1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static const struct proto_ops l2cap_sock_ops; 38 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 39 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 40 41 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 42 { 43 struct sock *sk = sock->sk; 44 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 45 struct sockaddr_l2 la; 46 int len, err = 0; 47 48 BT_DBG("sk %p", sk); 49 50 if (!addr || addr->sa_family != AF_BLUETOOTH) 51 return -EINVAL; 52 53 memset(&la, 0, sizeof(la)); 54 len = min_t(unsigned int, sizeof(la), alen); 55 memcpy(&la, addr, len); 56 57 if (la.l2_cid && la.l2_psm) 58 return -EINVAL; 59 60 lock_sock(sk); 61 62 if (sk->sk_state != BT_OPEN) { 63 err = -EBADFD; 64 goto done; 65 } 66 67 if (la.l2_psm) { 68 __u16 psm = __le16_to_cpu(la.l2_psm); 69 70 /* PSM must be odd and lsb of upper byte must be 0 */ 71 if ((psm & 0x0101) != 0x0001) { 72 err = -EINVAL; 73 goto done; 74 } 75 76 /* Restrict usage of well-known PSMs */ 77 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 78 err = -EACCES; 79 goto done; 80 } 81 } 82 83 if (la.l2_cid) 84 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 85 else 86 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 87 88 if (err < 0) 89 goto done; 90 91 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 92 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 93 chan->sec_level = BT_SECURITY_SDP; 94 95 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 96 97 chan->state = BT_BOUND; 98 sk->sk_state = BT_BOUND; 99 100 done: 101 release_sock(sk); 102 return err; 103 } 104 105 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 106 { 107 struct sock *sk = sock->sk; 108 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 109 struct sockaddr_l2 la; 110 int len, err = 0; 111 112 BT_DBG("sk %p", sk); 113 114 if (!addr || alen < sizeof(addr->sa_family) || 115 addr->sa_family != AF_BLUETOOTH) 116 return -EINVAL; 117 118 memset(&la, 0, sizeof(la)); 119 len = min_t(unsigned int, sizeof(la), alen); 120 memcpy(&la, addr, len); 121 122 if (la.l2_cid && la.l2_psm) 123 return -EINVAL; 124 125 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 126 &la.l2_bdaddr, la.l2_bdaddr_type); 127 if (err) 128 return err; 129 130 lock_sock(sk); 131 132 err = bt_sock_wait_state(sk, BT_CONNECTED, 133 sock_sndtimeo(sk, flags & O_NONBLOCK)); 134 135 release_sock(sk); 136 137 return err; 138 } 139 140 static int l2cap_sock_listen(struct socket *sock, int backlog) 141 { 142 struct sock *sk = sock->sk; 143 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 144 int err = 0; 145 146 BT_DBG("sk %p backlog %d", sk, backlog); 147 148 lock_sock(sk); 149 150 if (sk->sk_state != BT_BOUND) { 151 err = -EBADFD; 152 goto done; 153 } 154 155 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 156 err = -EINVAL; 157 goto done; 158 } 159 160 switch (chan->mode) { 161 case L2CAP_MODE_BASIC: 162 break; 163 case L2CAP_MODE_ERTM: 164 case L2CAP_MODE_STREAMING: 165 if (!disable_ertm) 166 break; 167 /* fall through */ 168 default: 169 err = -ENOTSUPP; 170 goto done; 171 } 172 173 sk->sk_max_ack_backlog = backlog; 174 sk->sk_ack_backlog = 0; 175 176 chan->state = BT_LISTEN; 177 sk->sk_state = BT_LISTEN; 178 179 done: 180 release_sock(sk); 181 return err; 182 } 183 184 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 185 { 186 DECLARE_WAITQUEUE(wait, current); 187 struct sock *sk = sock->sk, *nsk; 188 long timeo; 189 int err = 0; 190 191 