l2cap_sock.c revision bdc257830760a784370ae4ab2d682b252b983e77
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/export.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35 36#include "smp.h" 37 38static struct bt_sock_list l2cap_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 40}; 41 42static const struct proto_ops l2cap_sock_ops; 43static void l2cap_sock_init(struct sock *sk, struct sock *parent); 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 45 int proto, gfp_t prio); 46 47bool l2cap_is_socket(struct socket *sock) 48{ 49 return sock && sock->ops == &l2cap_sock_ops; 50} 51EXPORT_SYMBOL(l2cap_is_socket); 52 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 54{ 55 struct sock *sk = sock->sk; 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 57 struct sockaddr_l2 la; 58 int len, err = 0; 59 60 BT_DBG("sk %p", sk); 61 62 if (!addr || addr->sa_family != AF_BLUETOOTH) 63 return -EINVAL; 64 65 memset(&la, 0, sizeof(la)); 66 len = min_t(unsigned int, sizeof(la), alen); 67 memcpy(&la, addr, len); 68 69 if (la.l2_cid && la.l2_psm) 70 return -EINVAL; 71 72 lock_sock(sk); 73 74 if (sk->sk_state != BT_OPEN) { 75 err = -EBADFD; 76 goto done; 77 } 78 79 if (la.l2_psm) { 80 __u16 psm = __le16_to_cpu(la.l2_psm); 81 82 /* PSM must be odd and lsb of upper byte must be 0 */ 83 if ((psm & 0x0101) != 0x0001) { 84 err = -EINVAL; 85 goto done; 86 } 87 88 /* Restrict usage of well-known PSMs */ 89 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 90 err = -EACCES; 91 goto done; 92 } 93 } 94 95 if (la.l2_cid) 96 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 97 else 98 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 99 100 if (err < 0) 101 goto done; 102 103 switch (chan->chan_type) { 104 case L2CAP_CHAN_CONN_LESS: 105 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 106 chan->sec_level = BT_SECURITY_SDP; 107 break; 108 case L2CAP_CHAN_CONN_ORIENTED: 109 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 110 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 111 chan->sec_level = BT_SECURITY_SDP; 112 break; 113 } 114 115 bacpy(&chan->src, &la.l2_bdaddr); 116 chan->src_type = la.l2_bdaddr_type; 117 118 chan->state = BT_BOUND; 119 sk->sk_state = BT_BOUND; 120 121done: 122 release_sock(sk); 123 return err; 124} 125 126static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 127 int alen, int flags) 128{ 129 struct sock *sk = sock->sk; 130 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 131 struct sockaddr_l2 la; 132 int len, err = 0; 133 134 BT_DBG("sk %p", sk); 135 136 if (!addr || alen < sizeof(addr->sa_family) || 137 addr->sa_family != AF_BLUETOOTH) 138 return -EINVAL; 139 140 memset(&la, 0, sizeof(la)); 141 len = min_t(unsigned int, sizeof(la), alen); 142 memcpy(&la, addr, len); 143 144 if (la.l2_cid && la.l2_psm) 145 return -EINVAL; 146 147 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 148 &la.l2_bdaddr, la.l2_bdaddr_type); 149 if (err) 150 return err; 151 152 lock_sock(sk); 153 154 err = bt_sock_wait_state(sk, BT_CONNECTED, 155 sock_sndtimeo(sk, flags & O_NONBLOCK)); 156 157 release_sock(sk); 158 159 return err; 160} 161 162static int l2cap_sock_listen(struct socket *sock, int backlog) 163{ 164 struct sock *sk = sock->sk; 165 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 166 int err = 0; 167 168 BT_DBG("sk %p backlog %d", sk, backlog); 169 170 lock_sock(sk); 171 172 if (sk->sk_state != BT_BOUND) { 173 err = -EBADFD; 174 goto done; 175 } 176 177 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 178 err = -EINVAL; 179 goto done; 180 } 181 182 switch (chan->mode) { 183 case L2CAP_MODE_BASIC: 184 break; 185 case L2CAP_MODE_ERTM: 186 case L2CAP_MODE_STREAMING: 187 if (!disable_ertm) 188 break; 189 /* fall through */ 190 default: 191 err = -ENOTSUPP; 192 goto done; 193 } 194 