1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* Bluetooth L2CAP sockets. */ 28 29 #include <linux/security.h> 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static const struct proto_ops l2cap_sock_ops; 38 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 39 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 40 41 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 42 { 43 struct sock *sk = sock->sk; 44 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 45 struct sockaddr_l2 la; 46 int len, err = 0; 47 48 BT_DBG("sk %p", sk); 49 50 if (!addr || addr->sa_family != AF_BLUETOOTH) 51 return -EINVAL; 52 53 memset(&la, 0, sizeof(la)); 54 len = min_t(unsigned int, sizeof(la), alen); 55 memcpy(&la, addr, len); 56 57 if (la.l2_cid && la.l2_psm) 58 return -EINVAL; 59 60 lock_sock(sk); 61 62 if (sk->sk_state != BT_OPEN) { 63 err = -EBADFD; 64 goto done; 65 } 66 67 if (la.l2_psm) { 68 __u16 psm = __le16_to_cpu(la.l2_psm); 69 70 /* PSM must be odd and lsb of upper byte must be 0 */ 71 if ((psm & 0x0101) != 0x0001) { 72 err = -EINVAL; 73 goto done; 74 } 75 76 /* Restrict usage of well-known PSMs */ 77 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 78 err = -EACCES; 79 goto done; 80 } 81 } 82 83 if (la.l2_cid) 84 err = l2cap_add_scid(chan, la.l2_cid); 85 else 86 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 87 88 if (err < 0) 89 goto done; 90 91 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 92 __le16_to_cpu(la.l2_psm) == 0x0003) 93 chan->sec_level = BT_SECURITY_SDP; 94 95 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 96 97 chan->state = BT_BOUND; 98 sk->sk_state = BT_BOUND; 99 100 done: 101 release_sock(sk); 102 return err; 103 } 104 105 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 106 { 107 struct sock *sk = sock->sk; 108 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 109 struct sockaddr_l2 la; 110 int len, err = 0; 111 112 BT_DBG("sk %p", sk); 113 114 if (!addr || alen < sizeof(addr->sa_family) || 115 addr->sa_family != AF_BLUETOOTH) 116 return -EINVAL; 117 118 memset(&la, 0, sizeof(la)); 119 len = min_t(unsigned int, sizeof(la), alen); 120 memcpy(&la, addr, len); 121 122 if (la.l2_cid && la.l2_psm) 123 return -EINVAL; 124 125 lock_sock(sk); 126 127 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED 128 && !(la.l2_psm || la.l2_cid)) { 129 err = -EINVAL; 130 goto done; 131 } 132 133 switch (chan->mode) { 134 case L2CAP_MODE_BASIC: 135 break; 136 case L2CAP_MODE_ERTM: 137 case L2CAP_MODE_STREAMING: 138 if (!disable_ertm) 139 break; 140 /* fall through */ 141 default: 142 err = -ENOTSUPP; 143 goto done; 144 } 145 146 switch (sk->sk_state) { 147 case BT_CONNECT: 148 case BT_CONNECT2: 149 case BT_CONFIG: 150 /* Already connecting */ 151 goto wait; 152 153 case BT_CONNECTED: 154 /* Already connected */ 155 err = -EISCONN; 156 goto done; 157 158 case BT_OPEN: 159 case BT_BOUND: 160 /* Can connect */ 161 break; 162 163 default: 164 err = -EBADFD; 165 goto done; 166 } 167 168 /* PSM must be odd and lsb of upper byte must be 0 */ 169 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid && 170 chan->chan_type != L2CAP_CHAN_RAW) { 171 err = -EINVAL; 172 goto done; 173 } 174 175 /* Set destination address and psm */ 176 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 177 chan->psm = la.l2_psm; 178 chan->dcid = la.l2_cid; 179 180 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 181 if (err) 182 goto done; 183 184 wait: 185 err = bt_sock_wait_state(sk, BT_CONNECTED, 186 sock_sndtimeo(sk, flags & O_NONBLOCK)); 187 done: 188 release_sock(sk); 189 return err; 190 } 191 192 static int l2cap_sock_listen(struct socket *sock, int backlog) 193 { 194 struct sock *sk = sock->sk; 195 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 196 int err = 0; 197 198 BT_DBG("sk %p backlog %d", sk, backlog); 199 200 lock_sock(sk); 201 202 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 203 || sk->sk_state != BT_BOUND) { 204 err = -EBADFD; 205 goto done; 206 } 207 208 switch (chan->mode) { 209 case L2CAP_MODE_BASIC: 210 break; 211 case L2CAP_MODE_ERTM: 212 case L2CAP_MODE_STREAMING: 213 if (!disable_ertm) 214 break; 215 /* fall through */ 216 default: 217 err = -ENOTSUPP; 218 goto done; 219 } 220 221 sk->sk_max_ack_backlog = backlog; 222 sk->sk_ack_backlog = 0; 223 224 chan->state = BT_LISTEN; 225 sk->sk_state = BT_LISTEN; 226 227 done: 228 release_sock(sk); 229 return err; 230 } 231 232 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 233 { 234 DECLARE_WAITQUEUE(wait, current); 235 struct sock *sk = sock->sk, *nsk; 236 long timeo; 237 int err = 0; 238 239 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 240 241 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 242 243 BT_DBG("sk %p timeo %ld", sk, timeo); 244 245 /* Wait for an incoming connection. (wake-one). */ 246 add_wait_queue_exclusive(sk_sleep(sk), &wait); 247 while (1) { 248 set_current_state(TASK_INTERRUPTIBLE); 249 250 if (sk->sk_state != BT_LISTEN) { 251 err = -EBADFD; 252 break; 253 } 254 255 nsk = bt_accept_dequeue(sk, newsock); 256 if (nsk) 257 break; 258 259 if (!timeo) { 260 err = -EAGAIN; 261 break; 262 } 263 264 if (signal_pending(current)) { 265 err = sock_intr_errno(timeo); 266 break; 267 } 268 269 release_sock(sk); 270 timeo = schedule_timeout(timeo); 271 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 272 } 273 __set_current_state(TASK_RUNNING); 274 remove_wait_queue(sk_sleep(sk), &wait); 275 276 if (err) 277 goto done; 278 279 newsock->state = SS_CONNECTED; 280 281 BT_DBG("new socket %p", nsk); 282 283 done: 284 release_sock(sk); 285 return err; 286 } 287 288 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 289 { 290 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 291 struct sock *sk = sock->sk; 292 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 293 294 BT_DBG("sock %p, sk %p", sock, sk); 295 296 addr->sa_family = AF_BLUETOOTH; 297 *len = sizeof(struct sockaddr_l2); 298 299 if (peer) { 300 la->l2_psm = chan->psm; 301 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 302 la->l2_cid = cpu_to_le16(chan->dcid); 303 } else { 304 la->l2_psm = chan->sport; 305 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 306 la->l2_cid = cpu_to_le16(chan->scid); 307 } 308 309 return 0; 310 } 311 312 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 313 { 314 struct sock *sk = sock->sk; 315 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 316 struct l2cap_options opts; 317 struct l2cap_conninfo cinfo; 318 int len, err = 0; 319 u32 opt; 320 321 BT_DBG("sk %p", sk); 322 323 if (get_user(len, optlen)) 324 return -EFAULT; 325 326 lock_sock(sk); 327 328 switch (optname) { 329 case L2CAP_OPTIONS: 330 memset(&opts, 0, sizeof(opts)); 331 opts.imtu = chan->imtu; 332 opts.omtu = chan->omtu; 333 opts.flush_to = chan->flush_to; 334 opts.mode = chan->mode; 335 opts.fcs = chan->fcs; 336 opts.max_tx = chan->max_tx; 337 opts.txwin_size = chan->tx_win; 338 339 len = min_t(unsigned int, len, sizeof(opts)); 340 if (copy_to_user(optval, (char *) &opts, len)) 341 err = -EFAULT; 342 343 break; 344 345 case L2CAP_LM: 346 switch (chan->sec_level) { 347 case BT_SECURITY_LOW: 348 opt = L2CAP_LM_AUTH; 349 break; 350 case BT_SECURITY_MEDIUM: 351 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 352 break; 353 case BT_SECURITY_HIGH: 354 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 355 L2CAP_LM_SECURE; 356 break; 357 default: 358 opt = 0; 359 break; 360 } 361 362 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 363 opt |= L2CAP_LM_MASTER; 364 365 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 366 opt |= L2CAP_LM_RELIABLE; 367 368 if (put_user(opt, (u32 __user *) optval)) 369 err = -EFAULT; 370 break; 371 372 case L2CAP_CONNINFO: 373 if (sk->sk_state != BT_CONNECTED && 374 !