1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/security.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/smp.h> 37 38 static const struct proto_ops l2cap_sock_ops; 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43 { 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, la.l2_cid); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101 done: 102 release_sock(sk); 103 return err; 104 } 105 106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107 { 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr); 127 if (err) 128 goto done; 129 130 err = bt_sock_wait_state(sk, BT_CONNECTED, 131 sock_sndtimeo(sk, flags & O_NONBLOCK)); 132 done: 133 if (sock_owned_by_user(sk)) 134 release_sock(sk); 135 return err; 136 } 137 138 static int l2cap_sock_listen(struct socket *sock, int backlog) 139 { 140 struct sock *sk = sock->sk; 141 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 142 int err = 0; 143 144 BT_DBG("sk %p backlog %d", sk, backlog); 145 146 lock_sock(sk); 147 148 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 149 || sk->sk_state != BT_BOUND) { 150 err = -EBADFD; 151 goto done; 152 } 153 154 switch (chan->mode) { 155 case L2CAP_MODE_BASIC: 156 break; 157 case L2CAP_MODE_ERTM: 158 case L2CAP_MODE_STREAMING: 159 if (!disable_ertm) 160 break; 161 /* fall through */ 162 default: 163 err = -ENOTSUPP; 164 goto done; 165 } 166 167 sk->sk_max_ack_backlog = backlog; 168 sk->sk_ack_backlog = 0; 169 170 chan->state = BT_LISTEN; 171 sk->sk_state = BT_LISTEN; 172 173 done: 174 release_sock(sk); 175 return err; 176 } 177 178 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 179 { 180 DECLARE_WAITQUEUE(wait, current); 181 struct sock *sk = sock->sk, *nsk; 182 long timeo; 183 int err = 0; 184 185 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 186 187 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 188 189 BT_DBG("sk %p timeo %ld", sk, timeo); 190 191 /* Wait for an incoming connection. (wake-one). */ 192 add_wait_queue_exclusive(sk_sleep(sk), &wait); 193 while (1) { 194 set_current_state(TASK_INTERRUPTIBLE); 195 196 if (sk->sk_state != BT_LISTEN) { 197 err = -EBADFD; 198 break; 199 } 200 201 nsk = bt_accept_dequeue(sk, newsock); 202 if (nsk) 203 break; 204 205 if (!timeo) { 206 err = -EAGAIN; 207 break; 208 } 209 210 if (signal_pending(current)) { 211 err = sock_intr_errno(timeo); 212 break; 213 } 214 215 release_sock(sk); 216 timeo = schedule_timeout(timeo); 217 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 218 } 219 __set_current_state(TASK_RUNNING); 220 remove_wait_queue(sk_sleep(sk), &wait); 221 222 if (err) 223 goto done; 224 225 newsock->state = SS_CONNECTED; 226 227 BT_DBG("new socket %p", nsk); 228 229 done: 230 release_sock(sk); 231 return err; 232 } 233 234 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 235 { 236 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 237 struct sock *sk = sock->sk; 238 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 239 240 BT_DBG("sock %p, sk %p", sock, sk); 241 242 addr->sa_family = AF_BLUETOOTH; 243 *len = sizeof(struct sockaddr_l2); 244 245 if (peer) { 246 la->l2_psm = chan->psm; 247 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 248 la->l2_cid = cpu_to_le16(chan->dcid); 249 } else { 250 la->l2_psm = chan->sport; 251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 252 la->l2_cid = cpu_to_le16(chan->scid); 253 } 254 255 return 0; 256 } 257 258 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 259 { 260 struct sock *sk = sock->sk; 261 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 262 struct l2cap_options opts; 263 struct l2cap_conninfo cinfo; 264 int len, err = 0; 265 u32 opt; 266 267 BT_DBG("sk %p", sk); 268 269 if (get_user(len, optlen)) 270 return -EFAULT; 271 272 lock_sock(sk); 273 274 switch (optname) { 275 case L2CAP_OPTIONS: 