1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/security.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/smp.h> 37 38 static const struct proto_ops l2cap_sock_ops; 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43 { 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, la.l2_cid); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101 done: 102 release_sock(sk); 103 return err; 104 } 105 106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107 { 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr); 127 if (err) 128 return err; 129 130 lock_sock(sk); 131 132 err = bt_sock_wait_state(sk, BT_CONNECTED, 133 sock_sndtimeo(sk, flags & O_NONBLOCK)); 134 135 release_sock(sk); 136 137 return err; 138 } 139 140 static int l2cap_sock_listen(struct socket *sock, int backlog) 141 { 142 struct sock *sk = sock->sk; 143 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 144 int err = 0; 145 146 BT_DBG("sk %p backlog %d", sk, backlog); 147 148 lock_sock(sk); 149 150 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 151 || sk->sk_state != BT_BOUND) { 152 err = -EBADFD; 153 goto done; 154 } 155 156 switch (chan->mode) { 157 case L2CAP_MODE_BASIC: 158 break; 159 case L2CAP_MODE_ERTM: 160 case L2CAP_MODE_STREAMING: 161 if (!disable_ertm) 162 break; 163 /* fall through */ 164 default: 165 err = -ENOTSUPP; 166 goto done; 167 } 168 169 sk->sk_max_ack_backlog = backlog; 170 sk->sk_ack_backlog = 0; 171 172 chan->state = BT_LISTEN; 173 sk->sk_state = BT_LISTEN; 174 175 done: 176 release_sock(sk); 177 return err; 178 } 179 180 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 181 { 182 DECLARE_WAITQUEUE(wait, current); 183 struct sock *sk = sock->sk, *nsk; 184 long timeo; 185 int err = 0; 186 187 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 188 189 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 190 191 BT_DBG("sk %p timeo %ld", sk, timeo); 192 193 /* Wait for an incoming connection. (wake-one). */ 194 add_wait_queue_exclusive(sk_sleep(sk), &wait); 195 while (1) { 196 set_current_state(TASK_INTERRUPTIBLE); 197 198 if (sk->sk_state != BT_LISTEN) { 199 err = -EBADFD; 200 break; 201 } 202 203 nsk = bt_accept_dequeue(sk, newsock); 204 if (nsk) 205 break; 206 207 if (!timeo) { 208 err = -EAGAIN; 209 break; 210 } 211 212 if (signal_pending(current)) { 213 err = sock_intr_errno(timeo); 214 break; 215 } 216 217 release_sock(sk); 218 timeo = schedule_timeout(timeo); 219 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 220 } 221 __set_current_state(TASK_RUNNING); 222 remove_wait_queue(sk_sleep(sk), &wait); 223 224 if (err) 225 goto done; 226 227 newsock->state = SS_CONNECTED; 228 229 BT_DBG("new socket %p", nsk); 230 231 done: 232 release_sock(sk); 233 return err; 234 } 235 236 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 237 { 238 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 239 struct sock *sk = sock->sk; 240 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 241 242 BT_DBG("sock %p, sk %p", sock, sk); 243 244 addr->sa_family = AF_BLUETOOTH; 245 *len = sizeof(struct sockaddr_l2); 246 247 if (peer) { 248 la->l2_psm = chan->psm; 249 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 250 la->l2_cid = cpu_to_le16(chan->dcid); 251 } else { 252 la->l2_psm = chan->sport; 253 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 254 la->l2_cid = cpu_to_le16(chan->scid); 255 } 256 257 return 0; 258 } 259 260 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 261 { 262 struct sock *sk = sock->sk; 263 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 264 struct l2cap_options opts; 265 struct l2cap_conninfo cinfo; 266 int len, err = 0; 267 u32 opt; 268 269 BT_DBG("sk %p", sk); 270 271 if (get_user(len, optlen)) 272 return -EFAULT; 273 274 lock_sock(sk); 275 276 switch (optname) { 277 case L2CAP_OPTIONS: 278 memset(&opts, 0, sizeof(opts)); 279 opts.imtu = chan->imtu; 280 opts.omtu = chan->omtu; 281 opts.flush_to = chan->flush_to; 