1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 #include <linux/sched/signal.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/l2cap.h> 37 38 #include "smp.h" 39 40 static struct bt_sock_list l2cap_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 42 }; 43 44 static const struct proto_ops l2cap_sock_ops; 45 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 47 int proto, gfp_t prio, int kern); 48 49 bool l2cap_is_socket(struct socket *sock) 50 { 51 return sock && sock->ops == &l2cap_sock_ops; 52 } 53 EXPORT_SYMBOL(l2cap_is_socket); 54 55 static int l2cap_validate_bredr_psm(u16 psm) 56 { 57 /* PSM must be odd and lsb of upper byte must be 0 */ 58 if ((psm & 0x0101) != 0x0001) 59 return -EINVAL; 60 61 /* Restrict usage of well-known PSMs */ 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE)) 63 return -EACCES; 64 65 return 0; 66 } 67 68 static int l2cap_validate_le_psm(u16 psm) 69 { 70 /* Valid LE_PSM ranges are defined only until 0x00ff */ 71 if (psm > L2CAP_PSM_LE_DYN_END) 72 return -EINVAL; 73 74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE)) 76 return -EACCES; 77 78 return 0; 79 } 80 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82 { 83 struct sock *sk = sock->sk; 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 struct sockaddr_l2 la; 86 int len, err = 0; 87 88 BT_DBG("sk %p", sk); 89 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) || 91 addr->sa_family != AF_BLUETOOTH) 92 return -EINVAL; 93 94 memset(&la, 0, sizeof(la)); 95 len = min_t(unsigned int, sizeof(la), alen); 96 memcpy(&la, addr, len); 97 98 if (la.l2_cid && la.l2_psm) 99 return -EINVAL; 100 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 102 return -EINVAL; 103 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 105 /* We only allow ATT user space socket */ 106 if (la.l2_cid && 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 108 return -EINVAL; 109 } 110 111 lock_sock(sk); 112 113 if (sk->sk_state != BT_OPEN) { 114 err = -EBADFD; 115 goto done; 116 } 117 118 if (la.l2_psm) { 119 __u16 psm = __le16_to_cpu(la.l2_psm); 120 121 if (la.l2_bdaddr_type == BDADDR_BREDR) 122 err = l2cap_validate_bredr_psm(psm); 123 else 124 err = l2cap_validate_le_psm(psm); 125 126 if (err) 127 goto done; 128 } 129 130 bacpy(&chan->src, &la.l2_bdaddr); 131 chan->src_type = la.l2_bdaddr_type; 132 133 if (la.l2_cid) 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 135 else 136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 137 138 if (err < 0) 139 goto done; 140 141 switch (chan->chan_type) { 142 case L2CAP_CHAN_CONN_LESS: 143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 144 chan->sec_level = BT_SECURITY_SDP; 145 break; 146 case L2CAP_CHAN_CONN_ORIENTED: 147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 149 chan->sec_level = BT_SECURITY_SDP; 150 break; 151 case L2CAP_CHAN_RAW: 152 chan->sec_level = BT_SECURITY_SDP; 153 break; 154 case L2CAP_CHAN_FIXED: 155 /* Fixed channels default to the L2CAP core not holding a 156 * hci_conn reference for them. For fixed channels mapping to 157 * L2CAP sockets we do want to hold a reference so set the 158 * appropriate flag to request it. 159 */ 160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 161 break; 162 } 163 164 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 165 chan->mode = L2CAP_MODE_LE_FLOWCTL; 166 167 chan->state = BT_BOUND; 168 sk->sk_state = BT_BOUND; 169 170 done: 171 release_sock(sk); 172 return err; 173 } 174 175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 176 int alen, int flags) 177 { 178 struct sock *sk = sock->sk; 179 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 180 struct sockaddr_l2 la; 181 int len, err = 0; 182 183 BT_DBG("sk %p", sk); 184 185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) || 186 addr->sa_family != AF_BLUETOOTH) 187 return -EINVAL; 188 189 memset(&la, 0, sizeof(la)); 190 len = min_t(unsigned int, sizeof(la), alen); 191 memcpy(&la, addr, len); 192 193 if (la.l2_cid && la.l2_psm) 194 return -EINVAL; 195 196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 197 return -EINVAL; 198 199 /* Check that the socket wasn't bound to something that 200 * conflicts with the address given to connect(). If chan->src 201 * is BDADDR_ANY it means bind() was never used, in which case 202 * chan->src_type and la.l2_bdaddr_type do not need to match. 203 */ 204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 205 bdaddr_type_is_le(la.l2_bdaddr_type)) { 206 /* Old user space versions will try to incorrectly bind 207 * the ATT socket using BDADDR_BREDR. We need to accept 208 * this and fix up the source address type only when 209 * both the source CID and destination CID indicate 210 * ATT. Anything else is an invalid combination. 211 */ 212 if (chan->scid != L2CAP_CID_ATT || 213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 214 return -EINVAL; 215 216 /* We don't have the hdev available here to make a 217 * better decision on random vs public, but since all 218 * user space versions that exhibit this issue anyway do 219 * not support random local addresses assuming public 220 * here is good enough. 