1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* Bluetooth L2CAP sockets. */ 28 29 #include <linux/security.h> 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static const struct proto_ops l2cap_sock_ops; 38 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 39 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 40 41 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 42 { 43 struct sock *sk = sock->sk; 44 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 45 struct sockaddr_l2 la; 46 int len, err = 0; 47 48 BT_DBG("sk %p", sk); 49 50 if (!addr || addr->sa_family != AF_BLUETOOTH) 51 return -EINVAL; 52 53 memset(&la, 0, sizeof(la)); 54 len = min_t(unsigned int, sizeof(la), alen); 55 memcpy(&la, addr, len); 56 57 if (la.l2_cid && la.l2_psm) 58 return -EINVAL; 59 60 lock_sock(sk); 61 62 if (sk->sk_state != BT_OPEN) { 63 err = -EBADFD; 64 goto done; 65 } 66 67 if (la.l2_psm) { 68 __u16 psm = __le16_to_cpu(la.l2_psm); 69 70 /* PSM must be odd and lsb of upper byte must be 0 */ 71 if ((psm & 0x0101) != 0x0001) { 72 err = -EINVAL; 73 goto done; 74 } 75 76 /* Restrict usage of well-known PSMs */ 77 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 78 err = -EACCES; 79 goto done; 80 } 81 } 82 83 if (la.l2_cid) 84 err = l2cap_add_scid(chan, la.l2_cid); 85 else 86 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 87 88 if (err < 0) 89 goto done; 90 91 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 92 __le16_to_cpu(la.l2_psm) == 0x0003) 93 chan->sec_level = BT_SECURITY_SDP; 94 95 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 96 97 chan->state = BT_BOUND; 98 sk->sk_state = BT_BOUND; 99 100 done: 101 release_sock(sk); 102 return err; 103 } 104 105 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 106 { 107 struct sock *sk = sock->sk; 108 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 109 struct sockaddr_l2 la; 110 int len, err = 0; 111 112 BT_DBG("sk %p", sk); 113 114 if (!addr || alen < sizeof(addr->sa_family) || 115 addr->sa_family != AF_BLUETOOTH) 116 return -EINVAL; 117 118 memset(&la, 0, sizeof(la)); 119 len = min_t(unsigned int, sizeof(la), alen); 120 memcpy(&la, addr, len); 121 122 if (la.l2_cid && la.l2_psm) 123 return -EINVAL; 124 125 lock_sock(sk); 126 127 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED 128 && !(la.l2_psm || la.l2_cid)) { 129 err = -EINVAL; 130 goto done; 131 } 132 133 switch (chan->mode) { 134 case L2CAP_MODE_BASIC: 135 break; 136 case L2CAP_MODE_ERTM: 137 case L2CAP_MODE_STREAMING: 138 if (!disable_ertm) 139 break; 140 /* fall through */ 141 default: 142 err = -ENOTSUPP; 143 goto done; 144 } 145 146 switch (sk->sk_state) { 147 case BT_CONNECT: 148 case BT_CONNECT2: 149 case BT_CONFIG: 150 /* Already connecting */ 151 goto wait; 152 153 case BT_CONNECTED: 154 /* Already connected */ 155 err = -EISCONN; 156 goto done; 157 158 case BT_OPEN: 159 case BT_BOUND: 160 /* Can connect */ 161 break; 162 163 default: 164 err = -EBADFD; 165 goto done; 166 } 167 168 /* PSM must be odd and lsb of upper byte must be 0 */ 169 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid && 170 chan->chan_type != L2CAP_CHAN_RAW) { 171 err = -EINVAL; 172 goto done; 173 } 174 175 /* Set destination address and psm */ 176 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 177 chan->psm = la.l2_psm; 178 chan->dcid = la.l2_cid; 179 180 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 181 if (err) 182 goto done; 183 184 wait: 185 err = bt_sock_wait_state(sk, BT_CONNECTED, 