1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 37 #include "smp.h" 38 39 static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41 }; 42 43 static const struct proto_ops l2cap_sock_ops; 44 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio, int kern); 47 48 bool l2cap_is_socket(struct socket *sock) 49 { 50 return sock && sock->ops == &l2cap_sock_ops; 51 } 52 EXPORT_SYMBOL(l2cap_is_socket); 53 54 static int l2cap_validate_bredr_psm(u16 psm) 55 { 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65 } 66 67 static int l2cap_validate_le_psm(u16 psm) 68 { 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78 } 79 80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81 { 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 103 /* We only allow ATT user space socket */ 104 if (la.l2_cid && 105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 106 return -EINVAL; 107 } 108 109 lock_sock(sk); 110 111 if (sk->sk_state != BT_OPEN) { 112 err = -EBADFD; 113 goto done; 114 } 115 116 if (la.l2_psm) { 117 __u16 psm = __le16_to_cpu(la.l2_psm); 118 119 if (la.l2_bdaddr_type == BDADDR_BREDR) 120 err = l2cap_validate_bredr_psm(psm); 121 else 122 err = l2cap_validate_le_psm(psm); 123 124 if (err) 125 goto done; 126 } 127 128 if (la.l2_cid) 129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 130 else 131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 132 133 if (err < 0) 134 goto done; 135 136 switch (chan->chan_type) { 137 case L2CAP_CHAN_CONN_LESS: 138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 139 chan->sec_level = BT_SECURITY_SDP; 140 break; 141 case L2CAP_CHAN_CONN_ORIENTED: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 144 chan->sec_level = BT_SECURITY_SDP; 145 break; 146 case L2CAP_CHAN_RAW: 147 chan->sec_level = BT_SECURITY_SDP; 148 break; 149 case L2CAP_CHAN_FIXED: 150 /* Fixed channels default to the L2CAP core not holding a 151 * hci_conn reference for them. For fixed channels mapping to 152 * L2CAP sockets we do want to hold a reference so set the 153 * appropriate flag to request it. 154 */ 155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 156 break; 157 } 158 159 bacpy(&chan->src, &la.l2_bdaddr); 160 chan->src_type = la.l2_bdaddr_type; 161 162 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 163 chan->mode = L2CAP_MODE_LE_FLOWCTL; 164 165 chan->state = BT_BOUND; 166 sk->sk_state = BT_BOUND; 167 168 done: 169 release_sock(sk); 170 return err; 171 } 172 173 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 174 int alen, int flags) 175 { 176 struct sock *sk = sock->sk; 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 178 struct sockaddr_l2 la; 179 int len, err = 0; 180 181 BT_DBG("sk %p", sk); 182 183 if (!addr || alen < sizeof(addr->sa_family) || 184 addr->sa_family != AF_BLUETOOTH) 185 return -EINVAL; 186 187 memset(&la, 0, sizeof(la)); 188 len = min_t(unsigned int, sizeof(la), alen); 189 memcpy(&la, addr, len); 190 191 if (la.l2_cid && la.l2_psm) 192 return -EINVAL; 193 194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 195 return -EINVAL; 196 197 /* Check that the socket wasn't bound to something that 198 * conflicts with the address given to connect(). If chan->src 199 * is BDADDR_ANY it means bind() was never used, in which case 200 * chan->src_type and la.l2_bdaddr_type do not need to match. 201 */ 202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 203 bdaddr_type_is_le(la.l2_bdaddr_type)) { 204 /* Old user space versions will try to incorrectly bind 205 * the ATT socket using BDADDR_BREDR. We need to accept 206 * this and fix up the source address type only when 207 * both the source CID and destination CID indicate 208 * ATT. Anything else is an invalid combination. 