1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 36 #include "smp.h" 37 38 static struct bt_sock_list l2cap_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 40 }; 41 42 static const struct proto_ops l2cap_sock_ops; 43 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 44 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 45 int proto, gfp_t prio); 46 47 bool l2cap_is_socket(struct socket *sock) 48 { 49 return sock && sock->ops == &l2cap_sock_ops; 50 } 51 EXPORT_SYMBOL(l2cap_is_socket); 52 53 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 54 { 55 struct sock *sk = sock->sk; 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 57 struct sockaddr_l2 la; 58 int len, err = 0; 59 60 BT_DBG("sk %p", sk); 61 62 if (!addr || addr->sa_family != AF_BLUETOOTH) 63 return -EINVAL; 64 65 memset(&la, 0, sizeof(la)); 66 len = min_t(unsigned int, sizeof(la), alen); 67 memcpy(&la, addr, len); 68 69 if (la.l2_cid && la.l2_psm) 70 return -EINVAL; 71 72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 73 return -EINVAL; 74 75 lock_sock(sk); 76 77 if (sk->sk_state != BT_OPEN) { 78 err = -EBADFD; 79 goto done; 80 } 81 82 if (la.l2_psm) { 83 __u16 psm = __le16_to_cpu(la.l2_psm); 84 85 /* PSM must be odd and lsb of upper byte must be 0 */ 86 if ((psm & 0x0101) != 0x0001) { 87 err = -EINVAL; 88 goto done; 89 } 90 91 /* Restrict usage of well-known PSMs */ 92 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 93 err = -EACCES; 94 goto done; 95 } 96 } 97 98 if (la.l2_cid) 99 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 100 else 101 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 102 103 if (err < 0) 104 goto done; 105 106 switch (chan->chan_type) { 107 case L2CAP_CHAN_CONN_LESS: 108 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 109 chan->sec_level = BT_SECURITY_SDP; 110 break; 111 case L2CAP_CHAN_CONN_ORIENTED: 112 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 113 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 114 chan->sec_level = BT_SECURITY_SDP; 115 break; 116 } 117 118 bacpy(&chan->src, &la.l2_bdaddr); 119 chan->src_type = la.l2_bdaddr_type; 120 121 chan->state = BT_BOUND; 122 sk->sk_state = BT_BOUND; 123 124 done: 125 release_sock(sk); 126 return err; 127 } 128 129 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 130 int alen, int flags) 131 { 132 struct sock *sk = sock->sk; 133 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 134 struct sockaddr_l2 la; 135 int len, err = 0; 136 137 BT_DBG("sk %p", sk); 138 139 if (!addr || alen < sizeof(addr->sa_family) || 140 addr->sa_family != AF_BLUETOOTH) 141 return -EINVAL; 142 143 memset(&la, 0, sizeof(la)); 144 len = min_t(unsigned int, sizeof(la), alen); 145 memcpy(&la, addr, len); 146 147 if (la.l2_cid && la.l2_psm) 148 return -EINVAL; 149 150 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 151 return -EINVAL; 152 153 if (chan->src_type == BDADDR_BREDR && la.l2_bdaddr_type != BDADDR_BREDR) 154 return -EINVAL; 155 156 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 157 return -EINVAL; 158 159 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 160 &la.l2_bdaddr, la.l2_bdaddr_type); 161 if (err) 162 return err; 163 164 lock_sock(sk); 165 166 err = bt_sock_wait_state(sk, BT_CONNECTED, 167 sock_sndtimeo(sk, flags & O_NONBLOCK)); 168 169 release_sock(sk); 170 171 return err; 172 } 173 174 static int l2cap_sock_listen(struct socket *sock, int backlog) 175 { 176 struct sock *sk = sock->sk; 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 178 int err = 0; 179 180 BT_DBG("sk %p backlog %d", sk, backlog); 181 182 lock_sock(sk); 183 184 if (sk->sk_state != BT_BOUND) { 185 err = -EBADFD; 186 goto done; 187 } 188 189 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 190 err = -EINVAL; 191 goto done; 192 } 193 194 switch (chan->mode) { 195 case L2CAP_MODE_BASIC: 196 break; 197 case