1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/export.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/smp.h> 36 37 static struct bt_sock_list l2cap_sk_list = { 38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39 }; 40 41 static const struct proto_ops l2cap_sock_ops; 42 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 44 int proto, gfp_t prio); 45 46 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 47 { 48 struct sock *sk = sock->sk; 49 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 50 struct sockaddr_l2 la; 51 int len, err = 0; 52 53 BT_DBG("sk %p", sk); 54 55 if (!addr || addr->sa_family != AF_BLUETOOTH) 56 return -EINVAL; 57 58 memset(&la, 0, sizeof(la)); 59 len = min_t(unsigned int, sizeof(la), alen); 60 memcpy(&la, addr, len); 61 62 if (la.l2_cid && la.l2_psm) 63 return -EINVAL; 64 65 lock_sock(sk); 66 67 if (sk->sk_state != BT_OPEN) { 68 err = -EBADFD; 69 goto done; 70 } 71 72 if (la.l2_psm) { 73 __u16 psm = __le16_to_cpu(la.l2_psm); 74 75 /* PSM must be odd and lsb of upper byte must be 0 */ 76 if ((psm & 0x0101) != 0x0001) { 77 err = -EINVAL; 78 goto done; 79 } 80 81 /* Restrict usage of well-known PSMs */ 82 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 83 err = -EACCES; 84 goto done; 85 } 86 } 87 88 if (la.l2_cid) 89 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 90 else 91 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 92 93 if (err < 0) 94 goto done; 95 96 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 97 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 98 chan->sec_level = BT_SECURITY_SDP; 99 100 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 101 102 chan->state = BT_BOUND; 103 sk->sk_state = BT_BOUND; 104 105 done: 106 release_sock(sk); 107 return err; 108 } 109 110 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 111 int alen, int flags) 112 { 113 struct sock *sk = sock->sk; 114 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 115 struct sockaddr_l2 la; 116 int len, err = 0; 117 118 BT_DBG("sk %p", sk); 119 120 if (!addr || alen < sizeof(addr->sa_family) || 121 addr->sa_family != AF_BLUETOOTH) 122 return -EINVAL; 123 124 memset(&la, 0, sizeof(la)); 125 len = min_t(unsigned int, sizeof(la), alen); 126 memcpy(&la, addr, len); 127 128 if (la.l2_cid && la.l2_psm) 129 return -EINVAL; 130 131 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 132 &la.l2_bdaddr, la.l2_bdaddr_type); 133 if (err) 134 return err; 135 136 lock_sock(sk); 137 138 err = bt_sock_wait_state(sk, BT_CONNECTED, 139 sock_sndtimeo(sk, flags & O_NONBLOCK)); 140 141 release_sock(sk); 142 143 return err; 144 } 145 146 static int l2cap_sock_listen(struct socket *sock, int backlog) 147 { 148 struct sock *sk = sock->sk; 149 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 150 int err = 0; 151 152 BT_DBG("sk %p backlog %d", sk, backlog); 153 154 lock_sock(sk); 155 156 if (sk->sk_state != BT_BOUND) { 157 err = -EBADFD; 158 goto done; 159 } 160 161 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 162 err = -EINVAL; 163 goto done; 164 } 165 166 switch (chan->mode) { 167 case L2CAP_MODE_BASIC: 168 break; 169 case L2CAP_MODE_ERTM: 170 case L2CAP_MODE_STREAMING: 171 if (!disable_ertm) 172 break; 173 /* fall through */ 174 default: 175 err = -ENOTSUPP; 176 goto done; 177 } 178 179 sk->sk_max_ack_backlog = backlog; 180 sk->sk_ack_backlog = 0; 181 182 chan->state = BT_LISTEN; 183 sk->sk_state = BT_LISTEN; 184 185 done: 186 release_sock(sk); 187 return err; 188 } 189 190 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 191 int flags) 192 { 193 DECLARE_WAITQUEUE(wait, current); 194 struct sock *sk = sock->sk, *nsk; 195 long timeo; 196 int err = 0; 