282 opts.mode = chan->mode; 283 opts.fcs = chan->fcs; 284 opts.max_tx = chan->max_tx; 285 opts.txwin_size = chan->tx_win; 286 287 len = min_t(unsigned int, len, sizeof(opts)); 288 if (copy_to_user(optval, (char *) &opts, len)) 289 err = -EFAULT; 290 291 break; 292 293 case L2CAP_LM: 294 switch (chan->sec_level) { 295 case BT_SECURITY_LOW: 296 opt = L2CAP_LM_AUTH; 297 break; 298 case BT_SECURITY_MEDIUM: 299 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 300 break; 301 case BT_SECURITY_HIGH: 302 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 303 L2CAP_LM_SECURE; 304 break; 305 default: 306 opt = 0; 307 break; 308 } 309 310 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 311 opt |= L2CAP_LM_MASTER; 312 313 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 314 opt |= L2CAP_LM_RELIABLE; 315 316 if (put_user(opt, (u32 __user *) optval)) 317 err = -EFAULT; 318 break; 319 320 case L2CAP_CONNINFO: 321 if (sk->sk_state != BT_CONNECTED && 322 !(sk->sk_state == BT_CONNECT2 && 323 bt_sk(sk)->defer_setup)) { 324 err = -ENOTCONN; 325 break; 326 } 327 328 memset(&cinfo, 0, sizeof(cinfo)); 329 cinfo.hci_handle = chan->conn->hcon->handle; 330 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 331 332 len = min_t(unsigned int, len, sizeof(cinfo)); 333 if (copy_to_user(optval, (char *) &cinfo, len)) 334 err = -EFAULT; 335 336 break; 337 338 default: 339 err = -ENOPROTOOPT; 340 break; 341 } 342 343 release_sock(sk); 344 return err; 345 } 346 347 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 348 { 349 struct sock *sk = sock->sk; 350 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 351 struct bt_security sec; 352 struct bt_power pwr; 353 int len, err = 0; 354 355 BT_DBG("sk %p", sk); 356 357 if (level == SOL_L2CAP) 358 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 359 360 if (level != SOL_BLUETOOTH) 361 return -ENOPROTOOPT; 362 363 if (get_user(len, optlen)) 364 return -EFAULT; 365 366 lock_sock(sk); 367 368 switch (optname) { 369 case BT_SECURITY: 370 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 371 chan->chan_type != L2CAP_CHAN_RAW) { 372 err = -EINVAL; 373 break; 374 } 375 376 memset(&sec, 0, sizeof(sec)); 377 sec.level = chan->sec_level; 378 379 if (sk->sk_state == BT_CONNECTED) 380 sec.key_size = chan->conn->hcon->enc_key_size; 381 382 len = min_t(unsigned int, len, sizeof(sec)); 383 if (copy_to_user(optval, (char *) &sec, len)) 384 err = -EFAULT; 385 386 break; 387 388 case BT_DEFER_SETUP: 389 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 390 err = -EINVAL; 391 break; 392 } 393 394 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 395 err = -EFAULT; 396 397 break; 398 399 case BT_FLUSHABLE: 400 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 401 (u32 __user *) optval)) 402 err = -EFAULT; 403 404 break; 405 406 case BT_POWER: 407 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 408 && sk->sk_type != SOCK_RAW) { 409 err = -EINVAL; 410 break; 411 } 412 413 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 414 415 len = min_t(unsigned int, len, sizeof(pwr)); 416 if (copy_to_user(optval, (char *) &pwr, len)) 417 err = -EFAULT; 418 419 break; 420 421 case BT_CHANNEL_POLICY: 422 if (!enable_hs) { 423 err = -ENOPROTOOPT; 424 break; 425 } 426 427 if (put_user(chan->chan_policy, (u32 __user *) optval)) 428 err = -EFAULT; 429 break; 430 431 default: 432 err = -ENOPROTOOPT; 433 break; 434 } 435 436 release_sock(sk); 437 return err; 438 } 439 440 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 441 { 442 struct sock *sk = sock->sk; 443 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 444 struct l2cap_options opts; 445 int len, err = 0; 446 u32 opt; 447 448 BT_DBG("sk %p", sk); 449 450 lock_sock(sk); 451 452 switch (optname) { 453 case L2CAP_OPTIONS: 454 if (sk->sk_state == BT_CONNECTED) { 455 err = -EINVAL; 456 break; 457 } 458 459 opts.imtu = chan->imtu; 460 opts.omtu = chan->omtu; 461 opts.flush_to = chan->flush_to; 462 opts.mode = chan->mode; 463 opts.fcs = chan->fcs; 464 opts.max_tx = chan->max_tx; 465 opts.txwin_size = chan->tx_win; 466 467 len = min_t(unsigned int, sizeof(opts), optlen); 468 if (copy_from_user((char *) &opts, optval, len)) { 469 err = -EFAULT; 470 break; 471 } 472 473 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 474 err = -EINVAL; 475 break; 476 } 477 478 chan->mode = opts.mode; 479 switch (chan->mode) { 480 case L2CAP_MODE_BASIC: 481 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 482 break; 483 case L2CAP_MODE_ERTM: 484 case L2CAP_MODE_STREAMING: 485 if (!disable_ertm) 486 break; 487 /* fall through */ 488 default: 489 err = -EINVAL; 490 break; 491 } 492 493 chan->imtu = opts.imtu; 494 chan->omtu = opts.omtu; 495 chan->fcs = opts.fcs; 496 chan->max_tx = opts.max_tx; 497 chan->tx_win = opts.txwin_size; 498 break; 499 500 case L2CAP_LM: 501 if (get_user(opt, (u32 __user *) optval)) { 502 err = -EFAULT; 503 break; 504 } 505 506 if (opt & L2CAP_LM_AUTH) 507 chan->sec_level = BT_SECURITY_LOW; 508 if (opt & L2CAP_LM_ENCRYPT) 509 chan->sec_level = BT_SECURITY_MEDIUM; 510 if (opt & L2CAP_LM_SECURE) 511 chan->sec_level = BT_SECURITY_HIGH; 512 513 if (opt & L2CAP_LM_MASTER) 514 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 515 else 516 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 517 518 if (opt & L2CAP_LM_RELIABLE) 519 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 520 else 521 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 522 break; 523 524 default: 525 err = -ENOPROTOOPT; 526 break; 527 } 528 529 release_sock(sk); 530 return err; 531 } 532 533 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 534 { 535 struct sock *sk = sock->sk; 536 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 537 struct bt_security sec; 538 struct bt_power pwr; 539 struct l2cap_conn *conn; 540 int len, err = 0; 541 u32 opt; 542 543 BT_DBG("sk %p", sk); 544 545 if (level == SOL_L2CAP) 546 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 547 548 if (level != SOL_BLUETOOTH) 549 return -ENOPROTOOPT; 550 551 lock_sock(sk); 552 553 switch (optname) { 554 case BT_SECURITY: 555 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 556 chan->chan_type != L2CAP_CHAN_RAW) { 557 err = -EINVAL; 558 break; 559 } 560 561 sec.level = BT_SECURITY_LOW; 562 563 len = min_t(unsigned int, sizeof(sec), optlen); 564 if (copy_from_user((char *) &sec, optval, len)) { 565 err = -EFAULT; 566 break; 567 } 568 569 if (sec.level < BT_SECURITY_LOW || 570 sec.level > BT_SECURITY_HIGH) { 571 err = -EINVAL; 572 break; 573 } 574 575 chan->sec_level = sec.level; 576 577 if (!chan->conn) 578 break; 579 580 conn = chan->conn; 581 582 /*change security for LE channels */ 583 if (chan->scid == L2CAP_CID_LE_DATA) { 584 if (!conn->hcon->out) { 585 err = -EINVAL; 586 break; 587 } 588 589 if (smp_conn_security(conn, sec.level)) 590 break; 591 sk->sk_state = BT_CONFIG; 592 chan->state = BT_CONFIG; 593 594 /* or for ACL link, under defer_setup time */ 595 } else if (sk->sk_state == BT_CONNECT2 && 596 bt_sk(sk)->defer_setup) { 597 err = l2cap_chan_check_security(chan); 598 } else { 599 err = -EINVAL; 600 } 601 break; 602 603 case BT_DEFER_SETUP: 604 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 605 err = -EINVAL; 606 break; 607 } 608 609 if (get_user(opt, (u32 __user *) optval)) { 610 err = -EFAULT; 611 break; 612 } 613 614 bt_sk(sk)->defer_setup = opt; 615 break; 616 617 case BT_FLUSHABLE: 618 if (get_user(opt, (u32 __user *) optval)) { 619 err = -EFAULT; 620 break; 621 } 622 623 if (opt > BT_FLUSHABLE_ON) { 624 err = -EINVAL; 625 break; 626 } 627 628 if (opt == BT_FLUSHABLE_OFF) { 629 struct l2cap_conn *conn = chan->conn; 630 /* proceed further only when we have l2cap_conn and 631 No Flush support in the LM */ 632 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 633 err = -EINVAL; 634 break; 635 } 636 } 637 638 if (opt) 639 