221 */ 222 chan->src_type = BDADDR_LE_PUBLIC; 223 } 224 225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 226 return -EINVAL; 227 228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 229 /* We only allow ATT user space socket */ 230 if (la.l2_cid && 231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 232 return -EINVAL; 233 } 234 235 if (chan->psm && bdaddr_type_is_le(chan->src_type) && !chan->mode) 236 chan->mode = L2CAP_MODE_LE_FLOWCTL; 237 238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 239 &la.l2_bdaddr, la.l2_bdaddr_type); 240 if (err) 241 return err; 242 243 lock_sock(sk); 244 245 err = bt_sock_wait_state(sk, BT_CONNECTED, 246 sock_sndtimeo(sk, flags & O_NONBLOCK)); 247 248 release_sock(sk); 249 250 return err; 251 } 252 253 static int l2cap_sock_listen(struct socket *sock, int backlog) 254 { 255 struct sock *sk = sock->sk; 256 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 257 int err = 0; 258 259 BT_DBG("sk %p backlog %d", sk, backlog); 260 261 lock_sock(sk); 262 263 if (sk->sk_state != BT_BOUND) { 264 err = -EBADFD; 265 goto done; 266 } 267 268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 269 err = -EINVAL; 270 goto done; 271 } 272 273 switch (chan->mode) { 274 case L2CAP_MODE_BASIC: 275 case L2CAP_MODE_LE_FLOWCTL: 276 break; 277 case L2CAP_MODE_EXT_FLOWCTL: 278 if (!enable_ecred) { 279 err = -EOPNOTSUPP; 280 goto done; 281 } 282 break; 283 case L2CAP_MODE_ERTM: 284 case L2CAP_MODE_STREAMING: 285 if (!disable_ertm) 286 break; 287 /* fall through */ 288 default: 289 err = -EOPNOTSUPP; 290 goto done; 291 } 292 293 sk->sk_max_ack_backlog = backlog; 294 sk->sk_ack_backlog = 0; 295 296 /* Listening channels need to use nested locking in order not to 297 * cause lockdep warnings when the created child channels end up 298 * being locked in the same thread as the parent channel. 299 */ 300 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 301 302 chan->state = BT_LISTEN; 303 sk->sk_state = BT_LISTEN; 304 305 done: 306 release_sock(sk); 307 return err; 308 } 309 310 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 311 int flags, bool kern) 312 { 313 DEFINE_WAIT_FUNC(wait, woken_wake_function); 314 struct sock *sk = sock->sk, *nsk; 315 long timeo; 316 int err = 0; 317 318 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 319 320 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 321 322 BT_DBG("sk %p timeo %ld", sk, timeo); 323 324 /* Wait for an incoming connection. (wake-one). */ 325 add_wait_queue_exclusive(sk_sleep(sk), &wait); 326 while (1) { 327 if (sk->sk_state != BT_LISTEN) { 328 err = -EBADFD; 329 break; 330 } 331 332 nsk = bt_accept_dequeue(sk, newsock); 333 if (nsk) 334 break; 335 336 if (!timeo) { 337 err = -EAGAIN; 338 break; 339 } 340 341 if (signal_pending(current)) { 342 err = sock_intr_errno(timeo); 343 break; 344 } 345 346 release_sock(sk); 347 348 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 349 350 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 351 } 352 remove_wait_queue(sk_sleep(sk), &wait); 353 354 if (err) 355 goto done; 356 357 newsock->state = SS_CONNECTED; 358 359 BT_DBG("new socket %p", nsk); 360 361 done: 362 release_sock(sk); 363 return err; 364 } 365 366 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 367 int peer) 368 { 369 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 370 struct sock *sk = sock->sk; 371 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 372 373 BT_DBG("sock %p, sk %p", sock, sk); 374 375 if (peer && sk->sk_state != BT_CONNECTED && 376 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 377 sk->sk_state != BT_CONFIG) 378 return -ENOTCONN; 379 380 memset(la, 0, sizeof(struct sockaddr_l2)); 381 addr->sa_family = AF_BLUETOOTH; 382 383 la->l2_psm = chan->psm; 384 385 if (peer) { 386 bacpy(&la->l2_bdaddr, &chan->dst); 387 la->l2_cid = cpu_to_le16(chan->dcid); 388 la->l2_bdaddr_type = chan->dst_type; 389 } else { 390 bacpy(&la->l2_bdaddr, &chan->src); 391 la->l2_cid = cpu_to_le16(chan->scid); 392 la->l2_bdaddr_type = chan->src_type; 393 } 394 395 return sizeof(struct sockaddr_l2); 396 } 397 398 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 399 char __user *optval, int __user *optlen) 400 { 401 struct sock *sk = sock->sk; 402 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 403 struct l2cap_options opts; 404 struct l2cap_conninfo cinfo; 405 int len, err = 0; 406 u32 opt; 407 408 BT_DBG("sk %p", sk); 409 410 if (get_user(len, optlen)) 411 return -EFAULT; 412 413 lock_sock(sk); 414 415 switch (optname) { 416 case L2CAP_OPTIONS: 417 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 418 * legacy ATT code depends on getsockopt for 419 * L2CAP_OPTIONS we need to let this pass. 420 */ 421 if (bdaddr_type_is_le(chan->src_type) && 422 chan->scid != L2CAP_CID_ATT) { 423 err = -EINVAL; 424 break; 425 } 426 427 memset(&opts, 0, sizeof(opts)); 428 opts.imtu = chan->imtu; 429 opts.omtu = chan->omtu; 430 opts.flush_to = chan->flush_to; 431 opts.mode = chan->mode; 432 opts.fcs = chan->fcs; 433 opts.max_tx = chan->max_tx; 434 opts.txwin_size = chan->tx_win; 435 436 BT_DBG("mode 0x%2.2x", chan->mode); 437 438 len = min_t(unsigned int, len, sizeof(opts)); 439 if (copy_to_user(optval, (char *) &opts, len)) 440 err = -EFAULT; 441 442 break; 443 444 case L2CAP_LM: 445 switch (chan->sec_level) { 446 case