1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/security.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/smp.h> 37 38 static const struct proto_ops l2cap_sock_ops; 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43 { 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, la.l2_cid); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101 done: 102 release_sock(sk); 103 return err; 104 } 105 106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107 { 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr); 127 if (err) 128 goto done; 129 130 err = bt_sock_wait_state(sk, BT_CONNECTED, 131 sock_sndtimeo(sk, flags & O_NONBLOCK)); 132 done: 133 if (sock_owned_by_user(sk)) 134 release_sock(sk); 135 return err; 136 } 137 138 static int l2cap_sock_listen(struct socket *sock, int backlog) 139 { 140 struct sock *sk = sock->sk; 141 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 142 int err = 0; 143 144 BT_DBG("sk %p backlog %d", sk, backlog); 145 146 lock_sock(sk); 147 148 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 149 || sk->sk_state != BT_BOUND) { 150 err = -EBADFD; 151 goto done; 152 } 153 154 switch (chan->mode) { 155 case L2CAP_MODE_BASIC: 156 break; 157 case L2CAP_MODE_ERTM: 158 case L2CAP_MODE_STREAMING: 159 if (!disable_ertm) 160 break; 161 /* fall through */ 162 default: 163 err = -ENOTSUPP; 164 goto done; 165 } 166 167 sk->sk_max_ack_backlog = backlog; 168 sk->sk_ack_backlog = 0; 169 170 chan->state = BT_LISTEN; 171 sk->sk_state = BT_LISTEN; 172 173 done: 174 release_sock(sk); 175 return err; 176 } 177 178 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 179 { 180 DECLARE_WAITQUEUE(wait, current); 181 struct sock *sk = sock->sk, *nsk; 182 long timeo; 183 int err = 0; 184 185 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 186 187 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 188 189 BT_DBG("sk %p timeo %ld", sk, timeo); 190 191 /* Wait for an incoming connection. (wake-one). */ 192 add_wait_queue_exclusive(sk_sleep(sk), &wait); 193 while (1) { 194 set_current_state(TASK_INTERRUPTIBLE); 195 196 if (sk->sk_state != BT_LISTEN) { 197 err = -EBADFD; 198 break; 199 } 200 201 nsk = bt_accept_dequeue(sk, newsock); 202 if (nsk) 203 break; 204 205 if (!timeo) { 206 err = -EAGAIN; 207 break; 208 } 209 210 if (signal_pending(current)) { 211 err = sock_intr_errno(timeo); 212 break; 213 } 214 215 release_sock(sk); 216 timeo = schedule_timeout(timeo); 217 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 218 } 219 __set_current_state(TASK_RUNNING); 220 remove_wait_queue(sk_sleep(sk), &wait); 221 222 if (err) 223 goto done; 224 225 newsock->state = SS_CONNECTED; 226 227 BT_DBG("new socket %p", nsk); 228 229 done: 230 release_sock(sk); 231 return err; 232 } 233 234 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 235 { 236 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 237 struct sock *sk = sock->sk; 238 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 239 240 BT_DBG("sock %p, sk %p", sock, sk); 241 242 addr->sa_family = AF_BLUETOOTH; 243 *len = sizeof(struct sockaddr_l2); 244 245 if (peer) { 246 la->l2_psm = chan->psm; 247 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 248 la->l2_cid = cpu_to_le16(chan->dcid); 249 } else { 250 la->l2_psm = chan->sport; 251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 252 la->l2_cid = cpu_to_le16(chan->scid); 253 } 254 255 return 0; 256 } 257 258 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 259 { 260 struct sock *sk = sock->sk; 261 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 262 struct l2cap_options opts; 263 struct l2cap_conninfo cinfo; 264 int len, err = 0; 265 u32 opt; 266 267 BT_DBG("sk %p", sk); 268 269 if (get_user(len, optlen)) 270 return -EFAULT; 271 272 lock_sock(sk); 273 274 switch (optname) { 275 case