(sk->sk_state == BT_CONNECT2 && 375 bt_sk(sk)->defer_setup)) { 376 err = -ENOTCONN; 377 break; 378 } 379 380 memset(&cinfo, 0, sizeof(cinfo)); 381 cinfo.hci_handle = chan->conn->hcon->handle; 382 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 383 384 len = min_t(unsigned int, len, sizeof(cinfo)); 385 if (copy_to_user(optval, (char *) &cinfo, len)) 386 err = -EFAULT; 387 388 break; 389 390 default: 391 err = -ENOPROTOOPT; 392 break; 393 } 394 395 release_sock(sk); 396 return err; 397 } 398 399 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 400 { 401 struct sock *sk = sock->sk; 402 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 403 struct bt_security sec; 404 struct bt_power pwr; 405 int len, err = 0; 406 407 BT_DBG("sk %p", sk); 408 409 if (level == SOL_L2CAP) 410 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 411 412 if (level != SOL_BLUETOOTH) 413 return -ENOPROTOOPT; 414 415 if (get_user(len, optlen)) 416 return -EFAULT; 417 418 lock_sock(sk); 419 420 switch (optname) { 421 case BT_SECURITY: 422 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 423 chan->chan_type != L2CAP_CHAN_RAW) { 424 err = -EINVAL; 425 break; 426 } 427 428 memset(&sec, 0, sizeof(sec)); 429 sec.level = chan->sec_level; 430 431 if (sk->sk_state == BT_CONNECTED) 432 sec.key_size = chan->conn->hcon->enc_key_size; 433 434 len = min_t(unsigned int, len, sizeof(sec)); 435 if (copy_to_user(optval, (char *) &sec, len)) 436 err = -EFAULT; 437 438 break; 439 440 case BT_DEFER_SETUP: 441 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 442 err = -EINVAL; 443 break; 444 } 445 446 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 447 err = -EFAULT; 448 449 break; 450 451 case BT_FLUSHABLE: 452 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 453 (u32 __user *) optval)) 454 err = -EFAULT; 455 456 break; 457 458 case BT_POWER: 459 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 460 && sk->sk_type != SOCK_RAW) { 461 err = -EINVAL; 462 break; 463 } 464 465 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 466 467 len = min_t(unsigned int, len, sizeof(pwr)); 468 if (copy_to_user(optval, (char *) &pwr, len)) 469 err = -EFAULT; 470 471 break; 472 473 case BT_CHANNEL_POLICY: 474 if (!enable_hs) { 475 err = -ENOPROTOOPT; 476 break; 477 } 478 479 if (put_user(chan->chan_policy, (u32 __user *) optval)) 480 err = -EFAULT; 481 break; 482 483 default: 484 err = -ENOPROTOOPT; 485 break; 486 } 487 488 release_sock(sk); 489 return err; 490 } 491 492 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 493 { 494 struct sock *sk = sock->sk; 495 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 496 struct l2cap_options opts; 497 int len, err = 0; 498 u32 opt; 499 500 BT_DBG("sk %p", sk); 501 502 lock_sock(sk); 503 504 switch (optname) { 505 case L2CAP_OPTIONS: 506 if (sk->sk_state == BT_CONNECTED) { 507 err = -EINVAL; 508 break; 509 } 510 511 opts.imtu = chan->imtu; 512 opts.omtu = chan->omtu; 513 opts.flush_to = chan->flush_to; 514 opts.mode = chan->mode; 515 opts.fcs = chan->fcs; 516 opts.max_tx = chan->max_tx; 517 opts.txwin_size = chan->tx_win; 518 519 len = min_t(unsigned int, sizeof(opts), optlen); 520 if (copy_from_user((char *) &opts, optval, len)) { 521 err = -EFAULT; 522 break; 523 } 524 525 