1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 Copyright (c) 2013-2014 Intel Corp. 4 5 */ 6 7 #include <linux/if_arp.h> 8 #include <linux/netdevice.h> 9 #include <linux/etherdevice.h> 10 #include <linux/module.h> 11 #include <linux/debugfs.h> 12 13 #include <net/ipv6.h> 14 #include <net/ip6_route.h> 15 #include <net/addrconf.h> 16 #include <net/netdev_lock.h> 17 #include <net/pkt_sched.h> 18 19 #include <net/bluetooth/bluetooth.h> 20 #include <net/bluetooth/hci_core.h> 21 #include <net/bluetooth/l2cap.h> 22 23 #include <net/6lowpan.h> /* for the compression support */ 24 25 #define VERSION "0.1" 26 27 static struct dentry *lowpan_enable_debugfs; 28 static struct dentry *lowpan_control_debugfs; 29 30 #define IFACE_NAME_TEMPLATE "bt%d" 31 32 struct skb_cb { 33 struct in6_addr addr; 34 struct in6_addr gw; 35 struct l2cap_chan *chan; 36 }; 37 #define lowpan_cb(skb) ((struct skb_cb *)((skb)->cb)) 38 39 /* The devices list contains those devices that we are acting 40 * as a proxy. The BT 6LoWPAN device is a virtual device that 41 * connects to the Bluetooth LE device. The real connection to 42 * BT device is done via l2cap layer. There exists one 43 * virtual device / one BT 6LoWPAN network (=hciX device). 44 * The list contains struct lowpan_dev elements. 45 */ 46 static LIST_HEAD(bt_6lowpan_devices); 47 static DEFINE_SPINLOCK(devices_lock); 48 49 static bool enable_6lowpan; 50 51 /* We are listening incoming connections via this channel 52 */ 53 static struct l2cap_chan *listen_chan; 54 static DEFINE_MUTEX(set_lock); 55 56 enum { 57 LOWPAN_PEER_CLOSING, 58 LOWPAN_PEER_MAXBITS 59 }; 60 61 struct lowpan_peer { 62 struct list_head list; 63 struct rcu_head rcu; 64 struct l2cap_chan *chan; 65 66 /* peer addresses in various formats */ 67 unsigned char lladdr[ETH_ALEN]; 68 struct in6_addr peer_addr; 69 70 DECLARE_BITMAP(flags, LOWPAN_PEER_MAXBITS); 71 }; 72 73 struct lowpan_btle_dev { 74 struct list_head list; 75 76 struct hci_dev *hdev; 77 struct net_device *netdev; 78 struct list_head peers; 79 atomic_t peer_count; /* number of items in peers list */ 80 81 struct work_struct delete_netdev; 82 struct delayed_work notify_peers; 83 }; 84 85 static inline struct lowpan_btle_dev * 86 lowpan_btle_dev(const struct net_device *netdev) 87 { 88 return (struct lowpan_btle_dev *)lowpan_dev(netdev)->priv; 89 } 90 91 static inline void peer_add(struct lowpan_btle_dev *dev, 92 struct lowpan_peer *peer) 93 { 94 list_add_rcu(&peer->list, &dev->peers); 95 atomic_inc(&dev->peer_count); 96 } 97 98 static inline bool peer_del(struct lowpan_btle_dev *dev, 99 struct lowpan_peer *peer) 100 { 101 list_del_rcu(&peer->list); 102 kfree_rcu(peer, rcu); 103 104 module_put(THIS_MODULE); 105 106 if (atomic_dec_and_test(&dev->peer_count)) { 107 BT_DBG("last peer"); 108 return true; 109 } 110 111 return false; 112 } 113 114 static inline struct lowpan_peer * 115 __peer_lookup_chan(struct lowpan_btle_dev *dev, struct l2cap_chan *chan) 116 { 117 struct lowpan_peer *peer; 118 119 list_for_each_entry_rcu(peer, &dev->peers, list) { 120 if (peer->chan == chan) 121 return peer; 122 } 123 124 return NULL; 125 } 126 127 static inline struct lowpan_peer * 128 __peer_lookup_conn(struct lowpan_btle_dev *dev, struct l2cap_conn *conn) 129 { 130 struct lowpan_peer *peer; 131 132 list_for_each_entry_rcu(peer, &dev->peers, list) { 133 if (peer->chan->conn == conn) 134 return peer; 135 } 136 137 return NULL; 138 } 139 140 static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_btle_dev *dev, 141 struct in6_addr *daddr, 142 struct sk_buff *skb) 143 { 144 struct rt6_info *rt = dst_rt6_info(skb_dst(skb)); 145 int count = atomic_read(&dev->peer_count); 146 const struct in6_addr *nexthop; 147 struct lowpan_peer *peer; 148 struct neighbour *neigh; 149 150 BT_DBG("peers %d addr %pI6c rt %p", count, daddr, rt); 151 152 if (!rt) { 153 if (ipv6_addr_any(&lowpan_cb(skb)->gw)) { 154 /* There is neither route nor gateway, 155 * probably the destination is a direct peer. 156 */ 157 nexthop = daddr; 158 } else { 159 /* There is a known gateway 160 */ 161 nexthop = &lowpan_cb(skb)->gw; 162 } 163 } else { 164 nexthop = rt6_nexthop(rt, daddr); 165 166 /* We need to