209 */ 210 if (chan->scid != L2CAP_CID_ATT || 211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 212 return -EINVAL; 213 214 /* We don't have the hdev available here to make a 215 * better decision on random vs public, but since all 216 * user space versions that exhibit this issue anyway do 217 * not support random local addresses assuming public 218 * here is good enough. 219 */ 220 chan->src_type = BDADDR_LE_PUBLIC; 221 } 222 223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 224 return -EINVAL; 225 226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 227 /* We only allow ATT user space socket */ 228 if (la.l2_cid && 229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 230 return -EINVAL; 231 } 232 233 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 234 chan->mode = L2CAP_MODE_LE_FLOWCTL; 235 236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 237 &la.l2_bdaddr, la.l2_bdaddr_type); 238 if (err) 239 return err; 240 241 lock_sock(sk); 242 243 err = bt_sock_wait_state(sk, BT_CONNECTED, 244 sock_sndtimeo(sk, flags & O_NONBLOCK)); 245 246 release_sock(sk); 247 248 return err; 249 } 250 251 static int l2cap_sock_listen(struct socket *sock, int backlog) 252 { 253 struct sock *sk = sock->sk; 254 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 255 int err = 0; 256 257 BT_DBG("sk %p backlog %d", sk, backlog); 258 259 lock_sock(sk); 260 261 if (sk->sk_state != BT_BOUND) { 262 err = -EBADFD; 263 goto done; 264 } 265 266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 267 err = -EINVAL; 268 goto done; 269 } 270 271 switch (chan->mode) { 272 case L2CAP_MODE_BASIC: 273 case L2CAP_MODE_LE_FLOWCTL: 274 break; 275 case L2CAP_MODE_ERTM: 276 case L2CAP_MODE_STREAMING: 277 if (!disable_ertm) 278 break; 279 /* fall through */ 280 default: 281 err = -EOPNOTSUPP; 282 goto done; 283 } 284 285 sk->sk_max_ack_backlog = backlog; 286 sk->sk_ack_backlog = 0; 287 288 /* Listening channels need to use nested locking in order not to 289 * cause lockdep warnings when the created child channels end up 290 * being locked in the same thread as the parent channel. 291 */ 292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 293 294 chan->state = BT_LISTEN; 295 sk->sk_state = BT_LISTEN; 296 297 done: 298 release_sock(sk); 299 return err; 300 } 301 302 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 303 int flags) 304 { 305 DEFINE_WAIT_FUNC(wait, woken_wake_function); 306 struct sock *sk = sock->sk, *nsk; 307 long timeo; 308 int err = 0; 309 310 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 311 312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 313 314 BT_DBG("sk %p timeo %ld", sk, timeo); 315 316 /* Wait for an incoming connection. (wake-one). */ 317 add_wait_queue_exclusive(sk_sleep(sk), &wait); 318 while (1) { 319 if (sk->sk_state != BT_LISTEN) { 320 err = -EBADFD; 321 break; 322 } 323 324 nsk = bt_accept_dequeue(sk, newsock); 325 if (nsk) 326 break; 327 328 if (!timeo) { 329 err = -EAGAIN; 330 break; 331 } 332 333 if (signal_pending(current)) { 334 err = sock_intr_errno(timeo); 335 break; 336 } 337 338 release_sock(sk); 339 340 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 341 342 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 343 } 344 remove_wait_queue(sk_sleep(sk), &wait); 345 346 if (err) 347 goto done; 348 349 newsock->state = SS_CONNECTED; 350 351 BT_DBG("new socket %p", nsk); 352 353 done: 354 release_sock(sk); 355 return err; 356 } 357 358 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 359 int *len, int peer) 360 { 361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 362 struct sock *sk = sock->sk; 363 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 364 365 BT_DBG("sock %p, sk %p", sock, sk); 366 367 if (peer && sk->sk_state != BT_CONNECTED && 368 