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 192 193 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 194 195 BT_DBG("sk %p timeo %ld", sk, timeo); 196 197 /* Wait for an incoming connection. (wake-one). */ 198 add_wait_queue_exclusive(sk_sleep(sk), &wait); 199 while (1) { 200 set_current_state(TASK_INTERRUPTIBLE); 201 202 if (sk->sk_state != BT_LISTEN) { 203 err = -EBADFD; 204 break; 205 } 206 207 nsk = bt_accept_dequeue(sk, newsock); 208 if (nsk) 209 break; 210 211 if (!timeo) { 212 err = -EAGAIN; 213 break; 214 } 215 216 if (signal_pending(current)) { 217 err = sock_intr_errno(timeo); 218 break; 219 } 220 221 release_sock(sk); 222 timeo = schedule_timeout(timeo); 223 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 224 } 225 __set_current_state(TASK_RUNNING); 226 remove_wait_queue(sk_sleep(sk), &wait); 227 228 if (err) 229 goto done; 230 231 newsock->state = SS_CONNECTED; 232 233 BT_DBG("new socket %p", nsk); 234 235 done: 236 release_sock(sk); 237 return err; 238 } 239 240 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 241 { 242 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 243 struct sock *sk = sock->sk; 244 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 245 246 BT_DBG("sock %p, sk %p", sock, sk); 247 248 memset(la, 0, sizeof(struct sockaddr_l2)); 249 addr->sa_family = AF_BLUETOOTH; 250 *len = sizeof(struct sockaddr_l2); 251 252 if (peer) { 253 la->l2_psm = chan->psm; 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 255 la->l2_cid = cpu_to_le16(chan->dcid); 256 } else { 257 la->l2_psm = chan->sport; 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 259 la->l2_cid = cpu_to_le16(chan->scid); 260 } 261 262 return 0; 263 } 264 265 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 266 { 267 struct sock *sk = sock->sk; 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 269 struct l2cap_options opts; 270 struct l2cap_conninfo cinfo; 271 int len, err = 0; 272 u32 opt; 273 274 BT_DBG("sk %p", sk); 275 276 if (get_user(len, optlen)) 277 return -EFAULT; 278 279 lock_sock(sk); 280 281 switch (optname) { 282 case L2CAP_OPTIONS: 283 memset(&opts, 0, sizeof(opts)); 284 opts.imtu = chan->imtu; 285 opts.omtu = chan->omtu; 286 opts.flush_to = chan->flush_to; 287 opts.mode = chan->mode; 288 opts.fcs = chan->fcs; 289 opts.max_tx = chan->max_tx; 290 opts.txwin_size = chan->tx_win; 291 292 len = min_t(unsigned int, len, sizeof(opts)); 293 if (copy_to_user(optval, (char *) &opts, len)) 294 err = -EFAULT; 295 296 break; 297 298 case L2CAP_LM: 299 switch (chan->sec_level) { 300 case BT_SECURITY_LOW: 301 opt = L2CAP_LM_AUTH; 302 break; 303 case BT_SECURITY_MEDIUM: 304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 305 break; 306 case BT_SECURITY_HIGH: 307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 308 L2CAP_LM_SECURE; 309 break; 310 default: 311 opt = 0; 312 break; 313 } 314 315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 316 opt |= L2CAP_LM_MASTER; 317 318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 319 opt |= L2CAP_LM_RELIABLE; 320 321 if (put_user(opt, (u32 __user *) optval)) 322 err = -EFAULT; 323 break; 324 325 case L2CAP_CONNINFO: 326 if (sk->sk_state != BT_CONNECTED && 327 !