197 198 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 199 200 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 201 202 BT_DBG("sk %p timeo %ld", sk, timeo); 203 204 /* Wait for an incoming connection. (wake-one). */ 205 add_wait_queue_exclusive(sk_sleep(sk), &wait); 206 while (1) { 207 set_current_state(TASK_INTERRUPTIBLE); 208 209 if (sk->sk_state != BT_LISTEN) { 210 err = -EBADFD; 211 break; 212 } 213 214 nsk = bt_accept_dequeue(sk, newsock); 215 if (nsk) 216 break; 217 218 if (!timeo) { 219 err = -EAGAIN; 220 break; 221 } 222 223 if (signal_pending(current)) { 224 err = sock_intr_errno(timeo); 225 break; 226 } 227 228 release_sock(sk); 229 timeo = schedule_timeout(timeo); 230 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 231 } 232 __set_current_state(TASK_RUNNING); 233 remove_wait_queue(sk_sleep(sk), &wait); 234 235 if (err) 236 goto done; 237 238 newsock->state = SS_CONNECTED; 239 240 BT_DBG("new socket %p", nsk); 241 242 done: 243 release_sock(sk); 244 return err; 245 } 246 247 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 248 int *len, int peer) 249 { 250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 251 struct sock *sk = sock->sk; 252 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 253 254 BT_DBG("sock %p, sk %p", sock, sk); 255 256 memset(la, 0, sizeof(struct sockaddr_l2)); 257 addr->sa_family = AF_BLUETOOTH; 258 *len = sizeof(struct sockaddr_l2); 259 260 if (peer) { 261 la->l2_psm = chan->psm; 262 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 263 la->l2_cid = cpu_to_le16(chan->dcid); 264 } else { 265 la->l2_psm = chan->sport; 266 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 267 la->l2_cid = cpu_to_le16(chan->scid); 268 } 269 270 return 0; 271 } 272 273 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 274 char __user *optval, int __user *optlen) 275 { 276 struct sock *sk = sock->sk; 277 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 278 struct l2cap_options opts; 279 struct l2cap_conninfo cinfo; 280 int len, err = 0; 281 u32 opt; 282 283 BT_DBG("sk %p", sk); 284 285 if (get_user(len, optlen)) 286 return -EFAULT; 287 288 lock_sock(sk); 289 290 switch (optname) { 291 case L2CAP_OPTIONS: 292 memset(&opts, 0, sizeof(opts)); 293 opts.imtu = chan->imtu; 294 opts.omtu = chan->omtu; 295 opts.flush_to = chan->flush_to; 296 opts.mode = chan->mode; 297 opts.fcs = chan->fcs; 298 opts.max_tx = chan->max_tx; 299 opts.txwin_size = chan->tx_win; 300 301 len = min_t(unsigned int, len, sizeof(opts)); 302 if (copy_to_user(optval, (char *) &opts, len)) 303 err = -EFAULT; 304 305 break; 306 307 case L2CAP_LM: 308 switch (chan->sec_level) { 309 case BT_SECURITY_LOW: 310 opt = L2CAP_LM_AUTH; 311 break; 312 case BT_SECURITY_MEDIUM: 313 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 314 break; 315 case BT_SECURITY_HIGH: 316 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 317 L2CAP_LM_SECURE; 318 break; 319 default: 320 opt = 0; 321 break; 322 } 323 324 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 325 opt |= L2CAP_LM_MASTER; 326 327 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 328 opt |= L2CAP_LM_RELIABLE; 329 330 if (put_user(opt, (u32 __user *) optval)) 331 err = -EFAULT; 332 break; 333 334 case L2CAP_CONNINFO: 335 if (sk->sk_state != BT_CONNECTED && 336 !