195 sk->sk_max_ack_backlog = backlog; 196 sk->sk_ack_backlog = 0; 197 198 chan->state = BT_LISTEN; 199 sk->sk_state = BT_LISTEN; 200 201done: 202 release_sock(sk); 203 return err; 204} 205 206static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 207 int flags) 208{ 209 DECLARE_WAITQUEUE(wait, current); 210 struct sock *sk = sock->sk, *nsk; 211 long timeo; 212 int err = 0; 213 214 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 215 216 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 217 218 BT_DBG("sk %p timeo %ld", sk, timeo); 219 220 /* Wait for an incoming connection. (wake-one). */ 221 add_wait_queue_exclusive(sk_sleep(sk), &wait); 222 while (1) { 223 set_current_state(TASK_INTERRUPTIBLE); 224 225 if (sk->sk_state != BT_LISTEN) { 226 err = -EBADFD; 227 break; 228 } 229 230 nsk = bt_accept_dequeue(sk, newsock); 231 if (nsk) 232 break; 233 234 if (!timeo) { 235 err = -EAGAIN; 236 break; 237 } 238 239 if (signal_pending(current)) { 240 err = sock_intr_errno(timeo); 241 break; 242 } 243 244 release_sock(sk); 245 timeo = schedule_timeout(timeo); 246 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 247 } 248 __set_current_state(TASK_RUNNING); 249 remove_wait_queue(sk_sleep(sk), &wait); 250 251 if (err) 252 goto done; 253 254 newsock->state = SS_CONNECTED; 255 256 BT_DBG("new socket %p", nsk); 257 258done: 259 release_sock(sk); 260 return err; 261} 262 263static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 264 int *len, int peer) 265{ 266 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 267 struct sock *sk = sock->sk; 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 269 270 BT_DBG("sock %p, sk %p", sock, sk); 271 272 memset(la, 0, sizeof(struct sockaddr_l2)); 273 addr->sa_family = AF_BLUETOOTH; 274 *len = sizeof(struct sockaddr_l2); 275 276 if (peer) { 277 la->l2_psm = chan->psm; 278 bacpy(&la->l2_bdaddr, &chan->dst); 279 la->l2_cid = cpu_to_le16(chan->dcid); 280 la->l2_bdaddr_type = chan->dst_type; 281 } else { 282 la->l2_psm = chan->sport; 283 bacpy(&la->l2_bdaddr, &chan->src); 284 la->l2_cid = cpu_to_le16(chan->scid); 285 la->l2_bdaddr_type = chan->src_type; 286 } 287 288 return 0; 289} 290 291static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 292 char __user *optval, int __user *optlen) 293{ 294 struct sock *sk = sock->sk; 295 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 296 struct l2cap_options opts; 297 struct l2cap_conninfo cinfo; 298 int len, err = 0; 299 u32 opt; 300 301 BT_DBG("sk %p", sk); 302 303 if (get_user(len, optlen)) 304 return -EFAULT; 305 306 lock_sock(sk); 307 308 switch (optname) { 309 case L2CAP_OPTIONS: 310 memset(&opts, 0, sizeof(opts)); 311 opts.imtu = chan->imtu; 312 opts.omtu = chan->omtu; 313 opts.flush_to = chan->flush_to; 314 opts.mode = chan->mode; 315 opts.fcs = chan->fcs; 316 opts.max_tx = chan->max_tx; 317 opts.txwin_size = chan->tx_win; 318 319 len = min_t(unsigned int, len, sizeof(opts)); 320 if (copy_to_user(optval, (char *) &opts, len)) 321 err = -EFAULT; 322 323 break; 324 325 case L2CAP_LM: 326 switch (chan->sec_level) { 327 case BT_SECURITY_LOW: 328 opt = L2CAP_LM_AUTH; 329 break; 330 case BT_SECURITY_MEDIUM: 331 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 332 break; 333 case BT_SECURITY_HIGH: 334 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 335 L2CAP_LM_SECURE; 336 break; 337 default: 338 opt = 0; 339 break; 340 } 341 342 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 343 opt |= L2CAP_LM_MASTER; 344 345 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 346 opt |= L2CAP_LM_RELIABLE; 347 348 if (put_user(opt, (u32 __user *) optval)) 349 err = -EFAULT; 350 break; 351 352 case L2CAP_CONNINFO: 353 if (sk->sk_state != BT_CONNECTED && 354 !