186 sock_sndtimeo(sk, flags & O_NONBLOCK)); 187 done: 188 release_sock(sk); 189 return err; 190 } 191 192 static int l2cap_sock_listen(struct socket *sock, int backlog) 193 { 194 struct sock *sk = sock->sk; 195 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 196 int err = 0; 197 198 BT_DBG("sk %p backlog %d", sk, backlog); 199 200 lock_sock(sk); 201 202 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 203 || sk->sk_state != BT_BOUND) { 204 err = -EBADFD; 205 goto done; 206 } 207 208 switch (chan->mode) { 209 case L2CAP_MODE_BASIC: 210 break; 211 case L2CAP_MODE_ERTM: 212 case L2CAP_MODE_STREAMING: 213 if (!disable_ertm) 214 break; 215 /* fall through */ 216 default: 217 err = -ENOTSUPP; 218 goto done; 219 } 220 221 sk->sk_max_ack_backlog = backlog; 222 sk->sk_ack_backlog = 0; 223 224 chan->state = BT_LISTEN; 225 sk->sk_state = BT_LISTEN; 226 227 done: 228 release_sock(sk); 229 return err; 230 } 231 232 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 233 { 234 DECLARE_WAITQUEUE(wait, current); 235 struct sock *sk = sock->sk, *nsk; 236 long timeo; 237 int err = 0; 238 239 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 240 241 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 242 243 BT_DBG("sk %p timeo %ld", sk, timeo); 244 245 /* Wait for an incoming connection. (wake-one). */ 246 add_wait_queue_exclusive(sk_sleep(sk), &wait); 247 while (1) { 248 set_current_state(TASK_INTERRUPTIBLE); 249 250 if (sk->sk_state != BT_LISTEN) { 251 err = -EBADFD; 252 break; 253 } 254 255 nsk = bt_accept_dequeue(sk, newsock); 256 if (nsk) 257 break; 258 259 if (!timeo) { 260 err = -EAGAIN; 261 break; 262 } 263 264 if (signal_pending(current)) { 265 err = sock_intr_errno(timeo); 266 break; 267 } 268 269 release_sock(sk); 270 timeo = schedule_timeout(timeo); 271 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 272 } 273 __set_current_state(TASK_RUNNING); 274 remove_wait_queue(sk_sleep(sk), &wait); 275 276 if (err) 277 goto done; 278 279 newsock->state = SS_CONNECTED; 280 281 BT_DBG("new socket %p", nsk); 282 283 done: 284 release_sock(sk); 285 return err; 286 } 287 288 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 289 { 290 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 291 struct sock *sk = sock->sk; 292 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 293 294 BT_DBG("sock %p, sk %p", sock, sk); 295 296 addr->sa_family = AF_BLUETOOTH; 297 *len = sizeof(struct sockaddr_l2); 298 299 if (peer) { 300 la->l2_psm = chan->psm; 301 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 302 la->l2_cid = cpu_to_le16(chan->dcid); 303 } else { 304 la->l2_psm = chan->sport; 305 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 306 la->l2_cid = cpu_to_le16(chan->scid); 307 } 308 309 return 0; 310 } 311 312 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 313 { 314 struct sock *sk = sock->sk; 315 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 316 struct l2cap_options opts; 317 struct l2cap_conninfo cinfo; 318 int len, err = 0; 319 u32 opt; 320 321 BT_DBG("sk %p", sk); 322 323 if (get_user(len, optlen)) 324 return -EFAULT; 325 326 lock_sock(sk); 327 328 switch (optname) { 329 case L2CAP_OPTIONS: 330 memset(&opts, 0, sizeof(opts)); 331 opts.imtu = chan->imtu; 332 opts.omtu = chan->omtu; 333 opts.flush_to = chan->flush_to; 334 opts.mode = chan->mode; 335 opts.fcs = chan->fcs; 336 opts.max_tx = chan->max_tx; 337 opts.txwin_size = (__u16)chan->tx_win; 338 339 len = min_t(unsigned int, len, sizeof(opts)); 