BT_SECURITY_LOW: 447 opt = L2CAP_LM_AUTH; 448 break; 449 case BT_SECURITY_MEDIUM: 450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 451 break; 452 case BT_SECURITY_HIGH: 453 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 454 L2CAP_LM_SECURE; 455 break; 456 case BT_SECURITY_FIPS: 457 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 458 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 459 break; 460 default: 461 opt = 0; 462 break; 463 } 464 465 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 466 opt |= L2CAP_LM_MASTER; 467 468 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 469 opt |= L2CAP_LM_RELIABLE; 470 471 if (put_user(opt, (u32 __user *) optval)) 472 err = -EFAULT; 473 474 break; 475 476 case L2CAP_CONNINFO: 477 if (sk->sk_state != BT_CONNECTED && 478 !(sk->sk_state == BT_CONNECT2 && 479 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 480 err = -ENOTCONN; 481 break; 482 } 483 484 memset(&cinfo, 0, sizeof(cinfo)); 485 cinfo.hci_handle = chan->conn->hcon->handle; 486 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 487 488 len = min_t(unsigned int, len, sizeof(cinfo)); 489 if (copy_to_user(optval, (char *) &cinfo, len)) 490 err = -EFAULT; 491 492 break; 493 494 default: 495 err = -ENOPROTOOPT; 496 break; 497 } 498 499 release_sock(sk); 500 return err; 501 } 502 503 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 504 char __user *optval, int __user *optlen) 505 { 506 struct sock *sk = sock->sk; 507 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 508 struct bt_security sec; 509 struct bt_power pwr; 510 u32 phys; 511 int len, err = 0; 512 513 BT_DBG("sk %p", sk); 514 515 if (level == SOL_L2CAP) 516 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 517 518 if (level != SOL_BLUETOOTH) 519 return -ENOPROTOOPT; 520 521 if (get_user(len, optlen)) 522 return -EFAULT; 523 524 lock_sock(sk); 525 526 switch (optname) { 527 case BT_SECURITY: 528 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 529 chan->chan_type != L2CAP_CHAN_FIXED && 530 chan->chan_type != L2CAP_CHAN_RAW) { 531 err = -EINVAL; 532 break; 533 } 534 535 memset(&sec, 0, sizeof(sec)); 536 if (chan->conn) { 537 sec.level = chan->conn->hcon->sec_level; 538 539 if (sk->sk_state == BT_CONNECTED) 540 sec.key_size = chan->conn->hcon->enc_key_size; 541 } else { 542 sec.level = chan->sec_level; 543 } 544 545 len = min_t(unsigned int, len, sizeof(sec)); 546 if (copy_to_user(optval, (char *) &sec, len)) 547 err = -EFAULT; 548 549 break; 550 551 case BT_DEFER_SETUP: 552 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 553 err = -EINVAL; 554 break; 555 } 556 557 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 558 (u32 __user *) optval)) 559 err = -EFAULT; 560 561 break; 562 563 case BT_FLUSHABLE: 564 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 565 (u32 __user *) optval)) 566 err = -EFAULT; 567 568 break; 569 570 case BT_POWER: 571 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 572 && sk->sk_type != SOCK_RAW) { 573 err = -EINVAL; 574 break; 575 } 576 577 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 578 579 len = min_t(unsigned int, len, sizeof(pwr)); 580 if (copy_to_user(optval, (char *) &pwr, len)) 581 err = -EFAULT; 582 583 break; 584 585 case BT_CHANNEL_POLICY: 586 if (put_user(chan->chan_policy, (u32 __user *) optval)) 587 err = -EFAULT; 588 break; 589 590 case BT_SNDMTU: 591 if (!bdaddr_type_is_le(chan->src_type)) { 592 err = -EINVAL; 593 break; 594 } 595 596 if (sk->sk_state != BT_CONNECTED) { 597 err = -ENOTCONN; 598 break; 599 } 600 601 if (put_user(chan->omtu, (u16 __user *) optval)) 602 err = -EFAULT; 603 break; 604 605 case BT_RCVMTU: 606 if (!bdaddr_type_is_le(chan->src_type)) { 607 err = -EINVAL; 608 break; 609 } 610 611 if (put_user(chan->imtu, (u16 __user *) optval)) 612 err = -EFAULT; 613 break; 614 615 case BT_PHY: 616 if (sk->sk_state != BT_CONNECTED) { 617 err = -ENOTCONN; 618 break; 619 } 620 621 phys = hci_conn_get_phy(chan->conn->hcon); 622 623 if (put_user(phys, (u32 __user *) optval)) 624 err = -EFAULT; 625 break; 626 627 default: 628 err = -ENOPROTOOPT; 629 break; 630 } 631 632 release_sock(sk); 633 return err; 634 } 635 636 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 637 { 638 switch (chan->scid) { 639 case L2CAP_CID_ATT: 640 if (mtu < L2CAP_LE_MIN_MTU) 641 return false; 642 break; 643 644 default: 645 if (mtu < L2CAP_DEFAULT_MIN_MTU) 646 return false; 647 } 648 649 return true; 650 } 651 652 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 653 char __user *optval, unsigned int optlen) 654 { 655 struct sock *sk = sock->sk; 656 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 657 struct l2cap_options opts; 658 int len, err = 0; 659 u32 opt; 660 661 BT_DBG("sk %p", sk); 662 663 lock_sock(sk); 664 665 switch (optname) { 666 case L2CAP_OPTIONS: 667 if (bdaddr_type_is_le(chan->src_type)) { 668 err = -EINVAL; 669 break; 670 } 671 672 if (sk->sk_state == BT_CONNECTED) { 673 err = -EINVAL; 674 break; 675 } 676 677 opts.imtu = chan->imtu; 678 opts.omtu = chan->omtu; 679 opts.flush_to = chan->flush_to; 680 opts.mode = chan->mode; 681 opts.fcs = chan->fcs; 682 opts.max_tx = chan->max_tx; 683 opts.txwin_size = chan->tx_win; 684 685 len = min_t(unsigned