(sk->sk_state == BT_CONNECT2 && 355 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 356 err = -ENOTCONN; 357 break; 358 } 359 360 memset(&cinfo, 0, sizeof(cinfo)); 361 cinfo.hci_handle = chan->conn->hcon->handle; 362 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 363 364 len = min_t(unsigned int, len, sizeof(cinfo)); 365 if (copy_to_user(optval, (char *) &cinfo, len)) 366 err = -EFAULT; 367 368 break; 369 370 default: 371 err = -ENOPROTOOPT; 372 break; 373 } 374 375 release_sock(sk); 376 return err; 377} 378 379static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 380 char __user *optval, int __user *optlen) 381{ 382 struct sock *sk = sock->sk; 383 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 384 struct bt_security sec; 385 struct bt_power pwr; 386 int len, err = 0; 387 388 BT_DBG("sk %p", sk); 389 390 if (level == SOL_L2CAP) 391 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 392 393 if (level != SOL_BLUETOOTH) 394 return -ENOPROTOOPT; 395 396 if (get_user(len, optlen)) 397 return -EFAULT; 398 399 lock_sock(sk); 400 401 switch (optname) { 402 case BT_SECURITY: 403 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 404 chan->chan_type != L2CAP_CHAN_RAW) { 405 err = -EINVAL; 406 break; 407 } 408 409 memset(&sec, 0, sizeof(sec)); 410 if (chan->conn) { 411 sec.level = chan->conn->hcon->sec_level; 412 413 if (sk->sk_state == BT_CONNECTED) 414 sec.key_size = chan->conn->hcon->enc_key_size; 415 } else { 416 sec.level = chan->sec_level; 417 } 418 419 len = min_t(unsigned int, len, sizeof(sec)); 420 if (copy_to_user(optval, (char *) &sec, len)) 421 err = -EFAULT; 422 423 break; 424 425 case BT_DEFER_SETUP: 426 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 427 err = -EINVAL; 428 break; 429 } 430 431 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 432 (u32 __user *) optval)) 433 err = -EFAULT; 434 435 break; 436 437 case BT_FLUSHABLE: 438 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 439 (u32 __user *) optval)) 440 err = -EFAULT; 441 442 break; 443 444 case BT_POWER: 445 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 446 && sk->sk_type != SOCK_RAW) { 447 err = -EINVAL; 448 break; 449 } 450 451 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 452 453 len = min_t(unsigned int, len, sizeof(pwr)); 454 if (copy_to_user(optval, (char *) &pwr, len)) 455 err = -EFAULT; 456 457 break; 458 459 case BT_CHANNEL_POLICY: 460 if (put_user(chan->chan_policy, (u32 __user *) optval)) 461 err = -EFAULT; 462 break; 463 464 default: 465 err = -ENOPROTOOPT; 466 break; 467 } 468 469 release_sock(sk); 470 return err; 471} 472 473static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 474{ 475 switch (chan->scid) { 476 case L2CAP_CID_ATT: 477 if (mtu < L2CAP_LE_MIN_MTU) 478 return false; 479 break; 480 481 default: 482 if (mtu < L2CAP_DEFAULT_MIN_MTU) 483 return false; 484 } 485 486 return true; 487} 488 489static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 490 char __user *optval, unsigned int optlen) 491{ 492 struct sock *sk = sock->sk; 493 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 494 struct l2cap_options opts; 495 int len, err = 0; 496 u32 opt; 497 498 BT_DBG("sk %p", sk); 499 500 lock_sock(sk); 501 502 switch (optname) { 503 case L2CAP_OPTIONS: 504 if (sk->sk_state == BT_CONNECTED) { 505 err = -EINVAL; 506 break; 507 } 508 509 opts.imtu = chan->imtu; 510 opts.omtu = chan->omtu; 511 opts.flush_to = chan->flush_to; 512 opts.mode = chan->mode; 513 opts.fcs = chan->fcs; 514 opts.max_tx = chan->max_tx; 515 opts.txwin_size = chan->tx_win; 516 517 len = min_t(unsigned int, sizeof(opts), optlen); 518 if (copy_from_user((char *) &opts, optval, len)) { 519 err = -EFAULT; 520 break; 521 } 522 523 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 524 err = -EINVAL; 525 break; 526 } 527 528 if (!l2cap_valid_mtu(chan, opts.imtu)) { 529 err = -EINVAL; 