1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static const struct proto_ops l2cap_sock_ops; 38 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 39 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 40 41 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 42 { 43 struct sock *sk = sock->sk; 44 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 45 struct sockaddr_l2 la; 46 int len, err = 0; 47 48 BT_DBG("sk %p", sk); 49 50 if (!addr || addr->sa_family != AF_BLUETOOTH) 51 return -EINVAL; 52 53 memset(&la, 0, sizeof(la)); 54 len = min_t(unsigned int, sizeof(la), alen); 55 memcpy(&la, addr, len); 56 57 if (la.l2_cid && la.l2_psm) 58 return -EINVAL; 59 60 lock_sock(sk); 61 62 if (sk->sk_state != BT_OPEN) { 63 err = -EBADFD; 64 goto done; 65 } 66 67 if (la.l2_psm) { 68 __u16 psm = __le16_to_cpu(la.l2_psm); 69 70 /* PSM must be odd and lsb of upper byte must be 0 */ 71 if ((psm & 0x0101) != 0x0001) { 72 err = -EINVAL; 73 goto done; 74 } 75 76 /* Restrict usage of well-known PSMs */ 77 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 78 err = -EACCES; 79 goto done; 80 } 81 } 82 83 if (la.l2_cid) 84 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 85 else 86 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 87 88 if (err < 0) 89 goto done; 90 91 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 92 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 93 chan->sec_level = BT_SECURITY_SDP; 94 95 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 96 97 chan->state = BT_BOUND; 98 sk->sk_state = BT_BOUND; 99 100 done: 101 release_sock(sk); 102 return err; 103 } 104 105 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 106 { 107 struct sock *sk = sock->sk; 108 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 109 struct sockaddr_l2 la; 110 int len, err = 0; 111 112 BT_DBG("sk %p", sk); 113 114 if (!addr || alen < sizeof(addr->sa_family) || 115 addr->sa_family != AF_BLUETOOTH) 116 return -EINVAL; 117 118 memset(&la, 0, sizeof(la)); 119 len = min_t(unsigned int, sizeof(la), alen); 120 memcpy(&la, addr, len); 121 122 if (la.l2_cid && la.l2_psm) 123 return -EINVAL; 124 125 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 126 &la.l2_bdaddr, la.l2_bdaddr_type); 127 if (err) 128 return err; 129 130 lock_sock(sk); 131 132 err = bt_sock_wait_state(sk, BT_CONNECTED, 133 sock_sndtimeo(sk, flags & O_NONBLOCK)); 134 135 release_sock(sk); 136 137 return err; 138 } 139 140 static int l2cap_sock_listen(struct socket *sock, int backlog) 141 { 142 struct sock *sk = sock->sk; 143 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 144 int err = 0; 145 146 BT_DBG("sk %p backlog %d", sk, backlog); 147 148 lock_sock(sk); 149 150 if (sk->sk_state != BT_BOUND) { 151 err = -EBADFD; 152 goto done; 153 } 154 155 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 156 err = -EINVAL; 157 goto done; 158 } 159 160 switch (chan->mode) { 161 case L2CAP_MODE_BASIC: 162 break; 163 case L2CAP_MODE_ERTM: 164 case L2CAP_MODE_STREAMING: 165 if (!disable_ertm) 166 break; 167 /* fall through */ 168 default: 169 err = -ENOTSUPP; 170 goto done; 171 } 172 173 sk->sk_max_ack_backlog = backlog; 174 sk->sk_ack_backlog = 0; 175 176 chan->state = BT_LISTEN; 177 sk->sk_state = BT_LISTEN; 178 179 done: 180 release_sock(sk); 181 return err; 182 } 183 184 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 185 { 186 DECLARE_WAITQUEUE(wait, current); 187 struct sock *sk = sock->sk, *nsk; 188 long timeo; 189 int err = 0; 190 191 