1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static struct bt_sock_list l2cap_sk_list = { 38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39 }; 40 41 static const struct proto_ops l2cap_sock_ops; 42 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 44 int proto, gfp_t prio); 45 46 bool l2cap_is_socket(struct socket *sock) 47 { 48 return sock && sock->ops == &l2cap_sock_ops; 49 } 50 EXPORT_SYMBOL(l2cap_is_socket); 51 52 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 53 { 54 struct sock *sk = sock->sk; 55 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 56 struct sockaddr_l2 la; 57 int len, err = 0; 58 59 BT_DBG("sk %p", sk); 60 61 if (!addr || addr->sa_family != AF_BLUETOOTH) 62 return -EINVAL; 63 64 memset(&la, 0, sizeof(la)); 65 len = min_t(unsigned int, sizeof(la), alen); 66 memcpy(&la, addr, len); 67 68 if (la.l2_cid && la.l2_psm) 69 return -EINVAL; 70 71 lock_sock(sk); 72 73 if (sk->sk_state != BT_OPEN) { 74 err = -EBADFD; 75 goto done; 76 } 77 78 if (la.l2_psm) { 79 __u16 psm = __le16_to_cpu(la.l2_psm); 80 81 /* PSM must be odd and lsb of upper byte must be 0 */ 82 if ((psm & 0x0101) != 0x0001) { 83 err = -EINVAL; 84 goto done; 85 } 86 87 /* Restrict usage of well-known PSMs */ 88 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 89 err = -EACCES; 90 goto done; 91 } 92 } 93 94 if (la.l2_cid) 95 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 96 else 97 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 98 99 if (err < 0) 100 goto done; 101 102 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 103 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 104 chan->sec_level = BT_SECURITY_SDP; 105 106 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 107 108 chan->state = BT_BOUND; 109 sk->sk_state = BT_BOUND; 110 111 done: 112 release_sock(sk); 113 return err; 114 } 115 116 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 117 int alen, int flags) 118 { 119 struct sock *sk = sock->sk; 120 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 121 struct sockaddr_l2 la; 122 int len, err = 0; 123 124 BT_DBG("sk %p", sk); 125 126 if (!addr || alen < sizeof(addr->sa_family) || 127 addr->sa_family != AF_BLUETOOTH) 128 return -EINVAL; 129 130 memset(&la, 0, sizeof(la)); 131 len = min_t(unsigned int, sizeof(la), alen); 132 memcpy(&la, addr, len); 133 134 if (la.l2_cid && la.l2_psm) 135 return -EINVAL; 136 137 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 138 &la.l2_bdaddr, la.l2_bdaddr_type); 139 if (err) 140 return err; 141 142 lock_sock(sk); 143 144 err = bt_sock_wait_state(sk, BT_CONNECTED, 145 sock_sndtimeo(sk, flags & O_NONBLOCK)); 146 147 release_sock(sk); 148 149 return err; 150 } 151 152 static int l2cap_sock_listen(struct socket *sock, int backlog) 153 { 154 struct sock *sk = sock->sk; 155 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 156 int err = 0; 157 158 BT_DBG("sk %p backlog %d", sk, backlog); 159 160 lock_sock(sk); 161 162 if (sk->sk_state != BT_BOUND) { 163 err = -EBADFD; 164 goto done; 165 } 166 167 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 168 err = -EINVAL; 169 goto done; 170 } 171 172 switch (chan->mode) { 173 case L2CAP_MODE_BASIC: 174 break; 175 case L2CAP_MODE_ERTM: 176 case L2CAP_MODE_STREAMING: 177 if (!disable_ertm) 178 break; 179 /* fall through */ 180 default: 181 err = -ENOTSUPP; 182 goto done; 183 } 184 185 sk->sk_max_ack_backlog = backlog; 186 sk->sk_ack_backlog = 0; 187 188 chan->state = BT_LISTEN; 189 sk->sk_state = BT_LISTEN; 190 191 done: 192 release_sock(sk); 193 return err; 194 } 195 196 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 197 int flags) 198 { 199 DECLARE_WAITQUEUE(wait, current); 