1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* Bluetooth L2CAP sockets. */ 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/l2cap.h> 32 33 static const struct proto_ops l2cap_sock_ops; 34 35 /* ---- L2CAP timers ---- */ 36 static void l2cap_sock_timeout(unsigned long arg) 37 { 38 struct sock *sk = (struct sock *) arg; 39 int reason; 40 41 BT_DBG("sock %p state %d", sk, sk->sk_state); 42 43 bh_lock_sock(sk); 44 45 if (sock_owned_by_user(sk)) { 46 /* sk is owned by user. Try again later */ 47 l2cap_sock_set_timer(sk, HZ / 5); 48 bh_unlock_sock(sk); 49 sock_put(sk); 50 return; 51 } 52 53 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 54 reason = ECONNREFUSED; 55 else if (sk->sk_state == BT_CONNECT && 56 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP) 57 reason = ECONNREFUSED; 58 else 59 reason = ETIMEDOUT; 60 61 __l2cap_chan_close(l2cap_pi(sk)->chan, reason); 62 63 bh_unlock_sock(sk); 64 65 l2cap_sock_kill(sk); 66 sock_put(sk); 67 } 68 69 void l2cap_sock_set_timer(struct sock *sk, long timeout) 70 { 71 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); 72 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 73 } 74 75 void l2cap_sock_clear_timer(struct sock *sk) 76 { 77 BT_DBG("sock %p state %d", sk, sk->sk_state); 78 sk_stop_timer(sk, &sk->sk_timer); 79 } 80 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82 { 83 struct sock *sk = sock->sk; 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 struct sockaddr_l2 la; 86 int len, err = 0; 87 88 BT_DBG("sk %p", sk); 89 90 if (!addr || addr->sa_family != AF_BLUETOOTH) 91 return -EINVAL; 92 93 memset(&la, 0, sizeof(la)); 94 len = min_t(unsigned int, sizeof(la), alen); 95 memcpy(&la, addr, len); 96 97 if (la.l2_cid && la.l2_psm) 98 return -EINVAL; 99 100 lock_sock(sk); 101 102 if (sk->sk_state != BT_OPEN) { 103 err = -EBADFD; 104 goto done; 105 } 106 107 if (la.l2_psm) { 108 __u16 psm = __le16_to_cpu(la.l2_psm); 109 110 /* PSM must be odd and lsb of upper byte must be 0 */ 111 if ((psm & 0x0101) != 0x0001) { 112 err = -EINVAL; 113 goto done; 114 } 115 116 /* Restrict usage of well-known PSMs */ 117 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 118 err = -EACCES; 119 goto done; 120 } 121 } 122 123 if (la.l2_cid) 124 err = l2cap_add_scid(chan, la.l2_cid); 125 else 126 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 127 128 if (err < 0) 129 goto done; 130 131 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 132 __le16_to_cpu(la.l2_psm) == 0x0003) 133 chan->sec_level = BT_SECURITY_SDP; 134 135 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 136 sk->sk_state = BT_BOUND; 137 138 done: 139 release_sock(sk); 140 return err; 141 } 142 143 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 144 { 145 struct sock *sk = sock->sk; 146 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 147 struct sockaddr_l2 la; 148 int len, err = 0; 149 150 BT_DBG("sk %p", sk); 151 152 if (!addr || alen < sizeof(addr->sa_family) || 153 addr->sa_family != AF_BLUETOOTH) 154 return -EINVAL; 155 156 memset(&la, 0, sizeof(la)); 157 len = min_t(unsigned int, sizeof(la), alen); 158 memcpy(&la, addr, len); 159 160 if (la.l2_cid && la.l2_psm) 161 return -EINVAL; 162 163 lock_sock(sk); 164 165 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED 166 && !