1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* Bluetooth L2CAP sockets. */ 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/l2cap.h> 32 33 static const struct proto_ops l2cap_sock_ops; 34 35 /* ---- L2CAP timers ---- */ 36 static void l2cap_sock_timeout(unsigned long arg) 37 { 38 struct sock *sk = (struct sock *) arg; 39 int reason; 40 41 BT_DBG("sock %p state %d", sk, sk->sk_state); 42 43 bh_lock_sock(sk); 44 45 if (sock_owned_by_user(sk)) { 46 /* sk is owned by user. Try again later */ 47 l2cap_sock_set_timer(sk, HZ / 5); 48 bh_unlock_sock(sk); 49 sock_put(sk); 50 return; 51 } 52 53 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 54 reason = ECONNREFUSED; 55 else if (sk->sk_state == BT_CONNECT && 56 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP) 57 reason = ECONNREFUSED; 58 else 59 reason = ETIMEDOUT; 60 61 __l2cap_sock_close(sk, reason); 62 63 bh_unlock_sock(sk); 64 65 l2cap_sock_kill(sk); 66 sock_put(sk); 67 } 68 69 void l2cap_sock_set_timer(struct sock *sk, long timeout) 70 { 71 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); 72 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 73 } 74 75 void l2cap_sock_clear_timer(struct sock *sk) 76 { 77 BT_DBG("sock %p state %d", sk, sk->sk_state); 78 sk_stop_timer(sk, &sk->sk_timer); 79 } 80 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82 { 83 struct sock *sk = sock->sk; 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 struct sockaddr_l2 la; 86 int len, err = 0; 87 88 BT_DBG("sk %p", sk); 89 90 if (!addr || addr->sa_family != AF_BLUETOOTH) 91 return -EINVAL; 92 93 memset(&la, 0, sizeof(la)); 94 len = min_t(unsigned int, sizeof(la), alen); 95 memcpy(&la, addr, len); 96 97 if (la.l2_cid && la.l2_psm) 98 return -EINVAL; 99 100 lock_sock(sk); 101 102 if (sk->sk_state != BT_OPEN) { 103 err = -EBADFD; 104 goto done; 105 } 106 107 if (la.l2_psm) { 108 __u16 psm = __le16_to_cpu(la.l2_psm); 109 110 /* PSM must be odd and lsb of upper byte must be 0 */ 111 if ((psm & 0x0101) != 0x0001) { 112 err = -EINVAL; 113 goto done; 114 } 115 116 /* Restrict usage of well-known PSMs */ 117 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 118 err = -EACCES; 119 goto done; 120 } 121 } 122 123 if (la.l2_cid) 124 err = l2cap_add_scid(chan, la.l2_cid); 125 else 126 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 127 128 if (err < 0) 129 goto done; 130 131 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 132 __le16_to_cpu(la.l2_psm) == 0x0003) 133 chan->sec_level = BT_SECURITY_SDP; 134 135 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 136 sk->sk_state = BT_BOUND; 137 138 done: 139 release_sock(sk); 140 return err; 141 } 142 143 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 144 { 145 struct sock *sk = sock->sk; 146 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 147 struct sockaddr_l2 la; 148 int len, err = 0; 149 150 BT_DBG("sk %p", sk); 151 152 if (!addr || alen < sizeof(addr->sa_family) || 153 addr->sa_family != AF_BLUETOOTH) 154 return -EINVAL; 155 156 memset(&la, 0, sizeof(la)); 157 len = min_t(unsigned int, sizeof(la), alen); 158 memcpy(&la, addr, len); 159 160 if (la.l2_cid && la.l2_psm) 161 return -EINVAL; 162 163 lock_sock(sk); 164 165 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) 166 && !