1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License version 2 as 11 published by the Free Software Foundation; 12 13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 24 SOFTWARE IS DISCLAIMED. 25 */ 26 27 /* Bluetooth L2CAP sockets. */ 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/l2cap.h> 32 #include <net/bluetooth/smp.h> 33 34 static const struct proto_ops l2cap_sock_ops; 35 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 36 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 37 38 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 39 { 40 struct sock *sk = sock->sk; 41 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 42 struct sockaddr_l2 la; 43 int len, err = 0; 44 45 BT_DBG("sk %p", sk); 46 47 if (!addr || addr->sa_family != AF_BLUETOOTH) 48 return -EINVAL; 49 50 memset(&la, 0, sizeof(la)); 51 len = min_t(unsigned int, sizeof(la), alen); 52 memcpy(&la, addr, len); 53 54 if (la.l2_cid && la.l2_psm) 55 return -EINVAL; 56 57 lock_sock(sk); 58 59 if (sk->sk_state != BT_OPEN) { 60 err = -EBADFD; 61 goto done; 62 } 63 64 if (la.l2_psm) { 65 __u16 psm = __le16_to_cpu(la.l2_psm); 66 67 /* PSM must be odd and lsb of upper byte must be 0 */ 68 if ((psm & 0x0101) != 0x0001) { 69 err = -EINVAL; 70 goto done; 71 } 72 73 /* Restrict usage of well-known PSMs */ 74 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 75 err = -EACCES; 76 goto done; 77 } 78 } 79 80 if (la.l2_cid) 81 err = l2cap_add_scid(chan, la.l2_cid); 82 else 83 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 84 85 if (err < 0) 86 goto done; 87 88 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 89 __le16_to_cpu(la.l2_psm) == 0x0003) 90 chan->sec_level = BT_SECURITY_SDP; 91 92 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 93 94 chan->state = BT_BOUND; 95 sk->sk_state = BT_BOUND; 96 97 done: 98 release_sock(sk); 99 return err; 100 } 101 102 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 103 { 104 struct sock *sk = sock->sk; 105 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 106 struct sockaddr_l2 la; 107 int len, err = 0; 108 109 BT_DBG("sk %p", sk); 110 111 if (!addr || alen < sizeof(addr->sa_family) || 112 addr->sa_family != AF_BLUETOOTH) 113 return -EINVAL; 114 115 memset(&la, 0, sizeof(la)); 116 len = min_t(unsigned int, sizeof(la), alen); 117 memcpy(&la, addr, len); 118 119 if (la.l2_cid && la.l2_psm) 120 return -EINVAL; 121 122 lock_sock(sk); 123 124 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED 125 && !(la.l2_psm || la.l2_cid)) { 126 err = -EINVAL; 127 goto done; 128 } 129 130 switch (chan->mode) { 131 case L2CAP_MODE_BASIC: 132 break; 133 case L2CAP_MODE_ERTM: 134 case L2CAP_MODE_STREAMING: 135 if (!disable_ertm) 136 break; 137 /* fall through */ 138 default: 139 err = -ENOTSUPP; 140 goto done; 141 } 142 143 switch (sk->sk_state) { 144 case BT_CONNECT: 145 case BT_CONNECT2: 146 case BT_CONFIG: 147 /* Already connecting */ 148 goto wait; 149 150 case BT_CONNECTED: 151 /* Already connected */ 152 err = -EISCONN; 153 goto done; 154 155 case BT_OPEN: 156 case BT_BOUND: 157 /* Can connect */ 158 break; 159 160 default: 161 err = -EBADFD; 162 goto done; 163 } 164 165 /* PSM must be odd and lsb of upper byte must be 0 */ 166 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid && 167 chan->chan_type != L2CAP_CHAN_RAW) { 168 err = -EINVAL; 169 goto done; 170 } 171 172 /* Set destination address and psm */ 173 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 174 chan->psm = la.l2_psm; 175 chan->dcid = la.l2_cid; 