L2CAP_MODE_ERTM: 198 case L2CAP_MODE_STREAMING: 199 if (!disable_ertm) 200 break; 201 /* fall through */ 202 default: 203 err = -ENOTSUPP; 204 goto done; 205 } 206 207 sk->sk_max_ack_backlog = backlog; 208 sk->sk_ack_backlog = 0; 209 210 chan->state = BT_LISTEN; 211 sk->sk_state = BT_LISTEN; 212 213 done: 214 release_sock(sk); 215 return err; 216 } 217 218 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 219 int flags) 220 { 221 DECLARE_WAITQUEUE(wait, current); 222 struct sock *sk = sock->sk, *nsk; 223 long timeo; 224 int err = 0; 225 226 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 227 228 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 229 230 BT_DBG("sk %p timeo %ld", sk, timeo); 231 232 /* Wait for an incoming connection. (wake-one). */ 233 add_wait_queue_exclusive(sk_sleep(sk), &wait); 234 while (1) { 235 set_current_state(TASK_INTERRUPTIBLE); 236 237 if (sk->sk_state != BT_LISTEN) { 238 err = -EBADFD; 239 break; 240 } 241 242 nsk = bt_accept_dequeue(sk, newsock); 243 if (nsk) 244 break; 245 246 if (!timeo) { 247 err = -EAGAIN; 248 break; 249 } 250 251 if (signal_pending(current)) { 252 err = sock_intr_errno(timeo); 253 break; 254 } 255 256 release_sock(sk); 257 timeo = schedule_timeout(timeo); 258 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 259 } 260 __set_current_state(TASK_RUNNING); 261 remove_wait_queue(sk_sleep(sk), &wait); 262 263 if (err) 264 goto done; 265 266 newsock->state = SS_CONNECTED; 267 268 BT_DBG("new socket %p", nsk); 269 270 done: 271 release_sock(sk); 272 return err; 273 } 274 275 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 276 int *len, int peer) 277 { 278 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 279 struct sock *sk = sock->sk; 280 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 281 282 BT_DBG("sock %p, sk %p", sock, sk); 283 284 memset(la, 0, sizeof(struct sockaddr_l2)); 285 addr->sa_family = AF_BLUETOOTH; 286 *len = sizeof(struct sockaddr_l2); 287 288 if (peer) { 289 la->l2_psm = chan->psm; 290 bacpy(&la->l2_bdaddr, &chan->dst); 291 la->l2_cid = cpu_to_le16(chan->dcid); 292 la->l2_bdaddr_type = chan->dst_type; 293 } else { 294 la->l2_psm = chan->sport; 295 bacpy(&la->l2_bdaddr, &chan->src); 296 la->l2_cid = cpu_to_le16(chan->scid); 297 la->l2_bdaddr_type = chan->src_type; 298 } 299 300 return 0; 301 } 302 303 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 304 char __user *optval, int __user *optlen) 305 { 306 struct sock *sk = sock->sk; 307 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 308 struct l2cap_options opts; 309 struct l2cap_conninfo cinfo; 310 int len, err = 0; 311 u32 opt; 312 313 BT_DBG("sk %p", sk); 314 315 if (get_user(len, optlen)) 316 return -EFAULT; 317 318 lock_sock(sk); 319 320 switch (optname) { 321 case L2CAP_OPTIONS: 322 memset(&opts, 0, sizeof(opts)); 323 opts.imtu = chan->imtu; 324 opts.omtu = chan->omtu; 325 opts.flush_to = chan->flush_to; 326 opts.mode = chan->mode; 327 opts.fcs = chan->fcs; 328 opts.max_tx = chan->max_tx; 329 opts.txwin_size = chan->tx_win; 330 331 len = min_t(unsigned int, len, sizeof(opts)); 332 if (copy_to_user(optval, (char *) &opts, len)) 333 err = -EFAULT; 334 335 break; 336 337 case L2CAP_LM: 338 switch (chan->sec_level) { 339 case BT_SECURITY_LOW: 340 opt = L2CAP_LM_AUTH; 341 break; 342 case BT_SECURITY_MEDIUM: 343 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 344 break; 345 case BT_SECURITY_HIGH: 346 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 347 L2CAP_LM_SECURE; 348 break; 349 default: 350 opt = 0; 351 break; 352 } 353 354 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 355 opt |= L2CAP_LM_MASTER; 356 357 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 358 opt |= L2CAP_LM_RELIABLE; 359 360 if (put_user(opt, (u32 __user *) optval)) 361 err = -EFAULT; 362 break; 363 364 case L2CAP_CONNINFO: 365 if (sk->sk_state != BT_CONNECTED && 366 !