1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/security.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/smp.h> 37 38 static const struct proto_ops l2cap_sock_ops; 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43 { 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101 done: 102 release_sock(sk); 103 return err; 104 } 105 106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107 { 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 127 &la.l2_bdaddr); 128 if (err) 129 return err; 130 131 lock_sock(sk); 132 133 err = bt_sock_wait_state(sk, BT_CONNECTED, 134 sock_sndtimeo(sk, flags & O_NONBLOCK)); 135 136 release_sock(sk); 137 138 return err; 139 } 140 141 static int l2cap_sock_listen(struct socket *sock, int backlog) 142 { 143 struct sock *sk = sock->sk; 144 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 145 int err = 0; 146 147 BT_DBG("sk %p backlog %d", sk, backlog); 148 149 lock_sock(sk); 150 151 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 152 || sk->sk_state != BT_BOUND) { 153 err = -EBADFD; 154 goto done; 155 } 156 157 switch (chan->mode) { 158 case L2CAP_MODE_BASIC: 159 break; 160 case L2CAP_MODE_ERTM: 161 case L2CAP_MODE_STREAMING: 162 if (!disable_ertm) 163 break; 164 /* fall through */ 165 default: 166 err = -ENOTSUPP; 167 goto done; 168 } 169 170 sk->sk_max_ack_backlog = backlog; 171 sk->sk_ack_backlog = 0; 172 173 chan->state = BT_LISTEN; 174 sk->sk_state = BT_LISTEN; 175 176 done: 177 release_sock(sk); 178 return err; 179 } 180 181 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 182 { 183 DECLARE_WAITQUEUE(wait, current); 184 struct sock *sk = sock->sk, *nsk; 185 long timeo; 186 int err = 0; 187 188 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 189 190 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 191 192 BT_DBG("sk %p timeo %ld", sk, timeo); 193 194 /* Wait for an incoming connection. (wake-one). */ 195 add_wait_queue_exclusive(sk_sleep(sk), &wait); 196 while (1) { 197 set_current_state(TASK_INTERRUPTIBLE); 198 199 if (sk->sk_state != BT_LISTEN) { 200 err = -EBADFD; 201 break; 202 } 203 204 nsk = bt_accept_dequeue(sk, newsock); 205 if (nsk) 206 break; 207 208 if (!timeo) { 209 err = -EAGAIN; 210 break; 211 } 212 213 if (signal_pending(current)) { 214 err = sock_intr_errno(timeo); 215 break; 216 } 217 218 release_sock(sk); 219 timeo = schedule_timeout(timeo); 220 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 221 } 222 __set_current_state(TASK_RUNNING); 223 remove_wait_queue(sk_sleep(sk), &wait); 224 225 if (err) 226 goto done; 227 228 newsock->state = SS_CONNECTED; 229 230 BT_DBG("new socket %p", nsk); 231 232 done: 233 release_sock(sk); 234 return err; 235 } 236 237 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 238 { 239 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 240 struct sock *sk = sock->sk; 241 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 242 243 BT_DBG("sock %p, sk %p", sock, sk); 244 245 addr->sa_family = AF_BLUETOOTH; 246 *len = sizeof(struct sockaddr_l2); 247 248 if (peer) { 249 la->l2_psm = chan->psm; 250 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 251 la->l2_cid = cpu_to_le16(chan->dcid); 252 } else { 253 la->l2_psm = chan->sport; 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 255 la->l2_cid = cpu_to_le16(chan->scid); 256 } 257 258 return 0; 259 } 260 261 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 262 { 263 struct sock *sk = sock->sk; 264 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 265 struct l2cap_options opts; 266 struct l2cap_conninfo cinfo; 267 int len, err = 0; 268 u32 opt; 269 270 BT_DBG("sk %p", sk); 271 272 if (get_user(len, optlen)) 273 return -EFAULT; 274 275 lock_sock(sk); 276 277 switch (optname) { 278 case L2CAP_OPTIONS: 279 memset(&opts, 0, sizeof(opts)); 280 opts.imtu = chan->imtu; 281 opts.omtu = chan->omtu; 282 opts.flush_to = chan->flush_to; 283 opts.mode = chan->mode; 284 opts.fcs = chan->fcs; 285 opts.max_tx = chan->max_tx; 286 opts.txwin_size = chan->tx_win; 287 288 len = min_t(unsigned int, len, sizeof(opts)); 289 if (copy_to_user(optval, (char *) &opts, len)) 290 err = -EFAULT; 291 292 break; 293 294 case L2CAP_LM: 295 switch (chan->sec_level) { 296 case BT_SECURITY_LOW: 297 opt = L2CAP_LM_AUTH; 298 break; 299 case BT_SECURITY_MEDIUM: 300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 301 break; 302 case BT_SECURITY_HIGH: 303 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 304 L2CAP_LM_SECURE; 305 break; 306 default: 307 opt = 0; 308 break; 309 } 310 311 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 312 opt |= L2CAP_LM_MASTER; 313 314 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 315 opt |= L2CAP_LM_RELIABLE; 316 317 if (put_user(opt, (u32 __user *) optval)) 318 err = -EFAULT; 319 break; 320 321 case L2CAP_CONNINFO: 322 if (sk->sk_state != BT_CONNECTED && 323 !(sk->sk_state == BT_CONNECT2 && 324 bt_sk(sk)->defer_setup)) { 325 err = -ENOTCONN; 326 break; 327 } 328 329 memset(&cinfo, 0, sizeof(cinfo)); 330 cinfo.hci_handle = chan->conn->hcon->handle; 331 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 332 333 len = min_t(unsigned int, len, sizeof(cinfo)); 334 if (copy_to_user(optval, (char *) &cinfo, len)) 335 err = -EFAULT; 336 337 break; 338 339 default: 340 err = -ENOPROTOOPT; 341 break; 342 } 343 344 release_sock(sk); 345 return err; 346 } 347 348 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 349 { 350 struct sock *sk = sock->sk; 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 352 struct bt_security sec; 353 struct bt_power pwr; 354 int len, err = 0; 355 356 BT_DBG("sk %p", sk); 357 358 if (level == SOL_L2CAP) 359 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 360 361 if (level != SOL_BLUETOOTH) 362 return -ENOPROTOOPT; 363 364 if (get_user(len, optlen)) 365 return -EFAULT; 366 367 lock_sock(sk); 368 369 switch (optname) { 370 case BT_SECURITY: 371 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 372 chan->chan_type != L2CAP_CHAN_RAW) { 373 err = -EINVAL; 374 break; 375 } 376 377 memset(&sec, 0, sizeof(sec)); 378 sec.level = chan->sec_level; 379 380 if (sk->sk_state == BT_CONNECTED) 381 sec.key_size = chan->conn->hcon->enc_key_size; 382 383 len = min_t(unsigned int, len, sizeof(sec)); 384 if (copy_to_user(optval, (char *) &sec, len)) 385 err = -EFAULT; 386 387 break; 388 389 case BT_DEFER_SETUP: 390 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 391 err = -EINVAL; 392 break; 393 } 394 395 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 396 err = -EFAULT; 397 398 break; 399 400 case BT_FLUSHABLE: 401 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 402 (u32 __user *) optval)) 403 err = -EFAULT; 404 405 break; 406 407 case BT_POWER: 408 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 409 && sk->sk_type != SOCK_RAW) { 410 err = -EINVAL; 411 break; 412 } 413 414 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 415 416 len = min_t(unsigned int, len, sizeof(pwr)); 417 if (copy_to_user(optval, (char *) &pwr, len)) 418 err = -EFAULT; 419 420 break; 421 422 case BT_CHANNEL_POLICY: 423 if (!enable_hs) { 424 err = -ENOPROTOOPT; 425 break; 426 } 427 428 if (put_user(chan->chan_policy, (u32 __user *) optval)) 429 err = -EFAULT; 430 break; 431 432 default: 433 err = -ENOPROTOOPT; 434 break; 435 } 436 437 release_sock(sk); 438 return err; 439 } 440 441 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 442 { 443 struct sock *sk = sock->sk; 444 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 445 struct l2cap_options opts; 446 int len, err = 0; 447 u32 opt; 448 449 BT_DBG("sk %p", sk); 450 451 lock_sock(sk); 452 453 switch (optname) { 454 case L2CAP_OPTIONS: 455 if (sk->sk_state == BT_CONNECTED) { 456 err = -EINVAL; 457 break; 458 } 459 460 opts.imtu = chan->imtu; 461 opts.omtu = chan->omtu; 462 opts.flush_to = chan->flush_to; 463 opts.mode = chan->mode; 464 opts.fcs = chan->fcs; 465 opts.max_tx = chan->max_tx; 466 opts.txwin_size = chan->tx_win; 467 468 len = min_t(unsigned int, sizeof(opts), optlen); 469 if (copy_from_user((char *) &opts, optval, len)) { 470 err = -EFAULT; 471 break; 472 } 473 474 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 475 err = -EINVAL; 476 break; 477 } 478 479 chan->mode = opts.mode; 480 switch (chan->mode) { 481 case L2CAP_MODE_BASIC: 482 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 483 break; 484 case L2CAP_MODE_ERTM: 485 case L2CAP_MODE_STREAMING: 486 if (!disable_ertm) 487 break; 488 /* fall through */ 489 default: 490 err = -EINVAL; 491 break; 492 } 493 494 chan->imtu = opts.imtu; 495 chan->omtu = opts.omtu; 496 chan->fcs = opts.fcs; 497 chan->max_tx = opts.max_tx; 498 chan->tx_win = opts.txwin_size; 499 break; 500 501 case L2CAP_LM: 502 if (get_user(opt, (u32 __user *) optval)) { 503 err = -EFAULT; 504 break; 505 } 506 507 if (opt & L2CAP_LM_AUTH) 508 chan->sec_level = BT_SECURITY_LOW; 509 if (opt & L2CAP_LM_ENCRYPT) 510 chan->sec_level = BT_SECURITY_MEDIUM; 511 if (opt & L2CAP_LM_SECURE) 512 chan->sec_level = BT_SECURITY_HIGH; 513 514 if (opt & L2CAP_LM_MASTER) 515 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 516 else 517 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 518 519 if (opt & L2CAP_LM_RELIABLE) 520 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 521 else 522 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 523 break; 524 525 default: 526 err = -ENOPROTOOPT; 527 break; 528 } 529 530 release_sock(sk); 531 return err; 532 } 533 534 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 535 { 536 struct sock *sk = sock->sk; 537 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 538 struct bt_security sec; 539 struct bt_power pwr; 540 struct l2cap_conn *conn; 541 int len, err = 0; 542 u32 opt; 543 544 BT_DBG("sk %p", sk); 545 546 if (level == SOL_L2CAP) 547 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 548 549 if (level != SOL_BLUETOOTH) 550 return -ENOPROTOOPT; 551 552 lock_sock(sk); 553 554 switch (optname) { 555 case BT_SECURITY: 556 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 557 chan->chan_type != L2CAP_CHAN_RAW) { 558 err = -EINVAL; 559 break; 560 } 561 562 sec.level = BT_SECURITY_LOW; 563 564 len = min_t(unsigned int, sizeof(sec), optlen); 565 if (copy_from_user((char *) &sec, optval, len)) { 566 err = -EFAULT; 567 break; 568 } 569 570 if (sec.level < BT_SECURITY_LOW || 571 sec.level > BT_SECURITY_HIGH) { 572 err = -EINVAL; 573 break; 574 } 575 576 chan->sec_level = sec.level; 577 578 if (!chan->conn) 579 break; 580 581 conn = chan->conn; 582 583 /*change security for LE channels */ 584 if (chan->scid == L2CAP_CID_LE_DATA) { 585 if (!conn->hcon->out) { 586 err = -EINVAL; 587 break; 588 } 589 590 if (smp_conn_security(conn, sec.level)) 591 break; 592 sk->sk_state = BT_CONFIG; 593 chan->state = BT_CONFIG; 594 595 /* or for ACL link, under defer_setup time */ 596 } else if (sk->sk_state == BT_CONNECT2 && 597 bt_sk(sk)->defer_setup) { 598 err = l2cap_chan_check_security(chan); 599 } else { 600 err = -EINVAL; 601 } 602 break; 603 604 case BT_DEFER_SETUP: 605 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 606 err = -EINVAL; 607 break; 608 } 609 610 if (get_user(opt, (u32 __user *) optval)) { 611 err = -EFAULT; 612 break; 613 } 614 615 bt_sk(sk)->defer_setup = opt; 616 break; 617 618 case BT_FLUSHABLE: 619 if (get_user(opt, (u32 __user *) optval)) { 620 err = -EFAULT; 621 break; 622 } 623 624 if (opt > BT_FLUSHABLE_ON) { 625 err = -EINVAL; 626 break; 627 } 628 629 if (opt == BT_FLUSHABLE_OFF) { 630 struct l2cap_conn *conn = chan->conn; 631 /* proceed further only when we have l2cap_conn and 632 No Flush support in the LM */ 633 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 634 err = -EINVAL; 635 break; 636 } 637 } 638 639 if (opt) 640 set_bit(FLAG_FLUSHABLE, &chan->flags); 641 else 