(sk->sk_state == BT_CONNECT2 && 328 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 329 err = -ENOTCONN; 330 break; 331 } 332 333 memset(&cinfo, 0, sizeof(cinfo)); 334 cinfo.hci_handle = chan->conn->hcon->handle; 335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 336 337 len = min_t(unsigned int, len, sizeof(cinfo)); 338 if (copy_to_user(optval, (char *) &cinfo, len)) 339 err = -EFAULT; 340 341 break; 342 343 default: 344 err = -ENOPROTOOPT; 345 break; 346 } 347 348 release_sock(sk); 349 return err; 350 } 351 352 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 353 { 354 struct sock *sk = sock->sk; 355 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 356 struct bt_security sec; 357 struct bt_power pwr; 358 int len, err = 0; 359 360 BT_DBG("sk %p", sk); 361 362 if (level == SOL_L2CAP) 363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 364 365 if (level != SOL_BLUETOOTH) 366 return -ENOPROTOOPT; 367 368 if (get_user(len, optlen)) 369 return -EFAULT; 370 371 lock_sock(sk); 372 373 switch (optname) { 374 case BT_SECURITY: 375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 376 chan->chan_type != L2CAP_CHAN_RAW) { 377 err = -EINVAL; 378 break; 379 } 380 381 memset(&sec, 0, sizeof(sec)); 382 if (chan->conn) 383 sec.level = chan->conn->hcon->sec_level; 384 else 385 sec.level = chan->sec_level; 386 387 if (sk->sk_state == BT_CONNECTED) 388 sec.key_size = chan->conn->hcon->enc_key_size; 389 390 len = min_t(unsigned int, len, sizeof(sec)); 391 if (copy_to_user(optval, (char *) &sec, len)) 392 err = -EFAULT; 393 394 break; 395 396 case BT_DEFER_SETUP: 397 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 398 err = -EINVAL; 399 break; 400 } 401 402 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 403 (u32 __user *) optval)) 404 err = -EFAULT; 405 406 break; 407 408 case BT_FLUSHABLE: 409 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 410 (u32 __user *) optval)) 411 err = -EFAULT; 412 413 break; 414 415 case BT_POWER: 416 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 417 && sk->sk_type != SOCK_RAW) { 418 err = -EINVAL; 419 break; 420 } 421 422 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 423 424 len = min_t(unsigned int, len, sizeof(pwr)); 425 if (copy_to_user(optval, (char *) &pwr, len)) 426 err = -EFAULT; 427 428 break; 429 430 case BT_CHANNEL_POLICY: 431 if (!enable_hs) { 432 err = -ENOPROTOOPT; 433 break; 434 } 435 436 if (put_user(chan->chan_policy, (u32 __user *) optval)) 437 err = -EFAULT; 438 break; 439 440 default: 441 err = -ENOPROTOOPT; 442 break; 443 } 444 445 release_sock(sk); 446 return err; 447 } 448 449 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 450 { 451 switch (chan->scid) { 452 case L2CAP_CID_LE_DATA: 453 if (mtu < L2CAP_LE_MIN_MTU) 454 return false; 455 break; 456 457 default: 458 if (mtu < L2CAP_DEFAULT_MIN_MTU) 459 return false; 460 } 461 462 return true; 463 } 464 465 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 466 { 467 struct sock *sk = sock->sk; 468 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 469 struct l2cap_options opts; 470 int len, err = 0; 471 u32 opt; 472 473 BT_DBG("sk %p", sk); 474 475 lock_sock(sk); 476 477 switch (optname) { 478 case L2CAP_OPTIONS: 479 if (sk->sk_state == BT_CONNECTED) { 480 err = -EINVAL; 481 break; 482 } 483 484 opts.imtu = chan->imtu; 485 opts.omtu = chan->omtu; 486 opts.flush_to = chan->flush_to; 487 opts.mode = chan->mode; 488 opts.fcs = chan->fcs; 489 opts.max_tx = chan->max_tx; 490 opts.txwin_size = chan->tx_win; 491 492 len = min_t(unsigned int, sizeof(opts), optlen); 493 if (copy_from_user((char *) &opts, optval, len)) { 494 err = -EFAULT; 495 break; 496 } 497 498 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 499 err = -EINVAL; 500 break; 501 } 502 503 if (!l2cap_valid_mtu(chan, opts.imtu)) { 504 err = -EINVAL; 505 break; 506 } 507 508 chan->mode = opts.mode; 509 switch (chan->mode) { 510 case L2CAP_MODE_BASIC: 511 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 512 break; 513 case L2CAP_MODE_ERTM: 514 case L2CAP_MODE_STREAMING: 515 if (!disable_ertm) 516 break; 517 /* fall through */ 518 default: 519 err = -EINVAL; 520 break; 521 } 522 523 chan->imtu = opts.imtu; 524 chan->omtu = opts.omtu; 525 chan->fcs = opts.fcs; 526 chan->max_tx = opts.max_tx; 527 chan->tx_win = opts.txwin_size; 528 break; 529 530 case L2CAP_LM: 531 if (get_user(opt, (u32 __user *) optval)) { 532 err = -EFAULT; 533 break; 534 } 535 536 if (opt & L2CAP_LM_AUTH) 537 chan->sec_level = BT_SECURITY_LOW; 538 if (opt & L2CAP_LM_ENCRYPT) 539 chan->sec_level = BT_SECURITY_MEDIUM; 540 if (opt & L2CAP_LM_SECURE) 541 chan->sec_level = BT_SECURITY_HIGH; 542 543 if (opt & L2CAP_LM_MASTER) 544 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 545 else 546 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 547 548 if (opt & L2CAP_LM_RELIABLE) 549 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 550 else 551 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 552 break; 553 554 default: 555 err = -ENOPROTOOPT; 556 break; 557 } 558 559 release_sock(sk); 560 return err; 561 } 562 563 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 564 { 565 struct sock *sk = sock->sk; 566 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 567 struct bt_security sec; 568 struct bt_power pwr; 569 struct l2cap_conn *conn; 570 int len, err = 0; 571 u32 opt; 572 573 BT_DBG("sk %p", sk); 574 575 if (level == SOL_L2CAP) 576 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 577 578 if (level != SOL_BLUETOOTH) 579 return -ENOPROTOOPT; 580 581 lock_sock(sk); 582 583 switch (optname) { 584 case BT_SECURITY: 585 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 586 chan->chan_type != L2CAP_CHAN_RAW) { 587 err = -EINVAL; 588 break; 589 } 590 591 sec.level = BT_SECURITY_LOW; 592 593 len = min_t(unsigned int, sizeof(sec), optlen); 594 if (copy_from_user((char *) &sec, optval, len)) { 595 err = -EFAULT; 596 break; 597 } 598 599 if (sec.level < BT_SECURITY_LOW || 600 sec.level > BT_SECURITY_HIGH) { 601 err = -EINVAL; 602 break; 603 } 604 605 chan->sec_level = sec.level; 606 607 if (!chan->conn) 608 break; 609 610 conn = chan->conn; 611 612 /*change security for LE channels */ 613 if (chan->scid == L2CAP_CID_LE_DATA) { 614 if (!conn->hcon->out) { 615 err = -EINVAL; 616 break; 617 } 618 619 if (smp_conn_security(conn, sec.level)) 620 break; 621 sk->sk_state = BT_CONFIG; 622 chan->state = BT_CONFIG; 623 624 /* or for ACL link */ 625 } else if ((sk->sk_state == BT_CONNECT2 && 626 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 627 sk->sk_state == BT_CONNECTED) { 628 if (!l2cap_chan_check_security(chan)) 629 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 630 else 631 sk->sk_state_change(sk); 632 } else { 633 err = -EINVAL; 634 } 635 break; 636 637 case BT_DEFER_SETUP: 638 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 639 err = -EINVAL; 640 break; 641 } 642 643 if (get_user(opt, (u32 __user *) optval)) { 644 err = -EFAULT; 645 break; 646 } 647 648 if (opt) 649 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 650 else 651 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 652 break; 653 654 case BT_FLUSHABLE: 655 if (get_user(opt, (u32 __user *) optval)) { 656 err = -EFAULT; 657 break; 658 } 659 660 if (opt > BT_FLUSHABLE_ON) { 661 err = -EINVAL; 662 break; 