L2CAP_OPTIONS: 276 memset(&opts, 0, sizeof(opts)); 277 opts.imtu = chan->imtu; 278 opts.omtu = chan->omtu; 279 opts.flush_to = chan->flush_to; 280 opts.mode = chan->mode; 281 opts.fcs = chan->fcs; 282 opts.max_tx = chan->max_tx; 283 opts.txwin_size = chan->tx_win; 284 285 len = min_t(unsigned int, len, sizeof(opts)); 286 if (copy_to_user(optval, (char *) &opts, len)) 287 err = -EFAULT; 288 289 break; 290 291 case L2CAP_LM: 292 switch (chan->sec_level) { 293 case BT_SECURITY_LOW: 294 opt = L2CAP_LM_AUTH; 295 break; 296 case BT_SECURITY_MEDIUM: 297 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 298 break; 299 case BT_SECURITY_HIGH: 300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 301 L2CAP_LM_SECURE; 302 break; 303 default: 304 opt = 0; 305 break; 306 } 307 308 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 309 opt |= L2CAP_LM_MASTER; 310 311 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 312 opt |= L2CAP_LM_RELIABLE; 313 314 if (put_user(opt, (u32 __user *) optval)) 315 err = -EFAULT; 316 break; 317 318 case L2CAP_CONNINFO: 319 if (sk->sk_state != BT_CONNECTED && 320 !(sk->sk_state == BT_CONNECT2 && 321 bt_sk(sk)->defer_setup)) { 322 err = -ENOTCONN; 323 break; 324 } 325 326 memset(&cinfo, 0, sizeof(cinfo)); 327 cinfo.hci_handle = chan->conn->hcon->handle; 328 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 329 330 len = min_t(unsigned int, len, sizeof(cinfo)); 331 if (copy_to_user(optval, (char *) &cinfo, len)) 332 err = -EFAULT; 333 334 break; 335 336 default: 337 err = -ENOPROTOOPT; 338 break; 339 } 340 341 release_sock(sk); 342 return err; 343 } 344 345 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 346 { 347 struct sock *sk = sock->sk; 348 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 349 struct bt_security sec; 350 struct bt_power pwr; 351 int len, err = 0; 352 353 BT_DBG("sk %p", sk); 354 355 if (level == SOL_L2CAP) 356 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 357 358 if (level != SOL_BLUETOOTH) 359 return -ENOPROTOOPT; 360 361 if (get_user(len, optlen)) 362 return -EFAULT; 363 364 lock_sock(sk); 365 366 switch (optname) { 367 case BT_SECURITY: 368 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 369 chan->chan_type != L2CAP_CHAN_RAW) { 370 err = -EINVAL; 371 break; 372 } 373 374 memset(&sec, 0, sizeof(sec)); 375 sec.level = chan->sec_level; 376 377 if (sk->sk_state == BT_CONNECTED) 378 sec.key_size = chan->conn->hcon->enc_key_size; 379 380 len = min_t(unsigned int, len, sizeof(sec)); 381 if (copy_to_user(optval, (char *) &sec, len)) 382 err = -EFAULT; 383 384 break; 385 386 case BT_DEFER_SETUP: 387 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 388 err = -EINVAL; 389 break; 390 } 391 392 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 393 err = -EFAULT; 394 395 break; 396 397 case BT_FLUSHABLE: 398 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 399 (u32 __user *) optval)) 400 err = -EFAULT; 401 402 break; 403 404 case BT_POWER: 405 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 406 && sk->sk_type != SOCK_RAW) { 407 err = -EINVAL; 408 break; 409 } 410 411 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 412 413 len = min_t(unsigned int, len, sizeof(pwr)); 414 if (copy_to_user(optval, (char *) &pwr, len)) 415 err = -EFAULT; 416 417 break; 418 419 case BT_CHANNEL_POLICY: 420 if (!enable_hs) { 421 err = -ENOPROTOOPT; 422 break; 423 } 424 425 if (put_user(chan->chan_policy, (u32 __user *) optval)) 426 err = -EFAULT; 427 break; 428 429 default: 430 err = -ENOPROTOOPT; 431 break; 432 } 433 434 release_sock(sk); 435 return err; 436 } 437 438 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 439 { 440 struct sock *sk = sock->sk; 441 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 442 struct l2cap_options opts; 443 int len, err = 0; 444 u32 