340 if (copy_to_user(optval, (char *) &opts, len)) 341 err = -EFAULT; 342 343 break; 344 345 case L2CAP_LM: 346 switch (chan->sec_level) { 347 case BT_SECURITY_LOW: 348 opt = L2CAP_LM_AUTH; 349 break; 350 case BT_SECURITY_MEDIUM: 351 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 352 break; 353 case BT_SECURITY_HIGH: 354 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 355 L2CAP_LM_SECURE; 356 break; 357 default: 358 opt = 0; 359 break; 360 } 361 362 if (chan->role_switch) 363 opt |= L2CAP_LM_MASTER; 364 365 if (chan->force_reliable) 366 opt |= L2CAP_LM_RELIABLE; 367 368 if (put_user(opt, (u32 __user *) optval)) 369 err = -EFAULT; 370 break; 371 372 case L2CAP_CONNINFO: 373 if (sk->sk_state != BT_CONNECTED && 374 !(sk->sk_state == BT_CONNECT2 && 375 bt_sk(sk)->defer_setup)) { 376 err = -ENOTCONN; 377 break; 378 } 379 380 memset(&cinfo, 0, sizeof(cinfo)); 381 cinfo.hci_handle = chan->conn->hcon->handle; 382 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 383 384 len = min_t(unsigned int, len, sizeof(cinfo)); 385 if (copy_to_user(optval, (char *) &cinfo, len)) 386 err = -EFAULT; 387 388 break; 389 390 default: 391 err = -ENOPROTOOPT; 392 break; 393 } 394 395 release_sock(sk); 396 return err; 397 } 398 399 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 400 { 401 struct sock *sk = sock->sk; 402 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 403 struct bt_security sec; 404 struct bt_power pwr; 405 int len, err = 0; 406 407 BT_DBG("sk %p", sk); 408 409 if (level == SOL_L2CAP) 410 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 411 412 if (level != SOL_BLUETOOTH) 413 return -ENOPROTOOPT; 414 415 if (get_user(len, optlen)) 416 return -EFAULT; 417 418 lock_sock(sk); 419 420 switch (optname) { 421 case BT_SECURITY: 422 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 423 chan->chan_type != L2CAP_CHAN_RAW) { 424 err = -EINVAL; 425 break; 426 } 427 428 memset(&sec, 0, sizeof(sec)); 429 sec.level = chan->sec_level; 430 431 if (sk->sk_state == BT_CONNECTED) 432 sec.key_size = chan->conn->hcon->enc_key_size; 433 434 len = min_t(unsigned int, len, sizeof(sec)); 435 if (copy_to_user(optval, (char *) &sec, len)) 436 err = -EFAULT; 437 438 break; 439 440 case BT_DEFER_SETUP: 441 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 442 err = -EINVAL; 443 break; 444 } 445 446 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 447 err = -EFAULT; 448 449 break; 450 451 case BT_FLUSHABLE: 452 if (put_user(chan->flushable, (u32 __user *) optval)) 453 err = -EFAULT; 454 455 break; 456 457 case BT_POWER: 458 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 459 && sk->sk_type != SOCK_RAW) { 460 err = -EINVAL; 461 break; 462 } 463 464 pwr.force_active = chan->force_active; 465 466 len = min_t(unsigned int, len, sizeof(pwr)); 467 if (copy_to_user(optval, (char *) &pwr, len)) 468 err = -EFAULT; 469 470 break; 471 472 default: 473 err = -ENOPROTOOPT; 474 break; 475 } 476 477 release_sock(sk); 478 return err; 479 } 480 481 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 482 { 483 struct sock *sk = sock->sk; 484 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 485 struct l2cap_options opts; 486 int len, err = 0; 487 u32 opt; 488 489 BT_DBG("sk %p", sk); 490 491 lock_sock(sk); 492 493 switch (optname) { 494 case L2CAP_OPTIONS: 495 if (sk->sk_state == BT_CONNECTED) { 496 err = -EINVAL; 497 break; 498 } 499 500 opts.imtu = chan->imtu; 501 opts.omtu = chan->omtu; 502 opts.flush_to = chan->flush_to; 