530 break; 531 } 532 533 chan->mode = opts.mode; 534 switch (chan->mode) { 535 case L2CAP_MODE_BASIC: 536 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 537 break; 538 case L2CAP_MODE_ERTM: 539 case L2CAP_MODE_STREAMING: 540 if (!disable_ertm) 541 break; 542 /* fall through */ 543 default: 544 err = -EINVAL; 545 break; 546 } 547 548 chan->imtu = opts.imtu; 549 chan->omtu = opts.omtu; 550 chan->fcs = opts.fcs; 551 chan->max_tx = opts.max_tx; 552 chan->tx_win = opts.txwin_size; 553 chan->flush_to = opts.flush_to; 554 break; 555 556 case L2CAP_LM: 557 if (get_user(opt, (u32 __user *) optval)) { 558 err = -EFAULT; 559 break; 560 } 561 562 if (opt & L2CAP_LM_AUTH) 563 chan->sec_level = BT_SECURITY_LOW; 564 if (opt & L2CAP_LM_ENCRYPT) 565 chan->sec_level = BT_SECURITY_MEDIUM; 566 if (opt & L2CAP_LM_SECURE) 567 chan->sec_level = BT_SECURITY_HIGH; 568 569 if (opt & L2CAP_LM_MASTER) 570 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 571 else 572 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 573 574 if (opt & L2CAP_LM_RELIABLE) 575 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 576 else 577 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 578 break; 579 580 default: 581 err = -ENOPROTOOPT; 582 break; 583 } 584 585 release_sock(sk); 586 return err; 587} 588 589static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 590 char __user *optval, unsigned int optlen) 591{ 592 struct sock *sk = sock->sk; 593 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 594 struct bt_security sec; 595 struct bt_power pwr; 596 struct l2cap_conn *conn; 597 int len, err = 0; 598 u32 opt; 599 600 BT_DBG("sk %p", sk); 601 602 if (level == SOL_L2CAP) 603 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 604 605 if (level != SOL_BLUETOOTH) 606 return -ENOPROTOOPT; 607 608 lock_sock(sk); 609 610 switch (optname) { 611 case BT_SECURITY: 612 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 613 chan->chan_type != L2CAP_CHAN_RAW) { 614 err = -EINVAL; 615 break; 616 } 617 618 sec.level = BT_SECURITY_LOW; 619 620 len = min_t(unsigned int, sizeof(sec), optlen); 621 if (copy_from_user((char *) &sec, optval, len)) { 622 err = -EFAULT; 623 break; 624 } 625 626 if (sec.level < BT_SECURITY_LOW || 627 sec.level > BT_SECURITY_HIGH) { 628 err = -EINVAL; 629 break; 630 } 631 632 chan->sec_level = sec.level; 633 634 if (!chan->conn) 635 break; 636 637 conn = chan->conn; 638 639 /*change security for LE channels */ 640 if (chan->scid == L2CAP_CID_ATT) { 641 if (!conn->hcon->out) { 642 err = -EINVAL; 643 break; 644 } 645 646 if (smp_conn_security(conn->hcon, sec.level)) 647 break; 648 sk->sk_state = BT_CONFIG; 649 chan->state = BT_CONFIG; 650 651 /* or for ACL link */ 652 } else if ((sk->sk_state == BT_CONNECT2 && 653 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 654 sk->sk_state == BT_CONNECTED) { 655 if (!l2cap_chan_check_security(chan)) 656 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 657 else 658 sk->sk_state_change(sk); 659 } else { 660 err = -EINVAL; 661 } 662 break; 663 664 case BT_DEFER_SETUP: 665 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 666 err = -EINVAL; 667 break; 668 } 669 670 if (get_user(opt, (u32 __user *) optval)) { 671 err = -EFAULT; 672 break; 673 } 674 675 if (opt) { 676 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 677 set_bit(FLAG_DEFER_SETUP, &chan->flags); 678 } else { 679 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 680 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 681 } 682 break; 683 684 case BT_FLUSHABLE: 685 if (get_user(opt, (u32 __user *) optval)) { 686 err = -EFAULT; 687 break; 688 } 689 690 if (opt > BT_FLUSHABLE_ON) { 691 err = -EINVAL; 692 break; 693 } 694 695 if (opt == BT_FLUSHABLE_OFF) { 696 conn = chan->conn; 697 /* proceed further only when we have