int, sizeof(opts), optlen); 686 if (copy_from_user((char *) &opts, optval, len)) { 687 err = -EFAULT; 688 break; 689 } 690 691 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 692 err = -EINVAL; 693 break; 694 } 695 696 if (!l2cap_valid_mtu(chan, opts.imtu)) { 697 err = -EINVAL; 698 break; 699 } 700 701 chan->mode = opts.mode; 702 switch (chan->mode) { 703 case L2CAP_MODE_LE_FLOWCTL: 704 break; 705 case L2CAP_MODE_BASIC: 706 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 707 break; 708 case L2CAP_MODE_ERTM: 709 case L2CAP_MODE_STREAMING: 710 if (!disable_ertm) 711 break; 712 /* fall through */ 713 default: 714 err = -EINVAL; 715 break; 716 } 717 718 BT_DBG("mode 0x%2.2x", chan->mode); 719 720 chan->imtu = opts.imtu; 721 chan->omtu = opts.omtu; 722 chan->fcs = opts.fcs; 723 chan->max_tx = opts.max_tx; 724 chan->tx_win = opts.txwin_size; 725 chan->flush_to = opts.flush_to; 726 break; 727 728 case L2CAP_LM: 729 if (get_user(opt, (u32 __user *) optval)) { 730 err = -EFAULT; 731 break; 732 } 733 734 if (opt & L2CAP_LM_FIPS) { 735 err = -EINVAL; 736 break; 737 } 738 739 if (opt & L2CAP_LM_AUTH) 740 chan->sec_level = BT_SECURITY_LOW; 741 if (opt & L2CAP_LM_ENCRYPT) 742 chan->sec_level = BT_SECURITY_MEDIUM; 743 if (opt & L2CAP_LM_SECURE) 744 chan->sec_level = BT_SECURITY_HIGH; 745 746 if (opt & L2CAP_LM_MASTER) 747 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 748 else 749 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 750 751 if (opt & L2CAP_LM_RELIABLE) 752 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 753 else 754 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 755 break; 756 757 default: 758 err = -ENOPROTOOPT; 759 break; 760 } 761 762 release_sock(sk); 763 return err; 764 } 765 766 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 767 char __user *optval, unsigned int optlen) 768 { 769 struct sock *sk = sock->sk; 770 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 771 struct bt_security sec; 772 struct bt_power pwr; 773 struct l2cap_conn *conn; 774 int len, err = 0; 775 u32 opt; 776 777 BT_DBG("sk %p", sk); 778 779 if (level == SOL_L2CAP) 780 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 781 782 if (level != SOL_BLUETOOTH) 783 return -ENOPROTOOPT; 784 785 lock_sock(sk); 786 787 switch (optname) { 788 case BT_SECURITY: 789 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 790 chan->chan_type != L2CAP_CHAN_FIXED && 791 chan->chan_type != L2CAP_CHAN_RAW) { 792 err = -EINVAL; 793 break; 794 } 795 796 sec.level = BT_SECURITY_LOW; 797 798 len = min_t(unsigned int, sizeof(sec), optlen); 799 if (copy_from_user((char *) &sec, optval, len)) { 800 err = -EFAULT; 801 break; 802 } 803 804 if (sec.level < BT_SECURITY_LOW || 805 sec.level > BT_SECURITY_FIPS) { 806 err = -EINVAL; 807 break; 808 } 809 810 chan->sec_level = sec.level; 811 812 if (!chan->conn) 813 break; 814 815 conn = chan->conn; 816 817 /* change security for LE channels */ 818 if (chan->scid == L2CAP_CID_ATT) { 819 if (smp_conn_security(conn->hcon, sec.level)) { 820 err = -EINVAL; 821 break; 822 } 823 824 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 825 sk->sk_state = BT_CONFIG; 826 chan->state = BT_CONFIG; 827 828 /* or for ACL link */ 829 } else if ((sk->sk_state == BT_CONNECT2 && 830 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 831 sk->sk_state == BT_CONNECTED) { 832 if (!l2cap_chan_check_security(chan, true)) 833 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 834 else 835 sk->sk_state_change(sk); 836 } else { 837 err = -EINVAL; 838 } 839 break; 840 841 case BT_DEFER_SETUP: 842 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 843 err = -EINVAL; 844 break; 845 } 846 847 if (get_user(opt, (u32 __user *) optval)) { 848 err = -EFAULT; 849 break; 850 } 851 852 if (opt) { 853 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 854 set_bit(FLAG_DEFER_SETUP, &chan->flags); 855 } else { 856 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 857 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 858 } 859 break; 860 861 case BT_FLUSHABLE: 862 if (get_user(opt, (u32 __user *) optval)) { 863 err = -EFAULT; 864 break; 865 } 866 867 if (opt > BT_FLUSHABLE_ON) { 868 err = -EINVAL; 869 break; 870 } 871 872 if (opt == BT_FLUSHABLE_OFF) { 873 conn = chan->conn; 874 /* proceed further only when we have l2cap_conn and 875 No Flush support in the LM */ 876 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 877 err = -EINVAL; 878 break; 879 } 880 } 881 882 if (opt) 883 set_bit(FLAG_FLUSHABLE, &chan->flags); 884 else 885 clear_bit(FLAG_FLUSHABLE, &chan->flags); 886 break; 887 888 case BT_POWER: 889 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 890 chan->chan_type != L2CAP_CHAN_RAW) { 891 err = -EINVAL; 892 break; 893 } 894 895 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 896 897 len = min_t(unsigned int, sizeof(pwr), optlen); 898 if (copy_from_user((char *) &pwr, optval, len)) { 899 err = -EFAULT; 900 break; 901 } 902 903 if (pwr.force_active) 904 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 905 else 906 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 907 break; 908 909 case BT_CHANNEL_POLICY: 910 if (get_user(opt, (u32 __user *) optval)) { 911 err = -EFAULT; 912 break; 913 } 