176 177 err = l2cap_chan_connect(l2cap_pi(sk)->chan); 178 if (err) 179 goto done; 180 181 wait: 182 err = bt_sock_wait_state(sk, BT_CONNECTED, 183 sock_sndtimeo(sk, flags & O_NONBLOCK)); 184 done: 185 release_sock(sk); 186 return err; 187 } 188 189 static int l2cap_sock_listen(struct socket *sock, int backlog) 190 { 191 struct sock *sk = sock->sk; 192 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 193 int err = 0; 194 195 BT_DBG("sk %p backlog %d", sk, backlog); 196 197 lock_sock(sk); 198 199 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 200 || sk->sk_state != BT_BOUND) { 201 err = -EBADFD; 202 goto done; 203 } 204 205 switch (chan->mode) { 206 case L2CAP_MODE_BASIC: 207 break; 208 case L2CAP_MODE_ERTM: 209 case L2CAP_MODE_STREAMING: 210 if (!disable_ertm) 211 break; 212 /* fall through */ 213 default: 214 err = -ENOTSUPP; 215 goto done; 216 } 217 218 sk->sk_max_ack_backlog = backlog; 219 sk->sk_ack_backlog = 0; 220 221 chan->state = BT_LISTEN; 222 sk->sk_state = BT_LISTEN; 223 224 done: 225 release_sock(sk); 226 return err; 227 } 228 229 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 230 { 231 DECLARE_WAITQUEUE(wait, current); 232 struct sock *sk = sock->sk, *nsk; 233 long timeo; 234 int err = 0; 235 236 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 237 238 if (sk->sk_state != BT_LISTEN) { 239 err = -EBADFD; 240 goto done; 241 } 242 243 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 244 245 BT_DBG("sk %p timeo %ld", sk, timeo); 246 247 /* Wait for an incoming connection. (wake-one). */ 248 add_wait_queue_exclusive(sk_sleep(sk), &wait); 249 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 250 set_current_state(TASK_INTERRUPTIBLE); 251 if (!timeo) { 252 err = -EAGAIN; 253 break; 254 } 255 256 release_sock(sk); 257 timeo = schedule_timeout(timeo); 258 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 259 260 if (sk->sk_state != BT_LISTEN) { 261 err = -EBADFD; 262 break; 263 } 264 265 if (signal_pending(current)) { 266 err = sock_intr_errno(timeo); 267 break; 268 } 269 } 270 set_current_state(TASK_RUNNING); 271 remove_wait_queue(sk_sleep(sk), &wait); 272 273 if (err) 274 goto done; 275 276 newsock->state = SS_CONNECTED; 277 278 BT_DBG("new socket %p", nsk); 279 280 done: 281 release_sock(sk); 282 return err; 283 } 284 285 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 286 { 287 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 288 struct sock *sk = sock->sk; 289 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 290 291 BT_DBG("sock %p, sk %p", sock, sk); 292 293 addr->sa_family = AF_BLUETOOTH; 294 *len = sizeof(struct sockaddr_l2); 295 296 if (peer) { 297 la->l2_psm = chan->psm; 298 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 299 la->l2_cid = cpu_to_le16(chan->dcid); 300 } else { 301 la->l2_psm = chan->sport; 302 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 303 la->l2_cid = cpu_to_le16(chan->scid); 304 } 305 306 return 0; 307 } 308 309 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 310 { 311 struct sock *sk = sock->sk; 312 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 313 struct l2cap_options opts; 314 struct l2cap_conninfo cinfo; 315 int len, err = 0; 316 u32 opt; 317 318 BT_DBG("sk %p", sk); 319 320 if (get_user(len, optlen)) 321 return -EFAULT; 322 323 lock_sock(sk); 324 325 switch (optname) { 326 case L2CAP_OPTIONS: 327 memset(&opts, 0, sizeof(opts)); 328 opts.imtu = chan->imtu; 329 opts.omtu = chan->omtu; 330 opts.flush_to = chan->flush_to; 331 