1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* Bluetooth L2CAP sockets. */ 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/l2cap.h> 32 33 static const struct proto_ops l2cap_sock_ops; 34 35 /* ---- L2CAP timers ---- */ 36 static void l2cap_sock_timeout(unsigned long arg) 37 { 38 struct sock *sk = (struct sock *) arg; 39 int reason; 40 41 BT_DBG("sock %p state %d", sk, sk->sk_state); 42 43 bh_lock_sock(sk); 44 45 if (sock_owned_by_user(sk)) { 46 /* sk is owned by user. Try again later */ 47 l2cap_sock_set_timer(sk, HZ / 5); 48 bh_unlock_sock(sk); 49 sock_put(sk); 50 return; 51 } 52 53 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 54 reason = ECONNREFUSED; 55 else if (sk->sk_state == BT_CONNECT && 56 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP) 57 reason = ECONNREFUSED; 58 else 59 reason = ETIMEDOUT; 60 61 __l2cap_sock_close(sk, reason); 62 63 bh_unlock_sock(sk); 64 65 l2cap_sock_kill(sk); 66 sock_put(sk); 67 } 68 69 void l2cap_sock_set_timer(struct sock *sk, long timeout) 70 { 71 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); 72 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 73 } 74 75 void l2cap_sock_clear_timer(struct sock *sk) 76 { 77 BT_DBG("sock %p state %d", sk, sk->sk_state); 78 sk_stop_timer(sk, &sk->sk_timer); 79 } 80 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82 { 83 struct sock *sk = sock->sk; 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 struct sockaddr_l2 la; 86 int len, err = 0; 87 88 BT_DBG("sk %p", sk); 89 90 if (!addr || addr->sa_family != AF_BLUETOOTH) 91 return -EINVAL; 92 93 memset(&la, 0, sizeof(la)); 94 len = min_t(unsigned int, sizeof(la), alen); 95 memcpy(&la, addr, len); 96 97 if (la.l2_cid && la.l2_psm) 98 return -EINVAL; 99 100 lock_sock(sk); 101 102 if (sk->sk_state != BT_OPEN) { 103 err = -EBADFD; 104 goto done; 105 } 106 107 if (la.l2_psm) { 108 __u16 psm = __le16_to_cpu(la.l2_psm); 109 110 /* PSM must be odd and lsb of upper byte must be 0 */ 111 if ((psm & 0x0101) != 0x0001) { 112 err = -EINVAL; 113 goto done; 114 } 115 116 /* Restrict usage of well-known PSMs */ 117 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 118 err = -EACCES; 119 goto done; 120 } 121 } 122 123 if (la.l2_cid) 124 err = l2cap_add_scid(chan, la.l2_cid); 125 else 126 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 127 128 if (err < 0) 129 goto done; 130 131 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 132 __le16_to_cpu(la.l2_psm) == 0x0003) 133 chan->sec_level = BT_SECURITY_SDP; 134 135 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 136 sk->sk_state = BT_BOUND; 137 138 done: 139 release_sock(sk); 140 return err; 141 } 142 143 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 144 { 145 struct sock *sk = sock->sk; 146 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 147 struct sockaddr_l2 la; 148 int len, err = 0; 149 150 BT_DBG("sk %p", sk); 151 152 if (!addr || alen < sizeof(addr->sa_family) || 153 addr->sa_family != AF_BLUETOOTH) 154 return -EINVAL; 155 156 memset(&la, 0, sizeof(la)); 157 len = min_t(unsigned int, sizeof(la), alen); 158 memcpy(&la, addr, len); 159 160 if (la.l2_cid && la.l2_psm) 161 return -EINVAL; 162 163 lock_sock(sk); 164 165 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) 166 && !