(la.l2_psm || la.l2_cid)) { 167 err = -EINVAL; 168 goto done; 169 } 170 171 switch (chan->mode) { 172 case L2CAP_MODE_BASIC: 173 break; 174 case L2CAP_MODE_ERTM: 175 case L2CAP_MODE_STREAMING: 176 if (!disable_ertm) 177 break; 178 /* fall through */ 179 default: 180 err = -ENOTSUPP; 181 goto done; 182 } 183 184 switch (sk->sk_state) { 185 case BT_CONNECT: 186 case BT_CONNECT2: 187 case BT_CONFIG: 188 /* Already connecting */ 189 goto wait; 190 191 case BT_CONNECTED: 192 /* Already connected */ 193 err = -EISCONN; 194 goto done; 195 196 case BT_OPEN: 197 case BT_BOUND: 198 /* Can connect */ 199 break; 200 201 default: 202 err = -EBADFD; 203 goto done; 204 } 205 206 /* PSM must be odd and lsb of upper byte must be 0 */ 207 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && 208 sk->sk_type != SOCK_RAW && !la.l2_cid) { 209 err = -EINVAL; 210 goto done; 211 } 212 213 /* Set destination address and psm */ 214 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 215 chan->psm = la.l2_psm; 216 chan->dcid = la.l2_cid; 217 218 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 219 if (err) 220 goto done; 221 222 wait: 223 err = bt_sock_wait_state(sk, BT_CONNECTED, 224 sock_sndtimeo(sk, flags & O_NONBLOCK)); 225 done: 226 release_sock(sk); 227 return err; 228 } 229 230 static int l2cap_sock_listen(struct socket *sock, int backlog) 231 { 232 struct sock *sk = sock->sk; 233 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 234 int err = 0; 235 236 BT_DBG("sk %p backlog %d", sk, backlog); 237 238 lock_sock(sk); 239 240 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 241 || sk->sk_state != BT_BOUND) { 242 err = -EBADFD; 243 goto done; 244 } 245 246 switch (chan->mode) { 247 case L2CAP_MODE_BASIC: 248 break; 249 case L2CAP_MODE_ERTM: 250 case L2CAP_MODE_STREAMING: 251 if (!disable_ertm) 252 break; 253 /* fall through */ 254 default: 255 err = -ENOTSUPP; 256 goto done; 257 } 258 259 sk->sk_max_ack_backlog = backlog; 260 sk->sk_ack_backlog = 0; 261 sk->sk_state = BT_LISTEN; 262 263 done: 264 release_sock(sk); 265 return err; 266 } 267 268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 269 { 270 DECLARE_WAITQUEUE(wait, current); 271 struct sock *sk = sock->sk, *nsk; 272 long timeo; 273 int err = 0; 274 275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 276 277 if (sk->sk_state != BT_LISTEN) { 278 err = -EBADFD; 279 goto done; 280 } 281 282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 283 284 BT_DBG("sk %p timeo %ld", sk, timeo); 285 286 /* Wait for an incoming connection. (wake-one). */ 287 add_wait_queue_exclusive(sk_sleep(sk), &wait); 288 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 289 set_current_state(TASK_INTERRUPTIBLE); 290 if (!timeo) { 291 err = -EAGAIN; 292 break; 293 } 294 295 release_sock(sk); 296 timeo = schedule_timeout(timeo); 297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 298 299 if (sk->sk_state != BT_LISTEN) { 300 err = -EBADFD; 301 break; 302 } 303 304 if (signal_pending(current)) { 305 err = sock_intr_errno(timeo); 306 break; 307 } 308 } 309 set_current_state(TASK_RUNNING); 310 remove_wait_queue(sk_sleep(sk), &wait); 311 312 if (err) 313 goto done; 314 315 newsock->state = SS_CONNECTED; 316 317 BT_DBG("new socket %p", nsk); 318 319 done: 320 release_sock(sk); 321 return err; 322 } 323 324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 325 { 326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 327 struct sock *sk = sock->sk; 328 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 329 330 BT_DBG("sock %p, sk %p", sock, sk); 331 332 addr->sa_family = AF_BLUETOOTH; 333 *len = sizeof(struct sockaddr_l2); 334 335 if (peer) { 336 la->l2_psm = chan->psm; 337 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 338 la->l2_cid = cpu_to_le16(chan->dcid); 339 } else { 340 la->l2_psm = chan->sport; 341 