503 opts.mode = chan->mode; 504 opts.fcs = chan->fcs; 505 opts.max_tx = chan->max_tx; 506 opts.txwin_size = (__u16)chan->tx_win; 507 508 len = min_t(unsigned int, sizeof(opts), optlen); 509 if (copy_from_user((char *) &opts, optval, len)) { 510 err = -EFAULT; 511 break; 512 } 513 514 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 515 err = -EINVAL; 516 break; 517 } 518 519 chan->mode = opts.mode; 520 switch (chan->mode) { 521 case L2CAP_MODE_BASIC: 522 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 523 break; 524 case L2CAP_MODE_ERTM: 525 case L2CAP_MODE_STREAMING: 526 if (!disable_ertm) 527 break; 528 /* fall through */ 529 default: 530 err = -EINVAL; 531 break; 532 } 533 534 chan->imtu = opts.imtu; 535 chan->omtu = opts.omtu; 536 chan->fcs = opts.fcs; 537 chan->max_tx = opts.max_tx; 538 chan->tx_win = (__u8)opts.txwin_size; 539 break; 540 541 case L2CAP_LM: 542 if (get_user(opt, (u32 __user *) optval)) { 543 err = -EFAULT; 544 break; 545 } 546 547 if (opt & L2CAP_LM_AUTH) 548 chan->sec_level = BT_SECURITY_LOW; 549 if (opt & L2CAP_LM_ENCRYPT) 550 chan->sec_level = BT_SECURITY_MEDIUM; 551 if (opt & L2CAP_LM_SECURE) 552 chan->sec_level = BT_SECURITY_HIGH; 553 554 chan->role_switch = (opt & L2CAP_LM_MASTER); 555 chan->force_reliable = (opt & L2CAP_LM_RELIABLE); 556 break; 557 558 default: 559 err = -ENOPROTOOPT; 560 break; 561 } 562 563 release_sock(sk); 564 return err; 565 } 566 567 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 568 { 569 struct sock *sk = sock->sk; 570 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 571 struct bt_security sec; 572 struct bt_power pwr; 573 struct l2cap_conn *conn; 574 int len, err = 0; 575 u32 opt; 576 577 BT_DBG("sk %p", sk); 578 579 if (level == SOL_L2CAP) 580 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 581 582 if (level != SOL_BLUETOOTH) 583 return -ENOPROTOOPT; 584 585 lock_sock(sk); 586 587 switch (optname) { 588 case BT_SECURITY: 589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 590 chan->chan_type != L2CAP_CHAN_RAW) { 591 err = -EINVAL; 592 break; 593 } 594 595 sec.level = BT_SECURITY_LOW; 596 597 len = min_t(unsigned int, sizeof(sec), optlen); 598 if (copy_from_user((char *) &sec, optval, len)) { 599 err = -EFAULT; 600 break; 601 } 602 603 if (sec.level < BT_SECURITY_LOW || 604 sec.level > BT_SECURITY_HIGH) { 605 err = -EINVAL; 606 break; 607 } 608 609 chan->sec_level = sec.level; 610 611 conn = chan->conn; 612 if (conn && chan->scid == L2CAP_CID_LE_DATA) { 613 if (!conn->hcon->out) { 614 err = -EINVAL; 615 break; 616 } 617 618 if (smp_conn_security(conn, sec.level)) 619 break; 620 621 err = 0; 622 sk->sk_state = BT_CONFIG; 623 } 624 break; 625 626 case BT_DEFER_SETUP: 627 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 628 err = -EINVAL; 629 break; 630 } 631 632 if (get_user(opt, (u32 __user *) optval)) { 633 err = -EFAULT; 634 break; 635 } 636 637 bt_sk(sk)->defer_setup = opt; 638 break; 639 640 case BT_FLUSHABLE: 641 if (get_user(opt, (u32 __user *) optval)) { 642 err = -EFAULT; 643 break; 644 } 645 646 if (opt > BT_FLUSHABLE_ON) { 647 err = -EINVAL; 648 break; 649 } 650 651 if (opt == BT_FLUSHABLE_OFF) { 652 struct l2cap_conn *conn = chan->conn; 653 /* proceed further only when we have l2cap_conn and 654 No Flush support in the LM */ 655 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 656 err = -EINVAL; 657 break; 658 } 659 } 660 661 chan->flushable = opt; 662 break; 663 664 case BT_POWER: 665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 