(la.l2_psm || la.l2_cid)) { 167 err = -EINVAL; 168 goto done; 169 } 170 171 switch (chan->mode) { 172 case L2CAP_MODE_BASIC: 173 break; 174 case L2CAP_MODE_ERTM: 175 case L2CAP_MODE_STREAMING: 176 if (!disable_ertm) 177 break; 178 /* fall through */ 179 default: 180 err = -ENOTSUPP; 181 goto done; 182 } 183 184 switch (sk->sk_state) { 185 case BT_CONNECT: 186 case BT_CONNECT2: 187 case BT_CONFIG: 188 /* Already connecting */ 189 goto wait; 190 191 case BT_CONNECTED: 192 /* Already connected */ 193 err = -EISCONN; 194 goto done; 195 196 case BT_OPEN: 197 case BT_BOUND: 198 /* Can connect */ 199 break; 200 201 default: 202 err = -EBADFD; 203 goto done; 204 } 205 206 /* PSM must be odd and lsb of upper byte must be 0 */ 207 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && 208 sk->sk_type != SOCK_RAW && !la.l2_cid) { 209 err = -EINVAL; 210 goto done; 211 } 212 213 /* Set destination address and psm */ 214 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 215 chan->psm = la.l2_psm; 216 chan->dcid = la.l2_cid; 217 218 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 219 if (err) 220 goto done; 221 222 wait: 223 err = bt_sock_wait_state(sk, BT_CONNECTED, 224 sock_sndtimeo(sk, flags & O_NONBLOCK)); 225 done: 226 release_sock(sk); 227 return err; 228 } 229 230 static int l2cap_sock_listen(struct socket *sock, int backlog) 231 { 232 struct sock *sk = sock->sk; 233 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 234 int err = 0; 235 236 BT_DBG("sk %p backlog %d", sk, backlog); 237 238 lock_sock(sk); 239 240 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 241 || sk->sk_state != BT_BOUND) { 242 err = -EBADFD; 243 goto done; 244 } 245 246 switch (chan->mode) { 247 case L2CAP_MODE_BASIC: 248 break; 249 case L2CAP_MODE_ERTM: 250 case L2CAP_MODE_STREAMING: 251 if (!disable_ertm) 252 break; 253 /* fall through */ 254 default: 255 err = -ENOTSUPP; 256 goto done; 257 } 258 259 sk->sk_max_ack_backlog = backlog; 260 sk->sk_ack_backlog = 0; 261 sk->sk_state = BT_LISTEN; 262 263 done: 264 release_sock(sk); 265 return err; 266 } 267 268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 269 { 270 DECLARE_WAITQUEUE(wait, current); 271 struct sock *sk = sock->sk, *nsk; 272 long timeo; 273 int err = 0; 274 275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 276 277 if (sk->sk_state != BT_LISTEN) { 278 err = -EBADFD; 279 goto done; 280 } 281 282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 283 284 BT_DBG("sk %p timeo %ld", sk, timeo); 285 286 /* Wait for an incoming connection. (wake-one). */ 287 add_wait_queue_exclusive(sk_sleep(sk), &wait); 288 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 289 set_current_state(TASK_INTERRUPTIBLE); 290 if (!timeo) { 291 err = -EAGAIN; 292 break; 293 } 294 295 release_sock(sk); 296 timeo = schedule_timeout(timeo); 297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 298 299 if (sk->sk_state != BT_LISTEN) { 300 err = -EBADFD; 301 break; 302 } 303 304 if (signal_pending(current)) { 305 err = sock_intr_errno(timeo); 306 break; 307 } 308 } 309 set_current_state(TASK_RUNNING); 310 remove_wait_queue(sk_sleep(sk), &wait); 311 312 if (err) 313 goto done; 314 315 newsock->state = SS_CONNECTED; 316 317 BT_DBG("new socket %p", nsk); 318 319 done: 320 release_sock(sk); 321 return err; 322 } 323 324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 325 { 326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 327 struct sock *sk = sock->sk; 328 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 329 330 BT_DBG("sock %p, sk %p", sock, sk); 331 332 addr->sa_family = AF_BLUETOOTH; 333 *len = sizeof(struct sockaddr_l2); 334 335 if (peer) { 336 la->l2_psm = chan->psm; 337 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 338 la->l2_cid = cpu_to_le16(chan->dcid); 339 } else { 340 la->l2_psm = chan->sport; 341 