opt; 445 446 BT_DBG("sk %p", sk); 447 448 lock_sock(sk); 449 450 switch (optname) { 451 case L2CAP_OPTIONS: 452 if (sk->sk_state == BT_CONNECTED) { 453 err = -EINVAL; 454 break; 455 } 456 457 opts.imtu = chan->imtu; 458 opts.omtu = chan->omtu; 459 opts.flush_to = chan->flush_to; 460 opts.mode = chan->mode; 461 opts.fcs = chan->fcs; 462 opts.max_tx = chan->max_tx; 463 opts.txwin_size = chan->tx_win; 464 465 len = min_t(unsigned int, sizeof(opts), optlen); 466 if (copy_from_user((char *) &opts, optval, len)) { 467 err = -EFAULT; 468 break; 469 } 470 471 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 472 err = -EINVAL; 473 break; 474 } 475 476 chan->mode = opts.mode; 477 switch (chan->mode) { 478 case L2CAP_MODE_BASIC: 479 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 480 break; 481 case L2CAP_MODE_ERTM: 482 case L2CAP_MODE_STREAMING: 483 if (!disable_ertm) 484 break; 485 /* fall through */ 486 default: 487 err = -EINVAL; 488 break; 489 } 490 491 chan->imtu = opts.imtu; 492 chan->omtu = opts.omtu; 493 chan->fcs = opts.fcs; 494 chan->max_tx = opts.max_tx; 495 chan->tx_win = opts.txwin_size; 496 break; 497 498 case L2CAP_LM: 499 if (get_user(opt, (u32 __user *) optval)) { 500 err = -EFAULT; 501 break; 502 } 503 504 if (opt & L2CAP_LM_AUTH) 505 chan->sec_level = BT_SECURITY_LOW; 506 if (opt & L2CAP_LM_ENCRYPT) 507 chan->sec_level = BT_SECURITY_MEDIUM; 508 if (opt & L2CAP_LM_SECURE) 509 chan->sec_level = BT_SECURITY_HIGH; 510 511 if (opt & L2CAP_LM_MASTER) 512 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 513 else 514 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 515 516 if (opt & L2CAP_LM_RELIABLE) 517 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 518 else 519 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 520 break; 521 522 default: 523 err = -ENOPROTOOPT; 524 break; 525 } 526 527 release_sock(sk); 528 return err; 529 } 530 531 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 532 { 533 struct sock *sk = sock->sk; 534 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 535 struct bt_security sec; 536 struct bt_power pwr; 537 struct l2cap_conn *conn; 538 int len, err = 0; 539 u32 opt; 540 541 BT_DBG("sk %p", sk); 542 543 if (level == SOL_L2CAP) 544 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 545 546 if (level != SOL_BLUETOOTH) 547 return -ENOPROTOOPT; 548 549 lock_sock(sk); 550 551 switch (optname) { 552 case BT_SECURITY: 553 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 554 chan->chan_type != L2CAP_CHAN_RAW) { 555 err = -EINVAL; 556 break; 557 } 558 559 sec.level = BT_SECURITY_LOW; 560 561 len = min_t(unsigned int, sizeof(sec), optlen); 562 if (copy_from_user((char *) &sec, optval, len)) { 563 err = -EFAULT; 564 break; 565 } 566 567 if (sec.level < BT_SECURITY_LOW || 568 sec.level > BT_SECURITY_HIGH) { 569 err = -EINVAL; 570 break; 571 } 572 573 chan->sec_level = sec.level; 574 575 if (!chan->conn) 576 break; 577 578 conn = chan->conn; 579 580 /*change security for LE channels */ 581 if (chan->scid == L2CAP_CID_LE_DATA) { 582 if (!conn->hcon->out) { 583 err = -EINVAL; 584 break; 585 } 586 587 if (smp_conn_security(conn, sec.level)) 588 break; 589 sk->sk_state = BT_CONFIG; 590 591 /* or for ACL link, under defer_setup time */ 592 } else if (sk->sk_state == BT_CONNECT2 && 593 bt_sk(sk)->defer_setup) { 594 err = l2cap_chan_check_security(chan); 595 } else { 596 err = -EINVAL; 597 } 598 break; 599 600 case BT_DEFER_SETUP: 601 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 602 err = -EINVAL; 603 break; 604 } 605 606 if (get_user(opt, (u32 __user *) optval)) { 607 err = -EFAULT; 608 break; 609 } 610 611 bt_sk(sk)->defer_setup = opt; 612 break; 613 614 case BT_FLUSHABLE: 615 if (get_user(opt, (u32 __user *) optval)) { 616 err = -EFAULT; 617 break; 618 } 619 620 if (opt > BT_FLUSHABLE_ON) { 621 err = -EINVAL; 622 break; 623 } 624 625 if (opt == BT_FLUSHABLE_OFF) { 626 struct l2cap_conn *conn = chan->conn; 627 /* proceed further only when we have l2cap_conn and 628 No Flush support in the LM */ 629 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 630 err = -EINVAL; 631 break; 632 } 633 } 634 635 if (opt) 636 set_bit(FLAG_FLUSHABLE, &chan->flags); 637 else 638 clear_bit(FLAG_FLUSHABLE, &chan->flags); 639 break; 640 641 case BT_POWER: 642 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 643 chan->chan_type != L2CAP_CHAN_RAW) { 644 err = -EINVAL; 645 break; 646 } 647 648 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 649 650 len = min_t(unsigned int, sizeof(pwr), optlen); 651 if (copy_from_user((char *) &pwr, optval, len)) { 652 err = -EFAULT; 653 break; 654 } 655 656 if (pwr.force_active) 657 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 658 else 659 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 660 break; 661 662 case BT_CHANNEL_POLICY: 663 if (!enable_hs) { 664 err = -ENOPROTOOPT; 665 break; 666 } 667 668 if (get_user(opt, (u32 __user *) optval)) { 669 err = -EFAULT; 670 break; 671 } 672 673 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 674 err = -EINVAL; 675 break; 676 } 677 678 if (chan->mode != L2CAP_MODE_ERTM && 679 chan->mode != L2CAP_MODE_STREAMING) { 680 err = -EOPNOTSUPP; 681 break; 682 } 683 684 chan->chan_policy = (u8) opt; 685 break; 686 687 default: 688 err = -ENOPROTOOPT; 689 break; 690 } 691 692 release_sock(sk); 693 return err; 694 } 695 696 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 697 { 698 struct sock *sk = sock->sk; 699 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 700 int err; 701 702 BT_DBG("sock %p, sk %p", sock, sk); 703 704 err = sock_error(sk); 705 if (err) 706 return err; 707 708 if (msg->msg_flags & MSG_OOB) 709 return -EOPNOTSUPP; 710 711 lock_sock(sk); 712 713 if (sk->sk_state != BT_CONNECTED) { 714 release_sock(sk); 715 return -ENOTCONN; 716 } 717 718 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 719 720 release_sock(sk); 721 return err; 722 } 723 724 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 725 { 726 struct sock *sk = sock->sk; 727 struct l2cap_pinfo *pi = l2cap_pi(sk); 728 int err; 729 730 lock_sock(sk); 731 732 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 733 sk->sk_state = BT_CONFIG; 734 735 __l2cap_connect_rsp_defer(pi->chan); 736 release_sock(sk); 737 return 0; 738 } 739 740 release_sock(sk); 741 742 if (sock->type == SOCK_STREAM) 743 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 744 else 745 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 746 747 if (pi->chan->mode != L2CAP_MODE_ERTM) 748 return err; 749 750 /* Attempt to put pending rx data in the socket buffer */ 751 752 lock_sock(sk); 753 754 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 755 goto done; 756 757 if (pi->rx_busy_skb) { 758 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 759 pi->rx_busy_skb = NULL; 760 else 761 goto done; 762 } 763 764 /* Restore data flow when half of the receive buffer is 765 * available. This avoids resending large numbers of 766 * frames. 767 */ 768 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 769 l2cap_chan_busy(pi->chan, 0); 770 771 done: 772 release_sock(sk); 773 return err; 774 } 775 776 /* Kill socket (only if zapped and orphan) 777 * Must be called on unlocked socket. 