopt 1125}; 1126 1127static const struct net_proto_family l2cap_sock_family_ops = { 1128 .family = PF_BLUETOOTH, 1129 .owner = THIS_MODULE, 1130 .create = l2cap_sock_create, 1131}; 1132 1133int __init l2cap_init_sockets(void) 1134{ 1135 int err; 1136 1137 err = proto_register(&l2cap_proto, 0); 1138 if (err < 0) 1139 return err; 1140 1141 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1142 if (err < 0) 1143 goto error; 1144 1145 BT_INFO("L2CAP socket layer initialized"); 1146 1147 return 0; 1148 1149error: 1150 BT_ERR("L2CAP socket registration failed"); 1151 proto_unregister(&l2cap_proto); 1152 return err; 1153} 1154 1155void l2cap_cleanup_sockets(void) 1156{ 1157 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1158 BT_ERR("L2CAP socket unregistration failed"); 1159 1160 proto_unregister(&l2cap_proto); 1161} 1162