200 struct sock *sk = sock->sk, *nsk; 201 long timeo; 202 int err = 0; 203 204 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 205 206 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 207 208 BT_DBG("sk %p timeo %ld", sk, timeo); 209 210 /* Wait for an incoming connection. (wake-one). */ 211 add_wait_queue_exclusive(sk_sleep(sk), &wait); 212 while (1) { 213 set_current_state(TASK_INTERRUPTIBLE); 214 215 if (sk->sk_state != BT_LISTEN) { 216 err = -EBADFD; 217 break; 218 } 219 220 nsk = bt_accept_dequeue(sk, newsock); 221 if (nsk) 222 break; 223 224 if (!timeo) { 225 err = -EAGAIN; 226 break; 227 } 228 229 if (signal_pending(current)) { 230 err = sock_intr_errno(timeo); 231 break; 232 } 233 234 release_sock(sk); 235 timeo = schedule_timeout(timeo); 236 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 237 } 238 __set_current_state(TASK_RUNNING); 239 remove_wait_queue(sk_sleep(sk), &wait); 240 241 if (err) 242 goto done; 243 244 newsock->state = SS_CONNECTED; 245 246 BT_DBG("new socket %p", nsk); 247 248 done: 249 release_sock(sk); 250 return err; 251 } 252 253 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 254 int *len, int peer) 255 { 256 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 257 struct sock *sk = sock->sk; 258 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 259 260 BT_DBG("sock %p, sk %p", sock, sk); 261 262 memset(la, 0, sizeof(struct sockaddr_l2)); 263 addr->sa_family = AF_BLUETOOTH; 264 *len = sizeof(struct sockaddr_l2); 265 266 if (peer) { 267 la->l2_psm = chan->psm; 268 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 269 la->l2_cid = cpu_to_le16(chan->dcid); 270 } else { 271 la->l2_psm = chan->sport; 272 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 273 la->l2_cid = cpu_to_le16(chan->scid); 274 } 275 276 return 0; 277 } 278 279 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 280 char __user *optval, int __user *optlen) 281 { 282 struct sock *sk = sock->sk; 283 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 284 struct l2cap_options opts; 285 struct l2cap_conninfo cinfo; 286 int len, err = 0; 287 u32 opt; 288 289 BT_DBG("sk %p", sk); 290 291 if (get_user(len, optlen)) 292 return -EFAULT; 293 294 lock_sock(sk); 295 296 switch (optname) { 297 case L2CAP_OPTIONS: 298 memset(&opts, 0, sizeof(opts)); 299 opts.imtu = chan->imtu; 300 opts.omtu = chan->omtu; 301 opts.flush_to = chan->flush_to; 302 opts.mode = chan->mode; 303 opts.fcs = chan->fcs; 304 opts.max_tx = chan->max_tx; 305 opts.txwin_size = chan->tx_win; 306 307 len = min_t(unsigned int, len, sizeof(opts)); 308 if (copy_to_user(optval, (char *) &opts, len)) 309 err = -EFAULT; 310 311 break; 312 313 case L2CAP_LM: 314 switch (chan->sec_level) { 315 case BT_SECURITY_LOW: 316 opt = L2CAP_LM_AUTH; 317 break; 318 case BT_SECURITY_MEDIUM: 319 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 320 break; 321 case BT_SECURITY_HIGH: 322 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 323 L2CAP_LM_SECURE; 324 break; 325 default: 326 opt = 0; 327 break; 328 } 329 330 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 331 opt |= L2CAP_LM_MASTER; 332 333 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 334 opt |= L2CAP_LM_RELIABLE; 335 336 if (put_user(opt, (u32 __user *) optval)) 337 err = -EFAULT; 338 break; 339 340 case L2CAP_CONNINFO: 341 if (sk->sk_state != BT_CONNECTED && 342 !