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 192 193 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 194 195 BT_DBG("sk %p timeo %ld", sk, timeo); 196 197 /* Wait for an incoming connection. (wake-one). */ 198 add_wait_queue_exclusive(sk_sleep(sk), &wait); 199 while (1) { 200 set_current_state(TASK_INTERRUPTIBLE); 201 202 if (sk->sk_state != BT_LISTEN) { 203 err = -EBADFD; 204 break; 205 } 206 207 nsk = bt_accept_dequeue(sk, newsock); 208 if (nsk) 209 break; 210 211 if (!timeo) { 212 err = -EAGAIN; 213 break; 214 } 215 216 if (signal_pending(current)) { 217 err = sock_intr_errno(timeo); 218 break; 219 } 220 221 release_sock(sk); 222 timeo = schedule_timeout(timeo); 223 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 224 } 225 __set_current_state(TASK_RUNNING); 226 remove_wait_queue(sk_sleep(sk), &wait); 227 228 if (err) 229 goto done; 230 231 newsock->state = SS_CONNECTED; 232 233 BT_DBG("new socket %p", nsk); 234 235 done: 236 release_sock(sk); 237 return err; 238 } 239 240 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 241 { 242 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 243 struct sock *sk = sock->sk; 244 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 245 246 BT_DBG("sock %p, sk %p", sock, sk); 247 248 addr->sa_family = AF_BLUETOOTH; 249 *len = sizeof(struct sockaddr_l2); 250 251 if (peer) { 252 la->l2_psm = chan->psm; 253 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 254 la->l2_cid = cpu_to_le16(chan->dcid); 255 } else { 256 la->l2_psm = chan->sport; 257 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 258 la->l2_cid = cpu_to_le16(chan->scid); 259 } 260 261 return 0; 262 } 263 264 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 265 { 266 struct sock *sk = sock->sk; 267 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 268 struct l2cap_options opts; 269 struct l2cap_conninfo cinfo; 270 int len, err = 0; 271 u32 opt; 272 273 BT_DBG("sk %p", sk); 274 275 if (get_user(len, optlen)) 276 return -EFAULT; 277 278 lock_sock(sk); 279 280 switch (optname) { 281 case L2CAP_OPTIONS: 282 memset(&opts, 0, sizeof(opts)); 283 opts.imtu = chan->imtu; 284 opts.omtu = chan->omtu; 285 opts.flush_to = chan->flush_to; 286 opts.mode = chan->mode; 287 opts.fcs = chan->fcs; 288 opts.max_tx = chan->max_tx; 289 opts.txwin_size = chan->tx_win; 290 291 len = min_t(unsigned int, len, sizeof(opts)); 292 if (copy_to_user(optval, (char *) &opts, len)) 293 err = -EFAULT; 294 295 break; 296 297 case L2CAP_LM: 298 switch (chan->sec_level) { 299 case BT_SECURITY_LOW: 300 opt = L2CAP_LM_AUTH; 301 break; 302 case BT_SECURITY_MEDIUM: 303 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 304 break; 305 case BT_SECURITY_HIGH: 306 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 307 L2CAP_LM_SECURE; 308 break; 309 default: 310 opt = 0; 311 break; 312 } 313 314 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 315 opt |= L2CAP_LM_MASTER; 316 317 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 318 opt |= L2CAP_LM_RELIABLE; 319 320 if (put_user(opt, (u32 __user *) optval)) 321 err = -EFAULT; 322 break; 323 324 case L2CAP_CONNINFO: 325 if (sk->sk_state != BT_CONNECTED && 326 !