opts.mode = chan->mode; 332 opts.fcs = chan->fcs; 333 opts.max_tx = chan->max_tx; 334 opts.txwin_size = (__u16)chan->tx_win; 335 336 len = min_t(unsigned int, len, sizeof(opts)); 337 if (copy_to_user(optval, (char *) &opts, len)) 338 err = -EFAULT; 339 340 break; 341 342 case L2CAP_LM: 343 switch (chan->sec_level) { 344 case BT_SECURITY_LOW: 345 opt = L2CAP_LM_AUTH; 346 break; 347 case BT_SECURITY_MEDIUM: 348 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 349 break; 350 case BT_SECURITY_HIGH: 351 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 352 L2CAP_LM_SECURE; 353 break; 354 default: 355 opt = 0; 356 break; 357 } 358 359 if (chan->role_switch) 360 opt |= L2CAP_LM_MASTER; 361 362 if (chan->force_reliable) 363 opt |= L2CAP_LM_RELIABLE; 364 365 if (put_user(opt, (u32 __user *) optval)) 366 err = -EFAULT; 367 break; 368 369 case L2CAP_CONNINFO: 370 if (sk->sk_state != BT_CONNECTED && 371 !(sk->sk_state == BT_CONNECT2 && 372 bt_sk(sk)->defer_setup)) { 373 err = -ENOTCONN; 374 break; 375 } 376 377 memset(&cinfo, 0, sizeof(cinfo)); 378 cinfo.hci_handle = chan->conn->hcon->handle; 379 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 380 381 len = min_t(unsigned int, len, sizeof(cinfo)); 382 if (copy_to_user(optval, (char *) &cinfo, len)) 383 err = -EFAULT; 384 385 break; 386 387 default: 388 err = -ENOPROTOOPT; 389 break; 390 } 391 392 release_sock(sk); 393 return err; 394 } 395 396 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 397 { 398 struct sock *sk = sock->sk; 399 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 400 struct bt_security sec; 401 struct bt_power pwr; 402 int len, err = 0; 403 404 BT_DBG("sk %p", sk); 405 406 if (level == SOL_L2CAP) 407 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 408 409 if (level != SOL_BLUETOOTH) 410 return -ENOPROTOOPT; 411 412 if (get_user(len, optlen)) 413 return -EFAULT; 414 415 lock_sock(sk); 416 417 switch (optname) { 418 case BT_SECURITY: 419 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 420 chan->chan_type != L2CAP_CHAN_RAW) { 421 err = -EINVAL; 422 break; 423 } 424 425 memset(&sec, 0, sizeof(sec)); 426 sec.level = chan->sec_level; 427 428 if (sk->sk_state == BT_CONNECTED) 429 sec.key_size = chan->conn->hcon->enc_key_size; 430 431 len = min_t(unsigned int, len, sizeof(sec)); 432 if (copy_to_user(optval, (char *) &sec, len)) 433 err = -EFAULT; 434 435 break; 436 437 case BT_DEFER_SETUP: 438 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 439 err = -EINVAL; 440 break; 441 } 442 443 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 444 err = -EFAULT; 445 446 break; 447 448 case BT_FLUSHABLE: 449 if (put_user(chan->flushable, (u32 __user *) optval)) 450 err = -EFAULT; 451 452 break; 453 454 case BT_POWER: 455 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 456 && sk->sk_type != SOCK_RAW) { 457 err = -EINVAL; 458 break; 459 } 460 461 pwr.force_active = chan->force_active; 462 463 len = min_t(unsigned int, len, sizeof(pwr)); 464 if (copy_to_user(optval, (char *) &pwr, len)) 465 err = -EFAULT; 466 467 break; 468 469 default: 470 err = -ENOPROTOOPT; 471 break; 472 } 473 474 release_sock(sk); 475 return err; 476 } 477 478 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 479 { 480 struct sock *sk = sock->sk; 481 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 482 struct l2cap_options opts; 483 int len, err = 0; 484 u32 opt; 485 486 BT_DBG("sk %p", sk); 487 488 lock_sock(sk); 489 490 switch (optname) { 491 case L2CAP_OPTIONS: 492 if (sk->sk_state == BT_CONNECTED) { 493 err = -EINVAL; 494 break; 495 } 496 497 opts.imtu = chan->imtu; 498 opts.omtu = chan->omtu; 499 opts.flush_to = chan->flush_to; 500 opts.mode = chan->mode; 501 opts.fcs = chan->fcs; 502 opts.max_tx = chan->max_tx; 503 opts.txwin_size = (__u16)chan->tx_win; 504 505 len = min_t(unsigned int, sizeof(opts), optlen); 506 if (copy_from_user((char *) &opts, optval, len)) { 507 err = -EFAULT; 508 break; 509 } 510 511 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) { 512 err = -EINVAL; 513 break; 514 } 515 516 chan->mode = opts.mode; 517 switch (chan->mode) { 518 case L2CAP_MODE_BASIC: 519 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 520 break; 521 case L2CAP_MODE_ERTM: 522 case L2CAP_MODE_STREAMING: 523 if (!disable_ertm) 524 break; 525 /* fall through */ 526 default: 527 err = -EINVAL; 528 break; 529 } 530 531 chan->imtu = opts.imtu; 532 chan->omtu = opts.omtu; 533 chan->fcs = opts.fcs; 534 chan->max_tx = opts.max_tx; 535 chan->tx_win = (__u8)opts.txwin_size; 536 break; 537 538 case L2CAP_LM: 539 if (get_user(opt, (u32 __user *) optval)) { 540 err = -EFAULT; 541 break; 542 } 543 544 if (opt & L2CAP_LM_AUTH) 545 chan->sec_level = BT_SECURITY_LOW; 546 if (opt & L2CAP_LM_ENCRYPT) 547 chan->sec_level = BT_SECURITY_MEDIUM; 548 if (opt & L2CAP_LM_SECURE) 549 chan->sec_level = BT_SECURITY_HIGH; 550 551 chan->role_switch = (opt & L2CAP_LM_MASTER); 552 chan->force_reliable = (opt & L2CAP_LM_RELIABLE); 553 break; 554 555 default: 556 err = -ENOPROTOOPT; 557 break; 558 } 559 560 release_sock(sk); 561 return err; 562 } 563 564 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 565 { 566 struct sock *sk = sock->sk; 567 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 568 struct bt_security sec; 569 struct bt_power pwr; 570 struct l2cap_conn *conn; 571 int len, err = 0; 572 u32 opt; 573 574 BT_DBG("sk %p", sk); 575 576 if (level == SOL_L2CAP) 577 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 578 579 if (level != SOL_BLUETOOTH) 580 return -ENOPROTOOPT; 581 582 lock_sock(sk); 583 584 switch (optname) { 585 case BT_SECURITY: 586 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 587 chan->chan_type != L2CAP_CHAN_RAW) { 588 err = -EINVAL; 589 break; 590 } 591 592 sec.level = BT_SECURITY_LOW; 593 594 len = min_t(unsigned int, sizeof(sec), optlen); 595 if (copy_from_user((char *) &sec, optval, len)) { 596 err = -EFAULT; 597 break; 598 } 599 600 if (sec.level < BT_SECURITY_LOW || 601 sec.level > BT_SECURITY_HIGH) { 602 err = -EINVAL; 603 break; 604 } 605 606 chan->sec_level = sec.level; 607 608 conn = chan->conn; 609 if (conn && chan->scid == L2CAP_CID_LE_DATA) { 610 if (!conn->hcon->out) { 611 err = -EINVAL; 612 break; 613 } 614 615 if (smp_conn_security(conn, sec.level)) 616 break; 617 618 err = 0; 619 sk->sk_state = BT_CONFIG; 620 } 621 break; 622 623 case BT_DEFER_SETUP: 624 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 625 err = -EINVAL; 626 break; 627 } 628 629 if (get_user(opt, (u32 __user *) optval)) { 630 err = -EFAULT; 631 break; 632 } 633 634 bt_sk(sk)->defer_setup = opt; 635 break; 636 637 case BT_FLUSHABLE: 638 if (get_user(opt, (u32 __user *) optval)) { 639 err = -EFAULT; 640 break; 641 } 642 643 if (opt > BT_FLUSHABLE_ON) { 644 err = -EINVAL; 645 break; 646 } 647 648 if (opt == BT_FLUSHABLE_OFF) { 649 struct l2cap_conn *conn = chan->conn; 650 /* proceed further only when we have l2cap_conn and 651 No Flush support in the LM */ 652 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 653 err = -EINVAL; 