1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static struct bt_sock_list l2cap_sk_list = { 38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39 }; 40 41 static const struct proto_ops l2cap_sock_ops; 42 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 44 45 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 46 { 47 struct sock *sk = sock->sk; 48 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 49 struct sockaddr_l2 la; 50 int len, err = 0; 51 52 BT_DBG("sk %p", sk); 53 54 if (!addr || addr->sa_family != AF_BLUETOOTH) 55 return -EINVAL; 56 57 memset(&la, 0, sizeof(la)); 58 len = min_t(unsigned int, sizeof(la), alen); 59 memcpy(&la, addr, len); 60 61 if (la.l2_cid && la.l2_psm) 62 return -EINVAL; 63 64 lock_sock(sk); 65 66 if (sk->sk_state != BT_OPEN) { 67 err = -EBADFD; 68 goto done; 69 } 70 71 if (la.l2_psm) { 72 __u16 psm = __le16_to_cpu(la.l2_psm); 73 74 /* PSM must be odd and lsb of upper byte must be 0 */ 75 if ((psm & 0x0101) != 0x0001) { 76 err = -EINVAL; 77 goto done; 78 } 79 80 /* Restrict usage of well-known PSMs */ 81 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 82 err = -EACCES; 83 goto done; 84 } 85 } 86 87 if (la.l2_cid) 88 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 89 else 90 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 91 92 if (err < 0) 93 goto done; 94 95 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 96 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 97 chan->sec_level = BT_SECURITY_SDP; 98 99 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 100 101 chan->state = BT_BOUND; 102 sk->sk_state = BT_BOUND; 103 104 done: 105 release_sock(sk); 106 return err; 107 } 108 109 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 110 { 111 struct sock *sk = sock->sk; 112 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 113 struct sockaddr_l2 la; 114 int len, err = 0; 115 116 BT_DBG("sk %p", sk); 117 118 if (!addr || alen < sizeof(addr->sa_family) || 119 addr->sa_family != AF_BLUETOOTH) 120 return -EINVAL; 121 122 memset(&la, 0, sizeof(la)); 123 len = min_t(unsigned int, sizeof(la), alen); 124 memcpy(&la, addr, len); 125 126 if (la.l2_cid && la.l2_psm) 127 return -EINVAL; 128 129 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 130 &la.l2_bdaddr, la.l2_bdaddr_type); 131 if (err) 132 return err; 133 134 lock_sock(sk); 135 136 err = bt_sock_wait_state(sk, BT_CONNECTED, 137 sock_sndtimeo(sk, flags & O_NONBLOCK)); 138 139 release_sock(sk); 140 141 return err; 142 } 143 144 static int l2cap_sock_listen(struct socket *sock, int backlog) 145 { 146 struct sock *sk = sock->sk; 147 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 148 int err = 0; 149 150 BT_DBG("sk %p backlog %d", sk, backlog); 151 152 lock_sock(sk); 153 154 if (sk->sk_state != BT_BOUND) { 155 err = -EBADFD; 156 goto done; 157 } 158 159 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 160 err = -EINVAL; 161 goto done; 162 } 163 164 switch (chan->mode) { 165 case L2CAP_MODE_BASIC: 166 break; 167 case L2CAP_MODE_ERTM: 168 case L2CAP_MODE_STREAMING: 169 if (!disable_ertm) 170 break; 171 /* fall through */ 172 default: 173 err = -ENOTSUPP; 174 goto done; 175 } 176 177 sk->sk_max_ack_backlog = backlog; 178 sk->sk_ack_backlog = 0; 179 180 chan->state = BT_LISTEN; 181 sk->sk_state = BT_LISTEN; 182 183 done: 184 release_sock(sk); 185 return err; 186 } 187 188 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 189 { 190 DECLARE_WAITQUEUE(wait, current); 191 struct sock *sk = sock->sk, *nsk; 192 long timeo; 193 int err = 0; 194 195 