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 342 la->l2_cid = cpu_to_le16(chan->scid); 343 } 344 345 return 0; 346 } 347 348 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 349 { 350 struct sock *sk = sock->sk; 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 352 struct l2cap_options opts; 353 struct l2cap_conninfo cinfo; 354 int len, err = 0; 355 u32 opt; 356 357 BT_DBG("sk %p", sk); 358 359 if (get_user(len, optlen)) 360 return -EFAULT; 361 362 lock_sock(sk); 363 364 switch (optname) { 365 case L2CAP_OPTIONS: 366 memset(&opts, 0, sizeof(opts)); 367 opts.imtu = chan->imtu; 368 opts.omtu = chan->omtu; 369 opts.flush_to = chan->flush_to; 370 opts.mode = chan->mode; 371 opts.fcs = chan->fcs; 372 opts.max_tx = chan->max_tx; 373 opts.txwin_size = (__u16)chan->tx_win; 374 375 len = min_t(unsigned int, len, sizeof(opts)); 376 if (copy_to_user(optval, (char *) &opts, len)) 377 err = -EFAULT; 378 379 break; 380 381 case L2CAP_LM: 382 switch (chan->sec_level) { 383 case BT_SECURITY_LOW: 384 opt = L2CAP_LM_AUTH; 385 break; 386 case BT_SECURITY_MEDIUM: 387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 388 break; 389 case BT_SECURITY_HIGH: 390 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 391 L2CAP_LM_SECURE; 392 break; 393 default: 394 opt = 0; 395 break; 396 } 397 398 if (chan->role_switch) 399 opt |= L2CAP_LM_MASTER; 400 401 if (chan->force_reliable) 402 opt |= L2CAP_LM_RELIABLE; 403 404 if (put_user(opt, (u32 __user *) optval)) 405 err = -EFAULT; 406 break; 407 408 case L2CAP_CONNINFO: 409 if (sk->sk_state != BT_CONNECTED && 410 !(sk->sk_state == BT_CONNECT2 && 411 bt_sk(sk)->defer_setup)) { 412 err = -ENOTCONN; 413 break; 414 } 415 416 memset(&cinfo, 0, sizeof(cinfo)); 417 cinfo.hci_handle = chan->conn->hcon->handle; 418 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 419 420 len = min_t(unsigned int, len, sizeof(cinfo)); 421 if (copy_to_user(optval, (char *) &cinfo, len)) 422 err = -EFAULT; 423 424 break; 425 426 default: 427 err = -ENOPROTOOPT; 428 break; 429 } 430 431 release_sock(sk); 432 return err; 433 } 434 435 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 436 { 437 struct sock *sk = sock->sk; 438 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 439 struct bt_security sec; 440 int len, err = 0; 441 442 BT_DBG("sk %p", sk); 443 444 if (level == SOL_L2CAP) 445 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 446 447 if (level != SOL_BLUETOOTH) 448 return -ENOPROTOOPT; 449 450 if (get_user(len, optlen)) 451 return -EFAULT; 452 453 lock_sock(sk); 454 455 switch (optname) { 456 case BT_SECURITY: 457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 458 && sk->sk_type != SOCK_RAW) { 459 err = -EINVAL; 460 break; 461 } 462 463 sec.level = chan->sec_level; 464 465 len = min_t(unsigned int, len, sizeof(sec)); 466 if (copy_to_user(optval, (char *) &sec, len)) 467 err = -EFAULT; 468 469 break; 470 471 case BT_DEFER_SETUP: 472 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 473 err = -EINVAL; 474 break; 475 } 476 477 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 478 err = -EFAULT; 479 480 break; 481 482 case BT_FLUSHABLE: 483 if (put_user(chan->flushable, (u32 __user *) optval)) 484 err = -EFAULT; 485 486 break; 487 488 default: 489 err = -ENOPROTOOPT; 490 break; 491 } 492 493 release_sock(sk); 494 return err; 495 } 496 497 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 498 { 499 struct sock *sk = sock->sk; 500 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 501 struct l2cap_options opts; 502 int len, err = 0; 503 u32 opt; 504 505 