(sk->sk_state == BT_CONNECT2 && 343 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 344 err = -ENOTCONN; 345 break; 346 } 347 348 memset(&cinfo, 0, sizeof(cinfo)); 349 cinfo.hci_handle = chan->conn->hcon->handle; 350 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 351 352 len = min_t(unsigned int, len, sizeof(cinfo)); 353 if (copy_to_user(optval, (char *) &cinfo, len)) 354 err = -EFAULT; 355 356 break; 357 358 default: 359 err = -ENOPROTOOPT; 360 break; 361 } 362 363 release_sock(sk); 364 return err; 365 } 366 367 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 368 char __user *optval, int __user *optlen) 369 { 370 struct sock *sk = sock->sk; 371 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 372 struct bt_security sec; 373 struct bt_power pwr; 374 int len, err = 0; 375 376 BT_DBG("sk %p", sk); 377 378 if (level == SOL_L2CAP) 379 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 380 381 if (level != SOL_BLUETOOTH) 382 return -ENOPROTOOPT; 383 384 if (get_user(len, optlen)) 385 return -EFAULT; 386 387 lock_sock(sk); 388 389 switch (optname) { 390 case BT_SECURITY: 391 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 392 chan->chan_type != L2CAP_CHAN_RAW) { 393 err = -EINVAL; 394 break; 395 } 396 397 memset(&sec, 0, sizeof(sec)); 398 if (chan->conn) { 399 sec.level = chan->conn->hcon->sec_level; 400 401 if (sk->sk_state == BT_CONNECTED) 402 sec.key_size = chan->conn->hcon->enc_key_size; 403 } else { 404 sec.level = chan->sec_level; 405 } 406 407 len = min_t(unsigned int, len, sizeof(sec)); 408 if (copy_to_user(optval, (char *) &sec, len)) 409 err = -EFAULT; 410 411 break; 412 413 case BT_DEFER_SETUP: 414 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 415 err = -EINVAL; 416 break; 417 } 418 419 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 420 (u32 __user *) optval)) 421 err = -EFAULT; 422 423 break; 424 425 case BT_FLUSHABLE: 426 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 427 (u32 __user *) optval)) 428 err = -EFAULT; 429 430 break; 431 432 case BT_POWER: 433 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 434 && sk->sk_type != SOCK_RAW) { 435 err = -EINVAL; 436 break; 437 } 438 439 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 440 441 len = min_t(unsigned int, len, sizeof(pwr)); 442 if (copy_to_user(optval, (char *) &pwr, len)) 443 err = -EFAULT; 444 445 break; 446 447 case BT_CHANNEL_POLICY: 448 if (!enable_hs) { 449 err = -ENOPROTOOPT; 450 break; 451 } 452 453 if (put_user(chan->chan_policy, (u32 __user *) optval)) 454 err = -EFAULT; 455 break; 456 457 default: 458 err = -ENOPROTOOPT; 459 break; 460 } 461 462 release_sock(sk); 463 return err; 464 } 465 466 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 467 { 468 switch (chan->scid) { 469 case L2CAP_CID_LE_DATA: 470 if (mtu < L2CAP_LE_MIN_MTU) 471 return false; 472 break; 473 474 default: 475 if (mtu < L2CAP_DEFAULT_MIN_MTU) 476 return false; 477 } 478 479 return true; 480 } 481 482 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 483 char __user *optval, unsigned int optlen) 484 { 485 struct sock *sk = sock->sk; 486 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 487 struct l2cap_options opts; 488 int len, err = 0; 489 u32 opt; 490 491 BT_DBG("sk %p", sk); 492 493 lock_sock(sk); 494 495 switch (optname) { 496 case L2CAP_OPTIONS: 497 if (sk->sk_state == BT_CONNECTED) { 498 err = -EINVAL; 499 break; 500 } 501 502 opts.imtu = chan->imtu; 503 opts.omtu = chan->omtu; 504 opts.flush_to = chan->flush_to; 505 opts.mode = chan->mode; 506 opts.fcs = chan->fcs; 507 opts.max_tx = chan->max_tx; 508 opts.txwin_size = chan->tx_win; 509 510 len = min_t(unsigned int, sizeof(opts), optlen); 511 if (copy_from_user((char *) &opts, optval, len)) { 512 err = -EFAULT; 513 break; 514 } 515 516 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 517 err = -EINVAL; 518 break; 519 } 520 521 if (!l2cap_valid_mtu(chan, opts.imtu)) { 522 err = -EINVAL; 523 break; 524 } 525 526 chan->mode = opts.mode; 