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 342 la->l2_cid = cpu_to_le16(chan->scid); 343 } 344 345 return 0; 346 } 347 348 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 349 { 350 struct sock *sk = sock->sk; 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 352 struct l2cap_options opts; 353 struct l2cap_conninfo cinfo; 354 int len, err = 0; 355 u32 opt; 356 357 BT_DBG("sk %p", sk); 358 359 if (get_user(len, optlen)) 360 return -EFAULT; 361 362 lock_sock(sk); 363 364 switch (optname) { 365 case L2CAP_OPTIONS: 366 memset(&opts, 0, sizeof(opts)); 367 opts.imtu = chan->imtu; 368 opts.omtu = chan->omtu; 369 opts.flush_to = chan->flush_to; 370 opts.mode = chan->mode; 371 opts.fcs = chan->fcs; 372 opts.max_tx = chan->max_tx; 373 opts.txwin_size = (__u16)chan->tx_win; 374 375 len = min_t(unsigned int, len, sizeof(opts)); 376 if (copy_to_user(optval, (char *) &opts, len)) 377 err = -EFAULT; 378 379 break; 380 381 case L2CAP_LM: 382 switch (chan->sec_level) { 383 case BT_SECURITY_LOW: 384 opt = L2CAP_LM_AUTH; 385 break; 386 case BT_SECURITY_MEDIUM: 387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 388 break; 389 case BT_SECURITY_HIGH: 390 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 391 L2CAP_LM_SECURE; 392 break; 393 default: 394 opt = 0; 395 break; 396 } 397 398 if (chan->role_switch) 399 opt |= L2CAP_LM_MASTER; 400 401 if (chan->force_reliable) 402 opt |= L2CAP_LM_RELIABLE; 403 404 if (put_user(opt, (u32 __user *) optval)) 405 err = -EFAULT; 406 break; 407 408 case L2CAP_CONNINFO: 409 if (sk->sk_state != BT_CONNECTED && 410 !(sk->sk_state == BT_CONNECT2 && 411 bt_sk(sk)->defer_setup)) { 412 err = -ENOTCONN; 413 break; 414 } 415 416 cinfo.hci_handle = chan->conn->hcon->handle; 417 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 418 419 len = min_t(unsigned int, len, sizeof(cinfo)); 420 if (copy_to_user(optval, (char *) &cinfo, len)) 421 err = -EFAULT; 422 423 break; 424 425 default: 426 err = -ENOPROTOOPT; 427 break; 428 } 429 430 release_sock(sk); 431 return err; 432 } 433 434 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 435 { 436 struct sock *sk = sock->sk; 437 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 438 struct bt_security sec; 439 int len, err = 0; 440 441 BT_DBG("sk %p", sk); 442 443 if (level == SOL_L2CAP) 444 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 445 446 if (level != SOL_BLUETOOTH) 447 return -ENOPROTOOPT; 448 449 if (get_user(len, optlen)) 450 return -EFAULT; 451 452 lock_sock(sk); 453 454 switch (optname) { 455 case BT_SECURITY: 456 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 457 && sk->sk_type != SOCK_RAW) { 458 err = -EINVAL; 459 break; 460 } 461 462 sec.level = chan->sec_level; 463 464 len = min_t(unsigned int, len, sizeof(sec)); 465 if (copy_to_user(optval, (char *) &sec, len)) 466 err = -EFAULT; 467 468 break; 469 470 case BT_DEFER_SETUP: 471 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 472 err = -EINVAL; 473 break; 474 } 475 476 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 477 err = -EFAULT; 478 479 break; 480 481 case BT_FLUSHABLE: 482 if (put_user(chan->flushable, (u32 __user *) optval)) 483 err = -EFAULT; 484 485 break; 486 487 default: 488 err = -ENOPROTOOPT; 489 break; 490 } 491 492 release_sock(sk); 493 return err; 494 } 495 496 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 497 { 498 struct sock *sk = sock->sk; 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 500 struct l2cap_options opts; 501 int len, err = 0; 502 u32 opt; 503 504 BT_DBG("sk %p", sk); 