remember the address because it is needed 167 * by bt_xmit() when sending the packet. In bt_xmit(), the 168 * destination routing info is not set. 169 */ 170 memcpy(&lowpan_cb(skb)->gw, nexthop, sizeof(struct in6_addr)); 171 } 172 173 BT_DBG("gw %pI6c", nexthop); 174 175 rcu_read_lock(); 176 177 list_for_each_entry_rcu(peer, &dev->peers, list) { 178 BT_DBG("dst addr %pMR dst type %u ip %pI6c", 179 &peer->chan->dst, peer->chan->dst_type, 180 &peer->peer_addr); 181 182 if (!ipv6_addr_cmp(&peer->peer_addr, nexthop)) { 183 rcu_read_unlock(); 184 return peer; 185 } 186 } 187 188 /* use the neighbour cache for matching addresses assigned by SLAAC */ 189 neigh = __ipv6_neigh_lookup(dev->netdev, nexthop); 190 if (neigh) { 191 list_for_each_entry_rcu(peer, &dev->peers, list) { 192 if (!memcmp(neigh->ha, peer->lladdr, ETH_ALEN)) { 193 neigh_release(neigh); 194 rcu_read_unlock(); 195 return peer; 196 } 197 } 198 neigh_release(neigh); 199 } 200 201 rcu_read_unlock(); 202 203 return NULL; 204 } 205 206 static struct lowpan_peer *lookup_peer(struct l2cap_conn *conn) 207 { 208 struct lowpan_btle_dev *entry; 209 struct lowpan_peer *peer = NULL; 210 211 rcu_read_lock(); 212 213 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) { 214 peer = __peer_lookup_conn(entry, conn); 215 if (peer) 216 break; 217 } 218 219 rcu_read_unlock(); 220 221 return peer; 222 } 223 224 static struct lowpan_btle_dev *lookup_dev(struct l2cap_conn *conn) 225 { 226 struct lowpan_btle_dev *entry; 227 struct lowpan_btle_dev *dev = NULL; 228 229 rcu_read_lock(); 230 231 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) { 232 if (conn->hcon->hdev == entry->hdev) { 233 dev = entry; 234 break; 235 } 236 } 237 238 rcu_read_unlock(); 239 240 return dev; 241 } 242 243 static int give_skb_to_upper(struct sk_buff *skb, struct net_device *dev) 244 { 245 struct sk_buff *skb_cp; 246 247 skb_cp = skb_copy(skb, GFP_ATOMIC); 248 if (!skb_cp) 249 return NET_RX_DROP; 250 251 return netif_rx(skb_cp); 252 } 253 254 static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev, 255 struct lowpan_peer *peer) 256 { 257 const u8 *saddr; 258 259 saddr = peer->lladdr; 260 261 return lowpan_header_decompress(skb, netdev, netdev->dev_addr, saddr); 262 } 263 264 static int recv_pkt(struct sk_buff *skb, struct net_device *dev, 265 struct lowpan_peer *peer) 266 { 267 struct sk_buff *local_skb; 268 int ret; 269 270 if (!netif_running(dev)) 271 goto drop; 272 273 if (dev->type != ARPHRD_6LOWPAN || !skb->len) 274 goto drop; 275 276 skb_reset_network_header(skb); 277 278 skb = skb_share_check(skb, GFP_ATOMIC); 279 if (!skb) 280 goto drop; 281 282 /* check that it's our buffer */ 283 if (lowpan_is_ipv6(*skb_network_header(skb))) { 284 /* Pull off the 1-byte of 6lowpan header. */ 285 skb_pull(skb, 1); 286 287 /* Copy the packet so that the IPv6 header is 288 * properly aligned. 289 */ 290 local_skb = skb_copy_expand(skb, NET_SKB_PAD - 1, 291 skb_tailroom(skb), GFP_ATOMIC); 292 if (!local_skb) 293 goto drop; 294 295 local_skb->protocol = htons(ETH_P_IPV6); 296 local_skb->pkt_type = PACKET_HOST; 297 local_skb->dev = dev; 298 299 skb_reset_mac_header(local_skb); 300 skb_set_transport_header(local_skb, sizeof(struct ipv6hdr)); 301 302 if (give_skb_to_upper(local_skb, dev) != NET_RX_SUCCESS) { 303 kfree_skb(local_skb); 304 goto drop; 305 } 306 307 dev->stats.rx_bytes += skb->len; 308 dev->stats.rx_packets++; 309 310 consume_skb(local_skb); 311 consume_skb(skb); 312 } else if (lowpan_is_iphc(*skb_network_header(skb))) { 313 local_skb = skb_clone(skb, GFP_ATOMIC); 314 if (!local_skb) 315 goto drop; 316 317 local_skb->dev = dev; 318 319 ret = iphc_decompress(local_skb, dev, peer); 320 if (ret < 0) { 321 BT_DBG("iphc_decompress failed: %d", ret); 322 kfree_skb(local_skb); 323 goto drop; 324 } 325 326 local_skb->protocol = htons(ETH_P_IPV6); 327 local_skb->pkt_type = PACKET_HOST; 328 329 if (give_skb_to_upper(local_skb, dev) 330 != NET_RX_SUCCESS) { 331 kfree_skb(local_skb); 332 goto drop; 333 } 334 335 dev->stats.rx_bytes += skb->len; 336 dev->stats.rx_packets++; 337 338 consume_skb(local_skb); 339 consume_skb(skb); 340 } else { 341 BT_DBG("unknown packet type"); 342 goto drop; 