276 memset(&opts, 0, sizeof(opts)); 277 opts.imtu = chan->imtu; 278 opts.omtu = chan->omtu; 279 opts.flush_to = chan->flush_to; 280 opts.mode = chan->mode; 281 opts.fcs = chan->fcs; 282 opts.max_tx = chan->max_tx; 283 opts.txwin_size = chan->tx_win; 284 285 len = min_t(unsigned int, len, sizeof(opts)); 286 if (copy_to_user(optval, (char *) &opts, len)) 287 err = -EFAULT; 288 289 break; 290 291 case L2CAP_LM: 292 switch (chan->sec_level) { 293 case BT_SECURITY_LOW: 294 opt = L2CAP_LM_AUTH; 295 break; 296 case BT_SECURITY_MEDIUM: 297 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 298 break; 299 case BT_SECURITY_HIGH: 300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 301 L2CAP_LM_SECURE; 302 break; 303 default: 304 opt = 0; 305 break; 306 } 307 308 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 309 opt |= L2CAP_LM_MASTER; 310 311 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 312 opt |= L2CAP_LM_RELIABLE; 313 314 if (put_user(opt, (u32 __user *) optval)) 315 err = -EFAULT; 316 break; 317 318 case L2CAP_CONNINFO: 319 if (sk->sk_state != BT_CONNECTED && 320 !(sk->sk_state == BT_CONNECT2 && 321 bt_sk(sk)->defer_setup)) { 322 err = -ENOTCONN; 323 break; 324 } 325 326 memset(&cinfo, 0, sizeof(cinfo)); 327 cinfo.hci_handle = chan->conn->hcon->handle; 328 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 329 330 len = min_t(unsigned int, len, sizeof(cinfo)); 331 if (copy_to_user(optval, (char *) &cinfo, len)) 332 err = -EFAULT; 333 334 break; 335 336 default: 337 err = -ENOPROTOOPT; 338 break; 339 } 340 341 release_sock(sk); 342 return err; 343 } 344 345 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 346 { 347 struct sock *sk = sock->sk; 348 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 349 struct bt_security sec; 350 struct bt_power pwr; 351 int len, err = 0; 352 353 BT_DBG("sk %p", sk); 354 355 if (level == SOL_L2CAP) 356 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 357 358 if (level != SOL_BLUETOOTH) 359 return -ENOPROTOOPT; 360 361 if (get_user(len, optlen)) 362 return -EFAULT; 363 364 lock_sock(sk); 365 366 switch (optname) { 367 case BT_SECURITY: 368 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 369 chan->chan_type != L2CAP_CHAN_RAW) { 370 err = -EINVAL; 371 break; 372 } 373 374 memset(&sec, 0, sizeof(sec)); 375 sec.level = chan->sec_level; 376 377 if (sk->sk_state == BT_CONNECTED) 378 sec.key_size = chan->conn->hcon->enc_key_size; 379 380 len = min_t(unsigned int, len, sizeof(sec)); 381 if (copy_to_user(optval, (char *) &sec, len)) 382 err = -EFAULT; 383 384 break; 385 386 case BT_DEFER_SETUP: 387 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 388 err = -EINVAL; 389 break; 390 } 391 392 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 393 err = -EFAULT; 394 395 break; 396 397 case BT_FLUSHABLE: 398 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 399 (u32 __user *) optval)) 400 err = -EFAULT; 401 402 break; 403 404 case BT_POWER: 405 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 406 && sk->sk_type != SOCK_RAW) { 407 err = -EINVAL; 408 break; 409 } 410 411 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 412 413 len = min_t(unsigned int, len, sizeof(pwr)); 414 if (copy_to_user(optval, (char *) &pwr, len)) 415 err = -EFAULT; 416 417 break; 418 419 case BT_CHANNEL_POLICY: 420 if (!enable_hs) { 421 err = -ENOPROTOOPT; 422 break; 423 } 424 425 if (put_user(chan->chan_policy, (u32 __user *) optval)) 426 err = -EFAULT; 427 break; 428 429 default: 430 err = -ENOPROTOOPT; 431 break; 432 } 433 434 release_sock(sk); 435 return err; 436 } 437 438 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 439 { 440 struct sock *sk = sock->sk; 441 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 442 struct l2cap_options opts; 443 int len, err = 0; 444 u32 opt; 445 446 BT_DBG("sk %p", sk); 447 448 lock_sock(sk); 449 450 switch (optname) { 451 case L2CAP_OPTIONS: 452 if (sk->sk_state == BT_CONNECTED) { 453 err = -EINVAL; 454 break; 455 } 456 457 opts.imtu = chan->imtu; 458 opts.omtu = chan->omtu; 459 opts.flush_to = chan->flush_to; 460 opts.mode = chan->mode; 461 opts.fcs = chan->fcs; 462 opts.max_tx = chan->max_tx; 463 opts.txwin_size = chan->tx_win; 464 465 len = min_t(unsigned int, sizeof(opts), optlen); 466 if (copy_from_user((char *) &opts, optval, len)) { 467 err = -EFAULT; 468 break; 469 } 470 471 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 472 err = -EINVAL; 473 break; 474 } 475 476 chan->mode = opts.mode; 477 switch (chan->mode) { 478 case L2CAP_MODE_BASIC: 479 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 480 break; 481 case L2CAP_MODE_ERTM: 482 case L2CAP_MODE_STREAMING: 483 if (!disable_ertm) 484 break; 485 /* fall through */ 486 default: 487 err = -EINVAL; 488 break; 489 } 490 491 chan->imtu = opts.imtu; 492 chan->omtu = opts.omtu; 493 chan->fcs = opts.fcs; 494 chan->max_tx = opts.max_tx; 495 chan->tx_win = opts.txwin_size; 496 break; 497 498 case L2CAP_LM: 499 if (get_user(opt, (u32 __user *) optval)) { 500 err = -EFAULT; 501 break; 502 } 503 504 if (opt & L2CAP_LM_AUTH) 505 chan->sec_level = BT_SECURITY_LOW; 506 if (opt & L2CAP_LM_ENCRYPT) 507 chan->sec_level = BT_SECURITY_MEDIUM; 508 if (opt & L2CAP_LM_SECURE) 509 chan->sec_level = BT_SECURITY_HIGH; 510 511 if (opt & L2CAP_LM_MASTER) 512 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 513 else 514 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 515 516 if (opt & L2CAP_LM_RELIABLE) 517 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 518 else 519 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 520 break; 521 522 default: 523 err = -ENOPROTOOPT; 524 break; 525 } 526 527 release_sock(sk); 528 return err; 529 } 530 531 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 532 { 533 struct sock *sk = sock->sk; 534 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 535 struct bt_security sec; 536 struct bt_power pwr; 537 struct l2cap_conn *conn; 538 int len, err = 0; 539 u32 opt; 540 541 BT_DBG("sk %p", sk); 542 543 if (level == SOL_L2CAP) 544 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 545 546 if (level != SOL_BLUETOOTH) 547 return -ENOPROTOOPT; 548 549 lock_sock(sk); 550 551 switch (optname) { 552 case BT_SECURITY: 553 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 554 chan->chan_type != L2CAP_CHAN_RAW) { 555 err = -EINVAL; 556 break; 557 } 558 559 sec.level = BT_SECURITY_LOW; 560 561 len = min_t(unsigned int, sizeof(sec), optlen); 562 if (copy_from_user((char *) &sec, optval, len)) { 563 err = -EFAULT; 564 break; 565 } 566 567 if (sec.level < BT_SECURITY_LOW || 568 sec.level > BT_SECURITY_HIGH) { 569 err = -EINVAL; 570 break; 571 } 572 573 chan->sec_level = sec.level; 574 575 if (!chan->conn) 576 break; 577 578 conn = chan->conn; 579 580 /*change security for LE channels */ 581 if (chan->scid == L2CAP_CID_LE_DATA) { 582 if (!conn->hcon->out) { 583 err = -EINVAL; 584 break; 585 } 586 587 if (smp_conn_security(conn, sec.level)) 588 break; 589 sk->sk_state = BT_CONFIG; 590 chan->state = BT_CONFIG; 591 592 /* or for ACL link, under defer_setup time */ 593 } else if (sk->sk_state == BT_CONNECT2 && 594 bt_sk(sk)->defer_setup) { 595 err = l2cap_chan_check_security(chan); 596 } else { 597 err = -EINVAL; 598 } 599 break; 600 601 case BT_DEFER_SETUP: 602 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 603 err = -EINVAL; 604 break; 605 } 606 607 if (get_user(opt, (u32 __user *) optval)) { 608 err = -EFAULT; 609 break; 610 } 611 612 bt_sk(sk)->defer_setup = opt; 613 break; 614 615 case BT_FLUSHABLE: 616 if (get_user(opt, (u32 __user *) optval)) { 617 err = -EFAULT; 618 break; 619 } 620 621 if (opt > BT_FLUSHABLE_ON) { 622 err = -EINVAL; 623 break; 624 } 625 626 if (opt == BT_FLUSHABLE_OFF) { 627 struct l2cap_conn *conn = chan->conn; 628 /* proceed further only when we have l2cap_conn and 629 No Flush support in the LM */ 630 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 631 err = -EINVAL; 632 break; 633 } 634 } 635 636 if (opt) 637 set_bit(FLAG_FLUSHABLE, &chan->flags); 638 else 639 clear_bit(FLAG_FLUSHABLE, &chan->flags); 640 break; 641 642 case BT_POWER: 643 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 644 chan->chan_type != L2CAP_CHAN_RAW) { 645 err = -EINVAL; 646 break; 647 } 648 649 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 650 651 len = min_t(unsigned int, sizeof(pwr), optlen); 652 if (copy_from_user((char *) &pwr, optval, len)) { 653 err = -EFAULT; 654 break; 655 } 656 657 if (pwr.force_active) 658 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 659 else 660 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 661 break; 662 663 case BT_CHANNEL_POLICY: 664 if (!enable_hs) { 665 err = -ENOPROTOOPT; 666 break; 667 } 668 669 if (get_user(opt, (u32 __user *) optval)) { 670 err = -EFAULT; 671 break; 672 } 673 674 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 675 err = -EINVAL; 676 break; 677 } 678 679 if (chan->mode != L2CAP_MODE_ERTM && 680 chan->mode != L2CAP_MODE_STREAMING) { 681 err = -EOPNOTSUPP; 682 break; 683 } 684 685 chan->chan_policy = (u8) opt; 686 break; 687 688 default: 689 err = -ENOPROTOOPT; 690 break; 691 } 692 693 release_sock(sk); 694 return err; 695 } 696 697 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 698 { 699 struct sock *sk = sock->sk; 700 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 701 int err; 702 703 BT_DBG("sock %p, sk %p", sock, sk); 704 705 err = sock_error(sk); 706 if (err) 707 return err; 708 709 if (msg->msg_flags & MSG_OOB) 710 return -EOPNOTSUPP; 711 712 lock_sock(sk); 713 714 if (sk->sk_state != BT_CONNECTED) { 715 release_sock(sk); 716 return -ENOTCONN; 717 } 718 719 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 720 721 release_sock(sk); 722 return err; 723 } 724 725 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 726 { 727 struct sock *sk = sock->sk; 728 struct l2cap_pinfo *pi = l2cap_pi(sk); 729 int err; 730 731 lock_sock(sk); 732 733 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 734 sk->sk_state = BT_CONFIG; 735 pi->chan->state = BT_CONFIG; 736 737 __l2cap_connect_rsp_defer(pi->chan); 738 release_sock(sk); 739 return 0; 740 } 741 742 release_sock(sk); 743 744 if (sock->type == SOCK_STREAM) 745 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 746 else 747 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 748 749 if (pi->chan->mode != L2CAP_MODE_ERTM) 750 return err; 751 752 /* Attempt to put pending rx data in the socket buffer */ 753 754 lock_sock(sk); 755 756 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 757 goto done; 758 759 if (pi->rx_busy_skb) { 760 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 761 pi->rx_busy_skb = NULL; 762 else 763 goto done; 764 } 765 766 /* Restore data flow when half of the receive buffer is 767 * available. This avoids resending large numbers of 768 * frames. 769 */ 770 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 771 l2cap_chan_busy(pi->chan, 0); 772 773 done: 774 release_sock(sk); 775 return err; 776 } 777 778 /* Kill socket (only if zapped and orphan) 779 * Must be called on unlocked socket. 