642 clear_bit(FLAG_FLUSHABLE, &chan->flags); 643 break; 644 645 case BT_POWER: 646 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 647 chan->chan_type != L2CAP_CHAN_RAW) { 648 err = -EINVAL; 649 break; 650 } 651 652 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 653 654 len = min_t(unsigned int, sizeof(pwr), optlen); 655 if (copy_from_user((char *) &pwr, optval, len)) { 656 err = -EFAULT; 657 break; 658 } 659 660 if (pwr.force_active) 661 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 662 else 663 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 664 break; 665 666 case BT_CHANNEL_POLICY: 667 if (!enable_hs) { 668 err = -ENOPROTOOPT; 669 break; 670 } 671 672 if (get_user(opt, (u32 __user *) optval)) { 673 err = -EFAULT; 674 break; 675 } 676 677 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 678 err = -EINVAL; 679 break; 680 } 681 682 if (chan->mode != L2CAP_MODE_ERTM && 683 chan->mode != L2CAP_MODE_STREAMING) { 684 err = -EOPNOTSUPP; 685 break; 686 } 687 688 chan->chan_policy = (u8) opt; 689 break; 690 691 default: 692 err = -ENOPROTOOPT; 693 break; 694 } 695 696 release_sock(sk); 697 return err; 698 } 699 700 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 701 { 702 struct sock *sk = sock->sk; 703 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 704 int err; 705 706 BT_DBG("sock %p, sk %p", sock, sk); 707 708 err = sock_error(sk); 709 if (err) 710 return err; 711 712 if (msg->msg_flags & MSG_OOB) 713 return -EOPNOTSUPP; 714 715 lock_sock(sk); 716 717 if (sk->sk_state != BT_CONNECTED) { 718 release_sock(sk); 719 return -ENOTCONN; 720 } 721 722 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 723 724 release_sock(sk); 725 return err; 726 } 727 728 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 729 { 730 struct sock *sk = sock->sk; 731 struct l2cap_pinfo *pi = l2cap_pi(sk); 732 int err; 733 734 lock_sock(sk); 735 736 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 737 sk->sk_state = BT_CONFIG; 738 pi->chan->state = BT_CONFIG; 739 740 __l2cap_connect_rsp_defer(pi->chan); 741 release_sock(sk); 742 return 0; 743 } 744 745 release_sock(sk); 746 747 if (sock->type == SOCK_STREAM) 748 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 749 else 750 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 751 752 if (pi->chan->mode != L2CAP_MODE_ERTM) 753 return err; 754 755 /* Attempt to put pending rx data in the socket buffer */ 756 757 lock_sock(sk); 758 759 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 760 goto done; 761 762 if (pi->rx_busy_skb) { 763 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 764 pi->rx_busy_skb = NULL; 765 else 766 goto done; 767 } 768 769 /* Restore data flow when half of the receive buffer is 770 * available. This avoids resending large numbers of 771 * frames. 772 */ 773 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 774 l2cap_chan_busy(pi->chan, 0); 775 776 done: 777 release_sock(sk); 778 return err; 779 } 780 781 /* Kill socket (only if zapped and orphan) 782 * Must be called on unlocked socket. 783 */ 784 static void l2cap_sock_kill(struct sock *sk) 785 { 786 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 787 return; 788 789 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 790 791 /* Kill poor orphan */ 792 793 l2cap_chan_destroy(l2cap_pi(sk)->chan); 794 sock_set_flag(sk, SOCK_DEAD); 795 sock_put(sk); 796 } 797 798 static int l2cap_sock_shutdown(struct socket *sock, int how) 799 { 800 struct sock *sk = sock->sk; 801 struct l2cap_chan *chan; 802 struct l2cap_conn *conn; 803 int err = 0; 804 805 BT_DBG("sock %p, sk %p", sock, sk); 806 807 if (!sk) 808 return 0; 809 810 chan = l2cap_pi(sk)->chan; 811 conn = chan->conn; 812 813 if (conn) 814 mutex_lock(&conn->chan_lock); 815 816 l2cap_chan_lock(chan); 817 lock_sock(sk); 818 819 if (!sk->sk_shutdown) { 820 if (chan->mode == L2CAP_MODE_ERTM) 821 err = __l2cap_wait_ack(sk); 822 823 sk->sk_shutdown = SHUTDOWN_MASK; 824 825 release_sock(sk); 826 l2cap_chan_close(chan, 0); 827 lock_sock(sk); 828 829 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 830 err = bt_sock_wait_state(sk, BT_CLOSED, 831 sk->sk_lingertime); 832 } 833 834 if (!err && sk->sk_err) 835 err = -sk->sk_err; 836 837 release_sock(sk); 838 l2cap_chan_unlock(chan); 839 840 if (conn) 841 mutex_unlock(&conn->chan_lock); 842 843 return err; 844 } 845 846 static int l2cap_sock_release(struct socket *sock) 847 { 848 struct sock *sk = sock->sk; 849 int err; 850 851 BT_DBG("sock %p, sk %p", sock, sk); 852 853 if (!sk) 854 return 0; 855 856 err = l2cap_sock_shutdown(sock, 2); 857 858 sock_orphan(sk); 859 l2cap_sock_kill(sk); 860 return err; 861 } 862 863 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 864 { 865 struct sock *sk, *parent = data; 866 867 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 868 GFP_ATOMIC); 869 if (!sk) 870 return NULL; 871 872 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 873 874 l2cap_sock_init(sk, parent); 875 876 return l2cap_pi(sk)->chan; 877 } 878 879 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 880 { 881 int err; 882 struct sock *sk = data; 883 struct l2cap_pinfo *pi = l2cap_pi(sk); 884 885 lock_sock(sk); 886 887 if (pi->rx_busy_skb) { 888 err = -ENOMEM; 889 goto done; 890 } 891 892 err = sock_queue_rcv_skb(sk, skb); 893 894 /* For ERTM, handle one skb that doesn't fit into the recv 895 * buffer. This is important to do because the data frames 896 * have already been acked, so the skb cannot be discarded. 897 * 898 * Notify the l2cap core that the buffer is full, so the 899 * LOCAL_BUSY state is entered and no more frames are 900 * acked and reassembled until there is buffer space 901 * available. 902 */ 903 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 904 pi->rx_busy_skb = skb; 905 l2cap_chan_busy(pi->chan, 1); 906 err = 0; 907 } 908 909 done: 910 release_sock(sk); 911 912 return err; 913 } 914 915 static void l2cap_sock_close_cb(void *data) 916 { 917 struct sock *sk = data; 918 919 l2cap_sock_kill(sk); 920 } 921 922 static void l2cap_sock_state_change_cb(void *data, int state) 923 { 924 struct sock *sk = data; 925 926 sk->sk_state = state; 927 } 928 929 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 930 unsigned long len, int nb, 931 int *err) 932 { 933 struct sock *sk = chan->sk; 934 935 return bt_skb_send_alloc(sk, len, nb, err); 936 } 937 938 static struct l2cap_ops l2cap_chan_ops = { 939 .name = "L2CAP Socket Interface", 940 .new_connection = l2cap_sock_new_connection_cb, 941 .recv = l2cap_sock_recv_cb, 942 .close = l2cap_sock_close_cb, 943 .state_change = l2cap_sock_state_change_cb, 944 .alloc_skb = l2cap_sock_alloc_skb_cb, 945 }; 946 947 static void l2cap_sock_destruct(struct sock *sk) 948 { 949 BT_DBG("sk %p", sk); 950 951 if (l2cap_pi(sk)->rx_busy_skb) { 952 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 953 l2cap_pi(sk)->rx_busy_skb = NULL; 954 } 955 956 skb_queue_purge(&sk->sk_receive_queue); 957 skb_queue_purge(&sk->sk_write_queue); 958 } 959 960 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 961 { 962 struct l2cap_pinfo *pi = l2cap_pi(sk); 963 struct l2cap_chan *chan = pi->chan; 964 965 BT_DBG("sk %p", sk); 966 967 if (parent) { 968 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 969 970 sk->sk_type = parent->sk_type; 971 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 972 973 chan->chan_type = pchan->chan_type; 974 chan->imtu = pchan->imtu; 975 chan->omtu = pchan->omtu; 976 chan->conf_state = pchan->conf_state; 977 chan->mode = pchan->mode; 978 chan->fcs = pchan->fcs; 979 chan->max_tx = pchan->max_tx; 980 chan->tx_win = pchan->tx_win; 981 chan->tx_win_max = pchan->tx_win_max; 982 chan->sec_level = pchan->sec_level; 983 chan->flags = pchan->flags; 984 985 security_sk_clone(parent, sk); 986 } else { 987 988 switch (sk->sk_type) { 989 case SOCK_RAW: 990 chan->chan_type = L2CAP_CHAN_RAW; 991 break; 992 case SOCK_DGRAM: 993 chan->chan_type = L2CAP_CHAN_CONN_LESS; 994 break; 995 case SOCK_SEQPACKET: 996 case SOCK_STREAM: 997 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 998 break; 999 } 1000 1001 chan->imtu = L2CAP_DEFAULT_MTU; 1002 chan->omtu = 0; 1003 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1004 chan->mode = L2CAP_MODE_ERTM; 1005 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1006 } else { 1007 chan->mode = L2CAP_MODE_BASIC; 1008 } 1009 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 1010 chan->fcs = L2CAP_FCS_CRC16; 1011 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1012 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 1013 chan->sec_level = BT_SECURITY_LOW; 1014 chan->flags = 0; 1015 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 1016 } 1017 1018 /* Default config options */ 1019 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1020 1021 chan->data = sk; 1022 chan->ops = &l2cap_chan_ops; 1023 } 1024 1025 static struct proto l2cap_proto = { 1026 .name = "L2CAP", 1027 .owner = THIS_MODULE, 1028 .obj_size = sizeof(struct l2cap_pinfo) 1029 }; 1030 1031 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1032 { 1033 struct sock *sk; 1034 struct l2cap_chan *chan; 1035 1036 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1037 if (!sk) 1038 return NULL; 1039 1040 sock_init_data(sock, sk); 1041 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1042 1043 sk->sk_destruct = l2cap_sock_destruct; 1044 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1045 1046 sock_reset_flag(sk, SOCK_ZAPPED); 1047 1048 sk->sk_protocol = proto; 1049 sk->sk_state = BT_OPEN; 1050 1051 chan = l2cap_chan_create(sk); 1052 if (!chan) { 1053 l2cap_sock_kill(sk); 1054 return NULL; 1055 } 1056 1057 l2cap_pi(sk)->chan = chan; 1058 1059 return sk; 1060 } 1061 1062 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1063 int kern) 1064 { 1065 struct sock *sk; 1066 1067 BT_DBG("sock %p", sock); 1068 1069 sock->state = SS_UNCONNECTED; 1070 1071 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1072 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1073 return -ESOCKTNOSUPPORT; 1074 1075 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1076 return -EPERM; 1077 1078 sock->ops = &l2cap_sock_ops; 1079 1080 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1081 if (!sk) 1082 return -ENOMEM; 1083 1084 l2cap_sock_init(sk, NULL); 1085 return 0; 1086 } 1087 1088 static const struct proto_ops l2cap_sock_ops = { 1089 .family = PF_BLUETOOTH, 1090 .owner = THIS_MODULE, 1091 .release = l2cap_sock_release, 1092 .bind = l2cap_sock_bind, 1093 .connect = l2cap_sock_connect, 1094 .listen = l2cap_sock_listen, 1095 .accept = l2cap_sock_accept, 1096 .getname = l2cap_sock_getname, 1097 .sendmsg = l2cap_sock_sendmsg, 1098 .recvmsg = l2cap_sock_recvmsg, 1099 .poll = bt_sock_poll, 1100 .ioctl = bt_sock_ioctl, 1101 .mmap = sock_no_mmap, 1102 .socketpair = sock_no_socketpair, 1103 .shutdown = l2cap_sock_shutdown, 1104 .setsockopt = l2cap_sock_setsockopt, 1105 .getsockopt = l2cap_sock_getsockopt 1106 }; 1107 1108 static const struct net_proto_family l2cap_sock_family_ops = { 1109 .family = PF_BLUETOOTH, 1110 .owner = THIS_MODULE, 1111 .create = l2cap_sock_create, 1112 }; 1113 1114 int __init l2cap_init_sockets(void) 1115 { 1116 int err; 1117 1118 err = proto_register(&l2cap_proto, 0); 1119 if (err < 0) 1120 return err; 1121 1122 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1123 if (err < 0) 1124 goto error; 1125 1126 BT_INFO("L2CAP socket layer initialized"); 1127 1128 return 0; 1129 1130 error: 1131 BT_ERR("L2CAP socket registration failed"); 1132 proto_unregister(&l2cap_proto); 1133 return err; 1134 } 1135 1136 void l2cap_cleanup_sockets(void) 1137 { 1138 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1139 BT_ERR("L2CAP socket unregistration failed"); 1140 1141 proto_unregister(&l2cap_proto); 1142 } 1143