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 369 sk->sk_state != BT_CONFIG) 370 return -ENOTCONN; 371 372 memset(la, 0, sizeof(struct sockaddr_l2)); 373 addr->sa_family = AF_BLUETOOTH; 374 *len = sizeof(struct sockaddr_l2); 375 376 la->l2_psm = chan->psm; 377 378 if (peer) { 379 bacpy(&la->l2_bdaddr, &chan->dst); 380 la->l2_cid = cpu_to_le16(chan->dcid); 381 la->l2_bdaddr_type = chan->dst_type; 382 } else { 383 bacpy(&la->l2_bdaddr, &chan->src); 384 la->l2_cid = cpu_to_le16(chan->scid); 385 la->l2_bdaddr_type = chan->src_type; 386 } 387 388 return 0; 389 } 390 391 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 392 char __user *optval, int __user *optlen) 393 { 394 struct sock *sk = sock->sk; 395 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 396 struct l2cap_options opts; 397 struct l2cap_conninfo cinfo; 398 int len, err = 0; 399 u32 opt; 400 401 BT_DBG("sk %p", sk); 402 403 if (get_user(len, optlen)) 404 return -EFAULT; 405 406 lock_sock(sk); 407 408 switch (optname) { 409 case L2CAP_OPTIONS: 410 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 411 * legacy ATT code depends on getsockopt for 412 * L2CAP_OPTIONS we need to let this pass. 413 */ 414 if (bdaddr_type_is_le(chan->src_type) && 415 chan->scid != L2CAP_CID_ATT) { 416 err = -EINVAL; 417 break; 418 } 419 420 memset(&opts, 0, sizeof(opts)); 421 opts.imtu = chan->imtu; 422 opts.omtu = chan->omtu; 423 opts.flush_to = chan->flush_to; 424 opts.mode = chan->mode; 425 opts.fcs = chan->fcs; 426 opts.max_tx = chan->max_tx; 427 opts.txwin_size = chan->tx_win; 428 429 len = min_t(unsigned int, len, sizeof(opts)); 430 if (copy_to_user(optval, (char *) &opts, len)) 431 err = -EFAULT; 432 433 break; 434 435 case L2CAP_LM: 436 switch (chan->sec_level) { 437 case BT_SECURITY_LOW: 438 opt = L2CAP_LM_AUTH; 439 break; 440 case BT_SECURITY_MEDIUM: 441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 442 break; 443 case BT_SECURITY_HIGH: 444 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 445 L2CAP_LM_SECURE; 446 break; 447 case BT_SECURITY_FIPS: 448 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 449 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 450 break; 451 default: 452 opt = 0; 453 break; 454 } 455 456 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 457 opt |= L2CAP_LM_MASTER; 458 459 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 460 opt |= L2CAP_LM_RELIABLE; 461 462 if (put_user(opt, (u32 __user *) optval)) 463 err = -EFAULT; 464 465 break; 466 467 case L2CAP_CONNINFO: 468 if (sk->sk_state != BT_CONNECTED && 469 !(sk->sk_state == BT_CONNECT2 && 470 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 471 err = -ENOTCONN; 472 break; 473 } 474 475 memset(&cinfo, 0, sizeof(cinfo)); 476 cinfo.hci_handle = chan->conn->hcon->handle; 477 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 478 479 len = min_t(unsigned int, len, sizeof(cinfo)); 480 if (copy_to_user(optval, (char *) &cinfo, len)) 481 err = -EFAULT; 482 483 break; 484 485 default: 486 err = -ENOPROTOOPT; 487 break; 488 } 489 490 release_sock(sk); 491 return err; 492 } 493 494 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 495 char __user *optval, int __user *optlen) 496 { 497 struct sock *sk = sock->sk; 498 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 499 struct bt_security sec; 500 struct bt_power pwr; 501 int len, err = 0; 502 503 BT_DBG("sk %p", sk); 504 505 if (level == SOL_L2CAP) 506 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 507 508 if (level != SOL_BLUETOOTH) 509 return -ENOPROTOOPT; 510 511 if (get_user(len, optlen)) 512 return -EFAULT; 513 514 lock_sock(sk); 515 516 switch (optname) { 517 case BT_SECURITY: 518 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 519 chan->chan_type != L2CAP_CHAN_FIXED && 520 chan->chan_type != L2CAP_CHAN_RAW) { 521 err = -EINVAL; 522 break; 523 } 524 525 memset(&sec, 0, sizeof(sec)); 526 if (chan->conn) { 527 sec.level = chan->conn->hcon->sec_level; 528 529 if (sk->sk_state == BT_CONNECTED) 530 sec.key_size = chan->conn->hcon->enc_key_size; 531 } else { 532 sec.level = chan->sec_level; 533 } 534 535 len = min_t(unsigned int, len, sizeof(sec)); 536 if (copy_to_user(optval, (char *) &sec, len)) 537 err = -EFAULT; 538 539 break; 540 541 case BT_DEFER_SETUP: 542 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 543 err = -EINVAL; 544 break; 545 } 546 547 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 548 (u32 __user *) optval)) 549 err = -EFAULT; 550 551 break; 552 553 case BT_FLUSHABLE: 554 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 555 (u32 __user *) optval)) 556 err = -EFAULT; 557 558 break; 559 560 case BT_POWER: 561 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 562 && sk->sk_type != SOCK_RAW) { 563 err = -EINVAL; 564 break; 565 } 566 567 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 568 569 len = min_t(unsigned int, len, sizeof(pwr)); 570 if (copy_to_user(optval, (char *) &pwr, len)) 571 err = -EFAULT; 572 573 break; 574 575 case BT_CHANNEL_POLICY: 576 if (put_user(chan->chan_policy, (u32 __user *) optval)) 577 err = -EFAULT; 578 break; 579 580 case BT_SNDMTU: 581 if (!bdaddr_type_is_le(chan->src_type)) { 582 err = -EINVAL; 583 break; 584 } 585 586 if (sk->sk_state != BT_CONNECTED) { 587 err = -ENOTCONN; 588 break; 589 } 590 591 if (put_user(chan->omtu, (u16 __user *) optval)) 592 err = -EFAULT; 593 break; 594 595 case BT_RCVMTU: 596 if (!bdaddr_type_is_le(chan->src_type)) { 597 err = -EINVAL; 598 break; 599 } 600 601 if (put_user(chan->imtu, (u16 __user *) optval)) 602 err = -EFAULT; 603 break; 604 605 default: 606 err = -ENOPROTOOPT; 607 break; 608 } 609 610 release_sock(sk); 611 return err; 612 } 613 614 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 615 { 616 switch (chan->scid) { 617 case L2CAP_CID_ATT: 618 if (mtu < L2CAP_LE_MIN_MTU) 619 return false; 620 break; 621 622 default: 623 if (mtu < L2CAP_DEFAULT_MIN_MTU) 624 return false; 625 } 626 627 return true; 628 } 629 630 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 631 char __user *optval, unsigned int optlen) 632 { 633 struct sock *sk = sock->sk; 634 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 635 struct l2cap_options opts; 636 int len, err = 0; 637 u32 opt; 638 639 BT_DBG("sk %p", sk); 640 641 lock_sock(sk); 642 643 switch (optname) { 644 case L2CAP_OPTIONS: 645 if (bdaddr_type_is_le(chan->src_type)) { 646 err = -EINVAL; 647 break; 648 } 649 650 if (sk->sk_state == BT_CONNECTED) { 651 err = -EINVAL; 652 break; 653 } 654 655 opts.imtu = chan->imtu; 656 opts.omtu = chan->omtu; 657 opts.flush_to = chan->flush_to; 658 opts.mode = chan->mode; 659 opts.fcs = chan->fcs; 660 opts.max_tx = chan->max_tx; 661 opts.txwin_size = chan->tx_win; 662 663 len = min_t(unsigned int, sizeof(opts), optlen); 664 if (copy_from_user((char *) &opts, optval, len)) { 665 err = -EFAULT; 666 break; 667 } 668 669 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 670 err = -EINVAL; 671 break; 672 } 673 674 if (!l2cap_valid_mtu(chan, opts.imtu)) { 675 err = -EINVAL; 676 break; 677 } 678 679 chan->mode = opts.mode; 680 switch (chan->mode) { 681 case L2CAP_MODE_LE_FLOWCTL: 682 break; 683 case L2CAP_MODE_BASIC: 684 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 685 break; 686 case L2CAP_MODE_ERTM: 687 case L2CAP_MODE_STREAMING: 688 if (!disable_ertm) 689 break; 690 /* fall through */ 691 default: 692 err = -EINVAL; 693 break; 694 } 695 696 chan->imtu = opts.imtu; 697 chan->omtu = opts.omtu; 698 chan->fcs = opts.fcs; 699 chan->max_tx = opts.max_tx; 