654 break; 655 } 656 } 657 658 chan->flushable = opt; 659 break; 660 661 case BT_POWER: 662 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 663 chan->chan_type != L2CAP_CHAN_RAW) { 664 err = -EINVAL; 665 break; 666 } 667 668 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 669 670 len = min_t(unsigned int, sizeof(pwr), optlen); 671 if (copy_from_user((char *) &pwr, optval, len)) { 672 err = -EFAULT; 673 break; 674 } 675 chan->force_active = pwr.force_active; 676 break; 677 678 default: 679 err = -ENOPROTOOPT; 680 break; 681 } 682 683 release_sock(sk); 684 return err; 685 } 686 687 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 688 { 689 struct sock *sk = sock->sk; 690 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 691 int err; 692 693 BT_DBG("sock %p, sk %p", sock, sk); 694 695 err = sock_error(sk); 696 if (err) 697 return err; 698 699 if (msg->msg_flags & MSG_OOB) 700 return -EOPNOTSUPP; 701 702 lock_sock(sk); 703 704 if (sk->sk_state != BT_CONNECTED) { 705 release_sock(sk); 706 return -ENOTCONN; 707 } 708 709 err = l2cap_chan_send(chan, msg, len); 710 711 release_sock(sk); 712 return err; 713 } 714 715 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 716 { 717 struct sock *sk = sock->sk; 718 struct l2cap_pinfo *pi = l2cap_pi(sk); 719 int err; 720 721 lock_sock(sk); 722 723 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 724 sk->sk_state = BT_CONFIG; 725 726 __l2cap_connect_rsp_defer(pi->chan); 727 release_sock(sk); 728 return 0; 729 } 730 731 release_sock(sk); 732 733 if (sock->type == SOCK_STREAM) 734 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 735 else 736 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 737 738 if (pi->chan->mode != L2CAP_MODE_ERTM) 739 return err; 740 741 /* Attempt to put pending rx data in the socket buffer */ 742 743 lock_sock(sk); 744 745 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 746 goto done; 747 748 if (pi->rx_busy_skb) { 749 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 750 pi->rx_busy_skb = NULL; 751 else 752 goto done; 753 } 754 755 /* Restore data flow when half of the receive buffer is 756 * available. This avoids resending large numbers of 757 * frames. 758 */ 759 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 760 l2cap_chan_busy(pi->chan, 0); 761 762 done: 763 release_sock(sk); 764 return err; 765 } 766 767 /* Kill socket (only if zapped and orphan) 768 * Must be called on unlocked socket. 769 */ 770 static void l2cap_sock_kill(struct sock *sk) 771 { 772 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 773 return; 774 775 BT_DBG("sk %p state %d", sk, sk->sk_state); 776 777 /* Kill poor orphan */ 778 779 l2cap_chan_destroy(l2cap_pi(sk)->chan); 780 sock_set_flag(sk, SOCK_DEAD); 781 sock_put(sk); 782 } 783 784 static int l2cap_sock_shutdown(struct socket *sock, int how) 785 { 786 struct sock *sk = sock->sk; 787 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 788 int err = 0; 789 790 BT_DBG("sock %p, sk %p", sock, sk); 791 792 if (!sk) 793 return 0; 794 795 lock_sock(sk); 796 if (!sk->sk_shutdown) { 797 if (chan->mode == L2CAP_MODE_ERTM) 798 err = __l2cap_wait_ack(sk); 799 800 sk->sk_shutdown = SHUTDOWN_MASK; 801 l2cap_chan_close(chan, 0); 802 803 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 804 err = bt_sock_wait_state(sk, BT_CLOSED, 805 sk->sk_lingertime); 806 } 807 808 if (!err && sk->sk_err) 809 err = -sk->sk_err; 810 811 release_sock(sk); 812 return err; 813 } 814 815 static int l2cap_sock_release(struct socket *sock) 