(la.l2_psm || la.l2_cid)) { 167 err = -EINVAL; 168 goto done; 169 } 170 171 switch (chan->mode) { 172 case L2CAP_MODE_BASIC: 173 break; 174 case L2CAP_MODE_ERTM: 175 case L2CAP_MODE_STREAMING: 176 if (!disable_ertm) 177 break; 178 /* fall through */ 179 default: 180 err = -ENOTSUPP; 181 goto done; 182 } 183 184 switch (sk->sk_state) { 185 case BT_CONNECT: 186 case BT_CONNECT2: 187 case BT_CONFIG: 188 /* Already connecting */ 189 goto wait; 190 191 case BT_CONNECTED: 192 /* Already connected */ 193 err = -EISCONN; 194 goto done; 195 196 case BT_OPEN: 197 case BT_BOUND: 198 /* Can connect */ 199 break; 200 201 default: 202 err = -EBADFD; 203 goto done; 204 } 205 206 /* PSM must be odd and lsb of upper byte must be 0 */ 207 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid && 208 chan->chan_type != L2CAP_CHAN_RAW) { 209 err = -EINVAL; 210 goto done; 211 } 212 213 /* Set destination address and psm */ 214 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 215 chan->psm = la.l2_psm; 216 chan->dcid = la.l2_cid; 217 218 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 219 if (err) 220 goto done; 221 222 wait: 223 err = bt_sock_wait_state(sk, BT_CONNECTED, 224 sock_sndtimeo(sk, flags & O_NONBLOCK)); 225 done: 226 release_sock(sk); 227 return err; 228 } 229 230 static int l2cap_sock_listen(struct socket *sock, int backlog) 231 { 232 struct sock *sk = sock->sk; 233 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 234 int err = 0; 235 236 BT_DBG("sk %p backlog %d", sk, backlog); 237 238 lock_sock(sk); 239 240 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 241 || sk->sk_state != BT_BOUND) { 242 err = -EBADFD; 243 goto done; 244 } 245 246 switch (chan->mode) { 247 case L2CAP_MODE_BASIC: 248 break; 249 case L2CAP_MODE_ERTM: 250 case L2CAP_MODE_STREAMING: 251 if (!disable_ertm) 252 break; 253 /* fall through */ 254 default: 255 err = -ENOTSUPP; 256 goto done; 257 } 258 259 sk->sk_max_ack_backlog = backlog; 260 sk->sk_ack_backlog = 0; 261 sk->sk_state = BT_LISTEN; 262 263 done: 264 release_sock(sk); 265 return err; 266 } 267 268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 269 { 270 DECLARE_WAITQUEUE(wait, current); 271 struct sock *sk = sock->sk, *nsk; 272 long timeo; 273 int err = 0; 274 275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 276 277 if (sk->sk_state != BT_LISTEN) { 278 err = -EBADFD; 279 goto done; 280 } 281 282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 283 284 BT_DBG("sk %p timeo %ld", sk, timeo); 285 286 /* Wait for an incoming connection. (wake-one). */ 287 add_wait_queue_exclusive(sk_sleep(sk), &wait); 288 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 289 set_current_state(TASK_INTERRUPTIBLE); 290 if (!timeo) { 291 err = -EAGAIN; 292 break; 293 } 294 295 release_sock(sk); 296 timeo = schedule_timeout(timeo); 297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 298 299 if (sk->sk_state != BT_LISTEN) { 300 err = -EBADFD; 301 break; 302 } 303 304 if (signal_pending(current)) { 305 err = sock_intr_errno(timeo); 306 break; 307 } 308 } 309 set_current_state(TASK_RUNNING); 310 remove_wait_queue(sk_sleep(sk), &wait); 311 312 if (err) 313 goto done; 314 315 newsock->state = SS_CONNECTED; 316 317 BT_DBG("new socket %p", nsk); 318 319 done: 320 release_sock(sk); 321 return err; 322 } 323 324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 325 { 326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 327 struct sock *sk = sock->sk; 328 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 329 330 BT_DBG("sock %p, sk %p", sock, sk); 331 332 addr->sa_family = AF_BLUETOOTH; 333 *len = sizeof(struct sockaddr_l2); 334 335 if (peer) { 336 la->l2_psm = chan->psm; 337 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 338 la->l2_cid = cpu_to_le16(chan->dcid); 339 } else { 340 la->l2_psm = chan->sport; 341 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 