(sk->sk_state == BT_CONNECT2 && 337 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 338 err = -ENOTCONN; 339 break; 340 } 341 342 memset(&cinfo, 0, sizeof(cinfo)); 343 cinfo.hci_handle = chan->conn->hcon->handle; 344 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 345 346 len = min_t(unsigned int, len, sizeof(cinfo)); 347 if (copy_to_user(optval, (char *) &cinfo, len)) 348 err = -EFAULT; 349 350 break; 351 352 default: 353 err = -ENOPROTOOPT; 354 break; 355 } 356 357 release_sock(sk); 358 return err; 359 } 360 361 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 362 char __user *optval, int __user *optlen) 363 { 364 struct sock *sk = sock->sk; 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 366 struct bt_security sec; 367 struct bt_power pwr; 368 int len, err = 0; 369 370 BT_DBG("sk %p", sk); 371 372 if (level == SOL_L2CAP) 373 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 374 375 if (level != SOL_BLUETOOTH) 376 return -ENOPROTOOPT; 377 378 if (get_user(len, optlen)) 379 return -EFAULT; 380 381 lock_sock(sk); 382 383 switch (optname) { 384 case BT_SECURITY: 385 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 386 chan->chan_type != L2CAP_CHAN_RAW) { 387 err = -EINVAL; 388 break; 389 } 390 391 memset(&sec, 0, sizeof(sec)); 392 if (chan->conn) { 393 sec.level = chan->conn->hcon->sec_level; 394 395 if (sk->sk_state == BT_CONNECTED) 396 sec.key_size = chan->conn->hcon->enc_key_size; 397 } else { 398 sec.level = chan->sec_level; 399 } 400 401 len = min_t(unsigned int, len, sizeof(sec)); 402 if (copy_to_user(optval, (char *) &sec, len)) 403 err = -EFAULT; 404 405 break; 406 407 case BT_DEFER_SETUP: 408 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 409 err = -EINVAL; 410 break; 411 } 412 413 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 414 (u32 __user *) optval)) 415 err = -EFAULT; 416 417 break; 418 419 case BT_FLUSHABLE: 420 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 421 (u32 __user *) optval)) 422 err = -EFAULT; 423 424 break; 425 426 case BT_POWER: 427 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 428 && sk->sk_type != SOCK_RAW) { 429 err = -EINVAL; 430 break; 431 } 432 433 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 434 435 len = min_t(unsigned int, len, sizeof(pwr)); 436 if (copy_to_user(optval, (char *) &pwr, len)) 437 err = -EFAULT; 438 439 break; 440 441 case BT_CHANNEL_POLICY: 442 if (!enable_hs) { 443 err = -ENOPROTOOPT; 444 break; 445 } 446 447 if (put_user(chan->chan_policy, (u32 __user *) optval)) 448 err = -EFAULT; 449 break; 450 451 default: 452 err = -ENOPROTOOPT; 453 break; 454 } 455 456 release_sock(sk); 457 return err; 458 } 459 460 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 461 { 462 switch (chan->scid) { 463 case L2CAP_CID_LE_DATA: 464 if (mtu < L2CAP_LE_MIN_MTU) 465 return false; 466 break; 467 468 default: 469 if (mtu < L2CAP_DEFAULT_MIN_MTU) 470 return false; 471 } 472 473 return true; 474 } 475 476 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 477 char __user *optval, unsigned int optlen) 478 { 479 struct sock *sk = sock->sk; 480 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 481 struct l2cap_options opts; 482 int len, err = 0; 483 u32 opt; 484 485 BT_DBG("sk %p", sk); 486 487 lock_sock(sk); 488 489 switch (optname) { 490 case L2CAP_OPTIONS: 491 if (sk->sk_state == BT_CONNECTED) { 492 err = -EINVAL; 493 break; 494 } 495 496 opts.imtu = chan->imtu; 497 opts.omtu = chan->omtu; 498 opts.flush_to = chan->flush_to; 499 opts.mode = chan->mode; 500 opts.fcs = chan->fcs; 501 opts.max_tx = chan->max_tx; 502 opts.txwin_size = chan->tx_win; 503 504 len = min_t(unsigned int, sizeof(opts), optlen); 505 if (copy_from_user((char *) &opts, optval, len)) { 506 err = -EFAULT; 507 break; 508 } 509 510 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 511 err = -EINVAL; 512 break; 513 } 514 515 if (!l2cap_valid_mtu(chan, opts.imtu)) { 516 err = -EINVAL; 517 break; 518 } 519 520 chan->mode = opts.mode; 521 switch (chan->mode) { 522 case L2CAP_MODE_BASIC: 523 