343 } 344 345 return NET_RX_SUCCESS; 346 347 drop: 348 dev->stats.rx_dropped++; 349 return NET_RX_DROP; 350 } 351 352 /* Packet from BT LE device */ 353 static int chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 354 { 355 struct lowpan_btle_dev *dev; 356 struct lowpan_peer *peer; 357 int err; 358 359 peer = lookup_peer(chan->conn); 360 if (!peer) 361 return -ENOENT; 362 363 dev = lookup_dev(chan->conn); 364 if (!dev || !dev->netdev) 365 return -ENOENT; 366 367 err = recv_pkt(skb, dev->netdev, peer); 368 if (err) { 369 BT_DBG("recv pkt %d", err); 370 err = -EAGAIN; 371 } 372 373 return err; 374 } 375 376 static int setup_header(struct sk_buff *skb, struct net_device *netdev, 377 bdaddr_t *peer_addr, u8 *peer_addr_type) 378 { 379 struct in6_addr ipv6_daddr; 380 struct ipv6hdr *hdr; 381 struct lowpan_btle_dev *dev; 382 struct lowpan_peer *peer; 383 u8 *daddr; 384 int err, status = 0; 385 386 hdr = ipv6_hdr(skb); 387 388 dev = lowpan_btle_dev(netdev); 389 390 memcpy(&ipv6_daddr, &hdr->daddr, sizeof(ipv6_daddr)); 391 392 if (ipv6_addr_is_multicast(&ipv6_daddr)) { 393 lowpan_cb(skb)->chan = NULL; 394 daddr = NULL; 395 } else { 396 BT_DBG("dest IP %pI6c", &ipv6_daddr); 397 398 /* The packet might be sent to 6lowpan interface 399 * because of routing (either via default route 400 * or user set route) so get peer according to 401 * the destination address. 402 */ 403 peer = peer_lookup_dst(dev, &ipv6_daddr, skb); 404 if (!peer) { 405 BT_DBG("no such peer"); 406 return -ENOENT; 407 } 408 409 daddr = peer->lladdr; 410 *peer_addr = peer->chan->dst; 411 *peer_addr_type = peer->chan->dst_type; 412 lowpan_cb(skb)->chan = peer->chan; 413 414 status = 1; 415 } 416 417 lowpan_header_compress(skb, netdev, daddr, dev->netdev->dev_addr); 418 419 err = dev_hard_header(skb, netdev, ETH_P_IPV6, NULL, NULL, 0); 420 if (err < 0) 421 return err; 422 423 return status; 424 } 425 426 static int header_create(struct sk_buff *skb, struct net_device *netdev, 427 unsigned short type, const void *_daddr, 428 const void *_saddr, unsigned int len) 429 { 430 if (type != ETH_P_IPV6) 431 return -EINVAL; 432 433 return 0; 434 } 435 436 /* Packet to BT LE device */ 437 static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb, 438 struct net_device *netdev) 439 { 440 struct msghdr msg; 441 struct kvec iv; 442 int err; 443 444 /* Remember the skb so that we can send EAGAIN to the caller if 445 * we run out of credits. 446 */ 447 chan->data = skb; 448 449 iv.iov_base = skb->data; 450 iv.iov_len = skb->len; 451 452 memset(&msg, 0, sizeof(msg)); 453 iov_iter_kvec(&msg.msg_iter, ITER_SOURCE, &iv, 1, skb->len); 454 455 err = l2cap_chan_send(chan, &msg, skb->len, NULL); 456 if (err > 0) { 457 netdev->stats.tx_bytes += err; 458 netdev->stats.tx_packets++; 459 return 0; 460 } 461 462 if (err < 0) 463 netdev->stats.tx_errors++; 464 465 return err; 466 } 467 468 static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev) 469 { 470 struct sk_buff *local_skb; 471 struct lowpan_btle_dev *entry; 472 int err = 0; 473 474 rcu_read_lock(); 475 476 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) { 477 struct lowpan_peer *pentry; 478 struct lowpan_btle_dev *dev; 479 480 if (entry->netdev != netdev) 481 continue; 482 483 dev = lowpan_btle_dev(entry->netdev); 484 485 list_for_each_entry_rcu(pentry, &dev->peers, list) { 486 int ret; 487 488 local_skb = skb_clone(skb, GFP_ATOMIC); 489 if (!local_skb) 490 continue; 491 492 BT_DBG("xmit %s to %pMR type %u IP %pI6c chan %p", 493 netdev->name, 494 &pentry->chan->dst, pentry->chan->dst_type, 495 &pentry->peer_addr, pentry->chan); 496 ret = send_pkt(pentry->chan, local_skb, netdev); 497 if (ret < 0) 498 err = ret; 499 500 kfree_skb(local_skb); 501 } 502 } 503 504 rcu_read_unlock(); 505 506 return err; 507 } 508 509 static netdev_tx_t bt_xmit(struct sk_buff *skb, struct net_device *netdev) 510 { 511 int err = 0; 512 bdaddr_t addr; 513 u8 addr_type; 514 515 /* We must take a copy of the skb before we modify/replace the ipv6 516 * header as the header could be used elsewhere 517 */ 518 skb = skb_unshare(skb, GFP_ATOMIC); 519 if (!skb) 520 return NET_XMIT_DROP; 521 522 /* Return values from setup_header() 523 * <0 - error, packet is dropped 524 * 0 - this is a multicast packet 525 * 1 - this is unicast packet 526 */ 527 err = setup_header(skb, netdev, &addr, &addr_type); 528 if (err < 0) { 529 kfree_skb(skb); 530 return NET_XMIT_DROP; 531 } 532 533 if (err) { 534 if (lowpan_cb(skb)->chan) { 535 BT_DBG("xmit %s to %pMR type %u IP %pI6c chan %p", 536 netdev->name, &addr, addr_type, 537 &lowpan_cb(skb)->addr, lowpan_cb(skb)->chan); 538 err = send_pkt(lowpan_cb(skb)->chan, skb, netdev); 539 } else { 540 err = -ENOENT; 541 } 542 } else { 543 /* We need to send the packet to every device behind this 544 * interface. 