527 switch (chan->mode) { 528 case L2CAP_MODE_BASIC: 529 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 530 break; 531 case L2CAP_MODE_ERTM: 532 case L2CAP_MODE_STREAMING: 533 if (!disable_ertm) 534 break; 535 /* fall through */ 536 default: 537 err = -EINVAL; 538 break; 539 } 540 541 chan->imtu = opts.imtu; 542 chan->omtu = opts.omtu; 543 chan->fcs = opts.fcs; 544 chan->max_tx = opts.max_tx; 545 chan->tx_win = opts.txwin_size; 546 chan->flush_to = opts.flush_to; 547 break; 548 549 case L2CAP_LM: 550 if (get_user(opt, (u32 __user *) optval)) { 551 err = -EFAULT; 552 break; 553 } 554 555 if (opt & L2CAP_LM_AUTH) 556 chan->sec_level = BT_SECURITY_LOW; 557 if (opt & L2CAP_LM_ENCRYPT) 558 chan->sec_level = BT_SECURITY_MEDIUM; 559 if (opt & L2CAP_LM_SECURE) 560 chan->sec_level = BT_SECURITY_HIGH; 561 562 if (opt & L2CAP_LM_MASTER) 563 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 564 else 565 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 566 567 if (opt & L2CAP_LM_RELIABLE) 568 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 569 else 570 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 571 break; 572 573 default: 574 err = -ENOPROTOOPT; 575 break; 576 } 577 578 release_sock(sk); 579 return err; 580 } 581 582 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 583 char __user *optval, unsigned int optlen) 584 { 585 struct sock *sk = sock->sk; 586 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 587 struct bt_security sec; 588 struct bt_power pwr; 589 struct l2cap_conn *conn; 590 int len, err = 0; 591 u32 opt; 592 593 BT_DBG("sk %p", sk); 594 595 if (level == SOL_L2CAP) 596 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 597 598 if (level != SOL_BLUETOOTH) 599 return -ENOPROTOOPT; 600 601 lock_sock(sk); 602 603 switch (optname) { 604 case BT_SECURITY: 605 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 606 chan->chan_type != L2CAP_CHAN_RAW) { 607 err = -EINVAL; 608 break; 609 } 610 611 sec.level = BT_SECURITY_LOW; 612 613 len = min_t(unsigned int, sizeof(sec), optlen); 614 if (copy_from_user((char *) &sec, optval, len)) { 615 err = -EFAULT; 616 break; 617 } 618 619 if (sec.level < BT_SECURITY_LOW || 620 sec.level > BT_SECURITY_HIGH) { 621 err = -EINVAL; 622 break; 623 } 624 625 chan->sec_level = sec.level; 626 627 if (!chan->conn) 628 break; 629 630 conn = chan->conn; 631 632 /*change security for LE channels */ 633 if (chan->scid == L2CAP_CID_LE_DATA) { 634 if (!conn->hcon->out) { 635 err = -EINVAL; 636 break; 637 } 638 639 if (smp_conn_security(conn->hcon, sec.level)) 640 break; 641 sk->sk_state = BT_CONFIG; 642 chan->state = BT_CONFIG; 643 644 /* or for ACL link */ 645 } else if ((sk->sk_state == BT_CONNECT2 && 646 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 647 sk->sk_state == BT_CONNECTED) { 648 if (!l2cap_chan_check_security(chan)) 649 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 650 else 651 sk->sk_state_change(sk); 652 } else { 653 err = -EINVAL; 654 } 655 break; 656 657 case BT_DEFER_SETUP: 658 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 659 err = -EINVAL; 660 break; 661 } 662 663 if (get_user(opt, (u32 __user *) optval)) { 664 err = -EFAULT; 665 break; 666 } 667 668 if (opt) 669 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 670 else 671 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 672 break; 673 674 case BT_FLUSHABLE: 675 if (get_user(opt, (u32 __user *) optval)) { 676 err = -EFAULT; 677 break; 678 } 679 680 if (opt > BT_FLUSHABLE_ON) { 681 err = -EINVAL; 682 break; 683 } 684 685 if (opt == BT_FLUSHABLE_OFF) { 686 struct l2cap_conn *conn = chan->conn; 687 /* proceed further only when we have l2cap_conn and 688 No