778 */ 779 static void l2cap_sock_kill(struct sock *sk) 780 { 781 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 782 return; 783 784 BT_DBG("sk %p state %d", sk, sk->sk_state); 785 786 /* Kill poor orphan */ 787 788 l2cap_chan_destroy(l2cap_pi(sk)->chan); 789 sock_set_flag(sk, SOCK_DEAD); 790 sock_put(sk); 791 } 792 793 static int l2cap_sock_shutdown(struct socket *sock, int how) 794 { 795 struct sock *sk = sock->sk; 796 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 797 int err = 0; 798 799 BT_DBG("sock %p, sk %p", sock, sk); 800 801 if (!sk) 802 return 0; 803 804 lock_sock(sk); 805 if (!sk->sk_shutdown) { 806 if (chan->mode == L2CAP_MODE_ERTM) 807 err = __l2cap_wait_ack(sk); 808 809 sk->sk_shutdown = SHUTDOWN_MASK; 810 l2cap_chan_close(chan, 0); 811 812 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 813 err = bt_sock_wait_state(sk, BT_CLOSED, 814 sk->sk_lingertime); 815 } 816 817 if (!err && sk->sk_err) 818 err = -sk->sk_err; 819 820 release_sock(sk); 821 return err; 822 } 823 824 static int l2cap_sock_release(struct socket *sock) 825 { 826 struct sock *sk = sock->sk; 827 int err; 828 829 BT_DBG("sock %p, sk %p", sock, sk); 830 831 if (!sk) 832 return 0; 833 834 err = l2cap_sock_shutdown(sock, 2); 835 836 sock_orphan(sk); 837 l2cap_sock_kill(sk); 838 return err; 839 } 840 841 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 842 { 843 struct sock *sk, *parent = data; 844 845 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 846 GFP_ATOMIC); 847 if (!sk) 848 return NULL; 849 850 l2cap_sock_init(sk, parent); 851 852 return l2cap_pi(sk)->chan; 853 } 854 855 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 856 { 857 int err; 858 struct sock *sk = data; 859 struct l2cap_pinfo *pi = l2cap_pi(sk); 860 861 if (pi->rx_busy_skb) 862 return -ENOMEM; 863 864 err = sock_queue_rcv_skb(sk, skb); 865 866 /* For ERTM, handle one skb that doesn't fit into the recv 867 * buffer. This is important to do because the data frames 868 * have already been acked, so the skb cannot be discarded. 869 * 870 * Notify the l2cap core that the buffer is full, so the 871 * LOCAL_BUSY state is entered and no more frames are 872 * acked and reassembled until there is buffer space 873 * available. 874 */ 875 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 876 pi->rx_busy_skb = skb; 877 l2cap_chan_busy(pi->chan, 1); 878 err = 0; 879 } 880 881 return err; 882 } 883 884 static void l2cap_sock_close_cb(void *data) 885 { 886 struct sock *sk = data; 887 888 l2cap_sock_kill(sk); 889 } 890 891 static void l2cap_sock_state_change_cb(void *data, int state) 892 { 893 struct sock *sk = data; 894 895 sk->sk_state = state; 896 } 897 898 static struct l2cap_ops l2cap_chan_ops = { 899 .name = "L2CAP Socket Interface", 900 .new_connection = l2cap_sock_new_connection_cb, 901 .recv = l2cap_sock_recv_cb, 902 .close = l2cap_sock_close_cb, 903 .state_change = l2cap_sock_state_change_cb, 904 }; 905 906 static void l2cap_sock_destruct(struct sock *sk) 907 { 908 BT_DBG("sk %p", sk); 909 910 if (l2cap_pi(sk)->rx_busy_skb) { 911 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 912 l2cap_pi(sk)->rx_busy_skb = NULL; 913 } 914 915 skb_queue_purge(&sk->sk_receive_queue); 916 skb_queue_purge(&sk->sk_write_queue); 917 } 918 919 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 920 { 921 struct l2cap_pinfo *pi = l2cap_pi(sk); 922 struct l2cap_chan *chan = pi->chan; 923 924 BT_DBG("sk %p", sk); 925 926 if (parent) { 927 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 928 929 sk->sk_type = parent->sk_type; 930 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 931 932 chan->chan_type = pchan->chan_type; 933 chan->imtu = pchan->imtu; 934 chan->omtu = pchan->omtu; 935 chan->conf_state = pchan->conf_state; 936 chan->mode = pchan->mode; 937 chan->fcs = pchan->fcs; 938 chan->max_tx = pchan->max_tx; 939 chan->tx_win = pchan->tx_win; 940 chan->tx_win_max = pchan->tx_win_max; 941 chan->sec_level = pchan->sec_level; 942 chan->flags = pchan->flags; 943 944 security_sk_clone(parent, sk); 945 } else { 946 947 switch (sk->sk_type) { 948 case SOCK_RAW: 949 chan->chan_type = L2CAP_CHAN_RAW; 950 break; 951 case SOCK_DGRAM: 952 chan->chan_type = L2CAP_CHAN_CONN_LESS; 