(sk->sk_state == BT_CONNECT2 && 327 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 328 err = -ENOTCONN; 329 break; 330 } 331 332 memset(&cinfo, 0, sizeof(cinfo)); 333 cinfo.hci_handle = chan->conn->hcon->handle; 334 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 335 336 len = min_t(unsigned int, len, sizeof(cinfo)); 337 if (copy_to_user(optval, (char *) &cinfo, len)) 338 err = -EFAULT; 339 340 break; 341 342 default: 343 err = -ENOPROTOOPT; 344 break; 345 } 346 347 release_sock(sk); 348 return err; 349 } 350 351 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 352 { 353 struct sock *sk = sock->sk; 354 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 355 struct bt_security sec; 356 struct bt_power pwr; 357 int len, err = 0; 358 359 BT_DBG("sk %p", sk); 360 361 if (level == SOL_L2CAP) 362 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 363 364 if (level != SOL_BLUETOOTH) 365 return -ENOPROTOOPT; 366 367 if (get_user(len, optlen)) 368 return -EFAULT; 369 370 lock_sock(sk); 371 372 switch (optname) { 373 case BT_SECURITY: 374 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 375 chan->chan_type != L2CAP_CHAN_RAW) { 376 err = -EINVAL; 377 break; 378 } 379 380 memset(&sec, 0, sizeof(sec)); 381 if (chan->conn) 382 sec.level = chan->conn->hcon->sec_level; 383 else 384 sec.level = chan->sec_level; 385 386 if (sk->sk_state == BT_CONNECTED) 387 sec.key_size = chan->conn->hcon->enc_key_size; 388 389 len = min_t(unsigned int, len, sizeof(sec)); 390 if (copy_to_user(optval, (char *) &sec, len)) 391 err = -EFAULT; 392 393 break; 394 395 case BT_DEFER_SETUP: 396 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 397 err = -EINVAL; 398 break; 399 } 400 401 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 402 (u32 __user *) optval)) 403 err = -EFAULT; 404 405 break; 406 407 case BT_FLUSHABLE: 408 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 409 (u32 __user *) optval)) 410 err = -EFAULT; 411 412 break; 413 414 case BT_POWER: 415 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 416 && sk->sk_type != SOCK_RAW) { 417 err = -EINVAL; 418 break; 419 } 420 421 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 422 423 len = min_t(unsigned int, len, sizeof(pwr)); 424 if (copy_to_user(optval, (char *) &pwr, len)) 425 err = -EFAULT; 426 427 break; 428 429 case BT_CHANNEL_POLICY: 430 if (!enable_hs) { 431 err = -ENOPROTOOPT; 432 break; 433 } 434 435 if (put_user(chan->chan_policy, (u32 __user *) optval)) 436 err = -EFAULT; 437 break; 438 439 default: 440 err = -ENOPROTOOPT; 441 break; 442 } 443 444 release_sock(sk); 445 return err; 446 } 447 448 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 449 { 450 switch (chan->scid) { 451 case L2CAP_CID_LE_DATA: 452 if (mtu < L2CAP_LE_MIN_MTU) 453 return false; 454 break; 455 456 default: 457 if (mtu < L2CAP_DEFAULT_MIN_MTU) 458 return false; 459 } 460 461 return true; 462 } 463 464 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 465 { 466 struct sock *sk = sock->sk; 467 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 468 struct l2cap_options opts; 469 int len, err = 0; 470 u32 opt; 471 472 BT_DBG("sk %p", sk); 473 474 lock_sock(sk); 475 476 switch (optname) { 477 case L2CAP_OPTIONS: 478 if (sk->sk_state == BT_CONNECTED) { 479 err = -EINVAL; 480 break; 481 } 482 483 opts.imtu = chan->imtu; 484 opts.omtu = chan->omtu; 485 opts.flush_to = chan->flush_to; 486 opts.mode = chan->mode; 487 opts.fcs = chan->fcs; 488 opts.max_tx = chan->max_tx; 489 opts.txwin_size = chan->tx_win; 490 491 len = min_t(unsigned int, sizeof(opts), optlen); 492 if (copy_from_user((char *) &opts, optval, len)) { 493 err = -EFAULT; 494 break; 495 } 496 497 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 498 err = -EINVAL; 499 break; 500 } 501 502 if (!l2cap_valid_mtu(chan, opts.imtu)) { 503 err = -EINVAL; 504 break; 