l2cap_conn and 698 No Flush support in the LM */ 699 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 700 err = -EINVAL; 701 break; 702 } 703 } 704 705 if (opt) 706 set_bit(FLAG_FLUSHABLE, &chan->flags); 707 else 708 clear_bit(FLAG_FLUSHABLE, &chan->flags); 709 break; 710 711 case BT_POWER: 712 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 713 chan->chan_type != L2CAP_CHAN_RAW) { 714 err = -EINVAL; 715 break; 716 } 717 718 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 719 720 len = min_t(unsigned int, sizeof(pwr), optlen); 721 if (copy_from_user((char *) &pwr, optval, len)) { 722 err = -EFAULT; 723 break; 724 } 725 726 if (pwr.force_active) 727 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 728 else 729 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 730 break; 731 732 case BT_CHANNEL_POLICY: 733 if (get_user(opt, (u32 __user *) optval)) { 734 err = -EFAULT; 735 break; 736 } 737 738 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 739 err = -EINVAL; 740 break; 741 } 742 743 if (chan->mode != L2CAP_MODE_ERTM && 744 chan->mode != L2CAP_MODE_STREAMING) { 745 err = -EOPNOTSUPP; 746 break; 747 } 748 749 chan->chan_policy = (u8) opt; 750 751 if (sk->sk_state == BT_CONNECTED && 752 chan->move_role == L2CAP_MOVE_ROLE_NONE) 753 l2cap_move_start(chan); 754 755 break; 756 757 default: 758 err = -ENOPROTOOPT; 759 break; 760 } 761 762 release_sock(sk); 763 return err; 764} 765 766static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 767 struct msghdr *msg, size_t len) 768{ 769 struct sock *sk = sock->sk; 770 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 771 int err; 772 773 BT_DBG("sock %p, sk %p", sock, sk); 774 775 err = sock_error(sk); 776 if (err) 777 return err; 778 779 if (msg->msg_flags & MSG_OOB) 780 return -EOPNOTSUPP; 781 782 if (sk->sk_state != BT_CONNECTED) 783 return -ENOTCONN; 784 785 lock_sock(sk); 786 err = bt_sock_wait_ready(sk, msg->msg_flags); 787 release_sock(sk); 788 if (err) 789 return err; 790 791 l2cap_chan_lock(chan); 792 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 793 l2cap_chan_unlock(chan); 794 795 return err; 796} 797 798static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 799 struct msghdr *msg, size_t len, int flags) 800{ 801 struct sock *sk = sock->sk; 802 struct l2cap_pinfo *pi = l2cap_pi(sk); 803 int err; 804 805 lock_sock(sk); 806 807 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 808 &bt_sk(sk)->flags)) { 809 sk->sk_state = BT_CONFIG; 810 pi->chan->state = BT_CONFIG; 811 812 __l2cap_connect_rsp_defer(pi->chan); 813 err = 0; 814 goto done; 815 } 816 817 release_sock(sk); 818 819 if (sock->type == SOCK_STREAM) 820 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 821 else 822 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 823 824 if (pi->chan->mode != L2CAP_MODE_ERTM) 825 return err; 826 827 /* Attempt to put pending rx data in the socket buffer */ 828 829 lock_sock(sk); 830 831 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 832 goto done; 833 834 if (pi->rx_busy_skb) { 835 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 836 pi->rx_busy_skb = NULL; 837 else 838 goto done; 839 } 840 841 /* Restore data flow when half of the receive buffer is 842 * available. This avoids resending large numbers of 843 * frames. 844 */ 845 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 846 l2cap_chan_busy(pi->chan, 0); 847 848done: 849 release_sock(sk); 850 return err; 851} 852 853/* Kill socket (only if zapped and orphan) 854 * Must be called on unlocked socket. 