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 524 break; 525 case L2CAP_MODE_ERTM: 526 case L2CAP_MODE_STREAMING: 527 if (!disable_ertm) 528 break; 529 /* fall through */ 530 default: 531 err = -EINVAL; 532 break; 533 } 534 535 chan->imtu = opts.imtu; 536 chan->omtu = opts.omtu; 537 chan->fcs = opts.fcs; 538 chan->max_tx = opts.max_tx; 539 chan->tx_win = opts.txwin_size; 540 chan->flush_to = opts.flush_to; 541 break; 542 543 case L2CAP_LM: 544 if (get_user(opt, (u32 __user *) optval)) { 545 err = -EFAULT; 546 break; 547 } 548 549 if (opt & L2CAP_LM_AUTH) 550 chan->sec_level = BT_SECURITY_LOW; 551 if (opt & L2CAP_LM_ENCRYPT) 552 chan->sec_level = BT_SECURITY_MEDIUM; 553 if (opt & L2CAP_LM_SECURE) 554 chan->sec_level = BT_SECURITY_HIGH; 555 556 if (opt & L2CAP_LM_MASTER) 557 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 558 else 559 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 560 561 if (opt & L2CAP_LM_RELIABLE) 562 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 563 else 564 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 565 break; 566 567 default: 568 err = -ENOPROTOOPT; 569 break; 570 } 571 572 release_sock(sk); 573 return err; 574 } 575 576 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 577 char __user *optval, unsigned int optlen) 578 { 579 struct sock *sk = sock->sk; 580 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 581 struct bt_security sec; 582 struct bt_power pwr; 583 struct l2cap_conn *conn; 584 int len, err = 0; 585 u32 opt; 586 587 BT_DBG("sk %p", sk); 588 589 if (level == SOL_L2CAP) 590 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 591 592 if (level != SOL_BLUETOOTH) 593 return -ENOPROTOOPT; 594 595 lock_sock(sk); 596 597 switch (optname) { 598 case BT_SECURITY: 599 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 600 chan->chan_type != L2CAP_CHAN_RAW) { 601 err = -EINVAL; 602 break; 603 } 604 605 sec.level = BT_SECURITY_LOW; 606 607 len = min_t(unsigned int, sizeof(sec), optlen); 608 if (copy_from_user((char *) &sec, optval, len)) { 609 err = -EFAULT; 610 break; 611 } 612 613 if (sec.level < BT_SECURITY_LOW || 614 sec.level > BT_SECURITY_HIGH) { 615 err = -EINVAL; 616 break; 617 } 618 619 chan->sec_level = sec.level; 620 621 if (!chan->conn) 622 break; 623 624 conn = chan->conn; 625 626 /*change security for LE channels */ 627 if (chan->scid == L2CAP_CID_LE_DATA) { 628 if (!conn->hcon->out) { 629 err = -EINVAL; 630 break; 631 } 632 633 if (smp_conn_security(conn->hcon, sec.level)) 634 break; 635 sk->sk_state = BT_CONFIG; 636 chan->state = BT_CONFIG; 637 638 /* or for ACL link */ 639 } else if ((sk->sk_state == BT_CONNECT2 && 640 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 641 sk->sk_state == BT_CONNECTED) { 642 if (!l2cap_chan_check_security(chan)) 643 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 644 else 645 sk->sk_state_change(sk); 646 } else { 647 err = -EINVAL; 648 } 649 break; 650 651 case BT_DEFER_SETUP: 652 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 653 err = -EINVAL; 654 break; 655 } 656 657 if (get_user(opt, (u32 __user *) optval)) { 658 err = -EFAULT; 659 break; 660 } 661 662 if (opt) 663 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 664 else 665 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 666 break; 667 668 case BT_FLUSHABLE: 669 if (get_user(opt, (u32 __user *) optval)) { 670 err = -EFAULT; 671 break; 672 } 673 674 if (opt > BT_FLUSHABLE_ON) { 675 err = -EINVAL; 676 break; 677 } 678 679 if (opt == BT_FLUSHABLE_OFF) { 680 struct l2cap_conn *conn = chan->conn; 681 /* proceed further only when we have l2cap_conn and 682 No Flush support in the LM */ 683 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 