666 chan->chan_type != L2CAP_CHAN_RAW) { 667 err = -EINVAL; 668 break; 669 } 670 671 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 672 673 len = min_t(unsigned int, sizeof(pwr), optlen); 674 if (copy_from_user((char *) &pwr, optval, len)) { 675 err = -EFAULT; 676 break; 677 } 678 chan->force_active = pwr.force_active; 679 break; 680 681 default: 682 err = -ENOPROTOOPT; 683 break; 684 } 685 686 release_sock(sk); 687 return err; 688 } 689 690 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 691 { 692 struct sock *sk = sock->sk; 693 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 694 int err; 695 696 BT_DBG("sock %p, sk %p", sock, sk); 697 698 err = sock_error(sk); 699 if (err) 700 return err; 701 702 if (msg->msg_flags & MSG_OOB) 703 return -EOPNOTSUPP; 704 705 lock_sock(sk); 706 707 if (sk->sk_state != BT_CONNECTED) { 708 release_sock(sk); 709 return -ENOTCONN; 710 } 711 712 err = l2cap_chan_send(chan, msg, len); 713 714 release_sock(sk); 715 return err; 716 } 717 718 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 719 { 720 struct sock *sk = sock->sk; 721 struct l2cap_pinfo *pi = l2cap_pi(sk); 722 int err; 723 724 lock_sock(sk); 725 726 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 727 sk->sk_state = BT_CONFIG; 728 729 __l2cap_connect_rsp_defer(pi->chan); 730 release_sock(sk); 731 return 0; 732 } 733 734 release_sock(sk); 735 736 if (sock->type == SOCK_STREAM) 737 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 738 else 739 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 740 741 if (pi->chan->mode != L2CAP_MODE_ERTM) 742 return err; 743 744 /* Attempt to put pending rx data in the socket buffer */ 745 746 lock_sock(sk); 747 748 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 749 goto done; 750 751 if (pi->rx_busy_skb) { 752 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 753 pi->rx_busy_skb = NULL; 754 else 755 goto done; 756 } 757 758 /* Restore data flow when half of the receive buffer is 759 * available. This avoids resending large numbers of 760 * frames. 761 */ 762 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 763 l2cap_chan_busy(pi->chan, 0); 764 765 done: 766 release_sock(sk); 767 return err; 768 } 769 770 /* Kill socket (only if zapped and orphan) 771 * Must be called on unlocked socket. 772 */ 773 static void l2cap_sock_kill(struct sock *sk) 774 { 775 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 776 return; 777 778 BT_DBG("sk %p state %d", sk, sk->sk_state); 779 780 /* Kill poor orphan */ 781 782 l2cap_chan_destroy(l2cap_pi(sk)->chan); 783 sock_set_flag(sk, SOCK_DEAD); 784 sock_put(sk); 785 } 786 787 static int l2cap_sock_shutdown(struct socket *sock, int how) 788 { 789 struct sock *sk = sock->sk; 790 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 791 int err = 0; 792 793 BT_DBG("sock %p, sk %p", sock, sk); 794 795 if (!sk) 796 return 0; 797 798 lock_sock(sk); 799 if (!sk->sk_shutdown) { 800 if (chan->mode == L2CAP_MODE_ERTM) 801 err = __l2cap_wait_ack(sk); 802 803 sk->sk_shutdown = SHUTDOWN_MASK; 804 l2cap_chan_close(chan, 0); 805 806 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 807 err = bt_sock_wait_state(sk, BT_CLOSED, 808 sk->sk_lingertime); 809 } 810 811 if (!err && sk->sk_err) 812 err = -sk->sk_err; 813 814 release_sock(sk); 815 return err; 816 } 817 818 static int l2cap_sock_release(struct socket *sock) 819 { 820 struct sock *sk = sock->sk; 821 int err; 822 823 BT_DBG("sock %p, sk %p", sock, sk); 