(sk->sk_state == BT_CONNECT2 && 367 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 368 err = -ENOTCONN; 369 break; 370 } 371 372 memset(&cinfo, 0, sizeof(cinfo)); 373 cinfo.hci_handle = chan->conn->hcon->handle; 374 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 375 376 len = min_t(unsigned int, len, sizeof(cinfo)); 377 if (copy_to_user(optval, (char *) &cinfo, len)) 378 err = -EFAULT; 379 380 break; 381 382 default: 383 err = -ENOPROTOOPT; 384 break; 385 } 386 387 release_sock(sk); 388 return err; 389 } 390 391 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 392 char __user *optval, int __user *optlen) 393 { 394 struct sock *sk = sock->sk; 395 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 396 struct bt_security sec; 397 struct bt_power pwr; 398 int len, err = 0; 399 400 BT_DBG("sk %p", sk); 401 402 if (level == SOL_L2CAP) 403 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 404 405 if (level != SOL_BLUETOOTH) 406 return -ENOPROTOOPT; 407 408 if (get_user(len, optlen)) 409 return -EFAULT; 410 411 lock_sock(sk); 412 413 switch (optname) { 414 case BT_SECURITY: 415 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 416 chan->chan_type != L2CAP_CHAN_RAW) { 417 err = -EINVAL; 418 break; 419 } 420 421 memset(&sec, 0, sizeof(sec)); 422 if (chan->conn) { 423 sec.level = chan->conn->hcon->sec_level; 424 425 if (sk->sk_state == BT_CONNECTED) 426 sec.key_size = chan->conn->hcon->enc_key_size; 427 } else { 428 sec.level = chan->sec_level; 429 } 430 431 len = min_t(unsigned int, len, sizeof(sec)); 432 if (copy_to_user(optval, (char *) &sec, len)) 433 err = -EFAULT; 434 435 break; 436 437 case BT_DEFER_SETUP: 438 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 439 err = -EINVAL; 440 break; 441 } 442 443 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 444 (u32 __user *) optval)) 445 err = -EFAULT; 446 447 break; 448 449 case BT_FLUSHABLE: 450 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 451 (u32 __user *) optval)) 452 err = -EFAULT; 453 454 break; 455 456 case BT_POWER: 457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 458 && sk->sk_type != SOCK_RAW) { 459 err = -EINVAL; 460 break; 461 } 462 463 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 464 465 len = min_t(unsigned int, len, sizeof(pwr)); 466 if (copy_to_user(optval, (char *) &pwr, len)) 467 err = -EFAULT; 468 469 break; 470 471 case BT_CHANNEL_POLICY: 472 if (put_user(chan->chan_policy, (u32 __user *) optval)) 473 err = -EFAULT; 474 break; 475 476 default: 477 err = -ENOPROTOOPT; 478 break; 479 } 480 481 release_sock(sk); 482 return err; 483 } 484 485 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 486 { 487 switch (chan->scid) { 488 case L2CAP_CID_ATT: 489 if (mtu < L2CAP_LE_MIN_MTU) 490 return false; 491 break; 492 493 default: 494 if (mtu < L2CAP_DEFAULT_MIN_MTU) 495 return false; 496 } 497 498 return true; 499 } 500 501 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 502 char __user *optval, unsigned int optlen) 503 { 504 struct sock *sk = sock->sk; 505 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 506 struct l2cap_options opts; 507 int len, err = 0; 508 u32 opt; 509 510 BT_DBG("sk %p", sk); 511 512 lock_sock(sk); 513 514 switch (optname) { 515 case L2CAP_OPTIONS: 516 if (sk->sk_state == BT_CONNECTED) { 517 err = -EINVAL; 518 break; 519 } 520 521 opts.imtu = chan->imtu; 522 opts.omtu = chan->omtu; 523 opts.flush_to = chan->flush_to; 524 opts.mode = chan->mode; 525 opts.fcs = chan->fcs; 526 opts.max_tx = chan->max_tx; 527 opts.txwin_size = chan->tx_win; 528 529 len = min_t(unsigned int, sizeof(opts), optlen); 530 if (copy_from_user((char *) &opts, optval, len)) { 531 err = -EFAULT; 532 break; 533 } 534 535 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 536 err = -EINVAL; 537 break; 538 } 539 540 if (!l2cap_valid_mtu(chan, opts.imtu)) { 