914 915 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 916 err = -EINVAL; 917 break; 918 } 919 920 if (chan->mode != L2CAP_MODE_ERTM && 921 chan->mode != L2CAP_MODE_STREAMING) { 922 err = -EOPNOTSUPP; 923 break; 924 } 925 926 chan->chan_policy = (u8) opt; 927 928 if (sk->sk_state == BT_CONNECTED && 929 chan->move_role == L2CAP_MOVE_ROLE_NONE) 930 l2cap_move_start(chan); 931 932 break; 933 934 case BT_SNDMTU: 935 if (!bdaddr_type_is_le(chan->src_type)) { 936 err = -EINVAL; 937 break; 938 } 939 940 /* Setting is not supported as it's the remote side that 941 * decides this. 942 */ 943 err = -EPERM; 944 break; 945 946 case BT_RCVMTU: 947 if (!bdaddr_type_is_le(chan->src_type)) { 948 err = -EINVAL; 949 break; 950 } 951 952 if (chan->mode == L2CAP_MODE_LE_FLOWCTL && 953 sk->sk_state == BT_CONNECTED) { 954 err = -EISCONN; 955 break; 956 } 957 958 if (get_user(opt, (u16 __user *) optval)) { 959 err = -EFAULT; 960 break; 961 } 962 963 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL && 964 sk->sk_state == BT_CONNECTED) 965 err = l2cap_chan_reconfigure(chan, opt); 966 else 967 chan->imtu = opt; 968 969 break; 970 971 default: 972 err = -ENOPROTOOPT; 973 break; 974 } 975 976 release_sock(sk); 977 return err; 978 } 979 980 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, 981 size_t len) 982 { 983 struct sock *sk = sock->sk; 984 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 985 int err; 986 987 BT_DBG("sock %p, sk %p", sock, sk); 988 989 err = sock_error(sk); 990 if (err) 991 return err; 992 993 if (msg->msg_flags & MSG_OOB) 994 return -EOPNOTSUPP; 995 996 if (sk->sk_state != BT_CONNECTED) 997 return -ENOTCONN; 998 999 lock_sock(sk); 1000 err = bt_sock_wait_ready(sk, msg->msg_flags); 1001 release_sock(sk); 1002 if (err) 1003 return err; 1004 1005 l2cap_chan_lock(chan); 1006 err = l2cap_chan_send(chan, msg, len); 1007 l2cap_chan_unlock(chan); 1008 1009 return err; 1010 } 1011 1012 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1013 size_t len, int flags) 1014 { 1015 struct sock *sk = sock->sk; 1016 struct l2cap_pinfo *pi = l2cap_pi(sk); 1017 int err; 1018 1019 lock_sock(sk); 1020 1021 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 1022 &bt_sk(sk)->flags)) { 1023 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) { 1024 sk->sk_state = BT_CONNECTED; 1025 pi->chan->state = BT_CONNECTED; 1026 __l2cap_ecred_conn_rsp_defer(pi->chan); 1027 } else if (bdaddr_type_is_le(pi->chan->src_type)) { 1028 sk->sk_state = BT_CONNECTED; 1029 pi->chan->state = BT_CONNECTED; 1030 __l2cap_le_connect_rsp_defer(pi->chan); 1031 } else { 1032 sk->sk_state = BT_CONFIG; 1033 pi->chan->state = BT_CONFIG; 1034 __l2cap_connect_rsp_defer(pi->chan); 1035 } 1036 1037 err = 0; 1038 goto done; 1039 } 1040 1041 release_sock(sk); 1042 1043 if (sock->type == SOCK_STREAM) 1044 err = bt_sock_stream_recvmsg(sock, msg, len, flags); 1045 else 1046 err = bt_sock_recvmsg(sock, msg, len, flags); 1047 1048 if (pi->chan->mode != L2CAP_MODE_ERTM) 1049 return err; 1050 1051 /* Attempt to put pending rx data in the socket buffer */ 1052 1053 lock_sock(sk); 1054 1055 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1056 goto done; 1057 1058 if (pi->rx_busy_skb) { 1059 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1060 pi->rx_busy_skb = NULL; 1061 else 1062 goto done; 1063 } 1064 1065 /* Restore data flow when half of the receive buffer is 1066 * available. This avoids resending large numbers of 1067 * frames. 1068 */ 1069 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1070 l2cap_chan_busy(pi->chan, 0); 1071 1072 done: 1073 release_sock(sk); 1074 return err; 1075 } 1076 1077 /* Kill socket (only if zapped and orphan) 1078 * Must be called on unlocked socket, with l2cap channel lock. 1079 */ 1080 static void l2cap_sock_kill(struct sock *sk) 1081 { 1082 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1083 return; 1084 1085 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1086 1087 /* Kill poor orphan */ 1088 1089 l2cap_chan_put(l2cap_pi(sk)->chan); 1090 sock_set_flag(sk, SOCK_DEAD); 1091 sock_put(sk); 1092 } 1093 1094 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan) 1095 { 1096 DECLARE_WAITQUEUE(wait, current); 1097 int err = 0; 1098 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1099 /* Timeout to prevent infinite loop */ 1100 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT; 1101 1102 add_wait_queue(sk_sleep(sk), &wait); 1103 set_current_state(TASK_INTERRUPTIBLE); 1104 do { 1105 BT_DBG("Waiting for %d ACKs, timeout %04d ms", 1106 chan->unacked_frames, time_after(jiffies, timeout) ? 