855 */ 856static void l2cap_sock_kill(struct sock *sk) 857{ 858 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 859 return; 860 861 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 862 863 /* Kill poor orphan */ 864 865 l2cap_chan_put(l2cap_pi(sk)->chan); 866 sock_set_flag(sk, SOCK_DEAD); 867 sock_put(sk); 868} 869 870static int l2cap_sock_shutdown(struct socket *sock, int how) 871{ 872 struct sock *sk = sock->sk; 873 struct l2cap_chan *chan; 874 struct l2cap_conn *conn; 875 int err = 0; 876 877 BT_DBG("sock %p, sk %p", sock, sk); 878 879 if (!sk) 880 return 0; 881 882 chan = l2cap_pi(sk)->chan; 883 conn = chan->conn; 884 885 if (conn) 886 mutex_lock(&conn->chan_lock); 887 888 l2cap_chan_lock(chan); 889 lock_sock(sk); 890 891 if (!sk->sk_shutdown) { 892 if (chan->mode == L2CAP_MODE_ERTM) 893 err = __l2cap_wait_ack(sk); 894 895 sk->sk_shutdown = SHUTDOWN_MASK; 896 897 release_sock(sk); 898 l2cap_chan_close(chan, 0); 899 lock_sock(sk); 900 901 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 902 err = bt_sock_wait_state(sk, BT_CLOSED, 903 sk->sk_lingertime); 904 } 905 906 if (!err && sk->sk_err) 907 err = -sk->sk_err; 908 909 release_sock(sk); 910 l2cap_chan_unlock(chan); 911 912 if (conn) 913 mutex_unlock(&conn->chan_lock); 914 915 return err; 916} 917 918static int l2cap_sock_release(struct socket *sock) 919{ 920 struct sock *sk = sock->sk; 921 int err; 922 923 BT_DBG("sock %p, sk %p", sock, sk); 924 925 if (!sk) 926 return 0; 927 928 bt_sock_unlink(&l2cap_sk_list, sk); 929 930 err = l2cap_sock_shutdown(sock, 2); 931 932 sock_orphan(sk); 933 l2cap_sock_kill(sk); 934 return err; 935} 936 937static void l2cap_sock_cleanup_listen(struct sock *parent) 938{ 939 struct sock *sk; 940 941 BT_DBG("parent %p", parent); 942 943 /* Close not yet accepted channels */ 944 while ((sk = bt_accept_dequeue(parent, NULL))) { 945 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 946 947 l2cap_chan_lock(chan); 948 __clear_chan_timer(chan); 949 l2cap_chan_close(chan, ECONNRESET); 950 l2cap_chan_unlock(chan); 951 952 l2cap_sock_kill(sk); 953 } 954} 955 956static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 957{ 958 struct sock *sk, *parent = chan->data; 959 960 /* Check for backlog size */ 961 if (sk_acceptq_is_full(parent)) { 962 BT_DBG("backlog full %d", parent->sk_ack_backlog); 963 return NULL; 964 } 965 966 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 967 GFP_ATOMIC); 968 if (!sk) 969 return NULL; 970 971 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 972 973 l2cap_sock_init(sk, parent); 974 975 bt_accept_enqueue(parent, sk); 976 977 return l2cap_pi(sk)->chan; 978} 979 980static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 981{ 982 struct sock *sk = chan->data; 983 int err; 984 985 lock_sock(sk); 986 987 if (l2cap_pi(sk)->rx_busy_skb) { 988 err = -ENOMEM; 989 goto done; 990 } 991 992 err = sock_queue_rcv_skb(sk, skb); 993 994 /* For ERTM, handle one skb that doesn't fit into the recv 995 * buffer. This is important to do because the data frames 996 * have already been acked, so the skb cannot be discarded. 997 * 998 * Notify the l2cap core that the buffer is full, so the 999 * LOCAL_BUSY state is entered and no more frames are 1000 * acked and reassembled until there is buffer space 1001 * available. 1002 */ 1003 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1004 l2cap_pi(sk)->rx_busy_skb = skb; 1005 l2cap_chan_busy(chan, 1); 1006 err = 0; 1007 } 1008 1009done: 1010 release_sock(sk); 1011 1012 return err; 1013} 1014 1015static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1016{ 1017 struct sock *sk = chan->data; 1018 1019 l2cap_sock_kill(sk); 1020} 1021 1022static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1023{ 1024 struct sock *sk = chan->data; 1025 struct sock *parent; 1026 1027 lock_sock(sk); 1028 1029 parent = bt_sk(sk)->parent; 1030 1031 sock_set_flag(sk, SOCK_ZAPPED); 1032 1033 switch (chan->state) { 1034 case BT_OPEN: 1035 case BT_BOUND: 1036 case BT_CLOSED: 1037 break; 1038 case BT_LISTEN: 1039 l2cap_sock_cleanup_listen(sk); 1040 