545 */ 546 err = send_mcast_pkt(skb, netdev); 547 } 548 549 dev_kfree_skb(skb); 550 551 if (err) 552 BT_DBG("ERROR: xmit failed (%d)", err); 553 554 return err < 0 ? NET_XMIT_DROP : err; 555 } 556 557 static int bt_dev_init(struct net_device *dev) 558 { 559 netdev_lockdep_set_classes(dev); 560 561 return 0; 562 } 563 564 static const struct net_device_ops netdev_ops = { 565 .ndo_init = bt_dev_init, 566 .ndo_start_xmit = bt_xmit, 567 }; 568 569 static const struct header_ops header_ops = { 570 .create = header_create, 571 }; 572 573 static void netdev_setup(struct net_device *dev) 574 { 575 dev->hard_header_len = 0; 576 dev->needed_tailroom = 0; 577 dev->flags = IFF_RUNNING | IFF_MULTICAST; 578 dev->watchdog_timeo = 0; 579 dev->tx_queue_len = DEFAULT_TX_QUEUE_LEN; 580 581 dev->netdev_ops = &netdev_ops; 582 dev->header_ops = &header_ops; 583 dev->needs_free_netdev = true; 584 } 585 586 static const struct device_type bt_type = { 587 .name = "bluetooth", 588 }; 589 590 static void ifup(struct net_device *netdev) 591 { 592 int err; 593 594 rtnl_lock(); 595 err = dev_open(netdev, NULL); 596 if (err < 0) 597 BT_INFO("iface %s cannot be opened (%d)", netdev->name, err); 598 rtnl_unlock(); 599 } 600 601 static void ifdown(struct net_device *netdev) 602 { 603 rtnl_lock(); 604 dev_close(netdev); 605 rtnl_unlock(); 606 } 607 608 static void do_notify_peers(struct work_struct *work) 609 { 610 struct lowpan_btle_dev *dev = container_of(work, struct lowpan_btle_dev, 611 notify_peers.work); 612 613 netdev_notify_peers(dev->netdev); /* send neighbour adv at startup */ 614 } 615 616 static bool is_bt_6lowpan(struct hci_conn *hcon) 617 { 618 if (hcon->type != LE_LINK) 619 return false; 620 621 if (!enable_6lowpan) 622 return false; 623 624 return true; 625 } 626 627 static struct l2cap_chan *chan_create(void) 628 { 629 struct l2cap_chan *chan; 630 631 chan = l2cap_chan_create(); 632 if (!chan) 633 return NULL; 634 635 l2cap_chan_set_defaults(chan); 636 637 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 638 chan->mode = L2CAP_MODE_LE_FLOWCTL; 639 chan->imtu = 1280; 640 641 return chan; 642 } 643 644 static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan, 645 struct lowpan_btle_dev *dev, 646 bool new_netdev) 647 { 648 struct lowpan_peer *peer; 649 650 peer = kzalloc_obj(*peer, GFP_ATOMIC); 651 if (!peer) 652 return NULL; 653 654 peer->chan = chan; 655 656 baswap((void *)peer->lladdr, &chan->dst); 657 658 lowpan_iphc_uncompress_eui48_lladdr(&peer->peer_addr, peer->lladdr); 659 660 spin_lock(&devices_lock); 661 INIT_LIST_HEAD(&peer->list); 662 peer_add(dev, peer); 663 spin_unlock(&devices_lock); 664 665 /* Notifying peers about us needs to be done without locks held */ 666 if (new_netdev) 667 INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers); 668 schedule_delayed_work(&dev->notify_peers, msecs_to_jiffies(100)); 669 670 return peer->chan; 671 } 672 673 static int setup_netdev(struct l2cap_chan *chan, struct lowpan_btle_dev **dev) 674 { 675 struct net_device *netdev; 676 bdaddr_t addr; 677 int err; 678 679 netdev = alloc_netdev(LOWPAN_PRIV_SIZE(sizeof(struct lowpan_btle_dev)), 680 IFACE_NAME_TEMPLATE, NET_NAME_UNKNOWN, 681 netdev_setup); 682 if (!netdev) 683 return -ENOMEM; 684 685 netdev->addr_assign_type = NET_ADDR_PERM; 686 baswap(&addr, &chan->src); 687 __dev_addr_set(netdev, &addr, sizeof(addr)); 688 689 netdev->netdev_ops = &netdev_ops; 690 SET_NETDEV_DEV(netdev, &chan->conn->hcon->hdev->dev); 691 SET_NETDEV_DEVTYPE(netdev, &bt_type); 692 693 *dev = lowpan_btle_dev(netdev); 694 (*dev)->netdev = netdev; 695 (*dev)->hdev = chan->conn->hcon->hdev; 696 INIT_LIST_HEAD(&(*dev)->peers); 697 698 spin_lock(&devices_lock); 699 INIT_LIST_HEAD(&(*dev)->list); 700 list_add_rcu(&(*dev)->list, &bt_6lowpan_devices); 701 spin_unlock(&devices_lock); 702 703 err = lowpan_register_netdev(netdev, LOWPAN_LLTYPE_BTLE); 704 if (err < 0) { 705 BT_INFO("register_netdev failed %d", err); 706 spin_lock(&devices_lock); 707 list_del_rcu(&(*dev)->list); 708 spin_unlock(&devices_lock); 709 free_netdev(netdev); 710 goto out; 711 } 712 713 BT_DBG("ifindex %d peer bdaddr %pMR type %d my addr %pMR type %d", 714 netdev->ifindex, &chan->dst, chan->dst_type, 715 &chan->src, chan->src_type); 716 set_bit(__LINK_STATE_PRESENT, &netdev->state); 717 718 return 0; 719 720 out: 721 return err; 722 } 723 724 static inline void chan_ready_cb(struct l2cap_chan *chan) 725 { 726 struct lowpan_btle_dev *dev; 727 bool new_netdev = false; 728 729 dev = lookup_dev(chan->conn); 730 731 BT_DBG("chan %p conn %p dev %p", chan, chan->conn, dev); 732 733 if (!dev) { 734 if (setup_netdev(chan, &dev) < 0) { 735 l2cap_chan_del(chan, -ENOENT); 736 return; 737 } 738 new_netdev = true; 739 } 740 741 if (!try_module_get(THIS_MODULE)) 742 return; 743 744 add_peer_chan(chan, dev, new_netdev); 745 ifup(dev->netdev); 746 } 747 748 static inline struct l2cap_chan *chan_new_conn_cb(struct l2cap_chan *pchan) 749 { 750 struct l2cap_chan *chan; 751 752 chan = chan_create(); 753 if (!chan) 754 return NULL; 755 756 chan->ops = pchan->ops; 757 758 BT_DBG("chan %p pchan %p", chan, pchan); 759 760 return chan; 761 } 762 763 static void unregister_dev(struct lowpan_btle_dev *dev) 764 { 765 struct hci_dev *hdev = READ_ONCE(dev->hdev); 766 767 /* If netdev holds last reference to hci_dev (its parent device), this 768 * leads to theoretical cyclic locking on lowpan_unregister_netdev: 769 * 770 * rtnl_lock -> put_device(parent) -> hci_release_dev -> 771 * destroy_workqueue -> hci_rx_work -> l2cap_recv_acldata -> 772 * chan_ready_cb -> ifup -> rtnl_lock 773 * 774 * However, hci_rx_work is disabled in hci_unregister_dev, so this 775 * should not occur. Make lockdep happy by postponing hdev release after 776 * netdev put. 777 */ 778 hci_dev_hold(hdev); 779 lowpan_unregister_netdev(dev->netdev); 780 hci_dev_put(hdev); 781 } 782 783 static void delete_netdev(struct work_struct *work) 784 { 785 struct lowpan_btle_dev *entry = container_of(work, 786 struct lowpan_btle_dev, 787 delete_netdev); 788 789 unregister_dev(entry); 790 791 /* The entry pointer is deleted by the netdev destructor. */ 792 } 793 794 static void chan_close_cb(struct l2cap_chan *chan) 795 { 796 struct lowpan_btle_dev *entry; 797 struct lowpan_btle_dev *dev = NULL; 798 struct lowpan_peer *peer; 799 int err = -ENOENT; 800 bool last = false, remove = true; 801 802 BT_DBG("chan %p conn %p", chan, chan->conn); 803 804 if (chan->conn && chan->conn->hcon) { 805 if (!is_bt_6lowpan(chan->conn->hcon)) 806 return; 807 808 /* If conn is set, then the netdev is also there and we should 809 * not remove it. 810 */ 811 remove = false; 812 } 813 814 spin_lock(&devices_lock); 815 816 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) { 817 dev = lowpan_btle_dev(entry->netdev); 818 peer = __peer_lookup_chan(dev, chan); 819 if (peer) { 820 last = peer_del(dev, peer); 821 err = 0; 822 823 BT_DBG("dev %p removing %speer %p", dev, 824 last ? "last " : "1 ", peer); 825 BT_DBG("chan %p orig refcnt %u", chan, 826 kref_read(&chan->kref)); 827 828 l2cap_chan_put(chan); 829 break; 830 } 831 } 832 833 if (!err && last && dev && !atomic_read(&dev->peer_count)) { 834 spin_unlock(&devices_lock); 835 836 cancel_delayed_work_sync(&dev->notify_peers); 837 838 ifdown(dev->netdev); 839 840 if (remove) { 841 INIT_WORK(&entry->delete_netdev, delete_netdev); 842 schedule_work(&entry->delete_netdev); 843 } 844 } else { 845 spin_unlock(&devices_lock); 846 } 847 } 848 849 static void chan_state_change_cb(struct l2cap_chan *chan, int state, int err) 850 { 851 BT_DBG("chan %p conn %p state %s err %d", chan, chan->conn, 852 state_to_string(state), err); 853 } 854 855 static struct sk_buff *chan_alloc_skb_cb(struct l2cap_chan *chan, 856 unsigned long hdr_len, 857 unsigned long len, int nb) 858 { 859 struct sk_buff *skb; 860 861 /* Note that we must allocate using GFP_ATOMIC here as 862 * this function is called originally from netdev hard xmit 863 * function in atomic context. 