684 err = -EINVAL; 685 break; 686 } 687 } 688 689 if (opt) 690 set_bit(FLAG_FLUSHABLE, &chan->flags); 691 else 692 clear_bit(FLAG_FLUSHABLE, &chan->flags); 693 break; 694 695 case BT_POWER: 696 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 697 chan->chan_type != L2CAP_CHAN_RAW) { 698 err = -EINVAL; 699 break; 700 } 701 702 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 703 704 len = min_t(unsigned int, sizeof(pwr), optlen); 705 if (copy_from_user((char *) &pwr, optval, len)) { 706 err = -EFAULT; 707 break; 708 } 709 710 if (pwr.force_active) 711 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 712 else 713 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 714 break; 715 716 case BT_CHANNEL_POLICY: 717 if (!enable_hs) { 718 err = -ENOPROTOOPT; 719 break; 720 } 721 722 if (get_user(opt, (u32 __user *) optval)) { 723 err = -EFAULT; 724 break; 725 } 726 727 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 728 err = -EINVAL; 729 break; 730 } 731 732 if (chan->mode != L2CAP_MODE_ERTM && 733 chan->mode != L2CAP_MODE_STREAMING) { 734 err = -EOPNOTSUPP; 735 break; 736 } 737 738 chan->chan_policy = (u8) opt; 739 740 if (sk->sk_state == BT_CONNECTED && 741 chan->move_role == L2CAP_MOVE_ROLE_NONE) 742 l2cap_move_start(chan); 743 744 break; 745 746 default: 747 err = -ENOPROTOOPT; 748 break; 749 } 750 751 release_sock(sk); 752 return err; 753 } 754 755 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 756 struct msghdr *msg, size_t len) 757 { 758 struct sock *sk = sock->sk; 759 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 760 int err; 761 762 BT_DBG("sock %p, sk %p", sock, sk); 763 764 err = sock_error(sk); 765 if (err) 766 return err; 767 768 if (msg->msg_flags & MSG_OOB) 769 return -EOPNOTSUPP; 770 771 if (sk->sk_state != BT_CONNECTED) 772 return -ENOTCONN; 773 774 l2cap_chan_lock(chan); 775 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 776 l2cap_chan_unlock(chan); 777 778 return err; 779 } 780 781 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 782 struct msghdr *msg, size_t len, int flags) 783 { 784 struct sock *sk = sock->sk; 785 struct l2cap_pinfo *pi = l2cap_pi(sk); 786 int err; 787 788 lock_sock(sk); 789 790 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 791 &bt_sk(sk)->flags)) { 792 sk->sk_state = BT_CONFIG; 793 pi->chan->state = BT_CONFIG; 794 795 __l2cap_connect_rsp_defer(pi->chan); 796 release_sock(sk); 797 return 0; 798 } 799 800 release_sock(sk); 801 802 if (sock->type == SOCK_STREAM) 803 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 804 else 805 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 806 807 if (pi->chan->mode != L2CAP_MODE_ERTM) 808 return err; 809 810 /* Attempt to put pending rx data in the socket buffer */ 811 812 lock_sock(sk); 813 814 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 815 goto done; 816 817 if (pi->rx_busy_skb) { 818 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 819 pi->rx_busy_skb = NULL; 820 else 821 goto done; 822 } 823 824 /* Restore data flow when half of the receive buffer is 825 * available. This avoids resending large numbers of 826 * frames. 827 */ 828 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 829 l2cap_chan_busy(pi->chan, 0); 830 831 done: 832 release_sock(sk); 833 return err; 834 } 835 836 /* Kill socket (only if zapped and orphan) 837 * Must be called on unlocked socket. 