505 } 506 507 chan->mode = opts.mode; 508 switch (chan->mode) { 509 case L2CAP_MODE_BASIC: 510 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 511 break; 512 case L2CAP_MODE_ERTM: 513 case L2CAP_MODE_STREAMING: 514 if (!disable_ertm) 515 break; 516 /* fall through */ 517 default: 518 err = -EINVAL; 519 break; 520 } 521 522 chan->imtu = opts.imtu; 523 chan->omtu = opts.omtu; 524 chan->fcs = opts.fcs; 525 chan->max_tx = opts.max_tx; 526 chan->tx_win = opts.txwin_size; 527 break; 528 529 case L2CAP_LM: 530 if (get_user(opt, (u32 __user *) optval)) { 531 err = -EFAULT; 532 break; 533 } 534 535 if (opt & L2CAP_LM_AUTH) 536 chan->sec_level = BT_SECURITY_LOW; 537 if (opt & L2CAP_LM_ENCRYPT) 538 chan->sec_level = BT_SECURITY_MEDIUM; 539 if (opt & L2CAP_LM_SECURE) 540 chan->sec_level = BT_SECURITY_HIGH; 541 542 if (opt & L2CAP_LM_MASTER) 543 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 544 else 545 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 546 547 if (opt & L2CAP_LM_RELIABLE) 548 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 549 else 550 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 551 break; 552 553 default: 554 err = -ENOPROTOOPT; 555 break; 556 } 557 558 release_sock(sk); 559 return err; 560 } 561 562 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 563 { 564 struct sock *sk = sock->sk; 565 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 566 struct bt_security sec; 567 struct bt_power pwr; 568 struct l2cap_conn *conn; 569 int len, err = 0; 570 u32 opt; 571 572 BT_DBG("sk %p", sk); 573 574 if (level == SOL_L2CAP) 575 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 576 577 if (level != SOL_BLUETOOTH) 578 return -ENOPROTOOPT; 579 580 lock_sock(sk); 581 582 switch (optname) { 583 case BT_SECURITY: 584 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 585 chan->chan_type != L2CAP_CHAN_RAW) { 586 err = -EINVAL; 587 break; 588 } 589 590 sec.level = BT_SECURITY_LOW; 591 592 len = min_t(unsigned int, sizeof(sec), optlen); 593 if (copy_from_user((char *) &sec, optval, len)) { 594 err = -EFAULT; 595 break; 596 } 597 598 if (sec.level < BT_SECURITY_LOW || 599 sec.level > BT_SECURITY_HIGH) { 600 err = -EINVAL; 601 break; 602 } 603 604 chan->sec_level = sec.level; 605 606 if (!chan->conn) 607 break; 608 609 conn = chan->conn; 610 611 /*change security for LE channels */ 612 if (chan->scid == L2CAP_CID_LE_DATA) { 613 if (!conn->hcon->out) { 614 err = -EINVAL; 615 break; 616 } 617 618 if (smp_conn_security(conn, sec.level)) 619 break; 620 sk->sk_state = BT_CONFIG; 621 chan->state = BT_CONFIG; 622 623 /* or for ACL link */ 624 } else if ((sk->sk_state == BT_CONNECT2 && 625 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 626 sk->sk_state == BT_CONNECTED) { 627 if (!l2cap_chan_check_security(chan)) 628 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 629 else 630 sk->sk_state_change(sk); 631 } else { 632 err = -EINVAL; 633 } 634 break; 635 636 case BT_DEFER_SETUP: 637 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 638 err = -EINVAL; 639 break; 640 } 641 642 if (get_user(opt, (u32 __user *) optval)) { 643 err = -EFAULT; 644 break; 645 } 646 647 if (opt) 648 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 649 else 650 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 651 break; 652 653 case BT_FLUSHABLE: 654 if (get_user(opt, (u32 __user *) optval)) { 655 err = -EFAULT; 656 break; 657 } 658 659 if (opt > BT_FLUSHABLE_ON) { 660 err = -EINVAL; 661 break; 662 } 663 664 if (opt == BT_FLUSHABLE_OFF) { 665 struct l2cap_conn *conn = chan->conn; 666 /* proceed further only when we have l2cap_conn and 667 No Flush support in the LM */ 668 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 669 err = -EINVAL; 670 break; 671 } 672 } 673 674 if (opt) 675 set_bit(FLAG_FLUSHABLE, &chan->flags); 676 else 677 clear_bit(FLAG_FLUSHABLE, &chan->flags); 678 break; 679 680 case BT_POWER: 681 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 682 chan->chan_type != L2CAP_CHAN_RAW) { 683 err = -EINVAL; 684 break; 685 } 686 687 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 688 689 len = min_t(unsigned int, sizeof(pwr), optlen); 690 if (copy_from_user((char *) &pwr, optval, len)) { 691 err = -EFAULT; 692 break; 693 } 694 695 if (pwr.force_active) 696 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 697 else 698 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 699 break; 700 701 case BT_CHANNEL_POLICY: 702 if (!enable_hs) { 703 err = -ENOPROTOOPT; 704 break; 705 } 706 707 if (get_user(opt, (u32 __user *) optval)) { 708 err = -EFAULT; 709 break; 710 } 711 712 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 713 err = -EINVAL; 714 break; 715 } 716 717 if (chan->mode != L2CAP_MODE_ERTM && 718 chan->mode != L2CAP_MODE_STREAMING) { 719 err = -EOPNOTSUPP; 720 break; 721 } 722 723 chan->chan_policy = (u8) opt; 724 break; 725 726 default: 727 err = -ENOPROTOOPT; 728 break; 729 } 730 731 release_sock(sk); 732 return err; 733 } 734 735 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 736 { 737 struct sock *sk = sock->sk; 738 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 739 int err; 740 741 BT_DBG("sock %p, sk %p", sock, sk); 742 743 err = sock_error(sk); 744 if (err) 745 return err; 746 747 if (msg->msg_flags & MSG_OOB) 748 return -EOPNOTSUPP; 749 750 if (sk->sk_state != BT_CONNECTED) 751 return -ENOTCONN; 752 753 l2cap_chan_lock(chan); 754 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 755 l2cap_chan_unlock(chan); 756 757 return err; 758 } 759 760 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 761 { 762 struct sock *sk = sock->sk; 763 struct l2cap_pinfo *pi = l2cap_pi(sk); 764 int err; 765 766 lock_sock(sk); 767 768 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 769 &bt_sk(sk)->flags)) { 770 sk->sk_state = BT_CONFIG; 771 pi->chan->state = BT_CONFIG; 772 773 __l2cap_connect_rsp_defer(pi->chan); 774 release_sock(sk); 775 return 0; 776 } 777 778 release_sock(sk); 779 780 if (sock->type == SOCK_STREAM) 781 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 782 else 783 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 784 785 if (pi->chan->mode != L2CAP_MODE_ERTM) 786 return err; 787 788 /* Attempt to put pending rx data in the socket buffer */ 789 790 lock_sock(sk); 791 792 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 793 goto done; 794 795 if (pi->rx_busy_skb) { 796 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 797 pi->rx_busy_skb = NULL; 798 else 799 goto done; 800 } 801 802 /* Restore data flow when half of the receive buffer is 803 * available. This avoids resending large numbers of 804 * frames. 805 */ 806 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 807 l2cap_chan_busy(pi->chan, 0); 808 809 done: 810 release_sock(sk); 811 return err; 812 } 813 814 /* Kill socket (only if zapped and orphan) 815 * Must be called on unlocked socket. 