541 err = -EINVAL; 542 break; 543 } 544 545 chan->mode = opts.mode; 546 switch (chan->mode) { 547 case L2CAP_MODE_BASIC: 548 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 549 break; 550 case L2CAP_MODE_ERTM: 551 case L2CAP_MODE_STREAMING: 552 if (!disable_ertm) 553 break; 554 /* fall through */ 555 default: 556 err = -EINVAL; 557 break; 558 } 559 560 chan->imtu = opts.imtu; 561 chan->omtu = opts.omtu; 562 chan->fcs = opts.fcs; 563 chan->max_tx = opts.max_tx; 564 chan->tx_win = opts.txwin_size; 565 chan->flush_to = opts.flush_to; 566 break; 567 568 case L2CAP_LM: 569 if (get_user(opt, (u32 __user *) optval)) { 570 err = -EFAULT; 571 break; 572 } 573 574 if (opt & L2CAP_LM_AUTH) 575 chan->sec_level = BT_SECURITY_LOW; 576 if (opt & L2CAP_LM_ENCRYPT) 577 chan->sec_level = BT_SECURITY_MEDIUM; 578 if (opt & L2CAP_LM_SECURE) 579 chan->sec_level = BT_SECURITY_HIGH; 580 581 if (opt & L2CAP_LM_MASTER) 582 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 583 else 584 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 585 586 if (opt & L2CAP_LM_RELIABLE) 587 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 588 else 589 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 590 break; 591 592 default: 593 err = -ENOPROTOOPT; 594 break; 595 } 596 597 release_sock(sk); 598 return err; 599 } 600 601 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 602 char __user *optval, unsigned int optlen) 603 { 604 struct sock *sk = sock->sk; 605 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 606 struct bt_security sec; 607 struct bt_power pwr; 608 struct l2cap_conn *conn; 609 int len, err = 0; 610 u32 opt; 611 612 BT_DBG("sk %p", sk); 613 614 if (level == SOL_L2CAP) 615 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 616 617 if (level != SOL_BLUETOOTH) 618 return -ENOPROTOOPT; 619 620 lock_sock(sk); 621 622 switch (optname) { 623 case BT_SECURITY: 624 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 625 chan->chan_type != L2CAP_CHAN_RAW) { 626 err = -EINVAL; 627 break; 628 } 629 630 sec.level = BT_SECURITY_LOW; 631 632 len = min_t(unsigned int, sizeof(sec), optlen); 633 if (copy_from_user((char *) &sec, optval, len)) { 634 err = -EFAULT; 635 break; 636 } 637 638 if (sec.level < BT_SECURITY_LOW || 639 sec.level > BT_SECURITY_HIGH) { 640 err = -EINVAL; 641 break; 642 } 643 644 chan->sec_level = sec.level; 645 646 if (!chan->conn) 647 break; 648 649 conn = chan->conn; 650 651 /*change security for LE channels */ 652 if (chan->scid == L2CAP_CID_ATT) { 653 if (!conn->hcon->out) { 654 err = -EINVAL; 655 break; 656 } 657 658 if (smp_conn_security(conn->hcon, sec.level)) 659 break; 660 sk->sk_state = BT_CONFIG; 661 chan->state = BT_CONFIG; 662 663 /* or for ACL link */ 664 } else if ((sk->sk_state == BT_CONNECT2 && 665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 666 sk->sk_state == BT_CONNECTED) { 667 if (!l2cap_chan_check_security(chan)) 668 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 669 else 670 sk->sk_state_change(sk); 671 } else { 672 err = -EINVAL; 673 } 674 break; 675 676 case BT_DEFER_SETUP: 677 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 678 err = -EINVAL; 679 break; 680 } 681 682 if (get_user(opt, (u32 __user *) optval)) { 683 err = -EFAULT; 684 break; 685 } 686 687 if (opt) { 688 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 689 set_bit(FLAG_DEFER_SETUP, &chan->flags); 690 } else { 691 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 692 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 693 } 694 break; 695 696 case BT_FLUSHABLE: 697 if (get_user(opt, (u32 __user *) optval)) { 698 err = -EFAULT; 699 break; 700 } 701 702 if (opt > BT_FLUSHABLE_ON) { 703 err = -EINVAL; 704 break; 705 } 706 707 if (opt == BT_FLUSHABLE_OFF) { 708 conn = chan->conn; 709 /* proceed further only when we have l2cap_conn and 710 No Flush support in the LM */ 711 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 712 err = -EINVAL; 713 break; 714 } 715 } 716 717 if (opt) 718 set_bit(FLAG_FLUSHABLE, &chan->flags); 719 else 720 clear_bit(FLAG_FLUSHABLE, &chan->flags); 721 break; 722 723 case BT_POWER: 724 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 725 chan->chan_type != L2CAP_CHAN_RAW) { 726 err = -EINVAL; 727 break; 728 } 729 730 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 731 732 len = min_t(unsigned int, sizeof(pwr), optlen); 733 if (copy_from_user((char *) &pwr, optval, len)) { 734 err = -EFAULT; 735 break; 736 } 737 738 if (pwr.force_active) 739 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 740 else 741 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 742 break; 743 744 case BT_CHANNEL_POLICY: 745 if (get_user(opt, (u32 __user *) optval)) { 746 err = -EFAULT; 747 break; 748 } 749 750 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 751 err = -EINVAL; 752 break; 753 } 754 755 if (chan->mode != L2CAP_MODE_ERTM && 756 chan->mode != L2CAP_MODE_STREAMING) { 757 err = -EOPNOTSUPP; 758 break; 759 } 760 761 chan->chan_policy = (u8) opt; 762 763 if (sk->sk_state == BT_CONNECTED && 764 chan->move_role == L2CAP_MOVE_ROLE_NONE) 765 l2cap_move_start(chan); 766 767 break; 768 769 default: 770 err = -ENOPROTOOPT; 771 break; 772 } 773 774 release_sock(sk); 775 return err; 776 } 777 778 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 779 struct msghdr *msg, size_t len) 780 { 781 struct sock *sk = sock->sk; 782 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 783 int err; 784 785 BT_DBG("sock %p, sk %p", sock, sk); 786 787 err = sock_error(sk); 788 if (err) 789 return err; 790 791 if (msg->msg_flags & MSG_OOB) 792 return -EOPNOTSUPP; 793 794 if (sk->sk_state != BT_CONNECTED) 795 return -ENOTCONN; 796 797 lock_sock(sk); 798 err = bt_sock_wait_ready(sk, msg->msg_flags); 799 release_sock(sk); 800 if (err) 801 return err; 802 803 l2cap_chan_lock(chan); 804 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 805 l2cap_chan_unlock(chan); 806 807 return err; 808 } 809 810 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 811 struct msghdr *msg, size_t len, int flags) 812 { 813 struct sock *sk = sock->sk; 814 struct l2cap_pinfo *pi = l2cap_pi(sk); 815 int err; 816 817 lock_sock(sk); 818 819 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 820 &bt_sk(sk)->flags)) { 821 sk->sk_state = BT_CONFIG; 822 pi->chan->state = BT_CONFIG; 823 824 __l2cap_connect_rsp_defer(pi->chan); 825 err = 0; 826 goto done; 827 } 828 829 release_sock(sk); 830 831 if (sock->type == SOCK_STREAM) 832 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 833 else 834 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 835 836 if (pi->chan->mode != L2CAP_MODE_ERTM) 837 return err; 838 839 /* Attempt to put pending rx data in the socket buffer */ 840 841 lock_sock(sk); 842 843 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 844 goto done; 845 846 if (pi->rx_busy_skb) { 847 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 848 pi->rx_busy_skb = NULL; 849 else 850 goto done; 851 } 852 853 /* Restore data flow when half of the receive buffer is 854 * available. This avoids resending large numbers of 855 * frames. 856 */ 857 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 858 l2cap_chan_busy(pi->chan, 0); 859 860 done: 861 release_sock(sk); 862 return err; 863 } 864 865 /* Kill socket (only if zapped and orphan) 866 * Must be called on unlocked socket. 