838 */ 839 static void l2cap_sock_kill(struct sock *sk) 840 { 841 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 842 return; 843 844 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 845 846 /* Kill poor orphan */ 847 848 l2cap_chan_put(l2cap_pi(sk)->chan); 849 sock_set_flag(sk, SOCK_DEAD); 850 sock_put(sk); 851 } 852 853 static int l2cap_sock_shutdown(struct socket *sock, int how) 854 { 855 struct sock *sk = sock->sk; 856 struct l2cap_chan *chan; 857 struct l2cap_conn *conn; 858 int err = 0; 859 860 BT_DBG("sock %p, sk %p", sock, sk); 861 862 if (!sk) 863 return 0; 864 865 chan = l2cap_pi(sk)->chan; 866 conn = chan->conn; 867 868 if (conn) 869 mutex_lock(&conn->chan_lock); 870 871 l2cap_chan_lock(chan); 872 lock_sock(sk); 873 874 if (!sk->sk_shutdown) { 875 if (chan->mode == L2CAP_MODE_ERTM) 876 err = __l2cap_wait_ack(sk); 877 878 sk->sk_shutdown = SHUTDOWN_MASK; 879 880 release_sock(sk); 881 l2cap_chan_close(chan, 0); 882 lock_sock(sk); 883 884 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 885 err = bt_sock_wait_state(sk, BT_CLOSED, 886 sk->sk_lingertime); 887 } 888 889 if (!err && sk->sk_err) 890 err = -sk->sk_err; 891 892 release_sock(sk); 893 l2cap_chan_unlock(chan); 894 895 if (conn) 896 mutex_unlock(&conn->chan_lock); 897 898 return err; 899 } 900 901 static int l2cap_sock_release(struct socket *sock) 902 { 903 struct sock *sk = sock->sk; 904 int err; 905 906 BT_DBG("sock %p, sk %p", sock, sk); 907 908 if (!sk) 909 return 0; 910 911 bt_sock_unlink(&l2cap_sk_list, sk); 912 913 err = l2cap_sock_shutdown(sock, 2); 914 915 sock_orphan(sk); 916 l2cap_sock_kill(sk); 917 return err; 918 } 919 920 static void l2cap_sock_cleanup_listen(struct sock *parent) 921 { 922 struct sock *sk; 923 924 BT_DBG("parent %p", parent); 925 926 /* Close not yet accepted channels */ 927 while ((sk = bt_accept_dequeue(parent, NULL))) { 928 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 929 930 l2cap_chan_lock(chan); 931 __clear_chan_timer(chan); 932 l2cap_chan_close(chan, ECONNRESET); 933 l2cap_chan_unlock(chan); 934 935 l2cap_sock_kill(sk); 936 } 937 } 938 939 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 940 { 941 struct sock *sk, *parent = chan->data; 942 943 /* Check for backlog size */ 944 if (sk_acceptq_is_full(parent)) { 945 BT_DBG("backlog full %d", parent->sk_ack_backlog); 946 return NULL; 947 } 948 949 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 950 GFP_ATOMIC); 951 if (!sk) 952 return NULL; 953 954 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 955 956 l2cap_sock_init(sk, parent); 957 958 bt_accept_enqueue(parent, sk); 959 960 return l2cap_pi(sk)->chan; 961 } 962 963 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 964 { 965 int err; 966 struct sock *sk = chan->data; 967 struct l2cap_pinfo *pi = l2cap_pi(sk); 968 969 lock_sock(sk); 970 971 if (pi->rx_busy_skb) { 972 err = -ENOMEM; 973 goto done; 974 } 975 976 err = sock_queue_rcv_skb(sk, skb); 977 978 /* For ERTM, handle one skb that doesn't fit into the recv 979 * buffer. This is important to do because the data frames 980 * have already been acked, so the skb cannot be discarded. 981 * 982 * Notify the l2cap core that the buffer is full, so the 983 * LOCAL_BUSY state is entered and no more frames are 984 * acked and reassembled until there is buffer space 985 * available. 986 */ 987 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 988 pi->rx_busy_skb = skb; 989 l2cap_chan_busy(pi->chan, 1); 990 err = 0; 991 } 992 993 done: 994 release_sock(sk); 995 996 return err; 997 } 998 999 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1000 { 1001 struct sock *sk = chan->data; 1002 1003 l2cap_sock_kill(sk); 1004 } 1005 1006 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1007 { 1008 struct sock *sk = chan->data; 1009 struct sock *parent; 1010 1011 lock_sock(sk); 1012 1013 parent = bt_sk(sk)->parent; 1014 1015 sock_set_flag(sk, SOCK_ZAPPED); 1016 1017 switch (chan->state) { 1018 case BT_OPEN: 1019 case