sk->sk_state = BT_CLOSED; 1041 chan->state = BT_CLOSED; 1042 1043 break; 1044 default: 1045 sk->sk_state = BT_CLOSED; 1046 chan->state = BT_CLOSED; 1047 1048 sk->sk_err = err; 1049 1050 if (parent) { 1051 bt_accept_unlink(sk); 1052 parent->sk_data_ready(parent, 0); 1053 } else { 1054 sk->sk_state_change(sk); 1055 } 1056 1057 break; 1058 } 1059 1060 release_sock(sk); 1061} 1062 1063static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1064{ 1065 struct sock *sk = chan->data; 1066 1067 sk->sk_state = state; 1068} 1069 1070static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1071 unsigned long len, int nb) 1072{ 1073 struct sk_buff *skb; 1074 int err; 1075 1076 l2cap_chan_unlock(chan); 1077 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1078 l2cap_chan_lock(chan); 1079 1080 if (!skb) 1081 return ERR_PTR(err); 1082 1083 return skb; 1084} 1085 1086static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1087{ 1088 struct sock *sk = chan->data; 1089 struct sock *parent; 1090 1091 lock_sock(sk); 1092 1093 parent = bt_sk(sk)->parent; 1094 1095 BT_DBG("sk %p, parent %p", sk, parent); 1096 1097 sk->sk_state = BT_CONNECTED; 1098 sk->sk_state_change(sk); 1099 1100 if (parent) 1101 parent->sk_data_ready(parent, 0); 1102 1103 release_sock(sk); 1104} 1105 1106static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1107{ 1108 struct sock *sk = chan->data; 1109 struct sock *parent = bt_sk(sk)->parent; 1110 1111 if (parent) 1112 parent->sk_data_ready(parent, 0); 1113} 1114 1115static struct l2cap_ops l2cap_chan_ops = { 1116 .name = "L2CAP Socket Interface", 1117 .new_connection = l2cap_sock_new_connection_cb, 1118 .recv = l2cap_sock_recv_cb, 1119 .close = l2cap_sock_close_cb, 1120 .teardown = l2cap_sock_teardown_cb, 1121 .state_change = l2cap_sock_state_change_cb, 1122 .ready = l2cap_sock_ready_cb, 1123 .defer = l2cap_sock_defer_cb, 1124 .alloc_skb = l2cap_sock_alloc_skb_cb, 1125}; 1126 1127static void l2cap_sock_destruct(struct sock *sk) 1128{ 1129 BT_DBG("sk %p", sk); 1130 1131 if (l2cap_pi(sk)->chan) 1132 l2cap_chan_put(l2cap_pi(sk)->chan); 1133 1134 if (l2cap_pi(sk)->rx_busy_skb) { 1135 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1136 l2cap_pi(sk)->rx_busy_skb = NULL; 1137 } 1138 1139 skb_queue_purge(&sk->sk_receive_queue); 1140 skb_queue_purge(&sk->sk_write_queue); 1141} 1142 1143static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1144 int *msg_namelen) 1145{ 1146 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name; 1147 1148 memset(la, 0, sizeof(struct sockaddr_l2)); 1149 la->l2_family = AF_BLUETOOTH; 1150 la->l2_psm = bt_cb(skb)->psm; 1151 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1152 1153 *msg_namelen = sizeof(struct sockaddr_l2); 1154} 1155 1156static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1157{ 1158 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1159 1160 BT_DBG("sk %p", sk); 1161 1162 if (parent) { 1163 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1164 1165 sk->sk_type = parent->sk_type; 1166 bt_sk(sk)->flags = bt_sk(parent)->flags; 1167 1168 chan->chan_type = pchan->chan_type; 1169 chan->imtu = pchan->imtu; 1170 chan->omtu = pchan->omtu; 1171 chan->conf_state = pchan->conf_state; 1172 chan->mode = pchan->mode; 1173 chan->fcs = pchan->fcs; 1174 chan->max_tx = pchan->max_tx; 1175 chan->tx_win = pchan->tx_win; 1176 chan->tx_win_max = pchan->tx_win_max; 1177 chan->sec_level = pchan->sec_level; 1178 chan->flags = pchan->flags; 1179 1180 security_sk_clone(parent, sk); 1181 } else { 1182 switch (sk->sk_type) { 1183 case SOCK_RAW: 1184 chan->chan_type = L2CAP_CHAN_RAW; 1185 break; 1186 case SOCK_DGRAM: 1187 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1188 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1189 break; 1190 case SOCK_SEQPACKET: 1191 case