867 */ 868 static void l2cap_sock_kill(struct sock *sk) 869 { 870 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 871 return; 872 873 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 874 875 /* Kill poor orphan */ 876 877 l2cap_chan_put(l2cap_pi(sk)->chan); 878 sock_set_flag(sk, SOCK_DEAD); 879 sock_put(sk); 880 } 881 882 static int l2cap_sock_shutdown(struct socket *sock, int how) 883 { 884 struct sock *sk = sock->sk; 885 struct l2cap_chan *chan; 886 struct l2cap_conn *conn; 887 int err = 0; 888 889 BT_DBG("sock %p, sk %p", sock, sk); 890 891 if (!sk) 892 return 0; 893 894 chan = l2cap_pi(sk)->chan; 895 conn = chan->conn; 896 897 if (conn) 898 mutex_lock(&conn->chan_lock); 899 900 l2cap_chan_lock(chan); 901 lock_sock(sk); 902 903 if (!sk->sk_shutdown) { 904 if (chan->mode == L2CAP_MODE_ERTM) 905 err = __l2cap_wait_ack(sk); 906 907 sk->sk_shutdown = SHUTDOWN_MASK; 908 909 release_sock(sk); 910 l2cap_chan_close(chan, 0); 911 lock_sock(sk); 912 913 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 914 err = bt_sock_wait_state(sk, BT_CLOSED, 915 sk->sk_lingertime); 916 } 917 918 if (!err && sk->sk_err) 919 err = -sk->sk_err; 920 921 release_sock(sk); 922 l2cap_chan_unlock(chan); 923 924 if (conn) 925 mutex_unlock(&conn->chan_lock); 926 927 return err; 928 } 929 930 static int l2cap_sock_release(struct socket *sock) 931 { 932 struct sock *sk = sock->sk; 933 int err; 934 935 BT_DBG("sock %p, sk %p", sock, sk); 936 937 if (!sk) 938 return 0; 939 940 bt_sock_unlink(&l2cap_sk_list, sk); 941 942 err = l2cap_sock_shutdown(sock, 2); 943 944 sock_orphan(sk); 945 l2cap_sock_kill(sk); 946 return err; 947 } 948 949 static void l2cap_sock_cleanup_listen(struct sock *parent) 950 { 951 struct sock *sk; 952 953 BT_DBG("parent %p", parent); 954 955 /* Close not yet accepted channels */ 956 while ((sk = bt_accept_dequeue(parent, NULL))) { 957 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 958 959 l2cap_chan_lock(chan); 960 __clear_chan_timer(chan); 961 l2cap_chan_close(chan, ECONNRESET); 962 l2cap_chan_unlock(chan); 963 964 l2cap_sock_kill(sk); 965 } 966 } 967 968 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 969 { 970 struct sock *sk, *parent = chan->data; 971 972 /* Check for backlog size */ 973 if (sk_acceptq_is_full(parent)) { 974 BT_DBG("backlog full %d", parent->sk_ack_backlog); 975 return NULL; 976 } 977 978 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 979 GFP_ATOMIC); 980 if (!sk) 981 return NULL; 982 983 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 984 985 l2cap_sock_init(sk, parent); 986 987 bt_accept_enqueue(parent, sk); 988 989 return l2cap_pi(sk)->chan; 990 } 991 992 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 993 { 994 struct sock *sk = chan->data; 995 int err; 996 997 lock_sock(sk); 998 999 if (l2cap_pi(sk)->rx_busy_skb) { 1000 err = -ENOMEM; 1001 goto done; 1002 } 1003 1004 err = sock_queue_rcv_skb(sk, skb); 1005 1006 /* For ERTM, handle one skb that doesn't fit into the recv 1007 * buffer. This is important to do because the data frames 1008 * have already been acked, so the skb cannot be discarded. 1009 * 1010 * Notify the l2cap core that the buffer is full, so the 1011 * LOCAL_BUSY state is entered and no more frames are 1012 * acked and reassembled until there is buffer space 1013 * available. 1014 */ 1015 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1016 l2cap_pi(sk)->rx_busy_skb = skb; 1017 l2cap_chan_busy(chan, 1); 1018 err = 0; 1019 } 1020 1021 done: 1022 release_sock(sk); 1023 1024 return err; 1025 } 1026 1027 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1028 { 1029 struct sock *sk = chan->data; 1030 1031 l2cap_sock_kill(sk); 1032 } 1033 1034 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1035 { 1036 struct sock *sk = chan->data; 1037 struct sock *parent; 1038 1039 lock_sock(sk); 1040 1041 parent = bt_sk(sk)->parent; 1042 1043 sock_set_flag(sk, SOCK_ZAPPED); 1044 1045 switch (chan->state) { 1046 case BT_OPEN: 1047 case BT_BOUND: 1048 case BT_CLOSED: 1049 break; 1050 case BT_LISTEN: 1051 l2cap_sock_cleanup_listen(sk); 1052 sk->sk_state = BT_CLOSED; 1053 chan->state = BT_CLOSED; 1054 1055 break; 1056 default: 1057 sk->sk_state = BT_CLOSED; 1058 chan->state = BT_CLOSED; 1059 1060 sk->sk_err = err; 1061 1062 if (parent) { 1063 bt_accept_unlink(sk); 1064 parent->sk_data_ready(parent, 0); 1065 } else { 1066 sk->sk_state_change(sk); 1067 } 1068 1069 break; 1070 } 1071 1072 release_sock(sk); 1073 } 1074 1075 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1076 int err) 1077 { 1078 struct sock *sk = chan->data; 1079 1080 sk->sk_state = state; 1081 1082 if (err) 1083 sk->sk_err = err; 1084 } 1085 1086 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1087 unsigned long len, int nb) 1088 { 1089 struct sk_buff *skb; 1090 int err; 1091 1092 l2cap_chan_unlock(chan); 1093 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1094 l2cap_chan_lock(chan); 1095 1096 if (!skb) 1097 return ERR_PTR(err); 1098 1099 return skb; 1100 } 1101 1102 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1103 { 1104 struct sock *sk = chan->data; 1105 struct sock *parent; 1106 1107 lock_sock(sk); 1108 1109 parent = bt_sk(sk)->parent; 1110 1111 BT_DBG("sk %p, parent %p", sk, parent); 1112 1113 sk->sk_state = BT_CONNECTED; 1114 sk->sk_state_change(sk); 1115 1116 if (parent) 1117 parent->sk_data_ready(parent, 0); 1118 1119 release_sock(sk); 1120 } 1121 1122 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1123 { 1124 struct sock *sk = chan->data; 1125 struct sock *parent = bt_sk(sk)->parent; 1126 1127 if (parent) 1128 parent->sk_data_ready(parent, 0); 1129 } 1130 1131 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1132 { 1133 struct sock *sk = chan->data; 1134 1135 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1136 sk->sk_state_change(sk); 1137 } 1138 1139 static struct l2cap_ops l2cap_chan_ops = { 1140 .name = "L2CAP Socket Interface", 1141 .new_connection = l2cap_sock_new_connection_cb, 1142 .recv = l2cap_sock_recv_cb, 1143 .close = l2cap_sock_close_cb, 1144 .teardown = l2cap_sock_teardown_cb, 1145 .state_change = l2cap_sock_state_change_cb, 1146 .ready = l2cap_sock_ready_cb, 1147 .defer = l2cap_sock_defer_cb, 1148 .resume = l2cap_sock_resume_cb, 1149 .alloc_skb = l2cap_sock_alloc_skb_cb, 1150 }; 1151 1152 static void l2cap_sock_destruct(struct sock *sk) 1153 { 1154 BT_DBG("sk %p", sk); 1155 1156 if (l2cap_pi(sk)->chan) 1157 l2cap_chan_put(l2cap_pi(sk)->chan); 1158 1159 if (l2cap_pi(sk)->rx_busy_skb) { 1160 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1161 l2cap_pi(sk)->rx_busy_skb = NULL; 1162 } 1163 1164 skb_queue_purge(&sk->sk_receive_queue); 1165 skb_queue_purge(&sk->sk_write_queue); 1166 } 1167 1168 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1169 int *msg_namelen) 1170 { 1171 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name; 1172 1173 memset(la, 0, sizeof(struct sockaddr_l2)); 1174 la->l2_family = AF_BLUETOOTH; 1175 la->l2_psm = bt_cb(skb)->psm; 1176 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1177 1178 *msg_namelen = sizeof(struct sockaddr_l2); 1179 } 1180 1181 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1182 { 1183 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1184 1185 BT_DBG("sk %p", sk); 1186 1187 if (parent) { 1188 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1189 1190 sk->sk_type = parent->sk_type; 1191 bt_sk(sk)->flags = bt_sk(parent)->flags; 1192 1193 chan->chan_type = pchan->chan_type; 1194 chan->imtu = pchan->imtu; 1195 chan->omtu = pchan->omtu; 1196 chan->conf_state = pchan->conf_state; 1197 chan->mode = pchan->mode; 1198 chan->fcs = pchan->fcs; 1199 chan->max_tx = pchan->max_tx; 1200 chan->tx_win = pchan->tx_win; 1201 chan->tx_win_max = pchan->tx_win_max; 1202 chan->sec_level = pchan->sec_level; 1203 chan->flags = pchan->flags; 1204 1205 security_sk_clone(parent, sk); 1206 } else { 1207 switch (sk->sk_type) { 1208 case SOCK_RAW: 1209 chan->chan_type = L2CAP_CHAN_RAW; 1210 break; 1211 case SOCK_DGRAM: 1212 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1213 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1214 