663 } 664 665 if (opt == BT_FLUSHABLE_OFF) { 666 struct l2cap_conn *conn = chan->conn; 667 /* proceed further only when we have l2cap_conn and 668 No Flush support in the LM */ 669 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 670 err = -EINVAL; 671 break; 672 } 673 } 674 675 if (opt) 676 set_bit(FLAG_FLUSHABLE, &chan->flags); 677 else 678 clear_bit(FLAG_FLUSHABLE, &chan->flags); 679 break; 680 681 case BT_POWER: 682 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 683 chan->chan_type != L2CAP_CHAN_RAW) { 684 err = -EINVAL; 685 break; 686 } 687 688 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 689 690 len = min_t(unsigned int, sizeof(pwr), optlen); 691 if (copy_from_user((char *) &pwr, optval, len)) { 692 err = -EFAULT; 693 break; 694 } 695 696 if (pwr.force_active) 697 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 698 else 699 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 700 break; 701 702 case BT_CHANNEL_POLICY: 703 if (!enable_hs) { 704 err = -ENOPROTOOPT; 705 break; 706 } 707 708 if (get_user(opt, (u32 __user *) optval)) { 709 err = -EFAULT; 710 break; 711 } 712 713 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 714 err = -EINVAL; 715 break; 716 } 717 718 if (chan->mode != L2CAP_MODE_ERTM && 719 chan->mode != L2CAP_MODE_STREAMING) { 720 err = -EOPNOTSUPP; 721 break; 722 } 723 724 chan->chan_policy = (u8) opt; 725 break; 726 727 default: 728 err = -ENOPROTOOPT; 729 break; 730 } 731 732 release_sock(sk); 733 return err; 734 } 735 736 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 737 { 738 struct sock *sk = sock->sk; 739 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 740 int err; 741 742 BT_DBG("sock %p, sk %p", sock, sk); 743 744 err = sock_error(sk); 745 if (err) 746 return err; 747 748 if (msg->msg_flags & MSG_OOB) 749 return -EOPNOTSUPP; 750 751 if (sk->sk_state != BT_CONNECTED) 752 return -ENOTCONN; 753 754 l2cap_chan_lock(chan); 755 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 756 l2cap_chan_unlock(chan); 757 758 return err; 759 } 760 761 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 762 { 763 struct sock *sk = sock->sk; 764 struct l2cap_pinfo *pi = l2cap_pi(sk); 765 int err; 766 767 lock_sock(sk); 768 769 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 770 &bt_sk(sk)->flags)) { 771 sk->sk_state = BT_CONFIG; 772 pi->chan->state = BT_CONFIG; 773 774 __l2cap_connect_rsp_defer(pi->chan); 775 release_sock(sk); 776 return 0; 777 } 778 779 release_sock(sk); 780 781 if (sock->type == SOCK_STREAM) 782 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 783 else 784 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 785 786 if (pi->chan->mode != L2CAP_MODE_ERTM) 787 return err; 788 789 /* Attempt to put pending rx data in the socket buffer */ 790 791 lock_sock(sk); 792 793 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 794 goto done; 795 796 if (pi->rx_busy_skb) { 797 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 798 pi->rx_busy_skb = NULL; 799 else 800 goto done; 801 } 802 803 /* Restore data flow when half of the receive buffer is 804 * available. This avoids resending large numbers of 805 * frames. 806 */ 807 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 808 l2cap_chan_busy(pi->chan, 0); 809 810 done: 811 release_sock(sk); 812 return err; 813 } 814 815 /* Kill socket (only if zapped and orphan) 816 * Must be called on unlocked socket. 