l2cap_sock.c revision c47b7c724bc7106acf602b2ce99922a2d14ea62b 
1/*
2   BlueZ - Bluetooth protocol stack for Linux
3   Copyright (C) 2000-2001 Qualcomm Incorporated
4   Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5   Copyright (C) 2010 Google Inc.
6
7   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9   This program is free software; you can redistribute it and/or modify
10   it under the terms of the GNU General Public License version 2 as
11   published by the Free Software Foundation;
12
13   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24   SOFTWARE IS DISCLAIMED.
25*/
26
27/* Bluetooth L2CAP sockets. */
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/l2cap.h>
31
32static void l2cap_sock_timeout(unsigned long arg)
33{
34	struct sock *sk = (struct sock *) arg;
35	int reason;
36
37	BT_DBG("sock %p state %d", sk, sk->sk_state);
38
39	bh_lock_sock(sk);
40
41	if (sock_owned_by_user(sk)) {
42		/* sk is owned by user. Try again later */
43		l2cap_sock_set_timer(sk, HZ / 5);
44		bh_unlock_sock(sk);
45		sock_put(sk);
46		return;
47	}
48
49	if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
50		reason = ECONNREFUSED;
51	else if (sk->sk_state == BT_CONNECT &&
52				l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
53		reason = ECONNREFUSED;
54	else
55		reason = ETIMEDOUT;
56
57	__l2cap_sock_close(sk, reason);
58
59	bh_unlock_sock(sk);
60
61	l2cap_sock_kill(sk);
62	sock_put(sk);
63}
64
65static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
66{
67	struct sock *sk;
68	struct hlist_node *node;
69	sk_for_each(sk, node, &l2cap_sk_list.head)
70		if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
71			goto found;
72	sk = NULL;
73found:
74	return sk;
75}
76
77static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
78{
79	struct sock *sk = sock->sk;
80	struct sockaddr_l2 la;
81	int len, err = 0;
82
83	BT_DBG("sk %p", sk);
84
85	if (!addr || addr->sa_family != AF_BLUETOOTH)
86		return -EINVAL;
87
88	memset(&la, 0, sizeof(la));
89	len = min_t(unsigned int, sizeof(la), alen);
90	memcpy(&la, addr, len);
91
92	if (la.l2_cid)
93		return -EINVAL;
94
95	lock_sock(sk);
96
97	if (sk->sk_state != BT_OPEN) {
98		err = -EBADFD;
99		goto done;
100	}
101
102	if (la.l2_psm) {
103		__u16 psm = __le16_to_cpu(la.l2_psm);
104
105		/* PSM must be odd and lsb of upper byte must be 0 */
106		if ((psm & 0x0101) != 0x0001) {
107			err = -EINVAL;
108			goto done;
109		}
110
111		/* Restrict usage of well-known PSMs */
112		if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
113			err = -EACCES;
114			goto done;
115		}
116	}
117
118	write_lock_bh(&l2cap_sk_list.lock);
119
120	if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
121		err = -EADDRINUSE;
122	} else {
123		/* Save source address */
124		bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
125		l2cap_pi(sk)->psm   = la.l2_psm;
126		l2cap_pi(sk)->sport = la.l2_psm;
127		sk->sk_state = BT_BOUND;
128
129		if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
130					__le16_to_cpu(la.l2_psm) == 0x0003)
131			l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
132	}
133
134	write_unlock_bh(&l2cap_sk_list.lock);
135
136done:
137	release_sock(sk);
138	return err;
139}
140
141static int l2cap_sock_listen(struct socket *sock, int backlog)
142{
143	struct sock *sk = sock->sk;
144	int err = 0;
145
146	BT_DBG("sk %p backlog %d", sk, backlog);
147
148	lock_sock(sk);
149
150	if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
151			|| sk->sk_state != BT_BOUND) {
152		err = -EBADFD;
153		goto done;
154	}
155