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 526 err = -EINVAL; 527 break; 528 } 529 530 chan->mode = opts.mode; 531 switch (chan->mode) { 532 case L2CAP_MODE_BASIC: 533 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 534 break; 535 case L2CAP_MODE_ERTM: 536 case L2CAP_MODE_STREAMING: 537 if (!disable_ertm) 538 break; 539 /* fall through */ 540 default: 541 err = -EINVAL; 542 break; 543 } 544 545 chan->imtu = opts.imtu; 546 chan->omtu = opts.omtu; 547 chan->fcs = opts.fcs; 548 chan->max_tx = opts.max_tx; 549 chan->tx_win = opts.txwin_size; 550 break; 551 552 case L2CAP_LM: 553 if (get_user(opt, (u32 __user *) optval)) { 554 err = -EFAULT; 555 break; 556 } 557 558 if (opt & L2CAP_LM_AUTH) 559 chan->sec_level = BT_SECURITY_LOW; 560 if (opt & L2CAP_LM_ENCRYPT) 561 chan->sec_level = BT_SECURITY_MEDIUM; 562 if (opt & L2CAP_LM_SECURE) 563 chan->sec_level = BT_SECURITY_HIGH; 564 565 if (opt & L2CAP_LM_MASTER) 566 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 567 else 568 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 569 570 if (opt & L2CAP_LM_RELIABLE) 571 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 572 else 573 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 574 break; 575 576 default: 577 err = -ENOPROTOOPT; 578 break; 579 } 580 581 release_sock(sk); 582 return err; 583 } 584 585 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 586 { 587 struct sock *sk = sock->sk; 588 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 589 struct bt_security sec; 590 struct bt_power pwr; 591 struct l2cap_conn *conn; 592 int len, err = 0; 593 u32 opt; 594 595 BT_DBG("sk %p", sk); 596 597 if (level == SOL_L2CAP) 598 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 599 600 if (level != SOL_BLUETOOTH) 601 return -ENOPROTOOPT; 602 603 lock_sock(sk); 604 605 switch (optname) { 606 case BT_SECURITY: 607 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 608 chan->chan_type != L2CAP_CHAN_RAW) { 609 err = -EINVAL; 610 break; 611 } 612 613 sec.level = BT_SECURITY_LOW; 614 615 len = min_t(unsigned int, sizeof(sec), optlen); 616 if (copy_from_user((char *) &sec, optval, len)) { 617 err = -EFAULT; 618 break; 619 } 620 621 if (sec.level < BT_SECURITY_LOW || 622 sec.level > BT_SECURITY_HIGH) { 623 err = -EINVAL; 624 break; 625 } 626 627 chan->sec_level = sec.level; 628 629 if (!chan->conn) 630 break; 631 632 conn = chan->conn; 633 634 /*change security for LE channels */ 635 if (chan->scid == L2CAP_CID_LE_DATA) { 636 if (!conn->hcon->out) { 637 err = -EINVAL; 638 break; 639 } 640 641 if (smp_conn_security(conn, sec.level)) 642 break; 643 sk->sk_state = BT_CONFIG; 644 645 /* or for ACL link, under defer_setup time */ 646 } else if (sk->sk_state == BT_CONNECT2 && 647 bt_sk(sk)->defer_setup) { 648 err = l2cap_chan_check_security(chan); 649 } else { 650 err = -EINVAL; 651 } 652 break; 653 654 case BT_DEFER_SETUP: 655 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 656 err = -EINVAL; 657 break; 658 } 659 660 if (get_user(opt, (u32 __user *) optval)) { 661 err = -EFAULT; 662 break; 663 } 664 665 bt_sk(sk)->defer_setup = opt; 666 break; 667 668 case BT_FLUSHABLE: 669 if (get_user(opt, (u32 __user *) optval)) { 670 err = -EFAULT; 671 break; 672 } 673 674 if (opt > BT_FLUSHABLE_ON) { 675 err = -EINVAL; 676 break; 677 } 678 679 if (opt == BT_FLUSHABLE_OFF) { 680 struct l2cap_conn *conn = chan->conn; 681 /* proceed further only when we have l2cap_conn and 682 No Flush support in the LM */ 683 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 684 err = -EINVAL; 685 break; 686 } 687 } 688 689 if (opt) 690 set_bit(FLAG_FLUSHABLE, &chan->flags); 691 else 692 clear_bit(FLAG_FLUSHABLE, &chan->flags); 693 break; 