0 : 1107 jiffies_to_msecs(timeout - jiffies)); 1108 1109 if (!timeo) 1110 timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1111 1112 if (signal_pending(current)) { 1113 err = sock_intr_errno(timeo); 1114 break; 1115 } 1116 1117 release_sock(sk); 1118 timeo = schedule_timeout(timeo); 1119 lock_sock(sk); 1120 set_current_state(TASK_INTERRUPTIBLE); 1121 1122 err = sock_error(sk); 1123 if (err) 1124 break; 1125 1126 if (time_after(jiffies, timeout)) { 1127 err = -ENOLINK; 1128 break; 1129 } 1130 1131 } while (chan->unacked_frames > 0 && 1132 chan->state == BT_CONNECTED); 1133 1134 set_current_state(TASK_RUNNING); 1135 remove_wait_queue(sk_sleep(sk), &wait); 1136 return err; 1137 } 1138 1139 static int l2cap_sock_shutdown(struct socket *sock, int how) 1140 { 1141 struct sock *sk = sock->sk; 1142 struct l2cap_chan *chan; 1143 struct l2cap_conn *conn; 1144 int err = 0; 1145 1146 BT_DBG("sock %p, sk %p", sock, sk); 1147 1148 if (!sk) 1149 return 0; 1150 1151 lock_sock(sk); 1152 1153 if (sk->sk_shutdown) 1154 goto shutdown_already; 1155 1156 BT_DBG("Handling sock shutdown"); 1157 1158 /* prevent sk structure from being freed whilst unlocked */ 1159 sock_hold(sk); 1160 1161 chan = l2cap_pi(sk)->chan; 1162 /* prevent chan structure from being freed whilst unlocked */ 1163 l2cap_chan_hold(chan); 1164 1165 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1166 1167 if (chan->mode == L2CAP_MODE_ERTM && 1168 chan->unacked_frames > 0 && 1169 chan->state == BT_CONNECTED) { 1170 err = __l2cap_wait_ack(sk, chan); 1171 1172 /* After waiting for ACKs, check whether shutdown 1173 * has already been actioned to close the L2CAP 1174 * link such as by l2cap_disconnection_req(). 1175 */ 1176 if (sk->sk_shutdown) 1177 goto has_shutdown; 1178 } 1179 1180 sk->sk_shutdown = SHUTDOWN_MASK; 1181 release_sock(sk); 1182 1183 l2cap_chan_lock(chan); 1184 conn = chan->conn; 1185 if (conn) 1186 /* prevent conn structure from being freed */ 1187 l2cap_conn_get(conn); 1188 l2cap_chan_unlock(chan); 1189 1190 if (conn) 1191 /* mutex lock must be taken before l2cap_chan_lock() */ 1192 mutex_lock(&conn->chan_lock); 1193 1194 l2cap_chan_lock(chan); 1195 l2cap_chan_close(chan, 0); 1196 l2cap_chan_unlock(chan); 1197 1198 if (conn) { 1199 mutex_unlock(&conn->chan_lock); 1200 l2cap_conn_put(conn); 1201 } 1202 1203 lock_sock(sk); 1204 1205 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1206 !(current->flags & PF_EXITING)) 1207 err = bt_sock_wait_state(sk, BT_CLOSED, 1208 sk->sk_lingertime); 1209 1210 has_shutdown: 1211 l2cap_chan_put(chan); 1212 sock_put(sk); 1213 1214 shutdown_already: 1215 if (!err && sk->sk_err) 1216 err = -sk->sk_err; 1217 1218 release_sock(sk); 1219 1220 BT_DBG("Sock shutdown complete err: %d", err); 1221 1222 return err; 1223 } 1224 1225 static int l2cap_sock_release(struct socket *sock) 1226 { 1227 struct sock *sk = sock->sk; 1228 int err; 1229 struct l2cap_chan *chan; 1230 1231 BT_DBG("sock %p, sk %p", sock, sk); 1232 1233 if (!sk) 1234 return 0; 1235 1236 bt_sock_unlink(&l2cap_sk_list, sk); 1237 1238 err = l2cap_sock_shutdown(sock, 2); 1239 chan = l2cap_pi(sk)->chan; 1240 1241 l2cap_chan_hold(chan); 1242 l2cap_chan_lock(chan); 1243 1244 sock_orphan(sk); 1245 l2cap_sock_kill(sk); 1246 1247 l2cap_chan_unlock(chan); 1248 l2cap_chan_put(chan); 1249 1250 return err; 1251 } 1252 1253 static void l2cap_sock_cleanup_listen(struct sock *parent) 1254 { 1255 struct sock *sk; 1256 1257 BT_DBG("parent %p state %s", parent, 1258 state_to_string(parent->sk_state)); 1259 1260 /* Close not yet accepted channels */ 1261 while ((sk = bt_accept_dequeue(parent, NULL))) { 1262 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1263 1264 BT_DBG("child chan %p state %s", chan, 1265 state_to_string(chan->state)); 1266 1267 l2cap_chan_hold(chan); 1268 l2cap_chan_lock(chan); 1269 1270 __clear_chan_timer(chan); 1271 l2cap_chan_close(chan, ECONNRESET); 1272 l2cap_sock_kill(sk); 1273 1274 l2cap_chan_unlock(chan); 1275 l2cap_chan_put(chan); 1276 } 1277 } 1278 1279 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1280 { 1281 struct sock *sk, *parent = chan->data; 1282 1283 lock_sock(parent); 1284 1285 /* Check for backlog size */ 1286 if (sk_acceptq_is_full(parent)) { 1287 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1288 release_sock(parent); 1289 return NULL; 1290 } 1291 1292 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1293 GFP_ATOMIC, 0); 1294 if (!sk) { 1295 release_sock(parent); 1296 return NULL; 1297 } 1298 1299 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1300 1301 l2cap_sock_init(sk, parent); 1302 1303 bt_accept_enqueue(parent, sk, false); 1304 1305 release_sock(parent); 1306 1307 return l2cap_pi(sk)->chan; 1308 } 1309 1310 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1311 { 1312 struct sock *sk = chan->data; 1313 int err; 1314 1315 lock_sock(sk); 1316 1317 if (l2cap_pi(sk)->rx_busy_skb) { 1318 err = -ENOMEM; 1319 goto done; 1320 } 1321 1322 if (chan->mode != L2CAP_MODE_ERTM && 1323 chan->mode != L2CAP_MODE_STREAMING) { 1324 /* Even if no filter is attached, we could potentially 1325 * get errors from security modules, etc. 1326 */ 1327 err = sk_filter(sk, skb); 1328 if (err) 1329 goto done; 1330 } 1331 1332 err = __sock_queue_rcv_skb(sk, skb); 1333 1334 /* For ERTM, handle one skb that doesn't fit into the recv 1335 * buffer. This is important to do because the data frames 1336 * have already been acked, so the skb cannot be discarded. 1337 * 1338 * Notify the l2cap core that the buffer is full, so the 1339 * LOCAL_BUSY state is entered and no more frames are 1340 * acked and reassembled until there is buffer space 1341 * available. 