BT_DBG("sk %p", sk); 506 507 lock_sock(sk); 508 509 switch (optname) { 510 case L2CAP_OPTIONS: 511 if (sk->sk_state == BT_CONNECTED) { 512 err = -EINVAL; 513 break; 514 } 515 516 opts.imtu = chan->imtu; 517 opts.omtu = chan->omtu; 518 opts.flush_to = chan->flush_to; 519 opts.mode = chan->mode; 520 opts.fcs = chan->fcs; 521 opts.max_tx = chan->max_tx; 522 opts.txwin_size = (__u16)chan->tx_win; 523 524 len = min_t(unsigned int, sizeof(opts), optlen); 525 if (copy_from_user((char *) &opts, optval, len)) { 526 err = -EFAULT; 527 break; 528 } 529 530 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 531 err = -EINVAL; 532 break; 533 } 534 535 chan->mode = opts.mode; 536 switch (chan->mode) { 537 case L2CAP_MODE_BASIC: 538 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; 539 break; 540 case L2CAP_MODE_ERTM: 541 case L2CAP_MODE_STREAMING: 542 if (!disable_ertm) 543 break; 544 /* fall through */ 545 default: 546 err = -EINVAL; 547 break; 548 } 549 550 chan->imtu = opts.imtu; 551 chan->omtu = opts.omtu; 552 chan->fcs = opts.fcs; 553 chan->max_tx = opts.max_tx; 554 chan->tx_win = (__u8)opts.txwin_size; 555 break; 556 557 case L2CAP_LM: 558 if (get_user(opt, (u32 __user *) optval)) { 559 err = -EFAULT; 560 break; 561 } 562 563 if (opt & L2CAP_LM_AUTH) 564 chan->sec_level = BT_SECURITY_LOW; 565 if (opt & L2CAP_LM_ENCRYPT) 566 chan->sec_level = BT_SECURITY_MEDIUM; 567 if (opt & L2CAP_LM_SECURE) 568 chan->sec_level = BT_SECURITY_HIGH; 569 570 chan->role_switch = (opt & L2CAP_LM_MASTER); 571 chan->force_reliable = (opt & L2CAP_LM_RELIABLE); 572 break; 573 574 default: 575 err = -ENOPROTOOPT; 576 break; 577 } 578 579 release_sock(sk); 580 return err; 581 } 582 583 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 584 { 585 struct sock *sk = sock->sk; 586 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 587 struct bt_security sec; 588 int len, err = 0; 589 u32 opt; 590 591 BT_DBG("sk %p", sk); 592 593 if (level == SOL_L2CAP) 594 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 595 596 if (level != SOL_BLUETOOTH) 597 return -ENOPROTOOPT; 598 599 lock_sock(sk); 600 601 switch (optname) { 602 case BT_SECURITY: 603 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 604 && sk->sk_type != SOCK_RAW) { 605 err = -EINVAL; 606 break; 607 } 608 609 sec.level = BT_SECURITY_LOW; 610 611 len = min_t(unsigned int, sizeof(sec), optlen); 612 if (copy_from_user((char *) &sec, optval, len)) { 613 err = -EFAULT; 614 break; 615 } 616 617 if (sec.level < BT_SECURITY_LOW || 618 sec.level > BT_SECURITY_HIGH) { 619 err = -EINVAL; 620 break; 621 } 622 623 chan->sec_level = sec.level; 624 break; 625 626 case BT_DEFER_SETUP: 627 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 628 err = -EINVAL; 629 break; 630 } 631 632 if (get_user(opt, (u32 __user *) optval)) { 633 err = -EFAULT; 634 break; 635 } 636 637 bt_sk(sk)->defer_setup = opt; 638 break; 639 640 case BT_FLUSHABLE: 641 if (get_user(opt, (u32 __user *) optval)) { 642 err = -EFAULT; 643 break; 644 } 645 646 if (opt > BT_FLUSHABLE_ON) { 647 err = -EINVAL; 648 break; 649 } 650 651 if (opt == BT_FLUSHABLE_OFF) { 652 struct l2cap_conn *conn = chan->conn; 653 /* proceed further only when we have l2cap_conn and 654 No Flush support in the LM */ 655 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 656 err = -EINVAL; 657 break; 658 } 659 } 660 661 chan->flushable = opt; 662 break; 663 664 default: 665 err = -ENOPROTOOPT; 666 break; 667 } 668 669 release_sock(sk); 670 return err; 671 } 672 673 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 674 { 