BT_BOUND: 1020 case BT_CLOSED: 1021 break; 1022 case BT_LISTEN: 1023 l2cap_sock_cleanup_listen(sk); 1024 sk->sk_state = BT_CLOSED; 1025 chan->state = BT_CLOSED; 1026 1027 break; 1028 default: 1029 sk->sk_state = BT_CLOSED; 1030 chan->state = BT_CLOSED; 1031 1032 sk->sk_err = err; 1033 1034 if (parent) { 1035 bt_accept_unlink(sk); 1036 parent->sk_data_ready(parent, 0); 1037 } else { 1038 sk->sk_state_change(sk); 1039 } 1040 1041 break; 1042 } 1043 1044 release_sock(sk); 1045 } 1046 1047 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state) 1048 { 1049 struct sock *sk = chan->data; 1050 1051 sk->sk_state = state; 1052 } 1053 1054 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1055 unsigned long len, int nb) 1056 { 1057 struct sk_buff *skb; 1058 int err; 1059 1060 l2cap_chan_unlock(chan); 1061 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 1062 l2cap_chan_lock(chan); 1063 1064 if (!skb) 1065 return ERR_PTR(err); 1066 1067 return skb; 1068 } 1069 1070 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1071 { 1072 struct sock *sk = chan->data; 1073 struct sock *parent; 1074 1075 lock_sock(sk); 1076 1077 parent = bt_sk(sk)->parent; 1078 1079 BT_DBG("sk %p, parent %p", sk, parent); 1080 1081 sk->sk_state = BT_CONNECTED; 1082 sk->sk_state_change(sk); 1083 1084 if (parent) 1085 parent->sk_data_ready(parent, 0); 1086 1087 release_sock(sk); 1088 } 1089 1090 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1091 { 1092 struct sock *sk = chan->data; 1093 struct sock *parent = bt_sk(sk)->parent; 1094 1095 if (parent) 1096 parent->sk_data_ready(parent, 0); 1097 } 1098 1099 static struct l2cap_ops l2cap_chan_ops = { 1100 .name = "L2CAP Socket Interface", 1101 .new_connection = l2cap_sock_new_connection_cb, 1102 .recv = l2cap_sock_recv_cb, 1103 .close = l2cap_sock_close_cb, 1104 .teardown = l2cap_sock_teardown_cb, 1105 .state_change = l2cap_sock_state_change_cb, 1106 .ready = l2cap_sock_ready_cb, 1107 .defer = l2cap_sock_defer_cb, 1108 .alloc_skb = l2cap_sock_alloc_skb_cb, 1109 }; 1110 1111 static void l2cap_sock_destruct(struct sock *sk) 1112 { 1113 BT_DBG("sk %p", sk); 1114 1115 if (l2cap_pi(sk)->chan) 1116 l2cap_chan_put(l2cap_pi(sk)->chan); 1117 if (l2cap_pi(sk)->rx_busy_skb) { 1118 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1119 l2cap_pi(sk)->rx_busy_skb = NULL; 1120 } 1121 1122 skb_queue_purge(&sk->sk_receive_queue); 1123 skb_queue_purge(&sk->sk_write_queue); 1124 } 1125 1126 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1127 { 1128 struct l2cap_pinfo *pi = l2cap_pi(sk); 1129 struct l2cap_chan *chan = pi->chan; 1130 1131 BT_DBG("sk %p", sk); 1132 1133 if (parent) { 1134 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1135 1136 sk->sk_type = parent->sk_type; 1137 bt_sk(sk)->flags = bt_sk(parent)->flags; 1138 1139 chan->chan_type = pchan->chan_type; 1140 chan->imtu = pchan->imtu; 1141 chan->omtu = pchan->omtu; 1142 chan->conf_state = pchan->conf_state; 1143 chan->mode = pchan->mode; 1144 chan->fcs = pchan->fcs; 1145 chan->max_tx = pchan->max_tx; 1146 chan->tx_win = pchan->tx_win; 1147 chan->tx_win_max = pchan->tx_win_max; 1148 chan->sec_level = pchan->sec_level; 1149 chan->flags = pchan->flags; 1150 1151 security_sk_clone(parent, sk); 1152 } else { 1153 1154 switch (sk->sk_type) { 1155 case SOCK_RAW: 1156 chan->chan_type = L2CAP_CHAN_RAW; 1157 break; 1158 case SOCK_DGRAM: 1159 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1160 break; 1161 case SOCK_SEQPACKET: 1162 case SOCK_STREAM: 1163 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1164 break; 1165 } 1166 1167 chan->imtu = L2CAP_DEFAULT_MTU; 1168 chan->omtu = 0; 1169 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1170 