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 196 197 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 198 199 BT_DBG("sk %p timeo %ld", sk, timeo); 200 201 /* Wait for an incoming connection. (wake-one). */ 202 add_wait_queue_exclusive(sk_sleep(sk), &wait); 203 while (1) { 204 set_current_state(TASK_INTERRUPTIBLE); 205 206 if (sk->sk_state != BT_LISTEN) { 207 err = -EBADFD; 208 break; 209 } 210 211 nsk = bt_accept_dequeue(sk, newsock); 212 if (nsk) 213 break; 214 215 if (!timeo) { 216 err = -EAGAIN; 217 break; 218 } 219 220 if (signal_pending(current)) { 221 err = sock_intr_errno(timeo); 222 break; 223 } 224 225 release_sock(sk); 226 timeo = schedule_timeout(timeo); 227 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 228 } 229 __set_current_state(TASK_RUNNING); 230 remove_wait_queue(sk_sleep(sk), &wait); 231 232 if (err) 233 goto done; 234 235 newsock->state = SS_CONNECTED; 236 237 BT_DBG("new socket %p", nsk); 238 239 done: 240 release_sock(sk); 241 return err; 242 } 243 244 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 245 { 246 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 247 struct sock *sk = sock->sk; 248 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 249 250 BT_DBG("sock %p, sk %p", sock, sk); 251 252 memset(la, 0, sizeof(struct sockaddr_l2)); 253 addr->sa_family = AF_BLUETOOTH; 254 *len = sizeof(struct sockaddr_l2); 255 256 if (peer) { 257 la->l2_psm = chan->psm; 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 259 la->l2_cid = cpu_to_le16(chan->dcid); 260 } else { 261 la->l2_psm = chan->sport; 262 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 263 la->l2_cid = cpu_to_le16(chan->scid); 264 } 265 266 return 0; 267 } 268 269 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 270 { 271 struct sock *sk = sock->sk; 272 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 273 struct l2cap_options opts; 274 struct l2cap_conninfo cinfo; 275 int len, err = 0; 276 u32 opt; 277 278 BT_DBG("sk %p", sk); 279 280 if (get_user(len, optlen)) 281 return -EFAULT; 282 283 lock_sock(sk); 284 285 switch (optname) { 286 case L2CAP_OPTIONS: 287 memset(&opts, 0, sizeof(opts)); 288 opts.imtu = chan->imtu; 289 opts.omtu = chan->omtu; 290 opts.flush_to = chan->flush_to; 291 opts.mode = chan->mode; 292 opts.fcs = chan->fcs; 293 opts.max_tx = chan->max_tx; 294 opts.txwin_size = chan->tx_win; 295 296 len = min_t(unsigned int, len, sizeof(opts)); 297 if (copy_to_user(optval, (char *) &opts, len)) 298 err = -EFAULT; 299 300 break; 301 302 case L2CAP_LM: 303 switch (chan->sec_level) { 304 case BT_SECURITY_LOW: 305 opt = L2CAP_LM_AUTH; 306 break; 307 case BT_SECURITY_MEDIUM: 308 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 309 break; 310 case BT_SECURITY_HIGH: 311 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 312 L2CAP_LM_SECURE; 313 break; 314 default: 315 opt = 0; 316 break; 317 } 318 319 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 320 opt |= L2CAP_LM_MASTER; 321 322 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 323 opt |= L2CAP_LM_RELIABLE; 324 325 if (put_user(opt, (u32 __user *) optval)) 326 err = -EFAULT; 327 break; 328 329 case L2CAP_CONNINFO: 330 if (sk->sk_state != BT_CONNECTED && 331 !