700 chan->tx_win = opts.txwin_size; 701 chan->flush_to = opts.flush_to; 702 break; 703 704 case L2CAP_LM: 705 if (get_user(opt, (u32 __user *) optval)) { 706 err = -EFAULT; 707 break; 708 } 709 710 if (opt & L2CAP_LM_FIPS) { 711 err = -EINVAL; 712 break; 713 } 714 715 if (opt & L2CAP_LM_AUTH) 716 chan->sec_level = BT_SECURITY_LOW; 717 if (opt & L2CAP_LM_ENCRYPT) 718 chan->sec_level = BT_SECURITY_MEDIUM; 719 if (opt & L2CAP_LM_SECURE) 720 chan->sec_level = BT_SECURITY_HIGH; 721 722 if (opt & L2CAP_LM_MASTER) 723 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 724 else 725 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 726 727 if (opt & L2CAP_LM_RELIABLE) 728 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 729 else 730 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 731 break; 732 733 default: 734 err = -ENOPROTOOPT; 735 break; 736 } 737 738 release_sock(sk); 739 return err; 740 } 741 742 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 743 char __user *optval, unsigned int optlen) 744 { 745 struct sock *sk = sock->sk; 746 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 747 struct bt_security sec; 748 struct bt_power pwr; 749 struct l2cap_conn *conn; 750 int len, err = 0; 751 u32 opt; 752 753 BT_DBG("sk %p", sk); 754 755 if (level == SOL_L2CAP) 756 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 757 758 if (level != SOL_BLUETOOTH) 759 return -ENOPROTOOPT; 760 761 lock_sock(sk); 762 763 switch (optname) { 764 case BT_SECURITY: 765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 766 chan->chan_type != L2CAP_CHAN_FIXED && 767 chan->chan_type != L2CAP_CHAN_RAW) { 768 err = -EINVAL; 769 break; 770 } 771 772 sec.level = BT_SECURITY_LOW; 773 774 len = min_t(unsigned int, sizeof(sec), optlen); 775 if (copy_from_user((char *) &sec, optval, len)) { 776 err = -EFAULT; 777 break; 778 } 779 780 if (sec.level < BT_SECURITY_LOW || 781 sec.level > BT_SECURITY_HIGH) { 782 err = -EINVAL; 783 break; 784 } 785 786 chan->sec_level = sec.level; 787 788 if (!chan->conn) 789 break; 790 791 conn = chan->conn; 792 793 /*change security for LE channels */ 794 if (chan->scid == L2CAP_CID_ATT) { 795 if (smp_conn_security(conn->hcon, sec.level)) 796 break; 797 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 798 sk->sk_state = BT_CONFIG; 799 chan->state = BT_CONFIG; 800 801 /* or for ACL link */ 802 } else if ((sk->sk_state == BT_CONNECT2 && 803 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 804 sk->sk_state == BT_CONNECTED) { 805 if (!l2cap_chan_check_security(chan, true)) 806 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 807 else 808 sk->sk_state_change(sk); 809 } else { 810 err = -EINVAL; 811 } 812 break; 813 814 case BT_DEFER_SETUP: 815 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 816 err = -EINVAL; 817 break; 818 } 819 820 if (get_user(opt, (u32 __user *) optval)) { 821 err = -EFAULT; 822 break; 823 } 824 825 if (opt) { 826 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 827 set_bit(FLAG_DEFER_SETUP, &chan->flags); 828 } else { 829 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 830 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 831 } 832 break; 833 834 case BT_FLUSHABLE: 835 if (get_user(opt, (u32 __user *) optval)) { 836 err = -EFAULT; 837 break; 838 } 839 840 if (opt > BT_FLUSHABLE_ON) { 841 err = -EINVAL; 842 break; 843 } 844 845 if (opt == BT_FLUSHABLE_OFF) { 846 conn = chan->conn; 847 /* proceed further only when we have l2cap_conn and 848 No Flush support in the LM */ 849 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 850 err = -EINVAL; 851 break; 852 } 853 } 854 855 if (opt) 856 set_bit(FLAG_FLUSHABLE, &chan->flags); 857 else 858 clear_bit(FLAG_FLUSHABLE, &chan->flags); 859 break; 860 861 case BT_POWER: 862 