824 825 if (!sk) 826 return 0; 827 828 err = l2cap_sock_shutdown(sock, 2); 829 830 sock_orphan(sk); 831 l2cap_sock_kill(sk); 832 return err; 833 } 834 835 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 836 { 837 struct sock *sk, *parent = data; 838 839 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 840 GFP_ATOMIC); 841 if (!sk) 842 return NULL; 843 844 l2cap_sock_init(sk, parent); 845 846 return l2cap_pi(sk)->chan; 847 } 848 849 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 850 { 851 int err; 852 struct sock *sk = data; 853 struct l2cap_pinfo *pi = l2cap_pi(sk); 854 855 if (pi->rx_busy_skb) 856 return -ENOMEM; 857 858 err = sock_queue_rcv_skb(sk, skb); 859 860 /* For ERTM, handle one skb that doesn't fit into the recv 861 * buffer. This is important to do because the data frames 862 * have already been acked, so the skb cannot be discarded. 863 * 864 * Notify the l2cap core that the buffer is full, so the 865 * LOCAL_BUSY state is entered and no more frames are 866 * acked and reassembled until there is buffer space 867 * available. 868 */ 869 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 870 pi->rx_busy_skb = skb; 871 l2cap_chan_busy(pi->chan, 1); 872 err = 0; 873 } 874 875 return err; 876 } 877 878 static void l2cap_sock_close_cb(void *data) 879 { 880 struct sock *sk = data; 881 882 l2cap_sock_kill(sk); 883 } 884 885 static void l2cap_sock_state_change_cb(void *data, int state) 886 { 887 struct sock *sk = data; 888 889 sk->sk_state = state; 890 } 891 892 static struct l2cap_ops l2cap_chan_ops = { 893 .name = "L2CAP Socket Interface", 894 .new_connection = l2cap_sock_new_connection_cb, 895 .recv = l2cap_sock_recv_cb, 896 .close = l2cap_sock_close_cb, 897 .state_change = l2cap_sock_state_change_cb, 898 }; 899 900 static void l2cap_sock_destruct(struct sock *sk) 901 { 902 BT_DBG("sk %p", sk); 903 904 if (l2cap_pi(sk)->rx_busy_skb) { 905 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 906 l2cap_pi(sk)->rx_busy_skb = NULL; 907 } 908 909 skb_queue_purge(&sk->sk_receive_queue); 910 skb_queue_purge(&sk->sk_write_queue); 911 } 912 913 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 914 { 915 struct l2cap_pinfo *pi = l2cap_pi(sk); 916 struct l2cap_chan *chan = pi->chan; 917 918 BT_DBG("sk %p", sk); 919 920 if (parent) { 921 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 922 923 sk->sk_type = parent->sk_type; 924 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 925 926 chan->chan_type = pchan->chan_type; 927 chan->imtu = pchan->imtu; 928 chan->omtu = pchan->omtu; 929 chan->conf_state = pchan->conf_state; 930 chan->mode = pchan->mode; 931 chan->fcs = pchan->fcs; 932 chan->max_tx = pchan->max_tx; 933 chan->tx_win = pchan->tx_win; 934 chan->sec_level = pchan->sec_level; 935 chan->role_switch = pchan->role_switch; 936 chan->force_reliable = pchan->force_reliable; 937 chan->flushable = pchan->flushable; 938 chan->force_active = pchan->force_active; 939 940 security_sk_clone(parent, sk); 941 } else { 942 943 switch (sk->sk_type) { 944 case SOCK_RAW: 945 chan->chan_type = L2CAP_CHAN_RAW; 946 break; 947 case SOCK_DGRAM: 948 chan->chan_type = L2CAP_CHAN_CONN_LESS; 949 break; 950 case SOCK_SEQPACKET: 951 case SOCK_STREAM: 952 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 953 break; 954 } 955 956 chan->imtu = L2CAP_DEFAULT_MTU; 957 chan->omtu = 0; 958 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 959 chan->mode = L2CAP_MODE_ERTM; 960 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 