Flush support in the LM */ 689 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 690 err = -EINVAL; 691 break; 692 } 693 } 694 695 if (opt) 696 set_bit(FLAG_FLUSHABLE, &chan->flags); 697 else 698 clear_bit(FLAG_FLUSHABLE, &chan->flags); 699 break; 700 701 case BT_POWER: 702 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 703 chan->chan_type != L2CAP_CHAN_RAW) { 704 err = -EINVAL; 705 break; 706 } 707 708 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 709 710 len = min_t(unsigned int, sizeof(pwr), optlen); 711 if (copy_from_user((char *) &pwr, optval, len)) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (pwr.force_active) 717 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 718 else 719 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 720 break; 721 722 case BT_CHANNEL_POLICY: 723 if (!enable_hs) { 724 err = -ENOPROTOOPT; 725 break; 726 } 727 728 if (get_user(opt, (u32 __user *) optval)) { 729 err = -EFAULT; 730 break; 731 } 732 733 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 734 err = -EINVAL; 735 break; 736 } 737 738 if (chan->mode != L2CAP_MODE_ERTM && 739 chan->mode != L2CAP_MODE_STREAMING) { 740 err = -EOPNOTSUPP; 741 break; 742 } 743 744 chan->chan_policy = (u8) opt; 745 746 if (sk->sk_state == BT_CONNECTED && 747 chan->move_role == L2CAP_MOVE_ROLE_NONE) 748 l2cap_move_start(chan); 749 750 break; 751 752 default: 753 err = -ENOPROTOOPT; 754 break; 755 } 756 757 release_sock(sk); 758 return err; 759 } 760 761 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 762 struct msghdr *msg, size_t len) 763 { 764 struct sock *sk = sock->sk; 765 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 766 int err; 767 768 BT_DBG("sock %p, sk %p", sock, sk); 769 770 err = sock_error(sk); 771 if (err) 772 return err; 773 774 if (msg->msg_flags & MSG_OOB) 775 return -EOPNOTSUPP; 776 777 if (sk->sk_state != BT_CONNECTED) 778 return -ENOTCONN; 779 780 l2cap_chan_lock(chan); 781 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 782 l2cap_chan_unlock(chan); 783 784 return err; 785 } 786 787 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 788 struct msghdr *msg, size_t len, int flags) 789 { 790 struct sock *sk = sock->sk; 791 struct l2cap_pinfo *pi = l2cap_pi(sk); 792 int err; 793 794 lock_sock(sk); 795 796 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 797 &bt_sk(sk)->flags)) { 798 sk->sk_state = BT_CONFIG; 799 pi->chan->state = BT_CONFIG; 800 801 __l2cap_connect_rsp_defer(pi->chan); 802 release_sock(sk); 803 return 0; 804 } 805 806 release_sock(sk); 807 808 if (sock->type == SOCK_STREAM) 809 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 810 else 811 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 812 813 if (pi->chan->mode != L2CAP_MODE_ERTM) 814 return err; 815 816 /* Attempt to put pending rx data in the socket buffer */ 817 818 lock_sock(sk); 819 820 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 821 goto done; 822 823 if (pi->rx_busy_skb) { 824 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 825 pi->rx_busy_skb = NULL; 826 else 827 goto done; 828 } 829 830 /* Restore data flow when half of the receive buffer is 831 * available. This avoids resending large numbers of 832 * frames. 833 */ 834 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 835 l2cap_chan_busy(pi->chan, 0); 836 837 done: 838 release_sock(sk); 839 return err; 840 } 841 842 /* Kill socket (only if zapped and orphan) 843 * Must be called on unlocked socket. 