chan->mode = L2CAP_MODE_ERTM; 1171 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1172 } else { 1173 chan->mode = L2CAP_MODE_BASIC; 1174 } 1175 1176 l2cap_chan_set_defaults(chan); 1177 } 1178 1179 /* Default config options */ 1180 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1181 1182 chan->data = sk; 1183 chan->ops = &l2cap_chan_ops; 1184 } 1185 1186 static struct proto l2cap_proto = { 1187 .name = "L2CAP", 1188 .owner = THIS_MODULE, 1189 .obj_size = sizeof(struct l2cap_pinfo) 1190 }; 1191 1192 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1193 int proto, gfp_t prio) 1194 { 1195 struct sock *sk; 1196 struct l2cap_chan *chan; 1197 1198 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1199 if (!sk) 1200 return NULL; 1201 1202 sock_init_data(sock, sk); 1203 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1204 1205 sk->sk_destruct = l2cap_sock_destruct; 1206 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1207 1208 sock_reset_flag(sk, SOCK_ZAPPED); 1209 1210 sk->sk_protocol = proto; 1211 sk->sk_state = BT_OPEN; 1212 1213 chan = l2cap_chan_create(); 1214 if (!chan) { 1215 sk_free(sk); 1216 return NULL; 1217 } 1218 1219 l2cap_chan_hold(chan); 1220 1221 chan->sk = sk; 1222 1223 l2cap_pi(sk)->chan = chan; 1224 1225 return sk; 1226 } 1227 1228 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1229 int kern) 1230 { 1231 struct sock *sk; 1232 1233 BT_DBG("sock %p", sock); 1234 1235 sock->state = SS_UNCONNECTED; 1236 1237 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1238 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1239 return -ESOCKTNOSUPPORT; 1240 1241 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1242 return -EPERM; 1243 1244 sock->ops = &l2cap_sock_ops; 1245 1246 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1247 if (!sk) 1248 return -ENOMEM; 1249 1250 l2cap_sock_init(sk, NULL); 1251 bt_sock_link(&l2cap_sk_list, sk); 1252 return 0; 1253 } 1254 1255 static const struct proto_ops l2cap_sock_ops = { 1256 .family = PF_BLUETOOTH, 1257 .owner = THIS_MODULE, 1258 .release = l2cap_sock_release, 1259 .bind = l2cap_sock_bind, 1260 .connect = l2cap_sock_connect, 1261 .listen = l2cap_sock_listen, 1262 .accept = l2cap_sock_accept, 1263 .getname = l2cap_sock_getname, 1264 .sendmsg = l2cap_sock_sendmsg, 1265 .recvmsg = l2cap_sock_recvmsg, 1266 .poll = bt_sock_poll, 1267 .ioctl = bt_sock_ioctl, 1268 .mmap = sock_no_mmap, 1269 .socketpair = sock_no_socketpair, 1270 .shutdown = l2cap_sock_shutdown, 1271 .setsockopt = l2cap_sock_setsockopt, 1272 .getsockopt = l2cap_sock_getsockopt 1273 }; 1274 1275 static const struct net_proto_family l2cap_sock_family_ops = { 1276 .family = PF_BLUETOOTH, 1277 .owner = THIS_MODULE, 1278 .create = l2cap_sock_create, 1279 }; 1280 1281 int __init l2cap_init_sockets(void) 1282 { 1283 int err; 1284 1285 err = proto_register(&l2cap_proto, 0); 1286 if (err < 0) 1287 return err; 1288 1289 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1290 if (err < 0) { 1291 BT_ERR("L2CAP socket registration failed"); 1292 goto error; 1293 } 1294 1295 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, 1296 NULL); 1297 if (err < 0) { 1298 BT_ERR("Failed to create L2CAP proc file"); 1299 bt_sock_unregister(BTPROTO_L2CAP); 1300 goto error; 1301 } 1302 1303 BT_INFO("L2CAP socket layer initialized"); 1304 1305 return 0; 1306 1307 error: 1308 proto_unregister(&l2cap_proto); 1309 return err; 1310 } 1311 1312 void l2cap_cleanup_sockets(void) 1313 { 1314 bt_procfs_cleanup(&init_net, "l2cap"); 1315 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1316 BT_ERR("L2CAP socket unregistration failed"); 1317 1318 proto_unregister(&l2cap_proto); 1319 } 1320