(sk->sk_state == BT_CONNECT2 && 332 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 333 err = -ENOTCONN; 334 break; 335 } 336 337 memset(&cinfo, 0, sizeof(cinfo)); 338 cinfo.hci_handle = chan->conn->hcon->handle; 339 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 340 341 len = min_t(unsigned int, len, sizeof(cinfo)); 342 if (copy_to_user(optval, (char *) &cinfo, len)) 343 err = -EFAULT; 344 345 break; 346 347 default: 348 err = -ENOPROTOOPT; 349 break; 350 } 351 352 release_sock(sk); 353 return err; 354 } 355 356 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 357 { 358 struct sock *sk = sock->sk; 359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 360 struct bt_security sec; 361 struct bt_power pwr; 362 int len, err = 0; 363 364 BT_DBG("sk %p", sk); 365 366 if (level == SOL_L2CAP) 367 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 368 369 if (level != SOL_BLUETOOTH) 370 return -ENOPROTOOPT; 371 372 if (get_user(len, optlen)) 373 return -EFAULT; 374 375 lock_sock(sk); 376 377 switch (optname) { 378 case BT_SECURITY: 379 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 380 chan->chan_type != L2CAP_CHAN_RAW) { 381 err = -EINVAL; 382 break; 383 } 384 385 memset(&sec, 0, sizeof(sec)); 386 if (chan->conn) 387 sec.level = chan->conn->hcon->sec_level; 388 else 389 sec.level = chan->sec_level; 390 391 if (sk->sk_state == BT_CONNECTED) 392 sec.key_size = chan->conn->hcon->enc_key_size; 393 394 len = min_t(unsigned int, len, sizeof(sec)); 395 if (copy_to_user(optval, (char *) &sec, len)) 396 err = -EFAULT; 397 398 break; 399 400 case BT_DEFER_SETUP: 401 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 402 err = -EINVAL; 403 break; 404 } 405 406 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 407 (u32 __user *) optval)) 408 err = -EFAULT; 409 410 break; 411 412 case BT_FLUSHABLE: 413 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 414 (u32 __user *) optval)) 415 err = -EFAULT; 416 417 break; 418 419 case BT_POWER: 420 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 421 && sk->sk_type != SOCK_RAW) { 422 err = -EINVAL; 423 break; 424 } 425 426 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 427 428 len = min_t(unsigned int, len, sizeof(pwr)); 429 if (copy_to_user(optval, (char *) &pwr, len)) 430 err = -EFAULT; 431 432 break; 433 434 case BT_CHANNEL_POLICY: 435 if (!enable_hs) { 436 err = -ENOPROTOOPT; 437 break; 438 } 439 440 if (put_user(chan->chan_policy, (u32 __user *) optval)) 441 err = -EFAULT; 442 break; 443 444 default: 445 err = -ENOPROTOOPT; 446 break; 447 } 448 449 release_sock(sk); 450 return err; 451 } 452 453 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 454 { 455 switch (chan->scid) { 456 case L2CAP_CID_LE_DATA: 457 if (mtu < L2CAP_LE_MIN_MTU) 458 return false; 459 break; 460 461 default: 462 if (mtu < L2CAP_DEFAULT_MIN_MTU) 463 return false; 464 } 465 466 return true; 467 } 468 469 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 470 { 471 struct sock *sk = sock->sk; 472 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 473 struct l2cap_options opts; 474 int len, err = 0; 475 u32 opt; 476 477 BT_DBG("sk %p", sk); 478 479 lock_sock(sk); 480 481 switch (optname) { 482 case L2CAP_OPTIONS: 483 if (sk->sk_state == BT_CONNECTED) { 484 err = -EINVAL; 485 break; 486 } 487 488 opts.imtu = chan->imtu; 489 opts.omtu = chan->omtu; 490 opts.flush_to = chan->flush_to; 491 opts.mode = chan->mode; 492 opts.fcs = chan->fcs; 493 opts.max_tx = chan->max_tx; 494 opts.txwin_size = chan->tx_win; 495 496 len = min_t(unsigned int, sizeof(opts), optlen); 497 if (copy_from_user((char *) &opts, optval, len)) { 498 err = -EFAULT; 499 break; 500 } 501 502 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 503 err = -EINVAL; 504 break; 505 } 506 507 if (!l2cap_valid_mtu(chan, opts.imtu)) { 508 err = -EINVAL; 509 break; 510 } 511 512 chan->mode = opts.mode; 513 switch (chan->mode) { 