SOCK_STREAM: 1192 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1193 break; 1194 } 1195 1196 chan->imtu = L2CAP_DEFAULT_MTU; 1197 chan->omtu = 0; 1198 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1199 chan->mode = L2CAP_MODE_ERTM; 1200 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1201 } else { 1202 chan->mode = L2CAP_MODE_BASIC; 1203 } 1204 1205 l2cap_chan_set_defaults(chan); 1206 } 1207 1208 /* Default config options */ 1209 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1210 1211 chan->data = sk; 1212 chan->ops = &l2cap_chan_ops; 1213} 1214 1215static struct proto l2cap_proto = { 1216 .name = "L2CAP", 1217 .owner = THIS_MODULE, 1218 .obj_size = sizeof(struct l2cap_pinfo) 1219}; 1220 1221static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1222 int proto, gfp_t prio) 1223{ 1224 struct sock *sk; 1225 struct l2cap_chan *chan; 1226 1227 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1228 if (!sk) 1229 return NULL; 1230 1231 sock_init_data(sock, sk); 1232 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1233 1234 sk->sk_destruct = l2cap_sock_destruct; 1235 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1236 1237 sock_reset_flag(sk, SOCK_ZAPPED); 1238 1239 sk->sk_protocol = proto; 1240 sk->sk_state = BT_OPEN; 1241 1242 chan = l2cap_chan_create(); 1243 if (!chan) { 1244 sk_free(sk); 1245 return NULL; 1246 } 1247 1248 l2cap_chan_hold(chan); 1249 1250 chan->sk = sk; 1251 1252 l2cap_pi(sk)->chan = chan; 1253 1254 return sk; 1255} 1256 1257static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1258 int kern) 1259{ 1260 struct sock *sk; 1261 1262 BT_DBG("sock %p", sock); 1263 1264 sock->state = SS_UNCONNECTED; 1265 1266 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1267 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1268 return -ESOCKTNOSUPPORT; 1269 1270 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1271 return -EPERM; 1272 1273 sock->ops = &l2cap_sock_ops; 1274 1275 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1276 if (!sk) 1277 return -ENOMEM; 1278 1279 l2cap_sock_init(sk, NULL); 1280 bt_sock_link(&l2cap_sk_list, sk); 1281 return 0; 1282} 1283 1284static const struct proto_ops l2cap_sock_ops = { 1285 .family = PF_BLUETOOTH, 1286 .owner = THIS_MODULE, 1287 .release = l2cap_sock_release, 1288 .bind = l2cap_sock_bind, 1289 .connect = l2cap_sock_connect, 1290 .listen = l2cap_sock_listen, 1291 .accept = l2cap_sock_accept, 1292 .getname = l2cap_sock_getname, 1293 .sendmsg = l2cap_sock_sendmsg, 1294 .recvmsg = l2cap_sock_recvmsg, 1295 .poll = bt_sock_poll, 1296 .ioctl = bt_sock_ioctl, 1297 .mmap = sock_no_mmap, 1298 .socketpair = sock_no_socketpair, 1299 .shutdown = l2cap_sock_shutdown, 1300 .setsockopt = l2cap_sock_setsockopt, 1301 .getsockopt = l2cap_sock_getsockopt 1302}; 1303 1304static const struct net_proto_family l2cap_sock_family_ops = { 1305 .family = PF_BLUETOOTH, 1306 .owner = THIS_MODULE, 1307 .create = l2cap_sock_create, 1308}; 1309 1310int __init l2cap_init_sockets(void) 1311{ 1312 int err; 1313 1314 err = proto_register(&l2cap_proto, 0); 1315 if (err < 0) 1316 return err; 1317 1318 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1319 if (err < 0) { 1320 BT_ERR("L2CAP socket registration failed"); 1321 goto error; 1322 } 1323 1324 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1325 NULL); 1326 if (err < 0) { 1327 BT_ERR("Failed to create L2CAP proc file"); 1328 bt_sock_unregister(BTPROTO_L2CAP); 1329 goto error; 1330 } 1331 1332 BT_INFO("L2CAP socket layer initialized"); 1333 1334 return 0; 1335 1336error: 1337 proto_unregister(&l2cap_proto); 1338 return err; 1339} 1340 1341void l2cap_cleanup_sockets(void) 1342{ 1343 bt_procfs_cleanup(&init_net, "l2cap"); 1344 bt_sock_unregister(BTPROTO_L2CAP); 1345 proto_unregister(&l2cap_proto); 1346} 1347