342 la->l2_cid = cpu_to_le16(chan->scid); 343 } 344 345 return 0; 346 } 347 348 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 349 { 350 struct sock *sk = sock->sk; 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 352 struct l2cap_options opts; 353 struct l2cap_conninfo cinfo; 354 int len, err = 0; 355 u32 opt; 356 357 BT_DBG("sk %p", sk); 358 359 if (get_user(len, optlen)) 360 return -EFAULT; 361 362 lock_sock(sk); 363 364 switch (optname) { 365 case L2CAP_OPTIONS: 366 memset(&opts, 0, sizeof(opts)); 367 opts.imtu = chan->imtu; 368 opts.omtu = chan->omtu; 369 opts.flush_to = chan->flush_to; 370 opts.mode = chan->mode; 371 opts.fcs = chan->fcs; 372 opts.max_tx = chan->max_tx; 373 opts.txwin_size = (__u16)chan->tx_win; 374 375 len = min_t(unsigned int, len, sizeof(opts)); 376 if (copy_to_user(optval, (char *) &opts, len)) 377 err = -EFAULT; 378 379 break; 380 381 case L2CAP_LM: 382 switch (chan->sec_level) { 383 case BT_SECURITY_LOW: 384 opt = L2CAP_LM_AUTH; 385 break; 386 case BT_SECURITY_MEDIUM: 387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 388 break; 389 case BT_SECURITY_HIGH: 390 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 391 L2CAP_LM_SECURE; 392 break; 393 default: 394 opt = 0; 395 break; 396 } 397 398 if (chan->role_switch) 399 opt |= L2CAP_LM_MASTER; 400 401 if (chan->force_reliable) 402 opt |= L2CAP_LM_RELIABLE; 403 404 if (put_user(opt, (u32 __user *) optval)) 405 err = -EFAULT; 406 break; 407 408 case L2CAP_CONNINFO: 409 if (sk->sk_state != BT_CONNECTED && 410 !(sk->sk_state == BT_CONNECT2 && 411 bt_sk(sk)->defer_setup)) { 412 err = -ENOTCONN; 413 break; 414 } 415 416 cinfo.hci_handle = chan->conn->hcon->handle; 417 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 418 419 len = min_t(unsigned int, len, sizeof(cinfo)); 420 if (copy_to_user(optval, (char *) &cinfo, len)) 421 err = -EFAULT; 422 423 break; 424 425 default: 426 err = -ENOPROTOOPT; 427 break; 428 } 429 430 release_sock(sk); 431 return err; 432 } 433 434 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 435 { 436 struct sock *sk = sock->sk; 437 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 438 struct bt_security sec; 439 int len, err = 0; 440 441 BT_DBG("sk %p", sk); 442 443 if (level == SOL_L2CAP) 444 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 445 446 if (level != SOL_BLUETOOTH) 447 return -ENOPROTOOPT; 448 449 if (get_user(len, optlen)) 450 return -EFAULT; 451 452 lock_sock(sk); 453 454 switch (optname) { 455 case BT_SECURITY: 456 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 457 chan->chan_type != L2CAP_CHAN_RAW) { 458 err = -EINVAL; 459 break; 460 } 461 462 sec.level = chan->sec_level; 463 464 len = min_t(unsigned int, len, sizeof(sec)); 465 if (copy_to_user(optval, (char *) &sec, len)) 466 err = -EFAULT; 467 468 break; 469 470 case BT_DEFER_SETUP: 471 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 472 err = -EINVAL; 473 break; 474 } 475 476 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 477 err = -EFAULT; 478 479 break; 480 481 case BT_FLUSHABLE: 482 if (put_user(chan->flushable, (u32 __user *) optval)) 483 err = -EFAULT; 484 485 break; 486 487 default: 488 err = -ENOPROTOOPT; 489 break; 490 } 491 492 release_sock(sk); 493 return err; 494 } 495 496 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 497 { 498 struct sock *sk = sock->sk; 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 500 struct l2cap_options opts; 501 int len, err = 0; 502 u32 opt; 503 504 BT_DBG("sk %p", sk); 505 506 lock_sock(sk); 507 508 switch (optname) { 509 case L2CAP_OPTIONS: 