514 case L2CAP_MODE_BASIC: 515 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 516 break; 517 case L2CAP_MODE_ERTM: 518 case L2CAP_MODE_STREAMING: 519 if (!disable_ertm) 520 break; 521 /* fall through */ 522 default: 523 err = -EINVAL; 524 break; 525 } 526 527 chan->imtu = opts.imtu; 528 chan->omtu = opts.omtu; 529 chan->fcs = opts.fcs; 530 chan->max_tx = opts.max_tx; 531 chan->tx_win = opts.txwin_size; 532 break; 533 534 case L2CAP_LM: 535 if (get_user(opt, (u32 __user *) optval)) { 536 err = -EFAULT; 537 break; 538 } 539 540 if (opt & L2CAP_LM_AUTH) 541 chan->sec_level = BT_SECURITY_LOW; 542 if (opt & L2CAP_LM_ENCRYPT) 543 chan->sec_level = BT_SECURITY_MEDIUM; 544 if (opt & L2CAP_LM_SECURE) 545 chan->sec_level = BT_SECURITY_HIGH; 546 547 if (opt & L2CAP_LM_MASTER) 548 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 549 else 550 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 551 552 if (opt & L2CAP_LM_RELIABLE) 553 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 554 else 555 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 556 break; 557 558 default: 559 err = -ENOPROTOOPT; 560 break; 561 } 562 563 release_sock(sk); 564 return err; 565 } 566 567 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 568 { 569 struct sock *sk = sock->sk; 570 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 571 struct bt_security sec; 572 struct bt_power pwr; 573 struct l2cap_conn *conn; 574 int len, err = 0; 575 u32 opt; 576 577 BT_DBG("sk %p", sk); 578 579 if (level == SOL_L2CAP) 580 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 581 582 if (level != SOL_BLUETOOTH) 583 return -ENOPROTOOPT; 584 585 lock_sock(sk); 586 587 switch (optname) { 588 case BT_SECURITY: 589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 590 chan->chan_type != L2CAP_CHAN_RAW) { 591 err = -EINVAL; 592 break; 593 } 594 595 sec.level = BT_SECURITY_LOW; 596 597 len = min_t(unsigned int, sizeof(sec), optlen); 598 if (copy_from_user((char *) &sec, optval, len)) { 599 err = -EFAULT; 600 break; 601 } 602 603 if (sec.level < BT_SECURITY_LOW || 604 sec.level > BT_SECURITY_HIGH) { 605 err = -EINVAL; 606 break; 607 } 608 609 chan->sec_level = sec.level; 610 611 if (!chan->conn) 612 break; 613 614 conn = chan->conn; 615 616 /*change security for LE channels */ 617 if (chan->scid == L2CAP_CID_LE_DATA) { 618 if (!conn->hcon->out) { 619 err = -EINVAL; 620 break; 621 } 622 623 if (smp_conn_security(conn->hcon, sec.level)) 624 break; 625 sk->sk_state = BT_CONFIG; 626 chan->state = BT_CONFIG; 627 628 /* or for ACL link */ 629 } else if ((sk->sk_state == BT_CONNECT2 && 630 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 631 sk->sk_state == BT_CONNECTED) { 632 if (!l2cap_chan_check_security(chan)) 633 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 634 else 635 sk->sk_state_change(sk); 636 } else { 637 err = -EINVAL; 638 } 639 break; 640 641 case BT_DEFER_SETUP: 642 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 643 err = -EINVAL; 644 break; 645 } 646 647 if (get_user(opt, (u32 __user *) optval)) { 648 err = -EFAULT; 649 break; 650 } 651 652 if (opt) 653 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 654 else 655 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 656 break; 657 658 case BT_FLUSHABLE: 659 if (get_user(opt, (u32 __user *) optval)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opt > BT_FLUSHABLE_ON) { 665 err = -EINVAL; 666 break; 667 } 668 669 if (opt == BT_FLUSHABLE_OFF) { 670 struct l2cap_conn *conn = chan->conn; 671 /* proceed further only when we have