817 */ 818 static void l2cap_sock_kill(struct sock *sk) 819 { 820 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 821 return; 822 823 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 824 825 /* Kill poor orphan */ 826 827 l2cap_chan_destroy(l2cap_pi(sk)->chan); 828 sock_set_flag(sk, SOCK_DEAD); 829 sock_put(sk); 830 } 831 832 static int l2cap_sock_shutdown(struct socket *sock, int how) 833 { 834 struct sock *sk = sock->sk; 835 struct l2cap_chan *chan; 836 struct l2cap_conn *conn; 837 int err = 0; 838 839 BT_DBG("sock %p, sk %p", sock, sk); 840 841 if (!sk) 842 return 0; 843 844 chan = l2cap_pi(sk)->chan; 845 conn = chan->conn; 846 847 if (conn) 848 mutex_lock(&conn->chan_lock); 849 850 l2cap_chan_lock(chan); 851 lock_sock(sk); 852 853 if (!sk->sk_shutdown) { 854 if (chan->mode == L2CAP_MODE_ERTM) 855 err = __l2cap_wait_ack(sk); 856 857 sk->sk_shutdown = SHUTDOWN_MASK; 858 859 release_sock(sk); 860 l2cap_chan_close(chan, 0); 861 lock_sock(sk); 862 863 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 864 err = bt_sock_wait_state(sk, BT_CLOSED, 865 sk->sk_lingertime); 866 } 867 868 if (!err && sk->sk_err) 869 err = -sk->sk_err; 870 871 release_sock(sk); 872 l2cap_chan_unlock(chan); 873 874 if (conn) 875 mutex_unlock(&conn->chan_lock); 876 877 return err; 878 } 879 880 static int l2cap_sock_release(struct socket *sock) 881 { 882 struct sock *sk = sock->sk; 883 int err; 884 885 BT_DBG("sock %p, sk %p", sock, sk); 886 887 if (!sk) 888 return 0; 889 890 err = l2cap_sock_shutdown(sock, 2); 891 892 sock_orphan(sk); 893 l2cap_sock_kill(sk); 894 return err; 895 } 896 897 static void l2cap_sock_cleanup_listen(struct sock *parent) 898 { 899 struct sock *sk; 900 901 BT_DBG("parent %p", parent); 902 903 /* Close not yet accepted channels */ 904 while ((sk = bt_accept_dequeue(parent, NULL))) { 905 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 906 907 l2cap_chan_lock(chan); 908 __clear_chan_timer(chan); 909 l2cap_chan_close(chan, ECONNRESET); 910 l2cap_chan_unlock(chan); 911 912 l2cap_sock_kill(sk); 913 } 914 } 915 916 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 917 { 918 struct sock *sk, *parent = chan->data; 919 920 /* Check for backlog size */ 921 if (sk_acceptq_is_full(parent)) { 922 BT_DBG("backlog full %d", parent->sk_ack_backlog); 923 return NULL; 924 } 925 926 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 927 GFP_ATOMIC); 928 if (!sk) 929 return NULL; 930 931 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 932 933 l2cap_sock_init(sk, parent); 934 935 return l2cap_pi(sk)->chan; 936 } 937 938 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 939 { 940 int err; 941 struct sock *sk = chan->data; 942 struct l2cap_pinfo *pi = l2cap_pi(sk); 943 944 lock_sock(sk); 945 946 if (pi->rx_busy_skb) { 947 err = -ENOMEM; 948 goto done; 949 } 950 951 err = sock_queue_rcv_skb(sk, skb); 952 953 /* For ERTM, handle one skb that doesn't fit into the recv 954 * buffer. This is important to do because the data frames 955 * have already been acked, so the skb cannot be discarded. 956 * 957 * Notify the l2cap core that the buffer is full, so the 958 * LOCAL_BUSY state is entered and no more frames are 959 * acked and reassembled until there is buffer space 960 * available. 