set_bit(FLAG_FLUSHABLE, &chan->flags); 640 else 641 clear_bit(FLAG_FLUSHABLE, &chan->flags); 642 break; 643 644 case BT_POWER: 645 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 646 chan->chan_type != L2CAP_CHAN_RAW) { 647 err = -EINVAL; 648 break; 649 } 650 651 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 652 653 len = min_t(unsigned int, sizeof(pwr), optlen); 654 if (copy_from_user((char *) &pwr, optval, len)) { 655 err = -EFAULT; 656 break; 657 } 658 659 if (pwr.force_active) 660 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 661 else 662 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 663 break; 664 665 case BT_CHANNEL_POLICY: 666 if (!enable_hs) { 667 err = -ENOPROTOOPT; 668 break; 669 } 670 671 if (get_user(opt, (u32 __user *) optval)) { 672 err = -EFAULT; 673 break; 674 } 675 676 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 677 err = -EINVAL; 678 break; 679 } 680 681 if (chan->mode != L2CAP_MODE_ERTM && 682 chan->mode != L2CAP_MODE_STREAMING) { 683 err = -EOPNOTSUPP; 684 break; 685 } 686 687 chan->chan_policy = (u8) opt; 688 break; 689 690 default: 691 err = -ENOPROTOOPT; 692 break; 693 } 694 695 release_sock(sk); 696 return err; 697 } 698 699 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 700 { 701 struct sock *sk = sock->sk; 702 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 703 int err; 704 705 BT_DBG("sock %p, sk %p", sock, sk); 706 707 err = sock_error(sk); 708 if (err) 709 return err; 710 711 if (msg->msg_flags & MSG_OOB) 712 return -EOPNOTSUPP; 713 714 lock_sock(sk); 715 716 if (sk->sk_state != BT_CONNECTED) { 717 release_sock(sk); 718 return -ENOTCONN; 719 } 720 721 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 722 723 release_sock(sk); 724 return err; 725 } 726 727 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 728 { 729 struct sock *sk = sock->sk; 730 struct l2cap_pinfo *pi = l2cap_pi(sk); 731 int err; 732 733 lock_sock(sk); 734 735 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 736 sk->sk_state = BT_CONFIG; 737 pi->chan->state = BT_CONFIG; 738 739 __l2cap_connect_rsp_defer(pi->chan); 740 release_sock(sk); 741 return 0; 742 } 743 744 release_sock(sk); 745 746 if (sock->type == SOCK_STREAM) 747 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 748 else 749 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 750 751 if (pi->chan->mode != L2CAP_MODE_ERTM) 752 return err; 753 754 /* Attempt to put pending rx data in the socket buffer */ 755 756 lock_sock(sk); 757 758 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 759 goto done; 760 761 if (pi->rx_busy_skb) { 762 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 763 pi->rx_busy_skb = NULL; 764 else 765 goto done; 766 } 767 768 /* Restore data flow when half of the receive buffer is 769 * available. This avoids resending large numbers of 770 * frames. 771 */ 772 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 773 l2cap_chan_busy(pi->chan, 0); 774 775 done: 776 release_sock(sk); 777 return err; 778 } 779 780 /* Kill socket (only if zapped and orphan) 781 * Must be called on unlocked socket. 782 */ 783 static void l2cap_sock_kill(struct sock *sk) 784 { 785 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 786 return; 787 788 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 789 790 /* Kill poor orphan */ 791 792 l2cap_chan_destroy(l2cap_pi(sk)->chan); 793 sock_set_flag(sk, SOCK_DEAD); 794 sock_put(sk); 795 } 796 797 static int l2cap_sock_shutdown(struct socket *sock, int how) 798 { 799 struct sock *sk = sock->sk; 800 struct l2cap_chan *chan; 801 struct l2cap_conn *conn; 802 int err = 0; 803 804 BT_DBG("sock %p, sk %p", sock, sk); 805 806 if (!sk) 807 return 0; 808 809 chan = l2cap_pi(sk)->chan; 810 conn = chan->conn; 811 812 if (conn) 813 mutex_lock(&conn->chan_lock); 814 815 l2cap_chan_lock(chan); 816 lock_sock(sk); 817 818 if (!sk->sk_shutdown) { 819 if (chan->mode == L2CAP_MODE_ERTM) 820 err = __l2cap_wait_ack(sk); 