953 break; 954 case SOCK_SEQPACKET: 955 case SOCK_STREAM: 956 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 957 break; 958 } 959 960 chan->imtu = L2CAP_DEFAULT_MTU; 961 chan->omtu = 0; 962 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 963 chan->mode = L2CAP_MODE_ERTM; 964 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 965 } else { 966 chan->mode = L2CAP_MODE_BASIC; 967 } 968 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 969 chan->fcs = L2CAP_FCS_CRC16; 970 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 971 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 972 chan->sec_level = BT_SECURITY_LOW; 973 chan->flags = 0; 974 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 975 } 976 977 /* Default config options */ 978 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 979 980 chan->data = sk; 981 chan->ops = &l2cap_chan_ops; 982 } 983 984 static struct proto l2cap_proto = { 985 .name = "L2CAP", 986 .owner = THIS_MODULE, 987 .obj_size = sizeof(struct l2cap_pinfo) 988 }; 989 990 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 991 { 992 struct sock *sk; 993 struct l2cap_chan *chan; 994 995 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 996 if (!sk) 997 return NULL; 998 999 sock_init_data(sock, sk); 1000 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1001 1002 sk->sk_destruct = l2cap_sock_destruct; 1003 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1004 1005 sock_reset_flag(sk, SOCK_ZAPPED); 1006 1007 sk->sk_protocol = proto; 1008 sk->sk_state = BT_OPEN; 1009 1010 chan = l2cap_chan_create(sk); 1011 if (!chan) { 1012 l2cap_sock_kill(sk); 1013 return NULL; 1014 } 1015 1016 l2cap_pi(sk)->chan = chan; 1017 1018 return sk; 1019 } 1020 1021 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1022 int kern) 1023 { 1024 struct sock *sk; 1025 1026 BT_DBG("sock %p", sock); 1027 1028 sock->state = SS_UNCONNECTED; 1029 1030 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1031 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1032 return -ESOCKTNOSUPPORT; 1033 1034 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1035 return -EPERM; 1036 1037 sock->ops = &l2cap_sock_ops; 1038 1039 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1040 if (!sk) 1041 return -ENOMEM; 1042 1043 l2cap_sock_init(sk, NULL); 1044 return 0; 1045 } 1046 1047 static const struct proto_ops l2cap_sock_ops = { 1048 .family = PF_BLUETOOTH, 1049 .owner = THIS_MODULE, 1050 .release = l2cap_sock_release, 1051 .bind = l2cap_sock_bind, 1052 .connect = l2cap_sock_connect, 1053 .listen = l2cap_sock_listen, 1054 .accept = l2cap_sock_accept, 1055 .getname = l2cap_sock_getname, 1056 .sendmsg = l2cap_sock_sendmsg, 1057 .recvmsg = l2cap_sock_recvmsg, 1058 .poll = bt_sock_poll, 1059 .ioctl = bt_sock_ioctl, 1060 .mmap = sock_no_mmap, 1061 .socketpair = sock_no_socketpair, 1062 .shutdown = l2cap_sock_shutdown, 1063 .setsockopt = l2cap_sock_setsockopt, 1064 .getsockopt = l2cap_sock_getsockopt 1065 }; 1066 1067 static const struct net_proto_family l2cap_sock_family_ops = { 1068 .family = PF_BLUETOOTH, 1069 .owner = THIS_MODULE, 1070 .create = l2cap_sock_create, 1071 }; 1072 1073 int __init l2cap_init_sockets(void) 1074 { 1075 int err; 1076 1077 err = proto_register(&l2cap_proto, 0); 1078 if (err < 0) 1079 return err; 1080 1081 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1082 if (err < 0) 1083 goto error; 1084 1085 BT_INFO("L2CAP socket layer initialized"); 1086 1087 return 0; 1088 1089 error: 1090 BT_ERR("L2CAP socket registration failed"); 1091 proto_unregister(&l2cap_proto); 1092 return err; 1093 } 1094 1095 void l2cap_cleanup_sockets(void) 1096 { 1097 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1098 BT_ERR("L2CAP socket unregistration failed"); 1099 1100 proto_unregister(&l2cap_proto); 1101 } 1102