505 506 lock_sock(sk); 507 508 switch (optname) { 509 case L2CAP_OPTIONS: 510 if (sk->sk_state == BT_CONNECTED) { 511 err = -EINVAL; 512 break; 513 } 514 515 opts.imtu = chan->imtu; 516 opts.omtu = chan->omtu; 517 opts.flush_to = chan->flush_to; 518 opts.mode = chan->mode; 519 opts.fcs = chan->fcs; 520 opts.max_tx = chan->max_tx; 521 opts.txwin_size = (__u16)chan->tx_win; 522 523 len = min_t(unsigned int, sizeof(opts), optlen); 524 if (copy_from_user((char *) &opts, optval, len)) { 525 err = -EFAULT; 526 break; 527 } 528 529 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 530 err = -EINVAL; 531 break; 532 } 533 534 chan->mode = opts.mode; 535 switch (chan->mode) { 536 case L2CAP_MODE_BASIC: 537 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; 538 break; 539 case L2CAP_MODE_ERTM: 540 case L2CAP_MODE_STREAMING: 541 if (!disable_ertm) 542 break; 543 /* fall through */ 544 default: 545 err = -EINVAL; 546 break; 547 } 548 549 chan->imtu = opts.imtu; 550 chan->omtu = opts.omtu; 551 chan->fcs = opts.fcs; 552 chan->max_tx = opts.max_tx; 553 chan->tx_win = (__u8)opts.txwin_size; 554 break; 555 556 case L2CAP_LM: 557 if (get_user(opt, (u32 __user *) optval)) { 558 err = -EFAULT; 559 break; 560 } 561 562 if (opt & L2CAP_LM_AUTH) 563 chan->sec_level = BT_SECURITY_LOW; 564 if (opt & L2CAP_LM_ENCRYPT) 565 chan->sec_level = BT_SECURITY_MEDIUM; 566 if (opt & L2CAP_LM_SECURE) 567 chan->sec_level = BT_SECURITY_HIGH; 568 569 chan->role_switch = (opt & L2CAP_LM_MASTER); 570 chan->force_reliable = (opt & L2CAP_LM_RELIABLE); 571 break; 572 573 default: 574 err = -ENOPROTOOPT; 575 break; 576 } 577 578 release_sock(sk); 579 return err; 580 } 581 582 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 583 { 584 struct sock *sk = sock->sk; 585 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 586 struct bt_security sec; 587 int len, err = 0; 588 u32 opt; 589 590 BT_DBG("sk %p", sk); 591 592 if (level == SOL_L2CAP) 593 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 594 595 if (level != SOL_BLUETOOTH) 596 return -ENOPROTOOPT; 597 598 lock_sock(sk); 599 600 switch (optname) { 601 case BT_SECURITY: 602 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 603 && sk->sk_type != SOCK_RAW) { 604 err = -EINVAL; 605 break; 606 } 607 608 sec.level = BT_SECURITY_LOW; 609 610 len = min_t(unsigned int, sizeof(sec), optlen); 611 if (copy_from_user((char *) &sec, optval, len)) { 612 err = -EFAULT; 613 break; 614 } 615 616 if (sec.level < BT_SECURITY_LOW || 617 sec.level > BT_SECURITY_HIGH) { 618 err = -EINVAL; 619 break; 620 } 621 622 chan->sec_level = sec.level; 623 break; 624 625 case BT_DEFER_SETUP: 626 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 627 err = -EINVAL; 628 break; 629 } 630 631 if (get_user(opt, (u32 __user *) optval)) { 632 err = -EFAULT; 633 break; 634 } 635 636 bt_sk(sk)->defer_setup = opt; 637 break; 638 639 case BT_FLUSHABLE: 640 if (get_user(opt, (u32 __user *) optval)) { 641 err = -EFAULT; 642 break; 643 } 644 645 if (opt > BT_FLUSHABLE_ON) { 646 err = -EINVAL; 647 break; 648 } 649 650 if (opt == BT_FLUSHABLE_OFF) { 651 struct l2cap_conn *conn = chan->conn; 652 /* proceed further only when we have l2cap_conn and 653 No Flush support in the LM */ 654 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 655 err = -EINVAL; 656 break; 657 } 658 } 659 660 chan->flushable = opt; 661 break; 662 663 default: 664 err = -ENOPROTOOPT; 665 break; 666 } 667 668 release_sock(sk); 669 return err; 670 } 671 672 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 673 { 674 struct sock *sk = sock->sk; 675 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 676 struct sk_buff *skb; 677 u16 control; 678 int err; 679 680 BT_DBG("sock %p, sk %p", sock, sk); 681 682 err = sock_error(sk); 683 if (err) 684 return err; 685 686 if (msg->msg_flags & MSG_OOB) 687 return -EOPNOTSUPP; 688 689 lock_sock(sk); 690 691 if (sk->sk_state != BT_CONNECTED) { 692 err = -ENOTCONN; 693 goto done; 694 } 695 696 /* Connectionless channel */ 697 if (sk->sk_type == SOCK_DGRAM) { 698 skb = l2cap_create_connless_pdu(chan, msg, len); 699 if (IS_ERR(skb)) { 700 err = PTR_ERR(skb); 701 } else { 702 l2cap_do_send(chan, skb); 703 err = len; 704 } 705 goto done; 706 } 707 708 switch (chan->mode) { 709 case L2CAP_MODE_BASIC: 710 /* Check outgoing MTU */ 711 if (len > chan->omtu) { 712 err = -EMSGSIZE; 713 goto done; 714 } 715 716 /* Create a basic PDU */ 717 skb = l2cap_create_basic_pdu(chan, msg, len); 718 if (IS_ERR(skb)) { 719 err = PTR_ERR(skb); 720 goto done; 721 } 722 723 l2cap_do_send(chan, skb); 724 err = len; 725 break; 726 727 case L2CAP_MODE_ERTM: 728 case L2CAP_MODE_STREAMING: 729 /* Entire SDU fits into one PDU */ 730 if (len <= chan->remote_mps) { 731 control = L2CAP_SDU_UNSEGMENTED; 732 skb = l2cap_create_iframe_pdu(chan, msg, len, control, 733 0); 734 if (IS_ERR(skb)) { 735 err = PTR_ERR(skb); 736 goto done; 737 } 738 __skb_queue_tail(&chan->tx_q, skb); 739 740 if (chan->tx_send_head == NULL) 741 chan->tx_send_head = skb; 742 743 } else { 744 /* Segment SDU into multiples PDUs */ 745 err = l2cap_sar_segment_sdu(chan, msg, len); 746 if (err < 0) 747 goto done; 748 } 749 750 if (chan->mode == L2CAP_MODE_STREAMING) { 751 l2cap_streaming_send(chan); 752 err = len; 753 break; 754 } 755 756 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && 757 (chan->conn_state & L2CAP_CONN_WAIT_F)) { 758 err = len; 759 break; 760 } 761 err = l2cap_ertm_send(chan); 762 763 if (err >= 0) 764 err = len; 765 break; 766 767 default: 768 BT_DBG("bad state %1.1x", chan->mode); 769 err = -EBADFD; 770 } 771 772 done: 773 release_sock(sk); 774 return err; 775 } 776 777 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 778 { 779 struct sock *sk = sock->sk; 780 781 lock_sock(sk); 782 783 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 784 sk->sk_state = BT_CONFIG; 785 786 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan); 787 release_sock(sk); 788 return 0; 789 } 790 791 release_sock(sk); 792 793 if (sock->type == SOCK_STREAM) 794 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 795 796 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 797 } 798 799 /* Kill socket (only if zapped and orphan) 800 * Must be called on unlocked socket. 801 */ 802 void l2cap_sock_kill(struct sock *sk) 803 { 804 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 805 return; 806 807 BT_DBG("sk %p state %d", sk, sk->sk_state); 808 809 /* Kill poor orphan */ 810 811 l2cap_chan_destroy(l2cap_pi(sk)->chan); 812 sock_set_flag(sk, SOCK_DEAD); 813 sock_put(sk); 814 } 815 816 /* Must be called on unlocked socket. */ 817 static void l2cap_sock_close(struct sock *sk) 818 { 819 l2cap_sock_clear_timer(sk); 820 lock_sock(sk); 821 __l2cap_sock_close(sk, ECONNRESET); 822 release_sock(sk); 823 l2cap_sock_kill(sk); 824 } 825 826 static void l2cap_sock_cleanup_listen(struct sock *parent) 827 { 828 struct sock *sk; 829 830 BT_DBG("parent %p", parent); 831 832 /* Close not yet accepted channels */ 833 while ((sk = bt_accept_dequeue(parent, NULL))) 834 l2cap_sock_close(sk); 835 836 parent->sk_state = BT_CLOSED; 837 