821 822 sk->sk_shutdown = SHUTDOWN_MASK; 823 824 release_sock(sk); 825 l2cap_chan_close(chan, 0); 826 lock_sock(sk); 827 828 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 829 err = bt_sock_wait_state(sk, BT_CLOSED, 830 sk->sk_lingertime); 831 } 832 833 if (!err && sk->sk_err) 834 err = -sk->sk_err; 835 836 release_sock(sk); 837 l2cap_chan_unlock(chan); 838 839 if (conn) 840 mutex_unlock(&conn->chan_lock); 841 842 return err; 843 } 844 845 static int l2cap_sock_release(struct socket *sock) 846 { 847 struct sock *sk = sock->sk; 848 int err; 849 850 BT_DBG("sock %p, sk %p", sock, sk); 851 852 if (!sk) 853 return 0; 854 855 err = l2cap_sock_shutdown(sock, 2); 856 857 sock_orphan(sk); 858 l2cap_sock_kill(sk); 859 return err; 860 } 861 862 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 863 { 864 struct sock *sk, *parent = data; 865 866 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 867 GFP_ATOMIC); 868 if (!sk) 869 return NULL; 870 871 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 872 873 l2cap_sock_init(sk, parent); 874 875 return l2cap_pi(sk)->chan; 876 } 877 878 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 879 { 880 int err; 881 struct sock *sk = data; 882 struct l2cap_pinfo *pi = l2cap_pi(sk); 883 884 lock_sock(sk); 885 886 if (pi->rx_busy_skb) { 887 err = -ENOMEM; 888 goto done; 889 } 890 891 err = sock_queue_rcv_skb(sk, skb); 892 893 /* For ERTM, handle one skb that doesn't fit into the recv 894 * buffer. This is important to do because the data frames 895 * have already been acked, so the skb cannot be discarded. 896 * 897 * Notify the l2cap core that the buffer is full, so the 898 * LOCAL_BUSY state is entered and no more frames are 899 * acked and reassembled until there is buffer space 900 * available. 901 */ 902 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 903 pi->rx_busy_skb = skb; 904 l2cap_chan_busy(pi->chan, 1); 905 err = 0; 906 } 907 908 done: 909 release_sock(sk); 910 911 return err; 912 } 913 914 static void l2cap_sock_close_cb(void *data) 915 { 916 struct sock *sk = data; 917 918 l2cap_sock_kill(sk); 919 } 920 921 static void l2cap_sock_state_change_cb(void *data, int state) 922 { 923 struct sock *sk = data; 924 925 sk->sk_state = state; 926 } 927 928 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 929 unsigned long len, int nb, 930 int *err) 931 { 932 struct sock *sk = chan->sk; 933 934 return bt_skb_send_alloc(sk, len, nb, err); 935 } 936 937 static struct l2cap_ops l2cap_chan_ops = { 938 .name = "L2CAP Socket Interface", 939 .new_connection = l2cap_sock_new_connection_cb, 940 .recv = l2cap_sock_recv_cb, 941 .close = l2cap_sock_close_cb, 942 .state_change = l2cap_sock_state_change_cb, 943 .alloc_skb = l2cap_sock_alloc_skb_cb, 944 }; 945 946 static void l2cap_sock_destruct(struct sock *sk) 947 { 948 BT_DBG("sk %p", sk); 949 950 if (l2cap_pi(sk)->rx_busy_skb) { 951 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 952 l2cap_pi(sk)->rx_busy_skb = NULL; 953 } 954 955 skb_queue_purge(&sk->sk_receive_queue); 956 skb_queue_purge(&sk->sk_write_queue); 957 } 958 959 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 960 { 961 struct l2cap_pinfo *pi = l2cap_pi(sk); 962 struct l2cap_chan *chan = pi->chan; 963 964 BT_DBG("sk %p", sk); 965 966 if (parent) { 967 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 968 969 sk->sk_type = parent->sk_type; 970 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 971 972 chan->chan_type = pchan->chan_type; 973 chan->imtu = pchan->imtu; 974 chan->omtu = pchan->omtu; 975 chan->conf_state = pchan->conf_state; 976 chan->mode = pchan->mode; 977 chan->fcs = pchan->fcs; 978 chan->max_tx = pchan->max_tx; 979 chan->tx_win = pchan->tx_win; 980 chan->tx_win_max = pchan->tx_win_max; 981 chan->sec_level = pchan->sec_level; 982 chan->flags = pchan->flags; 983 984 security_sk_clone(parent, sk); 985 } else { 986 987 switch (sk->sk_type) { 988 case SOCK_RAW: 989 chan->chan_type = L2CAP_CHAN_RAW; 990 break; 991 case SOCK_DGRAM: 992 chan->chan_type = L2CAP_CHAN_CONN_LESS; 993 break; 994 case SOCK_SEQPACKET: 995 case SOCK_STREAM: 996 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 997 break; 998 } 999 1000 chan->imtu = L2CAP_DEFAULT_MTU; 1001 chan->omtu = 0; 1002 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1003 chan->mode = L2CAP_MODE_ERTM; 1004 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1005 } else { 1006 chan->mode = L2CAP_MODE_BASIC; 1007 } 1008 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 1009 chan->fcs = L2CAP_FCS_CRC16; 1010 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1011 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 1012 chan->sec_level = BT_SECURITY_LOW; 1013 chan->flags = 0; 1014 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 1015 } 1016 1017 /* Default config options */ 1018 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1019 1020 chan->data = sk; 1021 chan->ops = &l2cap_chan_ops; 1022 } 1023 1024 static struct proto l2cap_proto = { 1025 .name = "L2CAP", 1026 .owner = THIS_MODULE, 1027 .obj_size = sizeof(struct l2cap_pinfo) 1028 }; 1029 1030 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1031 { 1032 struct sock *sk; 1033 struct l2cap_chan *chan; 1034 1035 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1036 if (!sk) 1037 return NULL; 1038 1039 sock_init_data(sock, sk); 1040 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1041 1042 sk->sk_destruct = l2cap_sock_destruct; 1043 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1044 1045 sock_reset_flag(sk, SOCK_ZAPPED); 1046 1047 sk->sk_protocol = proto; 1048 sk->sk_state = BT_OPEN; 1049 1050 chan = l2cap_chan_create(sk); 1051 if (!chan) { 1052 l2cap_sock_kill(sk); 1053 return NULL; 1054 } 1055 1056 l2cap_pi(sk)->chan = chan; 1057 1058 return sk; 1059 } 1060 1061 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1062 int kern) 1063 { 1064 struct sock *sk; 1065 1066 BT_DBG("sock %p", sock); 1067 1068 sock->state = SS_UNCONNECTED; 1069 1070 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1071 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1072 return -ESOCKTNOSUPPORT; 1073 1074 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1075 return -EPERM; 1076 1077 sock->ops = &l2cap_sock_ops; 1078 1079 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1080 if (!sk) 1081 return -ENOMEM; 1082 1083 l2cap_sock_init(sk, NULL); 1084 return 0; 1085 } 1086 1087 static const struct proto_ops l2cap_sock_ops = { 1088 .family = PF_BLUETOOTH, 1089 .owner = THIS_MODULE, 1090 .release = l2cap_sock_release, 1091 .bind = l2cap_sock_bind, 1092 .connect = l2cap_sock_connect, 1093 .listen = l2cap_sock_listen, 1094 .accept = l2cap_sock_accept, 1095 .getname = l2cap_sock_getname, 1096 .sendmsg = l2cap_sock_sendmsg, 1097 .recvmsg = l2cap_sock_recvmsg, 1098 .poll = bt_sock_poll, 1099 .ioctl = bt_sock_ioctl, 1100 .mmap = sock_no_mmap, 1101 .socketpair = sock_no_socketpair, 1102 .shutdown = l2cap_sock_shutdown, 1103 .setsockopt = l2cap_sock_setsockopt, 1104 .getsockopt = l2cap_sock_getsockopt 1105 }; 1106 1107 static const struct net_proto_family l2cap_sock_family_ops = { 1108 .family = PF_BLUETOOTH, 1109 .owner = THIS_MODULE, 1110 .create = l2cap_sock_create, 1111 }; 1112 1113 int __init l2cap_init_sockets(void) 1114 { 1115 int err; 1116 1117 err = proto_register(&l2cap_proto, 0); 1118 if (err < 0) 1119 return err; 1120 1121 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1122 if (err < 0) 1123 goto error; 1124 1125 BT_INFO("L2CAP socket layer initialized"); 1126 1127 return 0; 1128 1129 error: 1130 BT_ERR("L2CAP socket registration failed"); 1131 proto_unregister(&l2cap_proto); 1132 return err; 1133 } 1134 1135 void l2cap_cleanup_sockets(void) 1136 { 1137 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1138 BT_ERR("L2CAP socket unregistration failed"); 1139 1140 proto_unregister(&l2cap_proto); 1141 } 1142