816 { 817 struct sock *sk = sock->sk; 818 int err; 819 820 BT_DBG("sock %p, sk %p", sock, sk); 821 822 if (!sk) 823 return 0; 824 825 err = l2cap_sock_shutdown(sock, 2); 826 827 sock_orphan(sk); 828 l2cap_sock_kill(sk); 829 return err; 830 } 831 832 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 833 { 834 struct sock *sk, *parent = data; 835 836 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 837 GFP_ATOMIC); 838 if (!sk) 839 return NULL; 840 841 l2cap_sock_init(sk, parent); 842 843 return l2cap_pi(sk)->chan; 844 } 845 846 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 847 { 848 int err; 849 struct sock *sk = data; 850 struct l2cap_pinfo *pi = l2cap_pi(sk); 851 852 if (pi->rx_busy_skb) 853 return -ENOMEM; 854 855 err = sock_queue_rcv_skb(sk, skb); 856 857 /* For ERTM, handle one skb that doesn't fit into the recv 858 * buffer. This is important to do because the data frames 859 * have already been acked, so the skb cannot be discarded. 860 * 861 * Notify the l2cap core that the buffer is full, so the 862 * LOCAL_BUSY state is entered and no more frames are 863 * acked and reassembled until there is buffer space 864 * available. 865 */ 866 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 867 pi->rx_busy_skb = skb; 868 l2cap_chan_busy(pi->chan, 1); 869 err = 0; 870 } 871 872 return err; 873 } 874 875 static void l2cap_sock_close_cb(void *data) 876 { 877 struct sock *sk = data; 878 879 l2cap_sock_kill(sk); 880 } 881 882 static void l2cap_sock_state_change_cb(void *data, int state) 883 { 884 struct sock *sk = data; 885 886 sk->sk_state = state; 887 } 888 889 static struct l2cap_ops l2cap_chan_ops = { 890 .name = "L2CAP Socket Interface", 891 .new_connection = l2cap_sock_new_connection_cb, 892 .recv = l2cap_sock_recv_cb, 893 .close = l2cap_sock_close_cb, 894 .state_change = l2cap_sock_state_change_cb, 895 }; 896 897 static void l2cap_sock_destruct(struct sock *sk) 898 { 899 BT_DBG("sk %p", sk); 900 901 if (l2cap_pi(sk)->rx_busy_skb) { 902 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 903 l2cap_pi(sk)->rx_busy_skb = NULL; 904 } 905 906 skb_queue_purge(&sk->sk_receive_queue); 907 skb_queue_purge(&sk->sk_write_queue); 908 } 909 910 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 911 { 912 struct l2cap_pinfo *pi = l2cap_pi(sk); 913 struct l2cap_chan *chan = pi->chan; 914 915 BT_DBG("sk %p", sk); 916 917 if (parent) { 918 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 919 920 sk->sk_type = parent->sk_type; 921 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 922 923 chan->chan_type = pchan->chan_type; 924 chan->imtu = pchan->imtu; 925 chan->omtu = pchan->omtu; 926 chan->conf_state = pchan->conf_state; 927 chan->mode = pchan->mode; 928 chan->fcs = pchan->fcs; 929 chan->max_tx = pchan->max_tx; 930 chan->tx_win = pchan->tx_win; 931 chan->sec_level = pchan->sec_level; 932 chan->role_switch = pchan->role_switch; 933 chan->force_reliable = pchan->force_reliable; 934 chan->flushable = pchan->flushable; 935 chan->force_active = pchan->force_active; 936 } else { 937 938 switch (sk->sk_type) { 939 case SOCK_RAW: 940 chan->chan_type = L2CAP_CHAN_RAW; 941 break; 942 case SOCK_DGRAM: 943 chan->chan_type = L2CAP_CHAN_CONN_LESS; 944 break; 945 case SOCK_SEQPACKET: 946 case SOCK_STREAM: 947 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 948 break; 949 } 950 951 chan->imtu = L2CAP_DEFAULT_MTU; 952 chan->omtu = 0; 953 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 954 chan->mode = L2CAP_MODE_ERTM; 955 