844 */ 845 static void l2cap_sock_kill(struct sock *sk) 846 { 847 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 848 return; 849 850 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 851 852 /* Kill poor orphan */ 853 854 l2cap_chan_put(l2cap_pi(sk)->chan); 855 sock_set_flag(sk, SOCK_DEAD); 856 sock_put(sk); 857 } 858 859 static int l2cap_sock_shutdown(struct socket *sock, int how) 860 { 861 struct sock *sk = sock->sk; 862 struct l2cap_chan *chan; 863 struct l2cap_conn *conn; 864 int err = 0; 865 866 BT_DBG("sock %p, sk %p", sock, sk); 867 868 if (!sk) 869 return 0; 870 871 chan = l2cap_pi(sk)->chan; 872 conn = chan->conn; 873 874 if (conn) 875 mutex_lock(&conn->chan_lock); 876 877 l2cap_chan_lock(chan); 878 lock_sock(sk); 879 880 if (!sk->sk_shutdown) { 881 if (chan->mode == L2CAP_MODE_ERTM) 882 err = __l2cap_wait_ack(sk); 883 884 sk->sk_shutdown = SHUTDOWN_MASK; 885 886 release_sock(sk); 887 l2cap_chan_close(chan, 0); 888 lock_sock(sk); 889 890 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 891 err = bt_sock_wait_state(sk, BT_CLOSED, 892 sk->sk_lingertime); 893 } 894 895 if (!err && sk->sk_err) 896 err = -sk->sk_err; 897 898 release_sock(sk); 899 l2cap_chan_unlock(chan); 900 901 if (conn) 902 mutex_unlock(&conn->chan_lock); 903 904 return err; 905 } 906 907 static int l2cap_sock_release(struct socket *sock) 908 { 909 struct sock *sk = sock->sk; 910 int err; 911 912 BT_DBG("sock %p, sk %p", sock, sk); 913 914 if (!sk) 915 return 0; 916 917 bt_sock_unlink(&l2cap_sk_list, sk); 918 919 err = l2cap_sock_shutdown(sock, 2); 920 921 sock_orphan(sk); 922 l2cap_sock_kill(sk); 923 return err; 924 } 925 926 static void l2cap_sock_cleanup_listen(struct sock *parent) 927 { 928 struct sock *sk; 929 930 BT_DBG("parent %p", parent); 931 932 /* Close not yet accepted channels */ 933 while ((sk = bt_accept_dequeue(parent, NULL))) { 934 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 935 936 l2cap_chan_lock(chan); 937 __clear_chan_timer(chan); 938 l2cap_chan_close(chan, ECONNRESET); 939 l2cap_chan_unlock(chan); 940 941 l2cap_sock_kill(sk); 942 } 943 } 944 945 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 946 { 947 struct sock *sk, *parent = chan->data; 948 949 /* Check for backlog size */ 950 if (sk_acceptq_is_full(parent)) { 951 BT_DBG("backlog full %d", parent->sk_ack_backlog); 952 return NULL; 953 } 954 955 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 956 GFP_ATOMIC); 957 if (!sk) 958 return NULL; 959 960 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 961 962 l2cap_sock_init(sk, parent); 963 964 bt_accept_enqueue(parent, sk); 965 966 return l2cap_pi(sk)->chan; 967 } 968 969 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 970 { 971 int err; 972 struct sock *sk = chan->data; 973 struct l2cap_pinfo *pi = l2cap_pi(sk); 974 975 lock_sock(sk); 976 977 if (pi->rx_busy_skb) { 978 err = -ENOMEM; 979 goto done; 980 } 981 982 err = sock_queue_rcv_skb(sk, skb); 983 984 /* For ERTM, handle one skb that doesn't fit into the recv 985 * buffer. This is important to do because the data frames 986 * have already been acked, so the skb cannot be discarded. 987 * 988 * Notify the l2cap core that the buffer is full, so the 989 * LOCAL_BUSY state is entered and no more frames are 990 * acked and reassembled until there is buffer space 991 * available. 992 */ 993 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 994 pi->rx_busy_skb = skb; 995 l2cap_chan_busy(pi->chan, 1); 996 err = 0; 997 } 998 999 done: 1000 release_sock(sk); 1001 1002 return err; 1003 } 1004 1005 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1006 { 1007 struct sock *sk = chan->data; 1008 1009 l2cap_sock_kill(sk); 1010 } 1011 1012 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1013 { 1014 struct sock *sk = chan->data; 1015 struct sock *parent; 1016 1017 lock_sock(sk); 1018 1019 parent = bt_sk(sk)->parent; 1020 1021 