1342 */ 1343 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1344 l2cap_pi(sk)->rx_busy_skb = skb; 1345 l2cap_chan_busy(chan, 1); 1346 err = 0; 1347 } 1348 1349 done: 1350 release_sock(sk); 1351 1352 return err; 1353 } 1354 1355 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1356 { 1357 struct sock *sk = chan->data; 1358 1359 l2cap_sock_kill(sk); 1360 } 1361 1362 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1363 { 1364 struct sock *sk = chan->data; 1365 struct sock *parent; 1366 1367 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1368 1369 /* This callback can be called both for server (BT_LISTEN) 1370 * sockets as well as "normal" ones. To avoid lockdep warnings 1371 * with child socket locking (through l2cap_sock_cleanup_listen) 1372 * we need separation into separate nesting levels. The simplest 1373 * way to accomplish this is to inherit the nesting level used 1374 * for the channel. 1375 */ 1376 lock_sock_nested(sk, atomic_read(&chan->nesting)); 1377 1378 parent = bt_sk(sk)->parent; 1379 1380 sock_set_flag(sk, SOCK_ZAPPED); 1381 1382 switch (chan->state) { 1383 case BT_OPEN: 1384 case BT_BOUND: 1385 case BT_CLOSED: 1386 break; 1387 case BT_LISTEN: 1388 l2cap_sock_cleanup_listen(sk); 1389 sk->sk_state = BT_CLOSED; 1390 chan->state = BT_CLOSED; 1391 1392 break; 1393 default: 1394 sk->sk_state = BT_CLOSED; 1395 chan->state = BT_CLOSED; 1396 1397 sk->sk_err = err; 1398 1399 if (parent) { 1400 bt_accept_unlink(sk); 1401 parent->sk_data_ready(parent); 1402 } else { 1403 sk->sk_state_change(sk); 1404 } 1405 1406 break; 1407 } 1408 1409 release_sock(sk); 1410 } 1411 1412 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1413 int err) 1414 { 1415 struct sock *sk = chan->data; 1416 1417 sk->sk_state = state; 1418 1419 if (err) 1420 sk->sk_err = err; 1421 } 1422 1423 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1424 unsigned long hdr_len, 1425 unsigned long len, int nb) 1426 { 1427 struct sock *sk = chan->data; 1428 struct sk_buff *skb; 1429 int err; 1430 1431 l2cap_chan_unlock(chan); 1432 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1433 l2cap_chan_lock(chan); 1434 1435 if (!skb) 1436 return ERR_PTR(err); 1437 1438 skb->priority = sk->sk_priority; 1439 1440 bt_cb(skb)->l2cap.chan = chan; 1441 1442 return skb; 1443 } 1444 1445 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1446 { 1447 struct sock *sk = chan->data; 1448 struct sock *parent; 1449 1450 lock_sock(sk); 1451 1452 parent = bt_sk(sk)->parent; 1453 1454 BT_DBG("sk %p, parent %p", sk, parent); 1455 1456 sk->sk_state = BT_CONNECTED; 1457 sk->sk_state_change(sk); 1458 1459 if (parent) 1460 parent->sk_data_ready(parent); 1461 1462 release_sock(sk); 1463 } 1464 1465 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1466 { 1467 struct sock *parent, *sk = chan->data; 1468 1469 lock_sock(sk); 1470 1471 parent = bt_sk(sk)->parent; 1472 if (parent) 1473 parent->sk_data_ready(parent); 1474 1475 release_sock(sk); 1476 } 1477 1478 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1479 { 1480 struct sock *sk = chan->data; 1481 1482 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1483 sk->sk_state = BT_CONNECTED; 1484 chan->state = BT_CONNECTED; 1485 } 1486 1487 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1488 sk->sk_state_change(sk); 1489 } 1490 1491 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1492 { 1493 struct sock *sk = chan->data; 1494 1495 lock_sock(sk); 1496 sk->sk_shutdown = SHUTDOWN_MASK; 1497 release_sock(sk); 1498 } 1499 1500 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1501 { 1502 struct sock *sk = chan->data; 1503 1504 return sk->sk_sndtimeo; 1505 } 1506 1507 static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan) 1508 { 1509 struct sock *sk = chan->data; 1510 1511 return sk->sk_peer_pid; 1512 } 1513 1514 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1515 { 1516 struct sock *sk = chan->data; 1517 1518 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1519 sk->sk_state_change(sk); 1520 } 1521 1522 static const struct l2cap_ops l2cap_chan_ops = { 1523 .name = "L2CAP Socket Interface", 1524 .new_connection = l2cap_sock_new_connection_cb, 1525 .recv = l2cap_sock_recv_cb, 1526 .close = l2cap_sock_close_cb, 1527 .teardown = l2cap_sock_teardown_cb, 1528 .state_change = l2cap_sock_state_change_cb, 1529 .ready = l2cap_sock_ready_cb, 1530 .defer = l2cap_sock_defer_cb, 1531 .resume = l2cap_sock_resume_cb, 1532 .suspend = l2cap_sock_suspend_cb, 1533 .set_shutdown = l2cap_sock_set_shutdown_cb, 1534 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1535 .get_peer_pid = l2cap_sock_get_peer_pid_cb, 1536 .alloc_skb = l2cap_sock_alloc_skb_cb, 1537 }; 1538 1539 static void l2cap_sock_destruct(struct sock *sk) 1540 { 1541 BT_DBG("sk %p", sk); 1542 1543 if (l2cap_pi(sk)->chan) 1544 l2cap_chan_put(l2cap_pi(sk)->chan); 1545 1546 if (l2cap_pi(sk)->rx_busy_skb) { 1547 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1548 l2cap_pi(sk)->rx_busy_skb = NULL; 1549 } 1550 1551 skb_queue_purge(&sk->sk_receive_queue); 1552 skb_queue_purge(&sk->sk_write_queue); 1553 } 1554 1555 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1556 int *msg_namelen) 1557 { 1558 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1559 1560 memset(la, 0, sizeof(struct sockaddr_l2)); 1561 la->l2_family = AF_BLUETOOTH; 1562 la->l2_psm = bt_cb(skb)->l2cap.psm; 1563 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr); 1564 1565 *msg_namelen = sizeof(struct sockaddr_l2); 1566 } 1567 1568 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1569 { 1570 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1571 1572 BT_DBG("sk %p", sk); 1573 1574 if (parent) { 1575 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1576 1577 sk->sk_type = parent->sk_type; 1578 bt_sk(sk)->flags = bt_sk(parent)->flags; 1579 1580 chan->chan_type = pchan->chan_type; 1581 chan->imtu = pchan->imtu; 1582 chan->omtu = pchan->omtu; 1583 chan->conf_state = pchan->conf_state; 1584 chan->mode = pchan->mode; 1585 chan->fcs = pchan->fcs; 1586 chan->max_tx = pchan->max_tx; 1587 chan->tx_win = pchan->tx_win; 1588 chan->tx_win_max = pchan->tx_win_max; 1589 chan->sec_level = pchan->sec_level; 1590 chan->flags = pchan->flags; 1591 chan->tx_credits = pchan->tx_credits; 1592 chan->rx_credits = pchan->rx_credits; 1593 1594 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1595 chan->scid = pchan->scid; 1596 chan->dcid = pchan->scid; 1597 } 1598 1599 security_sk_clone(parent, sk); 1600 } else { 1601 switch (sk->sk_type) { 1602 case SOCK_RAW: 1603 chan->chan_type = L2CAP_CHAN_RAW; 1604 break; 1605 case SOCK_DGRAM: 1606 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1607 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1608 break; 1609 case SOCK_SEQPACKET: 1610 case SOCK_STREAM: 1611 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1612 break; 1613 } 1614 1615 chan->imtu = L2CAP_DEFAULT_MTU; 1616 chan->omtu = 0; 1617 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1618 chan->mode = L2CAP_MODE_ERTM; 1619 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1620 } else { 1621 chan->mode = L2CAP_MODE_BASIC; 1622 } 1623 1624 l2cap_chan_set_defaults(chan); 1625 } 1626 1627 /* Default config options */ 1628 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1629 1630 chan->data = sk; 1631 chan->ops = &l2cap_chan_ops; 1632 } 1633 1634 static struct proto l2cap_proto = { 1635 .name = "L2CAP", 1636 .owner = THIS_MODULE, 1637 .obj_size = sizeof(struct l2cap_pinfo) 1638 }; 1639 1640 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1641 int proto, gfp_t prio, int kern) 1642 { 1643 struct sock *sk; 1644 struct l2cap_chan *chan; 1645 1646 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern); 1647 if (!sk) 1648 return NULL; 1649 1650 sock_init_data(sock, sk); 1651 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1652 1653 sk->sk_destruct = l2cap_sock_destruct; 1654 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1655 1656 sock_reset_flag(sk, SOCK_ZAPPED); 1657 1658 sk->sk_protocol = proto; 1659 sk->sk_state = BT_OPEN; 1660 1661 chan = l2cap_chan_create(); 1662 if (!chan) { 1663 sk_free(sk); 1664 return NULL; 1665 } 1666 1667 l2cap_chan_hold(chan); 1668 1669 l2cap_pi(sk)->chan = chan; 1670 1671 return sk; 1672 } 1673 1674 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1675 int kern) 1676 { 1677 struct sock *sk; 1678 1679 BT_DBG("sock %p", sock); 1680 1681 sock->state = SS_UNCONNECTED; 1682 1683 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1684 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1685 return -ESOCKTNOSUPPORT; 1686 1687 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1688 return -EPERM; 1689 1690 sock->ops = &l2cap_sock_ops; 1691 1692 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 1693 if (!sk) 1694 return -ENOMEM; 1695 1696 l2cap_sock_init(sk, NULL); 1697 bt_sock_link(&l2cap_sk_list, sk); 1698 return 0; 1699 } 1700 1701 static const struct proto_ops l2cap_sock_ops = { 1702 .family = PF_BLUETOOTH, 1703 .owner = THIS_MODULE, 1704 .release = l2cap_sock_release, 1705 .bind = l2cap_sock_bind, 1706 .connect = l2cap_sock_connect, 1707 .listen = l2cap_sock_listen, 1708 .accept = l2cap_sock_accept, 1709 .getname = l2cap_sock_getname, 1710 .sendmsg = l2cap_sock_sendmsg, 1711 .recvmsg = l2cap_sock_recvmsg, 1712 .poll = bt_sock_poll, 1713 .ioctl = bt_sock_ioctl, 1714 .gettstamp = sock_gettstamp, 1715 .mmap = sock_no_mmap, 1716 .socketpair = sock_no_socketpair, 1717 .shutdown = l2cap_sock_shutdown, 1718 .setsockopt = l2cap_sock_setsockopt, 1719 .getsockopt = l2cap_sock_getsockopt 1720 }; 1721 1722 static const struct net_proto_family l2cap_sock_family_ops = { 1723 .family = PF_BLUETOOTH, 1724 .owner = THIS_MODULE, 1725 .create = l2cap_sock_create, 1726 }; 1727 1728 int __init l2cap_init_sockets(void) 1729 { 1730 int err; 1731 1732 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr)); 1733 1734 err = proto_register(&l2cap_proto, 0); 1735 if (err < 0) 1736 return err; 1737 1738 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1739 if (err < 0) { 1740 BT_ERR("L2CAP socket registration failed"); 1741 goto error; 1742 } 1743 1744 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1745 NULL); 1746 if (err < 0) { 1747 BT_ERR("Failed to create L2CAP proc file"); 1748 bt_sock_unregister(BTPROTO_L2CAP); 1749 goto error; 1750 } 1751 1752 BT_INFO("L2CAP socket layer initialized"); 1753 1754 return 0; 1755 1756 error: 1757 proto_unregister(&l2cap_proto); 1758 return err; 1759 } 1760 1761 void l2cap_cleanup_sockets(void) 1762 { 1763 bt_procfs_cleanup(&init_net, "l2cap"); 1764 bt_sock_unregister(BTPROTO_L2CAP); 1765 proto_unregister(&l2cap_proto); 1766 } 1767