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 956 } else { 957 chan->mode = L2CAP_MODE_BASIC; 958 } 959 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 960 chan->fcs = L2CAP_FCS_CRC16; 961 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 962 chan->sec_level = BT_SECURITY_LOW; 963 chan->role_switch = 0; 964 chan->force_reliable = 0; 965 chan->flushable = BT_FLUSHABLE_OFF; 966 chan->force_active = BT_POWER_FORCE_ACTIVE_ON; 967 968 } 969 970 /* Default config options */ 971 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 972 973 chan->data = sk; 974 chan->ops = &l2cap_chan_ops; 975 } 976 977 static struct proto l2cap_proto = { 978 .name = "L2CAP", 979 .owner = THIS_MODULE, 980 .obj_size = sizeof(struct l2cap_pinfo) 981 }; 982 983 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 984 { 985 struct sock *sk; 986 struct l2cap_chan *chan; 987 988 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 989 if (!sk) 990 return NULL; 991 992 sock_init_data(sock, sk); 993 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 994 995 sk->sk_destruct = l2cap_sock_destruct; 996 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 997 998 sock_reset_flag(sk, SOCK_ZAPPED); 999 1000 sk->sk_protocol = proto; 1001 sk->sk_state = BT_OPEN; 1002 1003 chan = l2cap_chan_create(sk); 1004 if (!chan) { 1005 l2cap_sock_kill(sk); 1006 return NULL; 1007 } 1008 1009 l2cap_pi(sk)->chan = chan; 1010 1011 return sk; 1012 } 1013 1014 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1015 int kern) 1016 { 1017 struct sock *sk; 1018 1019 BT_DBG("sock %p", sock); 1020 1021 sock->state = SS_UNCONNECTED; 1022 1023 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1024 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1025 return -ESOCKTNOSUPPORT; 1026 1027 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1028 return -EPERM; 1029 1030 sock->ops = &l2cap_sock_ops; 1031 1032 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1033 if (!sk) 1034 return -ENOMEM; 1035 1036 l2cap_sock_init(sk, NULL); 1037 return 0; 1038 } 1039 1040 static const struct proto_ops l2cap_sock_ops = { 1041 .family = PF_BLUETOOTH, 1042 .owner = THIS_MODULE, 1043 .release = l2cap_sock_release, 1044 .bind = l2cap_sock_bind, 1045 .connect = l2cap_sock_connect, 1046 .listen = l2cap_sock_listen, 1047 .accept = l2cap_sock_accept, 1048 .getname = l2cap_sock_getname, 1049 .sendmsg = l2cap_sock_sendmsg, 1050 .recvmsg = l2cap_sock_recvmsg, 1051 .poll = bt_sock_poll, 1052 .ioctl = bt_sock_ioctl, 1053 .mmap = sock_no_mmap, 1054 .socketpair = sock_no_socketpair, 1055 .shutdown = l2cap_sock_shutdown, 1056 .setsockopt = l2cap_sock_setsockopt, 1057 .getsockopt = l2cap_sock_getsockopt 1058 }; 1059 1060 static const struct net_proto_family l2cap_sock_family_ops = { 1061 .family = PF_BLUETOOTH, 1062 .owner = THIS_MODULE, 1063 .create = l2cap_sock_create, 1064 }; 1065 1066 int __init l2cap_init_sockets(void) 1067 { 1068 int err; 1069 1070 err = proto_register(&l2cap_proto, 0); 1071 if (err < 0) 1072 return err; 1073 1074 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1075 if (err < 0) 1076 goto error; 1077 1078 BT_INFO("L2CAP socket layer initialized"); 1079 1080 return 0; 1081 1082 error: 1083 BT_ERR("L2CAP socket registration failed"); 1084 proto_unregister(&l2cap_proto); 1085 return err; 1086 } 1087 1088 void l2cap_cleanup_sockets(void) 1089 { 1090 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1091 BT_ERR("L2CAP socket unregistration failed"); 1092 1093 proto_unregister(&l2cap_proto); 1094 } 1095