156	switch (l2cap_pi(sk)->mode) {
157	case L2CAP_MODE_BASIC:
158		break;
159	case L2CAP_MODE_ERTM:
160	case L2CAP_MODE_STREAMING:
161		if (!disable_ertm)
162			break;
163		/* fall through */
164	default:
165		err = -ENOTSUPP;
166		goto done;
167	}
168
169	if (!l2cap_pi(sk)->psm) {
170		bdaddr_t *src = &bt_sk(sk)->src;
171		u16 psm;
172
173		err = -EINVAL;
174
175		write_lock_bh(&l2cap_sk_list.lock);
176
177		for (psm = 0x1001; psm < 0x1100; psm += 2)
178			if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
179				l2cap_pi(sk)->psm   = cpu_to_le16(psm);
180				l2cap_pi(sk)->sport = cpu_to_le16(psm);
181				err = 0;
182				break;
183			}
184
185		write_unlock_bh(&l2cap_sk_list.lock);
186
187		if (err < 0)
188			goto done;
189	}
190
191	sk->sk_max_ack_backlog = backlog;
192	sk->sk_ack_backlog = 0;
193	sk->sk_state = BT_LISTEN;
194
195done:
196	release_sock(sk);
197	return err;
198}
199
200static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
201{
202	DECLARE_WAITQUEUE(wait, current);
203	struct sock *sk = sock->sk, *nsk;
204	long timeo;
205	int err = 0;
206
207	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
208
209	if (sk->sk_state != BT_LISTEN) {
210		err = -EBADFD;
211		goto done;
212	}
213
214	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
215
216	BT_DBG("sk %p timeo %ld", sk, timeo);
217
218	/* Wait for an incoming connection. (wake-one). */
219	add_wait_queue_exclusive(sk_sleep(sk), &wait);
220	while (!(nsk = bt_accept_dequeue(sk, newsock))) {
221		set_current_state(TASK_INTERRUPTIBLE);
222		if (!timeo) {
223			err = -EAGAIN;
224			break;
225		}
226
227		release_sock(sk);
228		timeo = schedule_timeout(timeo);
229		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
230
231		if (sk->sk_state != BT_LISTEN) {
232			err = -EBADFD;
233			break;
234		}
235
236		if (signal_pending(current)) {
237			err = sock_intr_errno(timeo);
238			break;
239		}
240	}
241	set_current_state(TASK_RUNNING);
242	remove_wait_queue(sk_sleep(sk), &wait);
243
244	if (err)
245		goto done;
246
247	newsock->state = SS_CONNECTED;
248
249	BT_DBG("new socket %p", nsk);
250
251done:
252	release_sock(sk);
253	return err;
254}
255
256static int l2cap_sock_release(struct socket *sock)
257{
258	struct sock *sk = sock->sk;
259	int err;
260
261	BT_DBG("sock %p, sk %p", sock, sk);
262
263	if (!sk)
264		return 0;
265
266	err = l2cap_sock_shutdown(sock, 2);
267
268	sock_orphan(sk);
269	l2cap_sock_kill(sk);
270	return err;
271}
272
273static void l2cap_sock_destruct(struct sock *sk)
274{
275	BT_DBG("sk %p", sk);
276
277	skb_queue_purge(&sk->sk_receive_queue);
278	skb_queue_purge(&sk->sk_write_queue);
279}
280
281void l2cap_sock_init(struct sock *sk, struct sock *parent)
282{
283	struct l2cap_pinfo *pi = l2cap_pi(sk);
284
285	BT_DBG("sk %p", sk);
286
287	if (parent) {
288		sk->sk_type = parent->sk_type;
289		bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
290
291		pi->imtu = l2cap_pi(parent)->imtu;
292		pi->omtu = l2cap_pi(parent)->omtu;
293		pi->conf_state = l2cap_pi(parent)->conf_state;
294		pi->mode = l2cap_pi(parent)->mode;
295		pi->fcs  = l2cap_pi(parent)->fcs;
296		pi->max_tx = l2cap_pi(parent)->max_tx;
297		pi->tx_win = l2cap_pi(parent)->tx_win;
298		pi->sec_level = l2cap_pi(parent)->sec_level;
299		pi->role_switch = l2cap_pi(parent)->role_switch;
300		pi->force_reliable = l2cap_pi(parent)->force_reliable;
301		pi->flushable = l2cap_pi(parent)->flushable;
302	} else {
303		pi->imtu = L2CAP_DEFAULT_MTU;
304		pi->omtu = 0;
305		if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
306			pi->mode = L2CAP_MODE_ERTM;