sock_set_flag(parent, SOCK_ZAPPED); 838 } 839 840 void __l2cap_sock_close(struct sock *sk, int reason) 841 { 842 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 843 struct l2cap_conn *conn = chan->conn; 844 845 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 846 847 switch (sk->sk_state) { 848 case BT_LISTEN: 849 l2cap_sock_cleanup_listen(sk); 850 break; 851 852 case BT_CONNECTED: 853 case BT_CONFIG: 854 if ((sk->sk_type == SOCK_SEQPACKET || 855 sk->sk_type == SOCK_STREAM) && 856 conn->hcon->type == ACL_LINK) { 857 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 858 l2cap_send_disconn_req(conn, chan, reason); 859 } else 860 l2cap_chan_del(chan, reason); 861 break; 862 863 case BT_CONNECT2: 864 if ((sk->sk_type == SOCK_SEQPACKET || 865 sk->sk_type == SOCK_STREAM) && 866 conn->hcon->type == ACL_LINK) { 867 struct l2cap_conn_rsp rsp; 868 __u16 result; 869 870 if (bt_sk(sk)->defer_setup) 871 result = L2CAP_CR_SEC_BLOCK; 872 else 873 result = L2CAP_CR_BAD_PSM; 874 875 rsp.scid = cpu_to_le16(chan->dcid); 876 rsp.dcid = cpu_to_le16(chan->scid); 877 rsp.result = cpu_to_le16(result); 878 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 879 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 880 sizeof(rsp), &rsp); 881 } 882 883 l2cap_chan_del(chan, reason); 884 break; 885 886 case BT_CONNECT: 887 case BT_DISCONN: 888 l2cap_chan_del(chan, reason); 889 break; 890 891 default: 892 sock_set_flag(sk, SOCK_ZAPPED); 893 break; 894 } 895 } 896 897 static int l2cap_sock_shutdown(struct socket *sock, int how) 898 { 899 struct sock *sk = sock->sk; 900 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 901 int err = 0; 902 903 BT_DBG("sock %p, sk %p", sock, sk); 904 905 if (!sk) 906 return 0; 907 908 lock_sock(sk); 909 if (!sk->sk_shutdown) { 910 if (chan->mode == L2CAP_MODE_ERTM) 911 err = __l2cap_wait_ack(sk); 912 913 sk->sk_shutdown = SHUTDOWN_MASK; 914 l2cap_sock_clear_timer(sk); 915 __l2cap_sock_close(sk, 0); 916 917 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 918 err = bt_sock_wait_state(sk, BT_CLOSED, 919 sk->sk_lingertime); 920 } 921 922 if (!err && sk->sk_err) 923 err = -sk->sk_err; 924 925 release_sock(sk); 926 return err; 927 } 928 929 static int l2cap_sock_release(struct socket *sock) 930 { 931 struct sock *sk = sock->sk; 932 int err; 933 934 BT_DBG("sock %p, sk %p", sock, sk); 935 936 if (!sk) 937 return 0; 938 939 err = l2cap_sock_shutdown(sock, 2); 940 941 sock_orphan(sk); 942 l2cap_sock_kill(sk); 943 return err; 944 } 945 946 static void l2cap_sock_destruct(struct sock *sk) 947 { 948 BT_DBG("sk %p", sk); 949 950 skb_queue_purge(&sk->sk_receive_queue); 951 skb_queue_purge(&sk->sk_write_queue); 952 } 953 954 void l2cap_sock_init(struct sock *sk, struct sock *parent) 955 { 956 struct l2cap_pinfo *pi = l2cap_pi(sk); 957 struct l2cap_chan *chan = pi->chan; 958 959 BT_DBG("sk %p", sk); 960 961 if (parent) { 962 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 963 964 sk->sk_type = parent->sk_type; 965 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 966 967 chan->imtu = pchan->imtu; 968 chan->omtu = pchan->omtu; 969 chan->conf_state = pchan->conf_state; 970 chan->mode = pchan->mode; 971 chan->fcs = pchan->fcs; 972 chan->max_tx = pchan->max_tx; 973 chan->tx_win = pchan->tx_win; 974 chan->sec_level = pchan->sec_level; 975 chan->role_switch = pchan->role_switch; 976 chan->force_reliable = pchan->force_reliable; 977 chan->flushable = pchan->flushable; 978 } else { 979 chan->imtu = L2CAP_DEFAULT_MTU; 980 chan->omtu = 0; 981 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 