l2cap_conn and 672 No Flush support in the LM */ 673 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 674 err = -EINVAL; 675 break; 676 } 677 } 678 679 if (opt) 680 set_bit(FLAG_FLUSHABLE, &chan->flags); 681 else 682 clear_bit(FLAG_FLUSHABLE, &chan->flags); 683 break; 684 685 case BT_POWER: 686 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 687 chan->chan_type != L2CAP_CHAN_RAW) { 688 err = -EINVAL; 689 break; 690 } 691 692 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 693 694 len = min_t(unsigned int, sizeof(pwr), optlen); 695 if (copy_from_user((char *) &pwr, optval, len)) { 696 err = -EFAULT; 697 break; 698 } 699 700 if (pwr.force_active) 701 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 702 else 703 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 704 break; 705 706 case BT_CHANNEL_POLICY: 707 if (!enable_hs) { 708 err = -ENOPROTOOPT; 709 break; 710 } 711 712 if (get_user(opt, (u32 __user *) optval)) { 713 err = -EFAULT; 714 break; 715 } 716 717 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 718 err = -EINVAL; 719 break; 720 } 721 722 if (chan->mode != L2CAP_MODE_ERTM && 723 chan->mode != L2CAP_MODE_STREAMING) { 724 err = -EOPNOTSUPP; 725 break; 726 } 727 728 chan->chan_policy = (u8) opt; 729 break; 730 731 default: 732 err = -ENOPROTOOPT; 733 break; 734 } 735 736 release_sock(sk); 737 return err; 738 } 739 740 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 741 { 742 struct sock *sk = sock->sk; 743 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 744 int err; 745 746 BT_DBG("sock %p, sk %p", sock, sk); 747 748 err = sock_error(sk); 749 if (err) 750 return err; 751 752 if (msg->msg_flags & MSG_OOB) 753 return -EOPNOTSUPP; 754 755 if (sk->sk_state != BT_CONNECTED) 756 return -ENOTCONN; 757 758 l2cap_chan_lock(chan); 759 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 760 l2cap_chan_unlock(chan); 761 762 return err; 763 } 764 765 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 766 { 767 struct sock *sk = sock->sk; 768 struct l2cap_pinfo *pi = l2cap_pi(sk); 769 int err; 770 771 lock_sock(sk); 772 773 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 774 &bt_sk(sk)->flags)) { 775 sk->sk_state = BT_CONFIG; 776 pi->chan->state = BT_CONFIG; 777 778 __l2cap_connect_rsp_defer(pi->chan); 779 release_sock(sk); 780 return 0; 781 } 782 783 release_sock(sk); 784 785 if (sock->type == SOCK_STREAM) 786 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 787 else 788 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 789 790 if (pi->chan->mode != L2CAP_MODE_ERTM) 791 return err; 792 793 /* Attempt to put pending rx data in the socket buffer */ 794 795 lock_sock(sk); 796 797 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 798 goto done; 799 800 if (pi->rx_busy_skb) { 801 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 802 pi->rx_busy_skb = NULL; 803 else 804 goto done; 805 } 806 807 /* Restore data flow when half of the receive buffer is 808 * available. This avoids resending large numbers of 809 * frames. 810 */ 811 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 812 l2cap_chan_busy(pi->chan, 0); 813 814 done: 815 release_sock(sk); 816 return err; 817 } 818 819 /* Kill socket (only if zapped and orphan) 820 * Must be called on unlocked socket. 