816 */ 817 static void l2cap_sock_kill(struct sock *sk) 818 { 819 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 820 return; 821 822 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 823 824 /* Kill poor orphan */ 825 826 l2cap_chan_destroy(l2cap_pi(sk)->chan); 827 sock_set_flag(sk, SOCK_DEAD); 828 sock_put(sk); 829 } 830 831 static int l2cap_sock_shutdown(struct socket *sock, int how) 832 { 833 struct sock *sk = sock->sk; 834 struct l2cap_chan *chan; 835 struct l2cap_conn *conn; 836 int err = 0; 837 838 BT_DBG("sock %p, sk %p", sock, sk); 839 840 if (!sk) 841 return 0; 842 843 chan = l2cap_pi(sk)->chan; 844 conn = chan->conn; 845 846 if (conn) 847 mutex_lock(&conn->chan_lock); 848 849 l2cap_chan_lock(chan); 850 lock_sock(sk); 851 852 if (!sk->sk_shutdown) { 853 if (chan->mode == L2CAP_MODE_ERTM) 854 err = __l2cap_wait_ack(sk); 855 856 sk->sk_shutdown = SHUTDOWN_MASK; 857 858 release_sock(sk); 859 l2cap_chan_close(chan, 0); 860 lock_sock(sk); 861 862 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 863 err = bt_sock_wait_state(sk, BT_CLOSED, 864 sk->sk_lingertime); 865 } 866 867 if (!err && sk->sk_err) 868 err = -sk->sk_err; 869 870 release_sock(sk); 871 l2cap_chan_unlock(chan); 872 873 if (conn) 874 mutex_unlock(&conn->chan_lock); 875 876 return err; 877 } 878 879 static int l2cap_sock_release(struct socket *sock) 880 { 881 struct sock *sk = sock->sk; 882 int err; 883 884 BT_DBG("sock %p, sk %p", sock, sk); 885 886 if (!sk) 887 return 0; 888 889 err = l2cap_sock_shutdown(sock, 2); 890 891 sock_orphan(sk); 892 l2cap_sock_kill(sk); 893 return err; 894 } 895 896 static void l2cap_sock_cleanup_listen(struct sock *parent) 897 { 898 struct sock *sk; 899 900 BT_DBG("parent %p", parent); 901 902 /* Close not yet accepted channels */ 903 while ((sk = bt_accept_dequeue(parent, NULL))) { 904 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 905 906 l2cap_chan_lock(chan); 907 __clear_chan_timer(chan); 908 l2cap_chan_close(chan, ECONNRESET); 909 l2cap_chan_unlock(chan); 910 911 l2cap_sock_kill(sk); 912 } 913 } 914 915 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 916 { 917 struct sock *sk, *parent = chan->data; 918 919 /* Check for backlog size */ 920 if (sk_acceptq_is_full(parent)) { 921 BT_DBG("backlog full %d", parent->sk_ack_backlog); 922 return NULL; 923 } 924 925 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 926 GFP_ATOMIC); 927 if (!sk) 928 return NULL; 929 930 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 931 932 l2cap_sock_init(sk, parent); 933 934 return l2cap_pi(sk)->chan; 935 } 936 937 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 938 { 939 int err; 940 struct sock *sk = chan->data; 941 struct l2cap_pinfo *pi = l2cap_pi(sk); 942 943 lock_sock(sk); 944 945 if (pi->rx_busy_skb) { 946 err = -ENOMEM; 947 goto done; 948 } 949 950 err = sock_queue_rcv_skb(sk, skb); 951 952 /* For ERTM, handle one skb that doesn't fit into the recv 953 * buffer. This is important to do because the data frames 954 * have already been acked, so the skb cannot be discarded. 955 * 956 * Notify the l2cap core that the buffer is full, so the 957 * LOCAL_BUSY state is entered and no more frames are 958 * acked and reassembled until there is buffer space 959 * available. 