694 695 case BT_POWER: 696 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 697 chan->chan_type != L2CAP_CHAN_RAW) { 698 err = -EINVAL; 699 break; 700 } 701 702 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 703 704 len = min_t(unsigned int, sizeof(pwr), optlen); 705 if (copy_from_user((char *) &pwr, optval, len)) { 706 err = -EFAULT; 707 break; 708 } 709 710 if (pwr.force_active) 711 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 712 else 713 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 714 break; 715 716 case BT_CHANNEL_POLICY: 717 if (!enable_hs) { 718 err = -ENOPROTOOPT; 719 break; 720 } 721 722 if (get_user(opt, (u32 __user *) optval)) { 723 err = -EFAULT; 724 break; 725 } 726 727 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 728 err = -EINVAL; 729 break; 730 } 731 732 if (chan->mode != L2CAP_MODE_ERTM && 733 chan->mode != L2CAP_MODE_STREAMING) { 734 err = -EOPNOTSUPP; 735 break; 736 } 737 738 chan->chan_policy = (u8) opt; 739 break; 740 741 default: 742 err = -ENOPROTOOPT; 743 break; 744 } 745 746 release_sock(sk); 747 return err; 748 } 749 750 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 751 { 752 struct sock *sk = sock->sk; 753 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 754 int err; 755 756 BT_DBG("sock %p, sk %p", sock, sk); 757 758 err = sock_error(sk); 759 if (err) 760 return err; 761 762 if (msg->msg_flags & MSG_OOB) 763 return -EOPNOTSUPP; 764 765 lock_sock(sk); 766 767 if (sk->sk_state != BT_CONNECTED) { 768 release_sock(sk); 769 return -ENOTCONN; 770 } 771 772 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 773 774 release_sock(sk); 775 return err; 776 } 777 778 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 779 { 780 struct sock *sk = sock->sk; 781 struct l2cap_pinfo *pi = l2cap_pi(sk); 782 int err; 783 784 lock_sock(sk); 785 786 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 787 sk->sk_state = BT_CONFIG; 788 789 __l2cap_connect_rsp_defer(pi->chan); 790 release_sock(sk); 791 return 0; 792 } 793 794 release_sock(sk); 795 796 if (sock->type == SOCK_STREAM) 797 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 798 else 799 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 800 801 if (pi->chan->mode != L2CAP_MODE_ERTM) 802 return err; 803 804 /* Attempt to put pending rx data in the socket buffer */ 805 806 lock_sock(sk); 807 808 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 809 goto done; 810 811 if (pi->rx_busy_skb) { 812 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 813 pi->rx_busy_skb = NULL; 814 else 815 goto done; 816 } 817 818 /* Restore data flow when half of the receive buffer is 819 * available. This avoids resending large numbers of 820 * frames. 821 */ 822 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 823 l2cap_chan_busy(pi->chan, 0); 824 825 done: 826 release_sock(sk); 827 return err; 828 } 829 830 /* Kill socket (only if zapped and orphan) 831 * Must be called on unlocked socket. 832 */ 833 static void l2cap_sock_kill(struct sock *sk) 834 { 835 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 836 return; 837 838 BT_DBG("sk %p state %d", sk, sk->sk_state); 839 840 /* Kill poor orphan */ 841 842 l2cap_chan_destroy(l2cap_pi(sk)->chan); 843 sock_set_flag(sk, SOCK_DEAD); 844 sock_put(sk); 845 } 846 847 static int l2cap_sock_shutdown(struct socket *sock, int how) 848 { 849 struct sock *sk = sock->sk; 850 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 851 int err = 0; 852 853 BT_DBG("sock %p, sk %p", sock, sk); 854 855 if (!sk) 856 return 0; 857 858 lock_sock(sk); 859 if (!sk->sk_shutdown) { 860 if (chan->mode == L2CAP_MODE_ERTM) 861 err = __l2cap_wait_ack(sk); 862 863 sk->sk_shutdown = SHUTDOWN_MASK; 864 l2cap_chan_close(chan, 0); 865 866 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 867 err = bt_sock_wait_state(sk, BT_CLOSED, 868 sk->sk_lingertime); 869 } 870 871 if (!err && sk->sk_err) 872 err = -sk->sk_err; 873 874 release_sock(sk); 875 return err; 876 } 877 878 static int l2cap_sock_release(struct socket *sock) 879 { 880 struct sock *sk = sock->sk; 881 int err; 882 883 BT_DBG("sock %p, sk %p", sock, sk); 884 885 if (!sk) 886 return 0; 887 888 err = l2cap_sock_shutdown(sock, 2); 889 890 sock_orphan(sk); 891 l2cap_sock_kill(sk); 892 return err; 893 } 894 895 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 896 { 897 struct sock *sk, *parent = data; 898 899 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 900 GFP_ATOMIC); 901 if (!sk) 902 return NULL; 903 904 l2cap_sock_init(sk, parent); 905 906 return l2cap_pi(sk)->chan; 907 } 908 909 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 910 { 911 int err; 912 struct sock *sk = data; 913 struct l2cap_pinfo *pi = l2cap_pi(sk); 914 915 if (pi->rx_busy_skb) 916 return -ENOMEM; 917 918 err = sock_queue_rcv_skb(sk, skb); 919 920 /* For ERTM, handle one skb that doesn't fit into the recv 921 * buffer. This is important to do because the data frames 922 * have already been acked, so the skb cannot be discarded. 923 * 924 * Notify the l2cap core that the buffer is full, so the 925 * LOCAL_BUSY state is entered and no more frames are 926 * acked and reassembled until there is buffer space 927 * available. 928 */ 929 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 930 pi->rx_busy_skb = skb; 931 l2cap_chan_busy(pi->chan, 1); 932 err = 0; 933 } 934 935 return err; 936 } 937 938 static void l2cap_sock_close_cb(void *data) 939 { 940 struct sock *sk = data; 941 942 l2cap_sock_kill(sk); 943 } 944 945 static void l2cap_sock_state_change_cb(void *data, int state) 946 { 947 struct sock *sk = data; 948 949 sk->sk_state = state; 950 } 951 952 static struct l2cap_ops l2cap_chan_ops = { 953 .name = "L2CAP Socket Interface", 954 .new_connection = l2cap_sock_new_connection_cb, 955 .recv = l2cap_sock_recv_cb, 956 .close = l2cap_sock_close_cb, 957 .state_change = l2cap_sock_state_change_cb, 958 }; 959 960 static void l2cap_sock_destruct(struct sock *sk) 961 { 962 BT_DBG("sk %p", sk); 963 964 if (l2cap_pi(sk)->rx_busy_skb) { 965 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 966 l2cap_pi(sk)->rx_busy_skb = NULL; 967 } 968 969 skb_queue_purge(&sk->sk_receive_queue); 970 skb_queue_purge(&sk->sk_write_queue); 971 } 972 973 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 974 { 975 struct l2cap_pinfo *pi = l2cap_pi(sk); 976 struct l2cap_chan *chan = pi->chan; 977 978 BT_DBG("sk %p", sk); 979 980 if (parent) { 981 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 982 983 sk->sk_type = parent->sk_type; 984 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 985 986 chan->chan_type = pchan->chan_type; 987 chan->imtu = pchan->imtu; 988 chan->omtu = pchan->omtu; 989 chan->conf_state = pchan->conf_state; 990 chan->mode = pchan->mode; 991 chan->fcs = pchan->fcs; 992 chan->max_tx = pchan->max_tx; 993 chan->tx_win = pchan->tx_win; 994 chan->tx_win_max = pchan->tx_win_max; 995 chan->sec_level = pchan->sec_level; 996 chan->flags = pchan->flags; 997 998 security_sk_clone(parent, sk); 999 } else { 1000 1001 switch (sk->sk_type) { 1002 case SOCK_RAW: 1003 chan->chan_type = L2CAP_CHAN_RAW; 1004 break; 1005 case SOCK_DGRAM: 1006 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1007 break; 1008 case SOCK_SEQPACKET: 1009 case SOCK_STREAM: 1010 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1011 break; 1012 } 1013 1014 chan->imtu = L2CAP_DEFAULT_MTU; 1015 chan->omtu = 0; 1016 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1017 chan->mode = L2CAP_MODE_ERTM; 1018 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1019 } else { 1020 chan->mode = L2CAP_MODE_BASIC; 1021 } 1022 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 1023 chan->fcs = L2CAP_FCS_CRC16; 1024 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1025 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 1026 chan->sec_level = BT_SECURITY_LOW; 1027 chan->flags = 0; 1028 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 1029 } 1030 1031 /* Default config options */ 1032 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1033 1034 chan->data = sk; 1035 chan->ops = &l2cap_chan_ops; 1036 } 1037 1038 static struct proto l2cap_proto = { 1039 .name = "L2CAP", 1040 .owner = THIS_MODULE, 1041 .obj_size = sizeof(struct l2cap_pinfo) 1042 }; 1043 1044 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1045 { 1046 struct sock *sk; 1047 struct l2cap_chan *chan; 1048 1049 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1050 if (!sk) 1051 return NULL; 1052 1053 sock_init_data(sock, sk); 1054 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1055 1056 sk->sk_destruct = l2cap_sock_destruct; 1057 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1058 1059 sock_reset_flag(sk, SOCK_ZAPPED); 1060 1061 sk->sk_protocol = proto; 1062 sk->sk_state = BT_OPEN; 1063 1064 chan = l2cap_chan_create(sk); 1065 if (!chan) { 1066 l2cap_sock_kill(sk); 1067 return NULL; 1068 } 1069 1070 l2cap_pi(sk)->chan = chan; 1071 1072 return sk; 1073 } 1074 1075 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1076 int kern) 1077 { 1078 struct sock *sk; 1079 1080 BT_DBG("sock %p", sock); 1081 1082 sock->state = SS_UNCONNECTED; 1083 1084 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1085 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1086 return -ESOCKTNOSUPPORT; 1087 1088 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1089 return -EPERM; 1090 1091 sock->ops = &l2cap_sock_ops; 1092 1093 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1094 if (!sk) 1095 return -ENOMEM; 1096 1097 l2cap_sock_init(sk, NULL); 1098 return 0; 1099 } 1100 1101 static const struct proto_ops l2cap_sock_ops = { 1102 .family = PF_BLUETOOTH, 1103 .owner = THIS_MODULE, 1104 .release = l2cap_sock_release, 1105 .bind = l2cap_sock_bind, 1106 .connect = l2cap_sock_connect, 1107 .listen = l2cap_sock_listen, 1108 .accept = l2cap_sock_accept, 1109 .getname = l2cap_sock_getname, 1110 .sendmsg = l2cap_sock_sendmsg, 1111 .recvmsg = l2cap_sock_recvmsg, 1112 .poll = bt_sock_poll, 1113 .ioctl = bt_sock_ioctl, 1114 .mmap = sock_no_mmap, 1115 .socketpair = sock_no_socketpair, 1116 .shutdown = l2cap_sock_shutdown, 1117 .setsockopt = l2cap_sock_setsockopt, 1118 .getsockopt = l2cap_sock_getsockopt 1119 }; 1120 1121 static const struct net_proto_family l2cap_sock_family_ops = { 1122 .family = PF_BLUETOOTH, 1123 .owner = THIS_MODULE, 1124 .create = l2cap_sock_create, 1125 }; 1126 1127 int __init l2cap_init_sockets(void) 1128 { 1129 int err; 1130 1131 err = proto_register(&l2cap_proto, 0); 1132 if (err < 0) 1133 return err; 1134 1135 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1136 if (err < 0) 1137 goto error; 1138 1139 BT_INFO("L2CAP socket layer initialized"); 1140 1141 return 0; 1142 1143 error: 1144 BT_ERR("L2CAP socket registration failed"); 1145 proto_unregister(&l2cap_proto); 1146 return err; 1147 } 1148 1149 void l2cap_cleanup_sockets(void) 1150 { 1151 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1152 BT_ERR("L2CAP socket unregistration failed"); 1153 1154 proto_unregister(&l2cap_proto); 1155 } 1156