675 struct sock *sk = sock->sk; 676 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 677 struct sk_buff *skb; 678 u16 control; 679 int err; 680 681 BT_DBG("sock %p, sk %p", sock, sk); 682 683 err = sock_error(sk); 684 if (err) 685 return err; 686 687 if (msg->msg_flags & MSG_OOB) 688 return -EOPNOTSUPP; 689 690 lock_sock(sk); 691 692 if (sk->sk_state != BT_CONNECTED) { 693 err = -ENOTCONN; 694 goto done; 695 } 696 697 /* Connectionless channel */ 698 if (sk->sk_type == SOCK_DGRAM) { 699 skb = l2cap_create_connless_pdu(chan, msg, len); 700 if (IS_ERR(skb)) { 701 err = PTR_ERR(skb); 702 } else { 703 l2cap_do_send(chan, skb); 704 err = len; 705 } 706 goto done; 707 } 708 709 switch (chan->mode) { 710 case L2CAP_MODE_BASIC: 711 /* Check outgoing MTU */ 712 if (len > chan->omtu) { 713 err = -EMSGSIZE; 714 goto done; 715 } 716 717 /* Create a basic PDU */ 718 skb = l2cap_create_basic_pdu(chan, msg, len); 719 if (IS_ERR(skb)) { 720 err = PTR_ERR(skb); 721 goto done; 722 } 723 724 l2cap_do_send(chan, skb); 725 err = len; 726 break; 727 728 case L2CAP_MODE_ERTM: 729 case L2CAP_MODE_STREAMING: 730 /* Entire SDU fits into one PDU */ 731 if (len <= chan->remote_mps) { 732 control = L2CAP_SDU_UNSEGMENTED; 733 skb = l2cap_create_iframe_pdu(chan, msg, len, control, 734 0); 735 if (IS_ERR(skb)) { 736 err = PTR_ERR(skb); 737 goto done; 738 } 739 __skb_queue_tail(&chan->tx_q, skb); 740 741 if (chan->tx_send_head == NULL) 742 chan->tx_send_head = skb; 743 744 } else { 745 /* Segment SDU into multiples PDUs */ 746 err = l2cap_sar_segment_sdu(chan, msg, len); 747 if (err < 0) 748 goto done; 749 } 750 751 if (chan->mode == L2CAP_MODE_STREAMING) { 752 l2cap_streaming_send(chan); 753 err = len; 754 break; 755 } 756 757 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && 758 (chan->conn_state & L2CAP_CONN_WAIT_F)) { 759 err = len; 760 break; 761 } 762 err = l2cap_ertm_send(chan); 763 764 if (err >= 0) 765 err = len; 766 break; 767 768 default: 769 BT_DBG("bad state %1.1x", chan->mode); 770 err = -EBADFD; 771 } 772 773 done: 774 release_sock(sk); 775 return err; 776 } 777 778 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 779 { 780 struct sock *sk = sock->sk; 781 782 lock_sock(sk); 783 784 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 785 sk->sk_state = BT_CONFIG; 786 787 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan); 788 release_sock(sk); 789 return 0; 790 } 791 792 release_sock(sk); 793 794 if (sock->type == SOCK_STREAM) 795 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 796 797 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 798 } 799 800 /* Kill socket (only if zapped and orphan) 801 * Must be called on unlocked socket. 802 */ 803 void l2cap_sock_kill(struct sock *sk) 804 { 805 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 806 return; 807 808 BT_DBG("sk %p state %d", sk, sk->sk_state); 809 810 /* Kill poor orphan */ 811 812 l2cap_chan_destroy(l2cap_pi(sk)->chan); 813 sock_set_flag(sk, SOCK_DEAD); 814 sock_put(sk); 815 } 816 817 /* Must be called on unlocked socket. */ 818 static void l2cap_sock_close(struct sock *sk) 819 { 820 l2cap_sock_clear_timer(sk); 821 lock_sock(sk); 822 __l2cap_sock_close(sk, ECONNRESET); 823 release_sock(sk); 824 l2cap_sock_kill(sk); 825 } 826 827 static void l2cap_sock_cleanup_listen(struct sock *parent) 828 { 829 struct sock *sk; 830 831 BT_DBG("parent %p", parent); 832 833 /* Close not yet accepted channels */ 834 while ((sk = bt_accept_dequeue(parent, NULL))) 835 l2cap_sock_close(sk); 836 837 parent->sk_state = BT_CLOSED; 838 