510 if (sk->sk_state == BT_CONNECTED) { 511 err = -EINVAL; 512 break; 513 } 514 515 opts.imtu = chan->imtu; 516 opts.omtu = chan->omtu; 517 opts.flush_to = chan->flush_to; 518 opts.mode = chan->mode; 519 opts.fcs = chan->fcs; 520 opts.max_tx = chan->max_tx; 521 opts.txwin_size = (__u16)chan->tx_win; 522 523 len = min_t(unsigned int, sizeof(opts), optlen); 524 if (copy_from_user((char *) &opts, optval, len)) { 525 err = -EFAULT; 526 break; 527 } 528 529 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 530 err = -EINVAL; 531 break; 532 } 533 534 chan->mode = opts.mode; 535 switch (chan->mode) { 536 case L2CAP_MODE_BASIC: 537 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; 538 break; 539 case L2CAP_MODE_ERTM: 540 case L2CAP_MODE_STREAMING: 541 if (!disable_ertm) 542 break; 543 /* fall through */ 544 default: 545 err = -EINVAL; 546 break; 547 } 548 549 chan->imtu = opts.imtu; 550 chan->omtu = opts.omtu; 551 chan->fcs = opts.fcs; 552 chan->max_tx = opts.max_tx; 553 chan->tx_win = (__u8)opts.txwin_size; 554 break; 555 556 case L2CAP_LM: 557 if (get_user(opt, (u32 __user *) optval)) { 558 err = -EFAULT; 559 break; 560 } 561 562 if (opt & L2CAP_LM_AUTH) 563 chan->sec_level = BT_SECURITY_LOW; 564 if (opt & L2CAP_LM_ENCRYPT) 565 chan->sec_level = BT_SECURITY_MEDIUM; 566 if (opt & L2CAP_LM_SECURE) 567 chan->sec_level = BT_SECURITY_HIGH; 568 569 chan->role_switch = (opt & L2CAP_LM_MASTER); 570 chan->force_reliable = (opt & L2CAP_LM_RELIABLE); 571 break; 572 573 default: 574 err = -ENOPROTOOPT; 575 break; 576 } 577 578 release_sock(sk); 579 return err; 580 } 581 582 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 583 { 584 struct sock *sk = sock->sk; 585 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 586 struct bt_security sec; 587 int len, err = 0; 588 u32 opt; 589 590 BT_DBG("sk %p", sk); 591 592 if (level == SOL_L2CAP) 593 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 594 595 if (level != SOL_BLUETOOTH) 596 return -ENOPROTOOPT; 597 598 lock_sock(sk); 599 600 switch (optname) { 601 case BT_SECURITY: 602 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 603 chan->chan_type != L2CAP_CHAN_RAW) { 604 err = -EINVAL; 605 break; 606 } 607 608 sec.level = BT_SECURITY_LOW; 609 610 len = min_t(unsigned int, sizeof(sec), optlen); 611 if (copy_from_user((char *) &sec, optval, len)) { 612 err = -EFAULT; 613 break; 614 } 615 616 if (sec.level < BT_SECURITY_LOW || 617 sec.level > BT_SECURITY_HIGH) { 618 err = -EINVAL; 619 break; 620 } 621 622 chan->sec_level = sec.level; 623 break; 624 625 case BT_DEFER_SETUP: 626 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 627 err = -EINVAL; 628 break; 629 } 630 631 if (get_user(opt, (u32 __user *) optval)) { 632 err = -EFAULT; 633 break; 634 } 635 636 bt_sk(sk)->defer_setup = opt; 637 break; 638 639 case BT_FLUSHABLE: 640 if (get_user(opt, (u32 __user *) optval)) { 641 err = -EFAULT; 642 break; 643 } 644 645 if (opt > BT_FLUSHABLE_ON) { 646 err = -EINVAL; 647 break; 648 } 649 650 if (opt == BT_FLUSHABLE_OFF) { 651 struct l2cap_conn *conn = chan->conn; 652 /* proceed further only when we have l2cap_conn and 653 No Flush support in the LM */ 654 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 655 err = -EINVAL; 656 break; 657 } 658 } 659 660 chan->flushable = opt; 661 break; 662 663 default: 664 err = -ENOPROTOOPT; 665 break; 666 } 667 668 release_sock(sk); 669 return err; 670 } 671 672 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 673 { 674 struct sock *sk = sock->sk; 675 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 676 int err; 677 678 