821 */ 822 static void l2cap_sock_kill(struct sock *sk) 823 { 824 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 825 return; 826 827 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 828 829 /* Kill poor orphan */ 830 831 l2cap_chan_put(l2cap_pi(sk)->chan); 832 sock_set_flag(sk, SOCK_DEAD); 833 sock_put(sk); 834 } 835 836 static int l2cap_sock_shutdown(struct socket *sock, int how) 837 { 838 struct sock *sk = sock->sk; 839 struct l2cap_chan *chan; 840 struct l2cap_conn *conn; 841 int err = 0; 842 843 BT_DBG("sock %p, sk %p", sock, sk); 844 845 if (!sk) 846 return 0; 847 848 chan = l2cap_pi(sk)->chan; 849 conn = chan->conn; 850 851 if (conn) 852 mutex_lock(&conn->chan_lock); 853 854 l2cap_chan_lock(chan); 855 lock_sock(sk); 856 857 if (!sk->sk_shutdown) { 858 if (chan->mode == L2CAP_MODE_ERTM) 859 err = __l2cap_wait_ack(sk); 860 861 sk->sk_shutdown = SHUTDOWN_MASK; 862 863 release_sock(sk); 864 l2cap_chan_close(chan, 0); 865 lock_sock(sk); 866 867 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 868 err = bt_sock_wait_state(sk, BT_CLOSED, 869 sk->sk_lingertime); 870 } 871 872 if (!err && sk->sk_err) 873 err = -sk->sk_err; 874 875 release_sock(sk); 876 l2cap_chan_unlock(chan); 877 878 if (conn) 879 mutex_unlock(&conn->chan_lock); 880 881 return err; 882 } 883 884 static int l2cap_sock_release(struct socket *sock) 885 { 886 struct sock *sk = sock->sk; 887 int err; 888 889 BT_DBG("sock %p, sk %p", sock, sk); 890 891 if (!sk) 892 return 0; 893 894 bt_sock_unlink(&l2cap_sk_list, sk); 895 896 err = l2cap_sock_shutdown(sock, 2); 897 898 sock_orphan(sk); 899 l2cap_sock_kill(sk); 900 return err; 901 } 902 903 static void l2cap_sock_cleanup_listen(struct sock *parent) 904 { 905 struct sock *sk; 906 907 BT_DBG("parent %p", parent); 908 909 /* Close not yet accepted channels */ 910 while ((sk = bt_accept_dequeue(parent, NULL))) { 911 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 912 913 l2cap_chan_lock(chan); 914 __clear_chan_timer(chan); 915 l2cap_chan_close(chan, ECONNRESET); 916 l2cap_chan_unlock(chan); 917 918 l2cap_sock_kill(sk); 919 } 920 } 921 922 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 923 { 924 struct sock *sk, *parent = chan->data; 925 926 /* Check for backlog size */ 927 if (sk_acceptq_is_full(parent)) { 928 BT_DBG("backlog full %d", parent->sk_ack_backlog); 929 return NULL; 930 } 931 932 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 933 GFP_ATOMIC); 934 if (!sk) 935 return NULL; 936 937 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 938 939 l2cap_sock_init(sk, parent); 940 941 return l2cap_pi(sk)->chan; 942 } 943 944 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 945 { 946 int err; 947 struct sock *sk = chan->data; 948 struct l2cap_pinfo *pi = l2cap_pi(sk); 949 950 lock_sock(sk); 951 952 if (pi->rx_busy_skb) { 953 err = -ENOMEM; 954 goto done; 955 } 956 957 err = sock_queue_rcv_skb(sk, skb); 958 959 /* For ERTM, handle one skb that doesn't fit into the recv 960 * buffer. This is important to do because the data frames 961 * have already been acked, so the skb cannot be discarded. 962 * 963 * Notify the l2cap core that the buffer is full, so the 964 * LOCAL_BUSY state is entered and no more frames are 965 * acked and reassembled until there is buffer space 966 * available. 967 */ 968 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 969 pi->rx_busy_skb = skb; 970 l2cap_chan_busy(pi->chan, 1); 971 err = 0; 972 } 973 974 done: 975 release_sock(sk); 976 977 return err; 978 } 979 980 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 981 { 982 struct sock *sk = chan->data; 983 984 l2cap_sock_kill(sk); 985 } 986 987 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 988 { 989 struct sock *sk = chan->data; 990 struct sock *parent; 991 992 lock_sock(sk); 993 994 parent = bt_sk(sk)->parent; 995 996 