961 */ 962 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 963 pi->rx_busy_skb = skb; 964 l2cap_chan_busy(pi->chan, 1); 965 err = 0; 966 } 967 968 done: 969 release_sock(sk); 970 971 return err; 972 } 973 974 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 975 { 976 struct sock *sk = chan->data; 977 978 l2cap_sock_kill(sk); 979 } 980 981 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 982 { 983 struct sock *sk = chan->data; 984 struct sock *parent; 985 986 lock_sock(sk); 987 988 parent = bt_sk(sk)->parent; 989 990 sock_set_flag(sk, SOCK_ZAPPED); 991 992 switch (chan->state) { 993 case BT_OPEN: 994 case BT_BOUND: 995 case BT_CLOSED: 996 break; 997 case BT_LISTEN: 998 l2cap_sock_cleanup_listen(sk); 999 sk->sk_state = BT_CLOSED; 1000 chan->state = BT_CLOSED; 1001 1002 break; 1003 default: 1004 sk->sk_state = BT_CLOSED; 1005 chan->state = BT_CLOSED; 1006 1007 sk->sk_err = err; 1008 1009 if (parent) { 1010 bt_accept_unlink(sk); 1011 parent->sk_data_ready(parent, 0); 1012 } else { 1013 sk->sk_state_change(sk); 1014 } 1015 1016 break; 1017 } 1018 1019 release_sock(sk); 1020 } 1021 1022 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1023 { 1024 struct sock *sk = chan->data; 1025 1026 sk->sk_state = state; 1027 } 1028 1029 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1030 unsigned long len, int nb) 1031 { 1032 struct sk_buff *skb; 1033 int err; 1034 1035 l2cap_chan_unlock(chan); 1036 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1037 l2cap_chan_lock(chan); 1038 1039 if (!skb) 1040 return ERR_PTR(err); 1041 1042 return skb; 1043 } 1044 1045 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1046 { 1047 struct sock *sk = chan->data; 1048 struct sock *parent; 1049 1050 lock_sock(sk); 1051 1052 parent = bt_sk(sk)->parent; 1053 1054 BT_DBG("sk %p, parent %p", sk, parent); 1055 1056 sk->sk_state = BT_CONNECTED; 1057 sk->sk_state_change(sk); 1058 1059 if (parent) 1060 parent->sk_data_ready(parent, 0); 1061 1062 release_sock(sk); 1063 } 1064 1065 static struct l2cap_ops l2cap_chan_ops = { 1066 .name = "L2CAP Socket Interface", 1067 .new_connection = l2cap_sock_new_connection_cb, 1068 .recv = l2cap_sock_recv_cb, 1069 .close = l2cap_sock_close_cb, 1070 .teardown = l2cap_sock_teardown_cb, 1071 .state_change = l2cap_sock_state_change_cb, 1072 .ready = l2cap_sock_ready_cb, 1073 .alloc_skb = l2cap_sock_alloc_skb_cb, 1074 }; 1075 1076 static void l2cap_sock_destruct(struct sock *sk) 1077 { 1078 BT_DBG("sk %p", sk); 1079 1080 l2cap_chan_put(l2cap_pi(sk)->chan); 1081 if (l2cap_pi(sk)->rx_busy_skb) { 1082 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1083 l2cap_pi(sk)->rx_busy_skb = NULL; 1084 } 1085 1086 skb_queue_purge(&sk->sk_receive_queue); 1087 skb_queue_purge(&sk->sk_write_queue); 1088 } 1089 1090 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1091 { 1092 struct l2cap_pinfo *pi = l2cap_pi(sk); 1093 struct l2cap_chan *chan = pi->chan; 1094 1095 BT_DBG("sk %p", sk); 1096 1097 if (parent) { 1098 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1099 1100 sk->sk_type = parent->sk_type; 1101 bt_sk(sk)->flags = bt_sk(parent)->flags; 1102 1103 chan->chan_type = pchan->chan_type; 1104 chan->imtu = pchan->imtu; 1105 chan->omtu = pchan->omtu; 1106 chan->conf_state = pchan->conf_state; 1107 chan->mode = pchan->mode; 1108 chan->fcs = pchan->fcs; 1109 chan->max_tx = pchan->max_tx; 1110 chan->tx_win = pchan->tx_win; 1111 chan->tx_win_max = pchan->tx_win_max; 1112 chan->sec_level = pchan->sec_level; 1113 chan->flags = pchan->flags; 1114 1115 security_sk_clone(parent, sk); 1116 } else { 1117 1118 switch (sk->sk_type) { 1119 case SOCK_RAW: 1120 chan->chan_type = L2CAP_CHAN_RAW; 1121 break; 1122 case SOCK_DGRAM: 1123 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1124 break; 1125 case SOCK_SEQPACKET: 1126 case SOCK_STREAM: 1127 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1128 