BT_DBG("sock %p, sk %p", sock, sk); 679 680 err = sock_error(sk); 681 if (err) 682 return err; 683 684 if (msg->msg_flags & MSG_OOB) 685 return -EOPNOTSUPP; 686 687 lock_sock(sk); 688 689 if (sk->sk_state != BT_CONNECTED) { 690 release_sock(sk); 691 return -ENOTCONN; 692 } 693 694 err = l2cap_chan_send(chan, msg, len); 695 696 release_sock(sk); 697 return err; 698 } 699 700 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 701 { 702 struct sock *sk = sock->sk; 703 704 lock_sock(sk); 705 706 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 707 sk->sk_state = BT_CONFIG; 708 709 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan); 710 release_sock(sk); 711 return 0; 712 } 713 714 release_sock(sk); 715 716 if (sock->type == SOCK_STREAM) 717 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 718 719 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 720 } 721 722 /* Kill socket (only if zapped and orphan) 723 * Must be called on unlocked socket. 724 */ 725 void l2cap_sock_kill(struct sock *sk) 726 { 727 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 728 return; 729 730 BT_DBG("sk %p state %d", sk, sk->sk_state); 731 732 /* Kill poor orphan */ 733 734 l2cap_chan_destroy(l2cap_pi(sk)->chan); 735 sock_set_flag(sk, SOCK_DEAD); 736 sock_put(sk); 737 } 738 739 static int l2cap_sock_shutdown(struct socket *sock, int how) 740 { 741 struct sock *sk = sock->sk; 742 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 743 int err = 0; 744 745 BT_DBG("sock %p, sk %p", sock, sk); 746 747 if (!sk) 748 return 0; 749 750 lock_sock(sk); 751 if (!sk->sk_shutdown) { 752 if (chan->mode == L2CAP_MODE_ERTM) 753 err = __l2cap_wait_ack(sk); 754 755 sk->sk_shutdown = SHUTDOWN_MASK; 756 l2cap_sock_clear_timer(sk); 757 __l2cap_chan_close(chan, 0); 758 759 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 760 err = bt_sock_wait_state(sk, BT_CLOSED, 761 sk->sk_lingertime); 762 } 763 764 if (!err && sk->sk_err) 765 err = -sk->sk_err; 766 767 release_sock(sk); 768 return err; 769 } 770 771 static int l2cap_sock_release(struct socket *sock) 772 { 773 struct sock *sk = sock->sk; 774 int err; 775 776 BT_DBG("sock %p, sk %p", sock, sk); 777 778 if (!sk) 779 return 0; 780 781 err = l2cap_sock_shutdown(sock, 2); 782 783 sock_orphan(sk); 784 l2cap_sock_kill(sk); 785 return err; 786 } 787 788 static void l2cap_sock_destruct(struct sock *sk) 789 { 790 BT_DBG("sk %p", sk); 791 792 skb_queue_purge(&sk->sk_receive_queue); 793 skb_queue_purge(&sk->sk_write_queue); 794 } 795 796 void l2cap_sock_init(struct sock *sk, struct sock *parent) 797 { 798 struct l2cap_pinfo *pi = l2cap_pi(sk); 799 struct l2cap_chan *chan = pi->chan; 800 801 BT_DBG("sk %p", sk); 802 803 if (parent) { 804 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 805 806 sk->sk_type = parent->sk_type; 807 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 808 809 chan->chan_type = pchan->chan_type; 810 chan->imtu = pchan->imtu; 811 chan->omtu = pchan->omtu; 812 chan->conf_state = pchan->conf_state; 813 chan->mode = pchan->mode; 814 chan->fcs = pchan->fcs; 815 chan->max_tx = pchan->max_tx; 816 chan->tx_win = pchan->tx_win; 817 chan->sec_level = pchan->sec_level; 818 chan->role_switch = pchan->role_switch; 819 chan->force_reliable = pchan->force_reliable; 820 chan->flushable = pchan->flushable; 821 } else { 822 823 switch (sk->sk_type) { 824 case SOCK_RAW: 825 chan->chan_type = L2CAP_CHAN_RAW; 826 break; 827 case SOCK_DGRAM: 828 chan->chan_type = L2CAP_CHAN_CONN_LESS; 829 break; 830 case SOCK_SEQPACKET: 831 case SOCK_STREAM: 832 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 