sock_set_flag(sk, SOCK_ZAPPED); 997 998 switch (chan->state) { 999 case BT_OPEN: 1000 case BT_BOUND: 1001 case BT_CLOSED: 1002 break; 1003 case BT_LISTEN: 1004 l2cap_sock_cleanup_listen(sk); 1005 sk->sk_state = BT_CLOSED; 1006 chan->state = BT_CLOSED; 1007 1008 break; 1009 default: 1010 sk->sk_state = BT_CLOSED; 1011 chan->state = BT_CLOSED; 1012 1013 sk->sk_err = err; 1014 1015 if (parent) { 1016 bt_accept_unlink(sk); 1017 parent->sk_data_ready(parent, 0); 1018 } else { 1019 sk->sk_state_change(sk); 1020 } 1021 1022 break; 1023 } 1024 1025 release_sock(sk); 1026 } 1027 1028 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1029 { 1030 struct sock *sk = chan->data; 1031 1032 sk->sk_state = state; 1033 } 1034 1035 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1036 unsigned long len, int nb) 1037 { 1038 struct sk_buff *skb; 1039 int err; 1040 1041 l2cap_chan_unlock(chan); 1042 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1043 l2cap_chan_lock(chan); 1044 1045 if (!skb) 1046 return ERR_PTR(err); 1047 1048 return skb; 1049 } 1050 1051 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1052 { 1053 struct sock *sk = chan->data; 1054 struct sock *parent; 1055 1056 lock_sock(sk); 1057 1058 parent = bt_sk(sk)->parent; 1059 1060 BT_DBG("sk %p, parent %p", sk, parent); 1061 1062 sk->sk_state = BT_CONNECTED; 1063 sk->sk_state_change(sk); 1064 1065 if (parent) 1066 parent->sk_data_ready(parent, 0); 1067 1068 release_sock(sk); 1069 } 1070 1071 static struct l2cap_ops l2cap_chan_ops = { 1072 .name = "L2CAP Socket Interface", 1073 .new_connection = l2cap_sock_new_connection_cb, 1074 .recv = l2cap_sock_recv_cb, 1075 .close = l2cap_sock_close_cb, 1076 .teardown = l2cap_sock_teardown_cb, 1077 .state_change = l2cap_sock_state_change_cb, 1078 .ready = l2cap_sock_ready_cb, 1079 .alloc_skb = l2cap_sock_alloc_skb_cb, 1080 }; 1081 1082 static void l2cap_sock_destruct(struct sock *sk) 1083 { 1084 BT_DBG("sk %p", sk); 1085 1086 l2cap_chan_put(l2cap_pi(sk)->chan); 1087 if (l2cap_pi(sk)->rx_busy_skb) { 1088 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1089 l2cap_pi(sk)->rx_busy_skb = NULL; 1090 } 1091 1092 skb_queue_purge(&sk->sk_receive_queue); 1093 skb_queue_purge(&sk->sk_write_queue); 1094 } 1095 1096 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1097 { 1098 struct l2cap_pinfo *pi = l2cap_pi(sk); 1099 struct l2cap_chan *chan = pi->chan; 1100 1101 BT_DBG("sk %p", sk); 1102 1103 if (parent) { 1104 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1105 1106 sk->sk_type = parent->sk_type; 1107 bt_sk(sk)->flags = bt_sk(parent)->flags; 1108 1109 chan->chan_type = pchan->chan_type; 1110 chan->imtu = pchan->imtu; 1111 chan->omtu = pchan->omtu; 1112 chan->conf_state = pchan->conf_state; 1113 chan->mode = pchan->mode; 1114 chan->fcs = pchan->fcs; 1115 chan->max_tx = pchan->max_tx; 1116 chan->tx_win = pchan->tx_win; 1117 chan->tx_win_max = pchan->tx_win_max; 1118 chan->sec_level = pchan->sec_level; 1119 chan->flags = pchan->flags; 1120 1121 security_sk_clone(parent, sk); 1122 } else { 1123 1124 switch (sk->sk_type) { 1125 case SOCK_RAW: 1126 chan->chan_type = L2CAP_CHAN_RAW; 1127 break; 1128 case SOCK_DGRAM: 1129 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1130 break; 1131 case SOCK_SEQPACKET: 1132 case SOCK_STREAM: 1133 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1134 break; 1135 } 1136 1137 chan->imtu = L2CAP_DEFAULT_MTU; 1138 chan->omtu = 0; 1139 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1140 chan->mode = L2CAP_MODE_ERTM; 1141 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1142 } else { 1143 chan->mode = L2CAP_MODE_BASIC; 1144 } 1145 1146 l2cap_chan_set_defaults(chan); 1147 } 1148 1149 /* Default config options */ 1150 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1151 1152 chan->data = sk; 1153 chan->ops = &l2cap_chan_ops; 1154 } 1155 1156 static struct proto l2cap_proto = { 1157 .name = "L2CAP", 1158 .owner = THIS_MODULE, 1159 .obj_size = sizeof(struct l2cap_pinfo) 1160 }; 1161 1162 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1163 { 1164 struct sock *sk; 1165 struct l2cap_chan *chan; 1166 1167 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1168 if (!sk) 1169 return NULL; 1170 1171 sock_init_data(sock, sk); 1172 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1173 1174 sk->sk_destruct = l2cap_sock_destruct; 1175 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1176 1177 sock_reset_flag(sk, SOCK_ZAPPED); 1178 1179 sk->sk_protocol = proto; 1180 sk->sk_state = BT_OPEN; 1181 1182 chan = l2cap_chan_create(); 1183 if (!chan) { 1184 sk_free(sk); 1185 return NULL; 1186 } 1187 1188 l2cap_chan_hold(chan); 1189 1190 chan->sk = sk; 1191 1192 l2cap_pi(sk)->chan = chan; 1193 1194 return sk; 1195 } 1196 1197 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1198 int kern) 1199 { 1200 struct sock *sk; 1201 1202 BT_DBG("sock %p", sock); 1203 1204 sock->state = SS_UNCONNECTED; 1205 1206 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1207 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1208 return -ESOCKTNOSUPPORT; 1209 1210 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1211 return -EPERM; 1212 1213 sock->ops = &l2cap_sock_ops; 1214 1215 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1216 if (!sk) 1217 return -ENOMEM; 1218 1219 l2cap_sock_init(sk, NULL); 1220 bt_sock_link(&l2cap_sk_list, sk); 1221 return 0; 1222 } 1223 1224 static const struct proto_ops l2cap_sock_ops = { 1225 .family = PF_BLUETOOTH, 1226 .owner = THIS_MODULE, 1227 .release = l2cap_sock_release, 1228 .bind = l2cap_sock_bind, 1229 .connect = l2cap_sock_connect, 1230 .listen = l2cap_sock_listen, 1231 .accept = l2cap_sock_accept, 1232 .getname = l2cap_sock_getname, 1233 .sendmsg = l2cap_sock_sendmsg, 1234 .recvmsg = l2cap_sock_recvmsg, 1235 .poll = bt_sock_poll, 1236 .ioctl = bt_sock_ioctl, 1237 .mmap = sock_no_mmap, 1238 .socketpair = sock_no_socketpair, 1239 .shutdown = l2cap_sock_shutdown, 1240 .setsockopt = l2cap_sock_setsockopt, 1241 .getsockopt = l2cap_sock_getsockopt 1242 }; 1243 1244 static const struct net_proto_family l2cap_sock_family_ops = { 1245 .family = PF_BLUETOOTH, 1246 .owner = THIS_MODULE, 1247 .create = l2cap_sock_create, 1248 }; 1249 1250 int __init l2cap_init_sockets(void) 1251 { 1252 int err; 1253 1254 err = proto_register(&l2cap_proto, 0); 1255 if (err < 0) 1256 return err; 1257 1258 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1259 if (err < 0) { 1260 BT_ERR("L2CAP socket registration failed"); 1261 goto error; 1262 } 1263 1264 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL); 1265 if (err < 0) { 1266 BT_ERR("Failed to create L2CAP proc file"); 1267 bt_sock_unregister(BTPROTO_L2CAP); 1268 goto error; 1269 } 1270 1271 BT_INFO("L2CAP socket layer initialized"); 1272 1273 return 0; 1274 1275 error: 1276 proto_unregister(&l2cap_proto); 1277 return err; 1278 } 1279 1280 void l2cap_cleanup_sockets(void) 1281 { 1282 bt_procfs_cleanup(&init_net, "l2cap"); 1283 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1284 BT_ERR("L2CAP socket unregistration failed"); 1285 1286 proto_unregister(&l2cap_proto); 1287 } 1288