960 */ 961 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 962 pi->rx_busy_skb = skb; 963 l2cap_chan_busy(pi->chan, 1); 964 err = 0; 965 } 966 967 done: 968 release_sock(sk); 969 970 return err; 971 } 972 973 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 974 { 975 struct sock *sk = chan->data; 976 977 l2cap_sock_kill(sk); 978 } 979 980 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 981 { 982 struct sock *sk = chan->data; 983 struct sock *parent; 984 985 lock_sock(sk); 986 987 parent = bt_sk(sk)->parent; 988 989 sock_set_flag(sk, SOCK_ZAPPED); 990 991 switch (chan->state) { 992 case BT_OPEN: 993 case BT_BOUND: 994 case BT_CLOSED: 995 break; 996 case BT_LISTEN: 997 l2cap_sock_cleanup_listen(sk); 998 sk->sk_state = BT_CLOSED; 999 chan->state = BT_CLOSED; 1000 1001 break; 1002 default: 1003 sk->sk_state = BT_CLOSED; 1004 chan->state = BT_CLOSED; 1005 1006 sk->sk_err = err; 1007 1008 if (parent) { 1009 bt_accept_unlink(sk); 1010 parent->sk_data_ready(parent, 0); 1011 } else { 1012 sk->sk_state_change(sk); 1013 } 1014 1015 break; 1016 } 1017 1018 release_sock(sk); 1019 } 1020 1021 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1022 { 1023 struct sock *sk = chan->data; 1024 1025 sk->sk_state = state; 1026 } 1027 1028 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1029 unsigned long len, int nb) 1030 { 1031 struct sk_buff *skb; 1032 int err; 1033 1034 l2cap_chan_unlock(chan); 1035 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1036 l2cap_chan_lock(chan); 1037 1038 if (!skb) 1039 return ERR_PTR(err); 1040 1041 return skb; 1042 } 1043 1044 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1045 { 1046 struct sock *sk = chan->data; 1047 struct sock *parent; 1048 1049 lock_sock(sk); 1050 1051 parent = bt_sk(sk)->parent; 1052 1053 BT_DBG("sk %p, parent %p", sk, parent); 1054 1055 sk->sk_state = BT_CONNECTED; 1056 sk->sk_state_change(sk); 1057 1058 if (parent) 1059 parent->sk_data_ready(parent, 0); 1060 1061 release_sock(sk); 1062 } 1063 1064 static struct l2cap_ops l2cap_chan_ops = { 1065 .name = "L2CAP Socket Interface", 1066 .new_connection = l2cap_sock_new_connection_cb, 1067 .recv = l2cap_sock_recv_cb, 1068 .close = l2cap_sock_close_cb, 1069 .teardown = l2cap_sock_teardown_cb, 1070 .state_change = l2cap_sock_state_change_cb, 1071 .ready = l2cap_sock_ready_cb, 1072 .alloc_skb = l2cap_sock_alloc_skb_cb, 1073 }; 1074 1075 static void l2cap_sock_destruct(struct sock *sk) 1076 { 1077 BT_DBG("sk %p", sk); 1078 1079 l2cap_chan_put(l2cap_pi(sk)->chan); 1080 if (l2cap_pi(sk)->rx_busy_skb) { 1081 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1082 l2cap_pi(sk)->rx_busy_skb = NULL; 1083 } 1084 1085 skb_queue_purge(&sk->sk_receive_queue); 1086 skb_queue_purge(&sk->sk_write_queue); 1087 } 1088 1089 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1090 { 1091 struct l2cap_pinfo *pi = l2cap_pi(sk); 1092 struct l2cap_chan *chan = pi->chan; 1093 1094 BT_DBG("sk %p", sk); 1095 1096 if (parent) { 1097 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1098 1099 sk->sk_type = parent->sk_type; 1100 bt_sk(sk)->flags = bt_sk(parent)->flags; 1101 1102 chan->chan_type = pchan->chan_type; 1103 chan->imtu = pchan->imtu; 1104 chan->omtu = pchan->omtu; 1105 chan->conf_state = pchan->conf_state; 1106 chan->mode = pchan->mode; 1107 chan->fcs = pchan->fcs; 1108 chan->max_tx = pchan->max_tx; 1109 chan->tx_win = pchan->tx_win; 1110 chan->tx_win_max = pchan->tx_win_max; 1111 chan->sec_level = pchan->sec_level; 1112 chan->flags = pchan->flags; 1113 1114 security_sk_clone(parent, sk); 1115 } else { 1116 1117 switch (sk->sk_type) { 1118 case SOCK_RAW: 1119 chan->chan_type = L2CAP_CHAN_RAW; 1120 break; 1121 case SOCK_DGRAM: 1122 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1123 break; 1124 case SOCK_SEQPACKET: 1125 case SOCK_STREAM: 1126 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1127 