780 */ 781 static void l2cap_sock_kill(struct sock *sk) 782 { 783 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 784 return; 785 786 BT_DBG("sk %p state %d", sk, sk->sk_state); 787 788 /* Kill poor orphan */ 789 790 l2cap_chan_destroy(l2cap_pi(sk)->chan); 791 sock_set_flag(sk, SOCK_DEAD); 792 sock_put(sk); 793 } 794 795 static int l2cap_sock_shutdown(struct socket *sock, int how) 796 { 797 struct sock *sk = sock->sk; 798 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 799 int err = 0; 800 801 BT_DBG("sock %p, sk %p", sock, sk); 802 803 if (!sk) 804 return 0; 805 806 lock_sock(sk); 807 if (!sk->sk_shutdown) { 808 if (chan->mode == L2CAP_MODE_ERTM) 809 err = __l2cap_wait_ack(sk); 810 811 sk->sk_shutdown = SHUTDOWN_MASK; 812 l2cap_chan_close(chan, 0); 813 814 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 815 err = bt_sock_wait_state(sk, BT_CLOSED, 816 sk->sk_lingertime); 817 } 818 819 if (!err && sk->sk_err) 820 err = -sk->sk_err; 821 822 release_sock(sk); 823 return err; 824 } 825 826 static int l2cap_sock_release(struct socket *sock) 827 { 828 struct sock *sk = sock->sk; 829 int err; 830 831 BT_DBG("sock %p, sk %p", sock, sk); 832 833 if (!sk) 834 return 0; 835 836 err = l2cap_sock_shutdown(sock, 2); 837 838 sock_orphan(sk); 839 l2cap_sock_kill(sk); 840 return err; 841 } 842 843 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 844 { 845 struct sock *sk, *parent = data; 846 847 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 848 GFP_ATOMIC); 849 if (!sk) 850 return NULL; 851 852 l2cap_sock_init(sk, parent); 853 854 return l2cap_pi(sk)->chan; 855 } 856 857 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 858 { 859 int err; 860 struct sock *sk = data; 861 struct l2cap_pinfo *pi = l2cap_pi(sk); 862 863 if (pi->rx_busy_skb) 864 return -ENOMEM; 865 866 err = sock_queue_rcv_skb(sk, skb); 867 868 /* For ERTM, handle one skb that doesn't fit into the recv 869 * buffer. This is important to do because the data frames 870 * have already been acked, so the skb cannot be discarded. 871 * 872 * Notify the l2cap core that the buffer is full, so the 873 * LOCAL_BUSY state is entered and no more frames are 874 * acked and reassembled until there is buffer space 875 * available. 876 */ 877 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 878 pi->rx_busy_skb = skb; 879 l2cap_chan_busy(pi->chan, 1); 880 err = 0; 881 } 882 883 return err; 884 } 885 886 static void l2cap_sock_close_cb(void *data) 887 { 888 struct sock *sk = data; 889 890 l2cap_sock_kill(sk); 891 } 892 893 static void l2cap_sock_state_change_cb(void *data, int state) 894 { 895 struct sock *sk = data; 896 897 sk->sk_state = state; 898 } 899 900 static struct l2cap_ops l2cap_chan_ops = { 901 .name = "L2CAP Socket Interface", 902 .new_connection = l2cap_sock_new_connection_cb, 903 .recv = l2cap_sock_recv_cb, 904 .close = l2cap_sock_close_cb, 905 .state_change = l2cap_sock_state_change_cb, 906 }; 907 908 static void l2cap_sock_destruct(struct sock *sk) 909 { 910 BT_DBG("sk %p", sk); 911 912 if (l2cap_pi(sk)->rx_busy_skb) { 913 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 914 l2cap_pi(sk)->rx_busy_skb = NULL; 915 } 916 917 skb_queue_purge(&sk->sk_receive_queue); 918 skb_queue_purge(&sk->sk_write_queue); 919 } 920 921 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 922 { 923 struct l2cap_pinfo *pi = l2cap_pi(sk); 924 struct l2cap_chan *chan = pi->chan; 925 926 BT_DBG("sk %p", sk); 927 928 if (parent) { 929 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 930 931 sk->sk_type = parent->sk_type; 932 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 933 934 chan->chan_type = pchan->chan_type; 935 chan->imtu = pchan->imtu; 936 chan->omtu = pchan->omtu; 937 chan->conf_state = pchan->conf_state; 938 chan->mode = pchan->mode; 939 chan->fcs = pchan->fcs; 940 chan->max_tx = pchan->max_tx; 941 chan->tx_win = pchan->tx_win; 942 chan->tx_win_max = pchan->tx_win_max; 943 chan->sec_level = pchan->sec_level; 944 chan->flags = pchan->flags; 945 946 security_sk_clone(parent, sk); 947 } else { 948 949 switch (sk->sk_type) { 950 case SOCK_RAW: 951 chan->chan_type = L2CAP_CHAN_RAW; 952 break; 953 case SOCK_DGRAM: 954 chan->chan_type = L2CAP_CHAN_CONN_LESS; 955 break; 956 case SOCK_SEQPACKET: 957 case SOCK_STREAM: 958 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 959 break; 960 } 961 962 chan->imtu = L2CAP_DEFAULT_MTU; 963 chan->omtu = 0; 964 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 965 chan->mode = L2CAP_MODE_ERTM; 966 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 967 } else { 968 chan->mode = L2CAP_MODE_BASIC; 969 } 970 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 971 chan->fcs = L2CAP_FCS_CRC16; 972 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 973 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 974 chan->sec_level = BT_SECURITY_LOW; 975 chan->flags = 0; 976 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 977 } 978 979 /* Default config options */ 980 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 981 982 chan->data = sk; 983 chan->ops = &l2cap_chan_ops; 984 } 985 986 static struct proto l2cap_proto = { 987 .name = "L2CAP", 988 .owner = THIS_MODULE, 989 .obj_size = sizeof(struct l2cap_pinfo) 990 }; 991 992 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 993 { 994 struct sock *sk; 995 struct l2cap_chan *chan; 996 997 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 998 if (!sk) 999 return NULL; 1000 1001 sock_init_data(sock, sk); 1002 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1003 1004 sk->sk_destruct = l2cap_sock_destruct; 1005 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1006 1007 sock_reset_flag(sk, SOCK_ZAPPED); 1008 1009 sk->sk_protocol = proto; 1010 sk->sk_state = BT_OPEN; 1011 1012 chan = l2cap_chan_create(sk); 1013 if (!chan) { 1014 l2cap_sock_kill(sk); 1015 return NULL; 1016 } 1017 1018 l2cap_pi(sk)->chan = chan; 1019 1020 return sk; 1021 } 1022 1023 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1024 int kern) 1025 { 1026 struct sock *sk; 1027 1028 BT_DBG("sock %p", sock); 1029 1030 sock->state = SS_UNCONNECTED; 1031 1032 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1033 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1034 return -ESOCKTNOSUPPORT; 1035 1036 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1037 return -EPERM; 1038 1039 sock->ops = &l2cap_sock_ops; 1040 1041 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1042 if (!sk) 1043 return -ENOMEM; 1044 1045 l2cap_sock_init(sk, NULL); 1046 return 0; 1047 } 1048 1049 static const struct proto_ops l2cap_sock_ops = { 1050 .family = PF_BLUETOOTH, 1051 .owner = THIS_MODULE, 1052 .release = l2cap_sock_release, 1053 .bind = l2cap_sock_bind, 1054 .connect = l2cap_sock_connect, 1055 .listen = l2cap_sock_listen, 1056 .accept = l2cap_sock_accept, 1057 .getname = l2cap_sock_getname, 1058 .sendmsg = l2cap_sock_sendmsg, 1059 .recvmsg = l2cap_sock_recvmsg, 1060 .poll = bt_sock_poll, 1061 .ioctl = bt_sock_ioctl, 1062 .mmap = sock_no_mmap, 1063 .socketpair = sock_no_socketpair, 1064 .shutdown = l2cap_sock_shutdown, 1065 .setsockopt = l2cap_sock_setsockopt, 1066 .getsockopt = l2cap_sock_getsockopt 1067 }; 1068 1069 static const struct net_proto_family l2cap_sock_family_ops = { 1070 .family = PF_BLUETOOTH, 1071 .owner = THIS_MODULE, 1072 .create = l2cap_sock_create, 1073 }; 1074 1075 int __init l2cap_init_sockets(void) 1076 { 1077 int err; 1078 1079 err = proto_register(&l2cap_proto, 0); 1080 if (err < 0) 1081 return err; 1082 1083 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1084 if (err < 0) 1085 goto error; 1086 1087 BT_INFO("L2CAP socket layer initialized"); 1088 1089 return 0; 1090 1091 error: 1092 BT_ERR("L2CAP socket registration failed"); 1093 proto_unregister(&l2cap_proto); 1094 return err; 1095 } 1096 1097 void l2cap_cleanup_sockets(void) 1098 { 1099 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1100 BT_ERR("L2CAP socket unregistration failed"); 1101 1102 proto_unregister(&l2cap_proto); 1103 } 1104