break; 1215 case SOCK_SEQPACKET: 1216 case SOCK_STREAM: 1217 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1218 break; 1219 } 1220 1221 chan->imtu = L2CAP_DEFAULT_MTU; 1222 chan->omtu = 0; 1223 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1224 chan->mode = L2CAP_MODE_ERTM; 1225 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1226 } else { 1227 chan->mode = L2CAP_MODE_BASIC; 1228 } 1229 1230 l2cap_chan_set_defaults(chan); 1231 } 1232 1233 /* Default config options */ 1234 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1235 1236 chan->data = sk; 1237 chan->ops = &l2cap_chan_ops; 1238 } 1239 1240 static struct proto l2cap_proto = { 1241 .name = "L2CAP", 1242 .owner = THIS_MODULE, 1243 .obj_size = sizeof(struct l2cap_pinfo) 1244 }; 1245 1246 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1247 int proto, gfp_t prio) 1248 { 1249 struct sock *sk; 1250 struct l2cap_chan *chan; 1251 1252 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1253 if (!sk) 1254 return NULL; 1255 1256 sock_init_data(sock, sk); 1257 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1258 1259 sk->sk_destruct = l2cap_sock_destruct; 1260 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1261 1262 sock_reset_flag(sk, SOCK_ZAPPED); 1263 1264 sk->sk_protocol = proto; 1265 sk->sk_state = BT_OPEN; 1266 1267 chan = l2cap_chan_create(); 1268 if (!chan) { 1269 sk_free(sk); 1270 return NULL; 1271 } 1272 1273 l2cap_chan_hold(chan); 1274 1275 chan->sk = sk; 1276 1277 l2cap_pi(sk)->chan = chan; 1278 1279 return sk; 1280 } 1281 1282 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1283 int kern) 1284 { 1285 struct sock *sk; 1286 1287 BT_DBG("sock %p", sock); 1288 1289 sock->state = SS_UNCONNECTED; 1290 1291 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1292 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1293 return -ESOCKTNOSUPPORT; 1294 1295 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1296 return -EPERM; 1297 1298 sock->ops = &l2cap_sock_ops; 1299 1300 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1301 if (!sk) 1302 return -ENOMEM; 1303 1304 l2cap_sock_init(sk, NULL); 1305 bt_sock_link(&l2cap_sk_list, sk); 1306 return 0; 1307 } 1308 1309 static const struct proto_ops l2cap_sock_ops = { 1310 .family = PF_BLUETOOTH, 1311 .owner = THIS_MODULE, 1312 .release = l2cap_sock_release, 1313 .bind = l2cap_sock_bind, 1314 .connect = l2cap_sock_connect, 1315 .listen = l2cap_sock_listen, 1316 .accept = l2cap_sock_accept, 1317 .getname = l2cap_sock_getname, 1318 .sendmsg = l2cap_sock_sendmsg, 1319 .recvmsg = l2cap_sock_recvmsg, 1320 .poll = bt_sock_poll, 1321 .ioctl = bt_sock_ioctl, 1322 .mmap = sock_no_mmap, 1323 .socketpair = sock_no_socketpair, 1324 .shutdown = l2cap_sock_shutdown, 1325 .setsockopt = l2cap_sock_setsockopt, 1326 .getsockopt = l2cap_sock_getsockopt 1327 }; 1328 1329 static const struct net_proto_family l2cap_sock_family_ops = { 1330 .family = PF_BLUETOOTH, 1331 .owner = THIS_MODULE, 1332 .create = l2cap_sock_create, 1333 }; 1334 1335 int __init l2cap_init_sockets(void) 1336 { 1337 int err; 1338 1339 err = proto_register(&l2cap_proto, 0); 1340 if (err < 0) 1341 return err; 1342 1343 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1344 if (err < 0) { 1345 BT_ERR("L2CAP socket registration failed"); 1346 goto error; 1347 } 1348 1349 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1350 NULL); 1351 if (err < 0) { 1352 BT_ERR("Failed to create L2CAP proc file"); 1353 bt_sock_unregister(BTPROTO_L2CAP); 1354 goto error; 1355 } 1356 1357 BT_INFO("L2CAP socket layer initialized"); 1358 1359 return 0; 1360 1361 error: 1362 proto_unregister(&l2cap_proto); 1363 return err; 1364 } 1365 1366 void l2cap_cleanup_sockets(void) 1367 { 1368 bt_procfs_cleanup(&init_net, "l2cap"); 1369 bt_sock_unregister(BTPROTO_L2CAP); 1370 proto_unregister(&l2cap_proto); 1371 } 1372