982 chan->mode = L2CAP_MODE_ERTM; 983 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE; 984 } else { 985 chan->mode = L2CAP_MODE_BASIC; 986 } 987 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 988 chan->fcs = L2CAP_FCS_CRC16; 989 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 990 chan->sec_level = BT_SECURITY_LOW; 991 chan->role_switch = 0; 992 chan->force_reliable = 0; 993 chan->flushable = BT_FLUSHABLE_OFF; 994 } 995 996 /* Default config options */ 997 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 998 } 999 1000 static struct proto l2cap_proto = { 1001 .name = "L2CAP", 1002 .owner = THIS_MODULE, 1003 .obj_size = sizeof(struct l2cap_pinfo) 1004 }; 1005 1006 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1007 { 1008 struct sock *sk; 1009 1010 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1011 if (!sk) 1012 return NULL; 1013 1014 sock_init_data(sock, sk); 1015 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1016 1017 sk->sk_destruct = l2cap_sock_destruct; 1018 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 1019 1020 sock_reset_flag(sk, SOCK_ZAPPED); 1021 1022 sk->sk_protocol = proto; 1023 sk->sk_state = BT_OPEN; 1024 1025 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); 1026 1027 return sk; 1028 } 1029 1030 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1031 int kern) 1032 { 1033 struct sock *sk; 1034 struct l2cap_chan *chan; 1035 1036 BT_DBG("sock %p", sock); 1037 1038 sock->state = SS_UNCONNECTED; 1039 1040 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1041 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1042 return -ESOCKTNOSUPPORT; 1043 1044 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1045 return -EPERM; 1046 1047 sock->ops = &l2cap_sock_ops; 1048 1049 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1050 if (!sk) 1051 return -ENOMEM; 1052 1053 chan = l2cap_chan_create(sk); 1054 if (!chan) { 1055 l2cap_sock_kill(sk); 1056 return -ENOMEM; 1057 } 1058 1059 l2cap_pi(sk)->chan = chan; 1060 1061 l2cap_sock_init(sk, NULL); 1062 return 0; 1063 } 1064 1065 static const struct proto_ops l2cap_sock_ops = { 1066 .family = PF_BLUETOOTH, 1067 .owner = THIS_MODULE, 1068 .release = l2cap_sock_release, 1069 .bind = l2cap_sock_bind, 1070 .connect = l2cap_sock_connect, 1071 .listen = l2cap_sock_listen, 1072 .accept = l2cap_sock_accept, 1073 .getname = l2cap_sock_getname, 1074 .sendmsg = l2cap_sock_sendmsg, 1075 .recvmsg = l2cap_sock_recvmsg, 1076 .poll = bt_sock_poll, 1077 .ioctl = bt_sock_ioctl, 1078 .mmap = sock_no_mmap, 1079 .socketpair = sock_no_socketpair, 1080 .shutdown = l2cap_sock_shutdown, 1081 .setsockopt = l2cap_sock_setsockopt, 1082 .getsockopt = l2cap_sock_getsockopt 1083 }; 1084 1085 static const struct net_proto_family l2cap_sock_family_ops = { 1086 .family = PF_BLUETOOTH, 1087 .owner = THIS_MODULE, 1088 .create = l2cap_sock_create, 1089 }; 1090 1091 int __init l2cap_init_sockets(void) 1092 { 1093 int err; 1094 1095 err = proto_register(&l2cap_proto, 0); 1096 if (err < 0) 1097 return err; 1098 1099 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1100 if (err < 0) 1101 goto error; 1102 1103 BT_INFO("L2CAP socket layer initialized"); 1104 1105 return 0; 1106 1107 error: 1108 BT_ERR("L2CAP socket registration failed"); 1109 proto_unregister(&l2cap_proto); 1110 return err; 1111 } 1112 1113 void l2cap_cleanup_sockets(void) 1114 { 1115 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1116 BT_ERR("L2CAP socket unregistration failed"); 1117 1118 proto_unregister(&l2cap_proto); 1119 } 1120