864 */ 865 skb = bt_skb_alloc(hdr_len + len, GFP_ATOMIC); 866 if (!skb) 867 return ERR_PTR(-ENOMEM); 868 return skb; 869 } 870 871 static void chan_suspend_cb(struct l2cap_chan *chan) 872 { 873 struct lowpan_btle_dev *dev; 874 875 BT_DBG("chan %p suspend", chan); 876 877 dev = lookup_dev(chan->conn); 878 if (!dev || !dev->netdev) 879 return; 880 881 netif_stop_queue(dev->netdev); 882 } 883 884 static void chan_resume_cb(struct l2cap_chan *chan) 885 { 886 struct lowpan_btle_dev *dev; 887 888 BT_DBG("chan %p resume", chan); 889 890 dev = lookup_dev(chan->conn); 891 if (!dev || !dev->netdev) 892 return; 893 894 netif_wake_queue(dev->netdev); 895 } 896 897 static long chan_get_sndtimeo_cb(struct l2cap_chan *chan) 898 { 899 return L2CAP_CONN_TIMEOUT; 900 } 901 902 static const struct l2cap_ops bt_6lowpan_chan_ops = { 903 .name = "L2CAP 6LoWPAN channel", 904 .new_connection = chan_new_conn_cb, 905 .recv = chan_recv_cb, 906 .close = chan_close_cb, 907 .state_change = chan_state_change_cb, 908 .ready = chan_ready_cb, 909 .resume = chan_resume_cb, 910 .suspend = chan_suspend_cb, 911 .get_sndtimeo = chan_get_sndtimeo_cb, 912 .alloc_skb = chan_alloc_skb_cb, 913 914 .teardown = l2cap_chan_no_teardown, 915 .defer = l2cap_chan_no_defer, 916 .set_shutdown = l2cap_chan_no_set_shutdown, 917 }; 918 919 static int bt_6lowpan_connect(bdaddr_t *addr, u8 dst_type) 920 { 921 struct l2cap_chan *chan; 922 int err; 923 924 chan = chan_create(); 925 if (!chan) 926 return -EINVAL; 927 928 chan->ops = &bt_6lowpan_chan_ops; 929 930 err = l2cap_chan_connect(chan, cpu_to_le16(L2CAP_PSM_IPSP), 0, 931 addr, dst_type, L2CAP_CONN_TIMEOUT); 932 933 BT_DBG("chan %p err %d", chan, err); 934 if (err < 0) 935 l2cap_chan_put(chan); 936 937 return err; 938 } 939 940 static int bt_6lowpan_disconnect(struct l2cap_conn *conn, u8 dst_type) 941 { 942 struct lowpan_peer *peer; 943 944 BT_DBG("conn %p dst type %u", conn, dst_type); 945 946 peer = lookup_peer(conn); 947 if (!peer) 948 return -ENOENT; 949 950 BT_DBG("peer %p chan %p", peer, peer->chan); 951 952 l2cap_chan_lock(peer->chan); 953 l2cap_chan_close(peer->chan, ENOENT); 954 l2cap_chan_unlock(peer->chan); 955 956 return 0; 957 } 958 959 static struct l2cap_chan *bt_6lowpan_listen(void) 960 { 961 bdaddr_t *addr = BDADDR_ANY; 962 struct l2cap_chan *chan; 963 int err; 964 965 if (!enable_6lowpan) 966 return NULL; 967 968 chan = chan_create(); 969 if (!chan) 970 return NULL; 971 972 chan->ops = &bt_6lowpan_chan_ops; 973 chan->state = BT_LISTEN; 974 chan->src_type = BDADDR_LE_PUBLIC; 975 976 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 977 978 BT_DBG("chan %p src type %u", chan, chan->src_type); 979 980 err = l2cap_add_psm(chan, addr, cpu_to_le16(L2CAP_PSM_IPSP)); 981 if (err) { 982 l2cap_chan_put(chan); 983 BT_ERR("psm cannot be added err %d", err); 984 return NULL; 985 } 986 987 return chan; 988 } 989 990 static int get_l2cap_conn(char *buf, bdaddr_t *addr, u8 *addr_type, 991 struct l2cap_conn **conn, bool disconnect) 992 { 993 struct hci_conn *hcon; 994 struct hci_dev *hdev; 995 int le_addr_type; 996 int n; 997 998 n = sscanf(buf, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu", 999 &addr->b[5], &addr->b[4], &addr->b[3], 1000 &addr->b[2], &addr->b[1], &addr->b[0], 1001 addr_type); 1002 1003 if (n < 7) 1004 return -EINVAL; 1005 1006 if (disconnect) { 1007 /* The "disconnect" debugfs command has used different address 1008 * type constants than "connect" since 2015. Let's retain that 1009 * for now even though it's obviously buggy... 