break; 1129 } 1130 1131 chan->imtu = L2CAP_DEFAULT_MTU; 1132 chan->omtu = 0; 1133 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1134 chan->mode = L2CAP_MODE_ERTM; 1135 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1136 } else { 1137 chan->mode = L2CAP_MODE_BASIC; 1138 } 1139 1140 l2cap_chan_set_defaults(chan); 1141 } 1142 1143 /* Default config options */ 1144 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1145 1146 chan->data = sk; 1147 chan->ops = &l2cap_chan_ops; 1148 } 1149 1150 static struct proto l2cap_proto = { 1151 .name = "L2CAP", 1152 .owner = THIS_MODULE, 1153 .obj_size = sizeof(struct l2cap_pinfo) 1154 }; 1155 1156 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1157 { 1158 struct sock *sk; 1159 struct l2cap_chan *chan; 1160 1161 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1162 if (!sk) 1163 return NULL; 1164 1165 sock_init_data(sock, sk); 1166 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1167 1168 sk->sk_destruct = l2cap_sock_destruct; 1169 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1170 1171 sock_reset_flag(sk, SOCK_ZAPPED); 1172 1173 sk->sk_protocol = proto; 1174 sk->sk_state = BT_OPEN; 1175 1176 chan = l2cap_chan_create(); 1177 if (!chan) { 1178 sk_free(sk); 1179 return NULL; 1180 } 1181 1182 l2cap_chan_hold(chan); 1183 1184 chan->sk = sk; 1185 1186 l2cap_pi(sk)->chan = chan; 1187 1188 return sk; 1189 } 1190 1191 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1192 int kern) 1193 { 1194 struct sock *sk; 1195 1196 BT_DBG("sock %p", sock); 1197 1198 sock->state = SS_UNCONNECTED; 1199 1200 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1201 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1202 return -ESOCKTNOSUPPORT; 1203 1204 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1205 return -EPERM; 1206 1207 sock->ops = &l2cap_sock_ops; 1208 1209 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1210 if (!sk) 1211 return -ENOMEM; 1212 1213 l2cap_sock_init(sk, NULL); 1214 return 0; 1215 } 1216 1217 static const struct proto_ops l2cap_sock_ops = { 1218 .family = PF_BLUETOOTH, 1219 .owner = THIS_MODULE, 1220 .release = l2cap_sock_release, 1221 .bind = l2cap_sock_bind, 1222 .connect = l2cap_sock_connect, 1223 .listen = l2cap_sock_listen, 1224 .accept = l2cap_sock_accept, 1225 .getname = l2cap_sock_getname, 1226 .sendmsg = l2cap_sock_sendmsg, 1227 .recvmsg = l2cap_sock_recvmsg, 1228 .poll = bt_sock_poll, 1229 .ioctl = bt_sock_ioctl, 1230 .mmap = sock_no_mmap, 1231 .socketpair = sock_no_socketpair, 1232 .shutdown = l2cap_sock_shutdown, 1233 .setsockopt = l2cap_sock_setsockopt, 1234 .getsockopt = l2cap_sock_getsockopt 1235 }; 1236 1237 static const struct net_proto_family l2cap_sock_family_ops = { 1238 .family = PF_BLUETOOTH, 1239 .owner = THIS_MODULE, 1240 .create = l2cap_sock_create, 1241 }; 1242 1243 int __init l2cap_init_sockets(void) 1244 { 1245 int err; 1246 1247 err = proto_register(&l2cap_proto, 0); 1248 if (err < 0) 1249 return err; 1250 1251 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1252 if (err < 0) 1253 goto error; 1254 1255 BT_INFO("L2CAP socket layer initialized"); 1256 1257 return 0; 1258 1259 error: 1260 BT_ERR("L2CAP socket registration failed"); 1261 proto_unregister(&l2cap_proto); 1262 return err; 1263 } 1264 1265 void l2cap_cleanup_sockets(void) 1266 { 1267 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1268 BT_ERR("L2CAP socket unregistration failed"); 1269 1270 proto_unregister(&l2cap_proto); 1271 } 1272