sock_set_flag(sk, SOCK_ZAPPED); 1022 1023 switch (chan->state) { 1024 case BT_OPEN: 1025 case BT_BOUND: 1026 case BT_CLOSED: 1027 break; 1028 case BT_LISTEN: 1029 l2cap_sock_cleanup_listen(sk); 1030 sk->sk_state = BT_CLOSED; 1031 chan->state = BT_CLOSED; 1032 1033 break; 1034 default: 1035 sk->sk_state = BT_CLOSED; 1036 chan->state = BT_CLOSED; 1037 1038 sk->sk_err = err; 1039 1040 if (parent) { 1041 bt_accept_unlink(sk); 1042 parent->sk_data_ready(parent, 0); 1043 } else { 1044 sk->sk_state_change(sk); 1045 } 1046 1047 break; 1048 } 1049 1050 release_sock(sk); 1051 } 1052 1053 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1054 { 1055 struct sock *sk = chan->data; 1056 1057 sk->sk_state = state; 1058 } 1059 1060 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1061 unsigned long len, int nb) 1062 { 1063 struct sk_buff *skb; 1064 int err; 1065 1066 l2cap_chan_unlock(chan); 1067 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1068 l2cap_chan_lock(chan); 1069 1070 if (!skb) 1071 return ERR_PTR(err); 1072 1073 return skb; 1074 } 1075 1076 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1077 { 1078 struct sock *sk = chan->data; 1079 struct sock *parent; 1080 1081 lock_sock(sk); 1082 1083 parent = bt_sk(sk)->parent; 1084 1085 BT_DBG("sk %p, parent %p", sk, parent); 1086 1087 sk->sk_state = BT_CONNECTED; 1088 sk->sk_state_change(sk); 1089 1090 if (parent) 1091 parent->sk_data_ready(parent, 0); 1092 1093 release_sock(sk); 1094 } 1095 1096 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1097 { 1098 struct sock *sk = chan->data; 1099 struct sock *parent = bt_sk(sk)->parent; 1100 1101 if (parent) 1102 parent->sk_data_ready(parent, 0); 1103 } 1104 1105 static struct l2cap_ops l2cap_chan_ops = { 1106 .name = "L2CAP Socket Interface", 1107 .new_connection = l2cap_sock_new_connection_cb, 1108 .recv = l2cap_sock_recv_cb, 1109 .close = l2cap_sock_close_cb, 1110 .teardown = l2cap_sock_teardown_cb, 1111 .state_change = l2cap_sock_state_change_cb, 1112 .ready = l2cap_sock_ready_cb, 1113 .defer = l2cap_sock_defer_cb, 1114 .alloc_skb = l2cap_sock_alloc_skb_cb, 1115 }; 1116 1117 static void l2cap_sock_destruct(struct sock *sk) 1118 { 1119 BT_DBG("sk %p", sk); 1120 1121 if (l2cap_pi(sk)->chan) 1122 l2cap_chan_put(l2cap_pi(sk)->chan); 1123 if (l2cap_pi(sk)->rx_busy_skb) { 1124 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1125 l2cap_pi(sk)->rx_busy_skb = NULL; 1126 } 1127 1128 skb_queue_purge(&sk->sk_receive_queue); 1129 skb_queue_purge(&sk->sk_write_queue); 1130 } 1131 1132 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1133 { 1134 struct l2cap_pinfo *pi = l2cap_pi(sk); 1135 struct l2cap_chan *chan = pi->chan; 1136 1137 BT_DBG("sk %p", sk); 1138 1139 if (parent) { 1140 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1141 1142 sk->sk_type = parent->sk_type; 1143 bt_sk(sk)->flags = bt_sk(parent)->flags; 1144 1145 chan->chan_type = pchan->chan_type; 1146 chan->imtu = pchan->imtu; 1147 chan->omtu = pchan->omtu; 1148 chan->conf_state = pchan->conf_state; 1149 chan->mode = pchan->mode; 1150 chan->fcs = pchan->fcs; 1151 chan->max_tx = pchan->max_tx; 1152 chan->tx_win = pchan->tx_win; 1153 chan->tx_win_max = pchan->tx_win_max; 1154 chan->sec_level = pchan->sec_level; 1155 chan->flags = pchan->flags; 1156 1157 security_sk_clone(parent, sk); 1158 } else { 1159 1160 switch (sk->sk_type) { 1161 case SOCK_RAW: 1162 chan->chan_type = L2CAP_CHAN_RAW; 1163 break; 1164 case SOCK_DGRAM: 1165 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1166 break; 1167 case SOCK_SEQPACKET: 1168 case SOCK_STREAM: 1169 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1170 break; 1171 } 1172 1173 chan->imtu = L2CAP_DEFAULT_MTU; 