307			pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
308		} else {
309			pi->mode = L2CAP_MODE_BASIC;
310		}
311		pi->max_tx = L2CAP_DEFAULT_MAX_TX;
312		pi->fcs  = L2CAP_FCS_CRC16;
313		pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
314		pi->sec_level = BT_SECURITY_LOW;
315		pi->role_switch = 0;
316		pi->force_reliable = 0;
317		pi->flushable = BT_FLUSHABLE_OFF;
318	}
319
320	/* Default config options */
321	pi->conf_len = 0;
322	pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
323	skb_queue_head_init(TX_QUEUE(sk));
324	skb_queue_head_init(SREJ_QUEUE(sk));
325	skb_queue_head_init(BUSY_QUEUE(sk));
326	INIT_LIST_HEAD(SREJ_LIST(sk));
327}
328
329static struct proto l2cap_proto = {
330	.name		= "L2CAP",
331	.owner		= THIS_MODULE,
332	.obj_size	= sizeof(struct l2cap_pinfo)
333};
334
335struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
336{
337	struct sock *sk;
338
339	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
340	if (!sk)
341		return NULL;
342
343	sock_init_data(sock, sk);
344	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
345
346	sk->sk_destruct = l2cap_sock_destruct;
347	sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
348
349	sock_reset_flag(sk, SOCK_ZAPPED);
350
351	sk->sk_protocol = proto;
352	sk->sk_state = BT_OPEN;
353
354	setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
355
356	bt_sock_link(&l2cap_sk_list, sk);
357	return sk;
358}
359
360static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
361			     int kern)
362{
363	struct sock *sk;
364
365	BT_DBG("sock %p", sock);
366
367	sock->state = SS_UNCONNECTED;
368
369	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
370			sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
371		return -ESOCKTNOSUPPORT;
372
373	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
374		return -EPERM;
375
376	sock->ops = &l2cap_sock_ops;
377
378	sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
379	if (!sk)
380		return -ENOMEM;
381
382	l2cap_sock_init(sk, NULL);
383	return 0;
384}
385
386const struct proto_ops l2cap_sock_ops = {
387	.family		= PF_BLUETOOTH,
388	.owner		= THIS_MODULE,
389	.release	= l2cap_sock_release,
390	.bind		= l2cap_sock_bind,
391	.connect	= l2cap_sock_connect,
392	.listen		= l2cap_sock_listen,
393	.accept		= l2cap_sock_accept,
394	.getname	= l2cap_sock_getname,
395	.sendmsg	= l2cap_sock_sendmsg,
396	.recvmsg	= l2cap_sock_recvmsg,
397	.poll		= bt_sock_poll,
398	.ioctl		= bt_sock_ioctl,
399	.mmap		= sock_no_mmap,
400	.socketpair	= sock_no_socketpair,
401	.shutdown	= l2cap_sock_shutdown,
402	.setsockopt	= l2cap_sock_setsockopt,
403	.getsockopt	= l2cap_sock_getsockopt
404};
405
406static const struct net_proto_family l2cap_sock_family_ops = {
407	.family	= PF_BLUETOOTH,
408	.owner	= THIS_MODULE,
409	.create	= l2cap_sock_create,
410};
411
412int __init l2cap_init_sockets(void)
413{
414       int err;
415
416       err = proto_register(&l2cap_proto, 0);
417       if (err < 0)
418               return err;
419
420       err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
421       if (err < 0)
422               goto error;
423
424       BT_INFO("L2CAP socket layer initialized");
425
426       return 0;
427
428error:
429       BT_ERR("L2CAP socket registration failed");
430       proto_unregister(&l2cap_proto);
431       return err;
432}
433
434void l2cap_cleanup_sockets(void)
435{
436       if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
437               BT_ERR("L2CAP socket unregistration failed");
438
439       proto_unregister(&l2cap_proto);
440}
441