sock_set_flag(parent, SOCK_ZAPPED); 839 } 840 841 void __l2cap_sock_close(struct sock *sk, int reason) 842 { 843 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 844 struct l2cap_conn *conn = chan->conn; 845 846 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 847 848 switch (sk->sk_state) { 849 case BT_LISTEN: 850 l2cap_sock_cleanup_listen(sk); 851 break; 852 853 case BT_CONNECTED: 854 case BT_CONFIG: 855 if ((sk->sk_type == SOCK_SEQPACKET || 856 sk->sk_type == SOCK_STREAM) && 857 conn->hcon->type == ACL_LINK) { 858 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 859 l2cap_send_disconn_req(conn, chan, reason); 860 } else 861 l2cap_chan_del(chan, reason); 862 break; 863 864 case BT_CONNECT2: 865 if ((sk->sk_type == SOCK_SEQPACKET || 866 sk->sk_type == SOCK_STREAM) && 867 conn->hcon->type == ACL_LINK) { 868 struct l2cap_conn_rsp rsp; 869 __u16 result; 870 871 if (bt_sk(sk)->defer_setup) 872 result = L2CAP_CR_SEC_BLOCK; 873 else 874 result = L2CAP_CR_BAD_PSM; 875 876 rsp.scid = cpu_to_le16(chan->dcid); 877 rsp.dcid = cpu_to_le16(chan->scid); 878 rsp.result = cpu_to_le16(result); 879 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 880 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 881 sizeof(rsp), &rsp); 882 } 883 884 l2cap_chan_del(chan, reason); 885 break; 886 887 case BT_CONNECT: 888 case BT_DISCONN: 889 l2cap_chan_del(chan, reason); 890 break; 891 892 default: 893 sock_set_flag(sk, SOCK_ZAPPED); 894 break; 895 } 896 } 897 898 static int l2cap_sock_shutdown(struct socket *sock, int how) 899 { 900 struct sock *sk = sock->sk; 901 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 902 int err = 0; 903 904 BT_DBG("sock %p, sk %p", sock, sk); 905 906 if (!sk) 907 return 0; 908 909 lock_sock(sk); 910 if (!sk->sk_shutdown) { 911 if (chan->mode == L2CAP_MODE_ERTM) 912 err = __l2cap_wait_ack(sk); 913 914 sk->sk_shutdown = SHUTDOWN_MASK; 915 l2cap_sock_clear_timer(sk); 916 __l2cap_sock_close(sk, 0); 917 918 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 919 err = bt_sock_wait_state(sk, BT_CLOSED, 920 sk->sk_lingertime); 921 } 922 923 if (!err && sk->sk_err) 924 err = -sk->sk_err; 925 926 release_sock(sk); 927 return err; 928 } 929 930 static int l2cap_sock_release(struct socket *sock) 931 { 932 struct sock *sk = sock->sk; 933 int err; 934 935 BT_DBG("sock %p, sk %p", sock, sk); 936 937 if (!sk) 938 return 0; 939 940 err = l2cap_sock_shutdown(sock, 2); 941 942 sock_orphan(sk); 943 l2cap_sock_kill(sk); 944 return err; 945 } 946 947 static void l2cap_sock_destruct(struct sock *sk) 948 { 949 BT_DBG("sk %p", sk); 950 951 skb_queue_purge(&sk->sk_receive_queue); 952 skb_queue_purge(&sk->sk_write_queue); 953 } 954 955 void l2cap_sock_init(struct sock *sk, struct sock *parent) 956 { 957 struct l2cap_pinfo *pi = l2cap_pi(sk); 958 struct l2cap_chan *chan = pi->chan; 959 960 BT_DBG("sk %p", sk); 961 962 if (parent) { 963 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 964 965 sk->sk_type = parent->sk_type; 966 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 967 968 chan->imtu = pchan->imtu; 969 chan->omtu = pchan->omtu; 970 chan->conf_state = pchan->conf_state; 971 chan->mode = pchan->mode; 972 chan->fcs = pchan->fcs; 973 chan->max_tx = pchan->max_tx; 974 chan->tx_win = pchan->tx_win; 975 chan->sec_level = pchan->sec_level; 976 chan->role_switch = pchan->role_switch; 977 chan->force_reliable = pchan->force_reliable; 978 chan->flushable = pchan->flushable; 979 } else { 980 chan->imtu = L2CAP_DEFAULT_MTU; 981 chan->omtu = 0; 982 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 