1174 chan->omtu = 0; 1175 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1176 chan->mode = L2CAP_MODE_ERTM; 1177 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1178 } else { 1179 chan->mode = L2CAP_MODE_BASIC; 1180 } 1181 1182 l2cap_chan_set_defaults(chan); 1183 } 1184 1185 /* Default config options */ 1186 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1187 1188 chan->data = sk; 1189 chan->ops = &l2cap_chan_ops; 1190 } 1191 1192 static struct proto l2cap_proto = { 1193 .name = "L2CAP", 1194 .owner = THIS_MODULE, 1195 .obj_size = sizeof(struct l2cap_pinfo) 1196 }; 1197 1198 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1199 int proto, gfp_t prio) 1200 { 1201 struct sock *sk; 1202 struct l2cap_chan *chan; 1203 1204 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1205 if (!sk) 1206 return NULL; 1207 1208 sock_init_data(sock, sk); 1209 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1210 1211 sk->sk_destruct = l2cap_sock_destruct; 1212 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1213 1214 sock_reset_flag(sk, SOCK_ZAPPED); 1215 1216 sk->sk_protocol = proto; 1217 sk->sk_state = BT_OPEN; 1218 1219 chan = l2cap_chan_create(); 1220 if (!chan) { 1221 sk_free(sk); 1222 return NULL; 1223 } 1224 1225 l2cap_chan_hold(chan); 1226 1227 chan->sk = sk; 1228 1229 l2cap_pi(sk)->chan = chan; 1230 1231 return sk; 1232 } 1233 1234 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1235 int kern) 1236 { 1237 struct sock *sk; 1238 1239 BT_DBG("sock %p", sock); 1240 1241 sock->state = SS_UNCONNECTED; 1242 1243 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1244 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1245 return -ESOCKTNOSUPPORT; 1246 1247 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1248 return -EPERM; 1249 1250 sock->ops = &l2cap_sock_ops; 1251 1252 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1253 if (!sk) 1254 return -ENOMEM; 1255 1256 l2cap_sock_init(sk, NULL); 1257 bt_sock_link(&l2cap_sk_list, sk); 1258 return 0; 1259 } 1260 1261 static const struct proto_ops l2cap_sock_ops = { 1262 .family = PF_BLUETOOTH, 1263 .owner = THIS_MODULE, 1264 .release = l2cap_sock_release, 1265 .bind = l2cap_sock_bind, 1266 .connect = l2cap_sock_connect, 1267 .listen = l2cap_sock_listen, 1268 .accept = l2cap_sock_accept, 1269 .getname = l2cap_sock_getname, 1270 .sendmsg = l2cap_sock_sendmsg, 1271 .recvmsg = l2cap_sock_recvmsg, 1272 .poll = bt_sock_poll, 1273 .ioctl = bt_sock_ioctl, 1274 .mmap = sock_no_mmap, 1275 .socketpair = sock_no_socketpair, 1276 .shutdown = l2cap_sock_shutdown, 1277 .setsockopt = l2cap_sock_setsockopt, 1278 .getsockopt = l2cap_sock_getsockopt 1279 }; 1280 1281 static const struct net_proto_family l2cap_sock_family_ops = { 1282 .family = PF_BLUETOOTH, 1283 .owner = THIS_MODULE, 1284 .create = l2cap_sock_create, 1285 }; 1286 1287 int __init l2cap_init_sockets(void) 1288 { 1289 int err; 1290 1291 err = proto_register(&l2cap_proto, 0); 1292 if (err < 0) 1293 return err; 1294 1295 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1296 if (err < 0) { 1297 BT_ERR("L2CAP socket registration failed"); 1298 goto error; 1299 } 1300 1301 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1302 NULL); 1303 if (err < 0) { 1304 BT_ERR("Failed to create L2CAP proc file"); 1305 bt_sock_unregister(BTPROTO_L2CAP); 1306 goto error; 1307 } 1308 1309 BT_INFO("L2CAP socket layer initialized"); 1310 1311 return 0; 1312 1313 error: 1314 proto_unregister(&l2cap_proto); 1315 return err; 1316 } 1317 1318 void l2cap_cleanup_sockets(void) 1319 { 1320 bt_procfs_cleanup(&init_net, "l2cap"); 1321 bt_sock_unregister(BTPROTO_L2CAP); 1322 proto_unregister(&l2cap_proto); 1323 } 1324