961 } else { 962 chan->mode = L2CAP_MODE_BASIC; 963 } 964 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 965 chan->fcs = L2CAP_FCS_CRC16; 966 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 967 chan->sec_level = BT_SECURITY_LOW; 968 chan->role_switch = 0; 969 chan->force_reliable = 0; 970 chan->flushable = BT_FLUSHABLE_OFF; 971 chan->force_active = BT_POWER_FORCE_ACTIVE_ON; 972 973 } 974 975 /* Default config options */ 976 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 977 978 chan->data = sk; 979 chan->ops = &l2cap_chan_ops; 980 } 981 982 static struct proto l2cap_proto = { 983 .name = "L2CAP", 984 .owner = THIS_MODULE, 985 .obj_size = sizeof(struct l2cap_pinfo) 986 }; 987 988 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 989 { 990 struct sock *sk; 991 struct l2cap_chan *chan; 992 993 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 994 if (!sk) 995 return NULL; 996 997 sock_init_data(sock, sk); 998 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 999 1000 sk->sk_destruct = l2cap_sock_destruct; 1001 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1002 1003 sock_reset_flag(sk, SOCK_ZAPPED); 1004 1005 sk->sk_protocol = proto; 1006 sk->sk_state = BT_OPEN; 1007 1008 chan = l2cap_chan_create(sk); 1009 if (!chan) { 1010 l2cap_sock_kill(sk); 1011 return NULL; 1012 } 1013 1014 l2cap_pi(sk)->chan = chan; 1015 1016 return sk; 1017 } 1018 1019 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1020 int kern) 1021 { 1022 struct sock *sk; 1023 1024 BT_DBG("sock %p", sock); 1025 1026 sock->state = SS_UNCONNECTED; 1027 1028 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1029 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1030 return -ESOCKTNOSUPPORT; 1031 1032 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1033 return -EPERM; 1034 1035 sock->ops = &l2cap_sock_ops; 1036 1037 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1038 if (!sk) 1039 return -ENOMEM; 1040 1041 l2cap_sock_init(sk, NULL); 1042 return 0; 1043 } 1044 1045 static const struct proto_ops l2cap_sock_ops = { 1046 .family = PF_BLUETOOTH, 1047 .owner = THIS_MODULE, 1048 .release = l2cap_sock_release, 1049 .bind = l2cap_sock_bind, 1050 .connect = l2cap_sock_connect, 1051 .listen = l2cap_sock_listen, 1052 .accept = l2cap_sock_accept, 1053 .getname = l2cap_sock_getname, 1054 .sendmsg = l2cap_sock_sendmsg, 1055 .recvmsg = l2cap_sock_recvmsg, 1056 .poll = bt_sock_poll, 1057 .ioctl = bt_sock_ioctl, 1058 .mmap = sock_no_mmap, 1059 .socketpair = sock_no_socketpair, 1060 .shutdown = l2cap_sock_shutdown, 1061 .setsockopt = l2cap_sock_setsockopt, 1062 .getsockopt = l2cap_sock_getsockopt 1063 }; 1064 1065 static const struct net_proto_family l2cap_sock_family_ops = { 1066 .family = PF_BLUETOOTH, 1067 .owner = THIS_MODULE, 1068 .create = l2cap_sock_create, 1069 }; 1070 1071 int __init l2cap_init_sockets(void) 1072 { 1073 int err; 1074 1075 err = proto_register(&l2cap_proto, 0); 1076 if (err < 0) 1077 return err; 1078 1079 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1080 if (err < 0) 1081 goto error; 1082 1083 BT_INFO("L2CAP socket layer initialized"); 1084 1085 return 0; 1086 1087 error: 1088 BT_ERR("L2CAP socket registration failed"); 1089 proto_unregister(&l2cap_proto); 1090 return err; 1091 } 1092 1093 void l2cap_cleanup_sockets(void) 1094 { 1095 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1096 BT_ERR("L2CAP socket unregistration failed"); 1097 1098 proto_unregister(&l2cap_proto); 1099 } 1100