1010 */ 1011 *addr_type += 1; 1012 } 1013 1014 switch (*addr_type) { 1015 case BDADDR_LE_PUBLIC: 1016 le_addr_type = ADDR_LE_DEV_PUBLIC; 1017 break; 1018 case BDADDR_LE_RANDOM: 1019 le_addr_type = ADDR_LE_DEV_RANDOM; 1020 break; 1021 default: 1022 return -EINVAL; 1023 } 1024 1025 /* The LE_PUBLIC address type is ignored because of BDADDR_ANY */ 1026 hdev = hci_get_route(addr, BDADDR_ANY, BDADDR_LE_PUBLIC); 1027 if (!hdev) 1028 return -ENOENT; 1029 1030 hci_dev_lock(hdev); 1031 hcon = hci_conn_hash_lookup_le(hdev, addr, le_addr_type); 1032 hci_dev_unlock(hdev); 1033 hci_dev_put(hdev); 1034 1035 if (!hcon) 1036 return -ENOENT; 1037 1038 *conn = (struct l2cap_conn *)hcon->l2cap_data; 1039 1040 BT_DBG("conn %p dst %pMR type %u", *conn, &hcon->dst, hcon->dst_type); 1041 1042 return 0; 1043 } 1044 1045 static void disconnect_all_peers(void) 1046 { 1047 struct lowpan_btle_dev *entry; 1048 struct lowpan_peer *peer; 1049 int nchans; 1050 1051 /* l2cap_chan_close() cannot be called from RCU, and lock ordering 1052 * chan->lock > devices_lock prevents taking write side lock, so copy 1053 * then close. 1054 */ 1055 1056 rcu_read_lock(); 1057 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) 1058 list_for_each_entry_rcu(peer, &entry->peers, list) 1059 clear_bit(LOWPAN_PEER_CLOSING, peer->flags); 1060 rcu_read_unlock(); 1061 1062 do { 1063 struct l2cap_chan *chans[32]; 1064 int i; 1065 1066 nchans = 0; 1067 1068 spin_lock(&devices_lock); 1069 1070 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) { 1071 list_for_each_entry_rcu(peer, &entry->peers, list) { 1072 if (test_and_set_bit(LOWPAN_PEER_CLOSING, 1073 peer->flags)) 1074 continue; 1075 1076 l2cap_chan_hold(peer->chan); 1077 chans[nchans++] = peer->chan; 1078 1079 if (nchans >= ARRAY_SIZE(chans)) 1080 goto done; 1081 } 1082 } 1083 1084 done: 1085 spin_unlock(&devices_lock); 1086 1087 for (i = 0; i < nchans; ++i) { 1088 l2cap_chan_lock(chans[i]); 1089 l2cap_chan_close(chans[i], ENOENT); 1090 l2cap_chan_unlock(chans[i]); 1091 l2cap_chan_put(chans[i]); 1092 } 1093 } while (nchans); 1094 } 1095 1096 struct set_enable { 1097 struct work_struct work; 1098 bool flag; 1099 }; 1100 1101 static void do_enable_set(struct work_struct *work) 1102 { 1103 struct set_enable *set_enable = container_of(work, 1104 struct set_enable, work); 1105 1106 if (!set_enable->flag || enable_6lowpan != set_enable->flag) 1107 /* Disconnect existing connections if 6lowpan is 1108 * disabled 1109 */ 1110 disconnect_all_peers(); 1111 1112 enable_6lowpan = set_enable->flag; 1113 1114 mutex_lock(&set_lock); 1115 if (listen_chan) { 1116 l2cap_chan_lock(listen_chan); 1117 l2cap_chan_close(listen_chan, 0); 1118 l2cap_chan_unlock(listen_chan); 1119 l2cap_chan_put(listen_chan); 1120 } 1121 1122 listen_chan = bt_6lowpan_listen(); 1123 mutex_unlock(&set_lock); 1124 1125 kfree(set_enable); 1126 } 1127 1128 static int lowpan_enable_set(void *data, u64 val) 1129 { 1130 struct set_enable *set_enable; 1131 1132 set_enable = kzalloc_obj(*set_enable); 1133 if (!set_enable) 1134 return -ENOMEM; 1135 1136 set_enable->flag = !!val; 1137 INIT_WORK(&set_enable->work, do_enable_set); 1138 1139 schedule_work(&set_enable->work); 1140 1141 return 0; 1142 } 1143 1144 static int lowpan_enable_get(void *data, u64 *val) 1145 { 1146 *val = enable_6lowpan; 1147 return 0; 1148 } 1149 1150 DEFINE_DEBUGFS_ATTRIBUTE(lowpan_enable_fops, lowpan_enable_get, 1151 lowpan_enable_set, "%llu\n"); 1152 1153 static ssize_t lowpan_control_write(struct file *fp, 1154 const char __user *user_buffer, 1155 size_t count, 1156 loff_t *position) 1157 { 1158 char buf[32]; 1159 size_t buf_size = min(count, sizeof(buf) - 1); 1160 int ret; 1161 bdaddr_t addr; 1162 u8 addr_type; 1163 struct l2cap_conn *conn = NULL; 1164 1165 if (copy_from_user(buf, user_buffer, buf_size)) 1166 return -EFAULT; 1167 1168 buf[buf_size] = '\0'; 1169 1170 if (memcmp(buf, "connect ", 8) == 0) { 1171 ret = get_l2cap_conn(&buf[8], &addr, &addr_type, &conn, false); 1172 if (ret == -EINVAL) 1173 return ret; 1174 1175 mutex_lock(&set_lock); 1176 if (listen_chan) { 1177 l2cap_chan_lock(listen_chan); 1178 l2cap_chan_close(listen_chan, 0); 1179 l2cap_chan_unlock(listen_chan); 1180 l2cap_chan_put(listen_chan); 1181 listen_chan = NULL; 1182 } 1183 mutex_unlock(&set_lock); 1184 1185 if (conn) { 1186 struct lowpan_peer *peer; 1187 1188 if (!is_bt_6lowpan(conn->hcon)) 1189 return -EINVAL; 1190 1191 peer = lookup_peer(conn); 1192 if (peer) { 1193 BT_DBG("6LoWPAN connection already exists"); 1194 return -EALREADY; 1195 } 1196 1197 BT_DBG("conn %p dst %pMR type %d user %u", conn, 1198 &conn->hcon->dst, conn->hcon->dst_type, 1199 addr_type); 1200 } 1201 1202 ret = bt_6lowpan_connect(&addr, addr_type); 1203 if (ret < 0) 1204 return ret; 1205 1206 return count; 1207 } 1208 1209 if (memcmp(buf, "disconnect ", 11) == 0) { 1210 ret = get_l2cap_conn(&buf[11], &addr, &addr_type, &conn, true); 1211 if (ret < 0) 1212 return ret; 1213 1214 ret = bt_6lowpan_disconnect(conn, addr_type); 1215 if (ret < 0) 1216 return ret; 1217 1218 return count; 1219 } 1220 1221 return count; 1222 } 1223 1224 static int lowpan_control_show(struct seq_file *f, void *ptr) 1225 { 1226 struct lowpan_btle_dev *entry; 1227 struct lowpan_peer *peer; 1228 1229 spin_lock(&devices_lock); 1230 1231 list_for_each_entry(entry, &bt_6lowpan_devices, list) { 1232 list_for_each_entry(peer, &entry->peers, list) 1233 seq_printf(f, "%pMR (type %u)\n", 1234 &peer->chan->dst, peer->chan->dst_type); 1235 } 1236 1237 spin_unlock(&devices_lock); 1238 1239 return 0; 1240 } 1241 1242 static int lowpan_control_open(struct inode *inode, struct file *file) 1243 { 1244 return single_open(file, lowpan_control_show, inode->i_private); 1245 } 1246 1247 static const struct file_operations lowpan_control_fops = { 1248 .open = lowpan_control_open, 1249 .read = seq_read, 1250 .write = lowpan_control_write, 1251 .llseek = seq_lseek, 1252 .release = single_release, 1253 }; 1254 1255 static void disconnect_devices(void) 1256 { 1257 struct lowpan_btle_dev *entry, *tmp, *new_dev; 1258 struct list_head devices; 1259 1260 INIT_LIST_HEAD(&devices); 1261 1262 /* We make a separate list of devices because the unregister_netdev() 1263 * will call device_event() which will also want to modify the same 1264 * devices list. 1265 */ 1266 1267 rcu_read_lock(); 1268 1269 list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) { 1270 new_dev = kmalloc_obj(*new_dev, GFP_ATOMIC); 1271 if (!new_dev) 1272 break; 1273 1274 new_dev->netdev = entry->netdev; 1275 new_dev->hdev = entry->hdev; 1276 INIT_LIST_HEAD(&new_dev->list); 1277 1278 list_add_rcu(&new_dev->list, &devices); 1279 } 1280 1281 rcu_read_unlock(); 1282 1283 list_for_each_entry_safe(entry, tmp, &devices, list) { 1284 ifdown(entry->netdev); 1285 BT_DBG("Unregistering netdev %s %p", 1286 entry->netdev->name, entry->netdev); 1287 unregister_dev(entry); 1288 kfree(entry); 1289 } 1290 } 1291 1292 static int device_event(struct notifier_block *unused, 1293 unsigned long event, void *ptr) 1294 { 1295 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 1296 struct lowpan_btle_dev *entry; 1297 1298 if (netdev->type != ARPHRD_6LOWPAN) 1299 return NOTIFY_DONE; 1300 1301 switch (event) { 1302 case NETDEV_UNREGISTER: 1303 spin_lock(&devices_lock); 1304 list_for_each_entry(entry, &bt_6lowpan_devices, list) { 1305 if (entry->netdev == netdev) { 1306 BT_DBG("Unregistered netdev %s %p", 1307 netdev->name, netdev); 1308 list_del(&entry->list); 1309 break; 1310 } 1311 } 1312 spin_unlock(&devices_lock); 1313 break; 1314 } 1315 1316 return NOTIFY_DONE; 1317 } 1318 1319 static struct notifier_block bt_6lowpan_dev_notifier = { 1320 .notifier_call = device_event, 1321 }; 1322 1323 static int __init bt_6lowpan_init(void) 1324 { 1325 lowpan_enable_debugfs = debugfs_create_file_unsafe("6lowpan_enable", 1326 0644, bt_debugfs, 1327 NULL, 1328 &lowpan_enable_fops); 1329 lowpan_control_debugfs = debugfs_create_file("6lowpan_control", 0644, 1330 bt_debugfs, NULL, 1331 &lowpan_control_fops); 1332 1333 return register_netdevice_notifier(&bt_6lowpan_dev_notifier); 1334 } 1335 1336 static void __exit bt_6lowpan_exit(void) 1337 { 1338 debugfs_remove(lowpan_enable_debugfs); 1339 debugfs_remove(lowpan_control_debugfs); 1340 1341 if (listen_chan) { 1342 l2cap_chan_lock(listen_chan); 1343 l2cap_chan_close(listen_chan, 0); 1344 l2cap_chan_unlock(listen_chan); 1345 l2cap_chan_put(listen_chan); 1346 } 1347 1348 disconnect_devices(); 1349 1350 unregister_netdevice_notifier(&bt_6lowpan_dev_notifier); 1351 } 1352 1353 module_init(bt_6lowpan_init); 1354 module_exit(bt_6lowpan_exit); 1355 1356 MODULE_AUTHOR("Jukka Rissanen <jukka.rissanen@linux.intel.com>"); 1357 MODULE_DESCRIPTION("Bluetooth 6LoWPAN"); 1358 MODULE_VERSION(VERSION); 1359 MODULE_LICENSE("GPL"); 1360