833 break; 834 } 835 836 chan->imtu = L2CAP_DEFAULT_MTU; 837 chan->omtu = 0; 838 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 839 chan->mode = L2CAP_MODE_ERTM; 840 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE; 841 } else { 842 chan->mode = L2CAP_MODE_BASIC; 843 } 844 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 845 chan->fcs = L2CAP_FCS_CRC16; 846 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 847 chan->sec_level = BT_SECURITY_LOW; 848 chan->role_switch = 0; 849 chan->force_reliable = 0; 850 chan->flushable = BT_FLUSHABLE_OFF; 851 } 852 853 /* Default config options */ 854 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 855 } 856 857 static struct proto l2cap_proto = { 858 .name = "L2CAP", 859 .owner = THIS_MODULE, 860 .obj_size = sizeof(struct l2cap_pinfo) 861 }; 862 863 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 864 { 865 struct sock *sk; 866 867 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 868 if (!sk) 869 return NULL; 870 871 sock_init_data(sock, sk); 872 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 873 874 sk->sk_destruct = l2cap_sock_destruct; 875 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 876 877 sock_reset_flag(sk, SOCK_ZAPPED); 878 879 sk->sk_protocol = proto; 880 sk->sk_state = BT_OPEN; 881 882 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); 883 884 return sk; 885 } 886 887 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 888 int kern) 889 { 890 struct sock *sk; 891 struct l2cap_chan *chan; 892 893 BT_DBG("sock %p", sock); 894 895 sock->state = SS_UNCONNECTED; 896 897 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 898 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 899 return -ESOCKTNOSUPPORT; 900 901 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 902 return -EPERM; 903 904 sock->ops = &l2cap_sock_ops; 905 906 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 907 if (!sk) 908 return -ENOMEM; 909 910 chan = l2cap_chan_create(sk); 911 if (!chan) { 912 l2cap_sock_kill(sk); 913 return -ENOMEM; 914 } 915 916 l2cap_pi(sk)->chan = chan; 917 918 l2cap_sock_init(sk, NULL); 919 return 0; 920 } 921 922 static const struct proto_ops l2cap_sock_ops = { 923 .family = PF_BLUETOOTH, 924 .owner = THIS_MODULE, 925 .release = l2cap_sock_release, 926 .bind = l2cap_sock_bind, 927 .connect = l2cap_sock_connect, 928 .listen = l2cap_sock_listen, 929 .accept = l2cap_sock_accept, 930 .getname = l2cap_sock_getname, 931 .sendmsg = l2cap_sock_sendmsg, 932 .recvmsg = l2cap_sock_recvmsg, 933 .poll = bt_sock_poll, 934 .ioctl = bt_sock_ioctl, 935 .mmap = sock_no_mmap, 936 .socketpair = sock_no_socketpair, 937 .shutdown = l2cap_sock_shutdown, 938 .setsockopt = l2cap_sock_setsockopt, 939 .getsockopt = l2cap_sock_getsockopt 940 }; 941 942 static const struct net_proto_family l2cap_sock_family_ops = { 943 .family = PF_BLUETOOTH, 944 .owner = THIS_MODULE, 945 .create = l2cap_sock_create, 946 }; 947 948 int __init l2cap_init_sockets(void) 949 { 950 int err; 951 952 err = proto_register(&l2cap_proto, 0); 953 if (err < 0) 954 return err; 955 956 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 957 if (err < 0) 958 goto error; 959 960 BT_INFO("L2CAP socket layer initialized"); 961 962 return 0; 963 964 error: 965 BT_ERR("L2CAP socket registration failed"); 966 proto_unregister(&l2cap_proto); 967 return err; 968 } 969 970 void l2cap_cleanup_sockets(void) 971 { 972 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 973 BT_ERR("L2CAP socket unregistration failed"); 974 975 proto_unregister(&l2cap_proto); 976 } 977