983 chan->mode = L2CAP_MODE_ERTM; 984 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE; 985 } else { 986 chan->mode = L2CAP_MODE_BASIC; 987 } 988 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 989 chan->fcs = L2CAP_FCS_CRC16; 990 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 991 chan->sec_level = BT_SECURITY_LOW; 992 chan->role_switch = 0; 993 chan->force_reliable = 0; 994 chan->flushable = BT_FLUSHABLE_OFF; 995 } 996 997 /* Default config options */ 998 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 999 } 1000 1001 static struct proto l2cap_proto = { 1002 .name = "L2CAP", 1003 .owner = THIS_MODULE, 1004 .obj_size = sizeof(struct l2cap_pinfo) 1005 }; 1006 1007 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1008 { 1009 struct sock *sk; 1010 1011 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1012 if (!sk) 1013 return NULL; 1014 1015 sock_init_data(sock, sk); 1016 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1017 1018 sk->sk_destruct = l2cap_sock_destruct; 1019 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 1020 1021 sock_reset_flag(sk, SOCK_ZAPPED); 1022 1023 sk->sk_protocol = proto; 1024 sk->sk_state = BT_OPEN; 1025 1026 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); 1027 1028 return sk; 1029 } 1030 1031 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1032 int kern) 1033 { 1034 struct sock *sk; 1035 struct l2cap_chan *chan; 1036 1037 BT_DBG("sock %p", sock); 1038 1039 sock->state = SS_UNCONNECTED; 1040 1041 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1042 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1043 return -ESOCKTNOSUPPORT; 1044 1045 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1046 return -EPERM; 1047 1048 sock->ops = &l2cap_sock_ops; 1049 1050 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1051 if (!sk) 1052 return -ENOMEM; 1053 1054 chan = l2cap_chan_create(sk); 1055 if (!chan) { 1056 l2cap_sock_kill(sk); 1057 return -ENOMEM; 1058 } 1059 1060 l2cap_pi(sk)->chan = chan; 1061 1062 l2cap_sock_init(sk, NULL); 1063 return 0; 1064 } 1065 1066 static const struct proto_ops l2cap_sock_ops = { 1067 .family = PF_BLUETOOTH, 1068 .owner = THIS_MODULE, 1069 .release = l2cap_sock_release, 1070 .bind = l2cap_sock_bind, 1071 .connect = l2cap_sock_connect, 1072 .listen = l2cap_sock_listen, 1073 .accept = l2cap_sock_accept, 1074 .getname = l2cap_sock_getname, 1075 .sendmsg = l2cap_sock_sendmsg, 1076 .recvmsg = l2cap_sock_recvmsg, 1077 .poll = bt_sock_poll, 1078 .ioctl = bt_sock_ioctl, 1079 .mmap = sock_no_mmap, 1080 .socketpair = sock_no_socketpair, 1081 .shutdown = l2cap_sock_shutdown, 1082 .setsockopt = l2cap_sock_setsockopt, 1083 .getsockopt = l2cap_sock_getsockopt 1084 }; 1085 1086 static const struct net_proto_family l2cap_sock_family_ops = { 1087 .family = PF_BLUETOOTH, 1088 .owner = THIS_MODULE, 1089 .create = l2cap_sock_create, 1090 }; 1091 1092 int __init l2cap_init_sockets(void) 1093 { 1094 int err; 1095 1096 err = proto_register(&l2cap_proto, 0); 1097 if (err < 0) 1098 return err; 1099 1100 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1101 if (err < 0) 1102 goto error; 1103 1104 BT_INFO("L2CAP socket layer initialized"); 1105 1106 return 0; 1107 1108 error: 1109 BT_ERR("L2CAP socket registration failed"); 1110 proto_unregister(&l2cap_proto); 1111 return err; 1112 } 1113 1114 void l2cap_cleanup_sockets(void) 1115 { 1116 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1117 BT_ERR("L2CAP socket unregistration failed"); 1118 1119 proto_unregister(&l2cap_proto); 1120 } 1121