break; 1128 } 1129 1130 chan->imtu = L2CAP_DEFAULT_MTU; 1131 chan->omtu = 0; 1132 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1133 chan->mode = L2CAP_MODE_ERTM; 1134 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1135 } else { 1136 chan->mode = L2CAP_MODE_BASIC; 1137 } 1138 1139 l2cap_chan_set_defaults(chan); 1140 } 1141 1142 /* Default config options */ 1143 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1144 1145 chan->data = sk; 1146 chan->ops = &l2cap_chan_ops; 1147 } 1148 1149 static struct proto l2cap_proto = { 1150 .name = "L2CAP", 1151 .owner = THIS_MODULE, 1152 .obj_size = sizeof(struct l2cap_pinfo) 1153 }; 1154 1155 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1156 { 1157 struct sock *sk; 1158 struct l2cap_chan *chan; 1159 1160 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1161 if (!sk) 1162 return NULL; 1163 1164 sock_init_data(sock, sk); 1165 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1166 1167 sk->sk_destruct = l2cap_sock_destruct; 1168 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1169 1170 sock_reset_flag(sk, SOCK_ZAPPED); 1171 1172 sk->sk_protocol = proto; 1173 sk->sk_state = BT_OPEN; 1174 1175 chan = l2cap_chan_create(); 1176 if (!chan) { 1177 l2cap_sock_kill(sk); 1178 return NULL; 1179 } 1180 1181 l2cap_chan_hold(chan); 1182 1183 chan->sk = sk; 1184 1185 l2cap_pi(sk)->chan = chan; 1186 1187 return sk; 1188 } 1189 1190 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1191 int kern) 1192 { 1193 struct sock *sk; 1194 1195 BT_DBG("sock %p", sock); 1196 1197 sock->state = SS_UNCONNECTED; 1198 1199 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1200 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1201 return -ESOCKTNOSUPPORT; 1202 1203 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1204 return -EPERM; 1205 1206 sock->ops = &l2cap_sock_ops; 1207 1208 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1209 if (!sk) 1210 return -ENOMEM; 1211 1212 l2cap_sock_init(sk, NULL); 1213 return 0; 1214 } 1215 1216 static const struct proto_ops l2cap_sock_ops = { 1217 .family = PF_BLUETOOTH, 1218 .owner = THIS_MODULE, 1219 .release = l2cap_sock_release, 1220 .bind = l2cap_sock_bind, 1221 .connect = l2cap_sock_connect, 1222 .listen = l2cap_sock_listen, 1223 .accept = l2cap_sock_accept, 1224 .getname = l2cap_sock_getname, 1225 .sendmsg = l2cap_sock_sendmsg, 1226 .recvmsg = l2cap_sock_recvmsg, 1227 .poll = bt_sock_poll, 1228 .ioctl = bt_sock_ioctl, 1229 .mmap = sock_no_mmap, 1230 .socketpair = sock_no_socketpair, 1231 .shutdown = l2cap_sock_shutdown, 1232 .setsockopt = l2cap_sock_setsockopt, 1233 .getsockopt = l2cap_sock_getsockopt 1234 }; 1235 1236 static const struct net_proto_family l2cap_sock_family_ops = { 1237 .family = PF_BLUETOOTH, 1238 .owner = THIS_MODULE, 1239 .create = l2cap_sock_create, 1240 }; 1241 1242 int __init l2cap_init_sockets(void) 1243 { 1244 int err; 1245 1246 err = proto_register(&l2cap_proto, 0); 1247 if (err < 0) 1248 return err; 1249 1250 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1251 if (err < 0) 1252 goto error; 1253 1254 BT_INFO("L2CAP socket layer initialized"); 1255 1256 return 0; 1257 1258 error: 1259 BT_ERR("L2CAP socket registration failed"); 1260 proto_unregister(&l2cap_proto); 1261 return err; 1262 } 1263 1264 void l2cap_cleanup_sockets(void) 1265 { 1266 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1267 BT_ERR("L2CAP socket unregistration failed"); 1268 1269 proto_unregister(&l2cap_proto); 1270 } 1271