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 863 chan->chan_type != L2CAP_CHAN_RAW) { 864 err = -EINVAL; 865 break; 866 } 867 868 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 869 870 len = min_t(unsigned int, sizeof(pwr), optlen); 871 if (copy_from_user((char *) &pwr, optval, len)) { 872 err = -EFAULT; 873 break; 874 } 875 876 if (pwr.force_active) 877 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 878 else 879 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 880 break; 881 882 case BT_CHANNEL_POLICY: 883 if (get_user(opt, (u32 __user *) optval)) { 884 err = -EFAULT; 885 break; 886 } 887 888 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 889 err = -EINVAL; 890 break; 891 } 892 893 if (chan->mode != L2CAP_MODE_ERTM && 894 chan->mode != L2CAP_MODE_STREAMING) { 895 err = -EOPNOTSUPP; 896 break; 897 } 898 899 chan->chan_policy = (u8) opt; 900 901 if (sk->sk_state == BT_CONNECTED && 902 chan->move_role == L2CAP_MOVE_ROLE_NONE) 903 l2cap_move_start(chan); 904 905 break; 906 907 case BT_SNDMTU: 908 if (!bdaddr_type_is_le(chan->src_type)) { 909 err = -EINVAL; 910 break; 911 } 912 913 /* Setting is not supported as it's the remote side that 914 * decides this. 915 */ 916 err = -EPERM; 917 break; 918 919 case BT_RCVMTU: 920 if (!bdaddr_type_is_le(chan->src_type)) { 921 err = -EINVAL; 922 break; 923 } 924 925 if (sk->sk_state == BT_CONNECTED) { 926 err = -EISCONN; 927 break; 928 } 929 930 if (get_user(opt, (u32 __user *) optval)) { 931 err = -EFAULT; 932 break; 933 } 934 935 chan->imtu = opt; 936 break; 937 938 default: 939 err = -ENOPROTOOPT; 940 break; 941 } 942 943 release_sock(sk); 944 return err; 945 } 946 947 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, 948 size_t len) 949 { 950 struct sock *sk = sock->sk; 951 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 952 int err; 953 954 BT_DBG("sock %p, sk %p", sock, sk); 955 956 err = sock_error(sk); 957 if (err) 958 return err; 959 960 if (msg->msg_flags & MSG_OOB) 961 return -EOPNOTSUPP; 962 963 if (sk->sk_state != BT_CONNECTED) 964 return -ENOTCONN; 965 966 lock_sock(sk); 967 err = bt_sock_wait_ready(sk, msg->msg_flags); 968 release_sock(sk); 969 if (err) 970 return err; 971 972 l2cap_chan_lock(chan); 973 err = l2cap_chan_send(chan, msg, len); 974 l2cap_chan_unlock(chan); 975 976 return err; 977 } 978 979 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, 980 size_t len, int flags) 981 { 982 struct sock *sk = sock->sk; 983 struct l2cap_pinfo *pi = l2cap_pi(sk); 984 int err; 985 986 lock_sock(sk); 987 988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 989 &bt_sk(sk)->flags)) { 990 if (bdaddr_type_is_le(pi->chan->src_type)) { 991 sk->sk_state = BT_CONNECTED; 992 pi->chan->state = BT_CONNECTED; 993 __l2cap_le_connect_rsp_defer(pi->chan); 994 } else { 995 sk->sk_state = BT_CONFIG; 996 pi->chan->state = BT_CONFIG; 997 __l2cap_connect_rsp_defer(pi->chan); 998 } 999 1000 err = 0; 1001 goto done; 1002 } 1003 1004 release_sock(sk); 1005 1006 if (sock->type == SOCK_STREAM) 1007 err = bt_sock_stream_recvmsg(sock, msg, len, flags); 1008 else 1009 err = bt_sock_recvmsg(sock, msg, len, flags); 1010 1011 if (pi->chan->mode != L2CAP_MODE_ERTM) 1012 return err; 1013 1014 /* Attempt to put pending rx data in the socket buffer */ 1015 1016 lock_sock(sk); 1017 1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1019 goto done; 1020 1021 if (pi->rx_busy_skb) { 1022 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1023 pi->rx_busy_skb = NULL; 1024 else 1025 goto done; 1026 } 1027 1028 /* Restore data flow when half of the receive buffer is 1029 * available. This avoids resending large numbers of 1030 * frames. 1031 */ 1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1033 l2cap_chan_busy(pi->chan, 0); 1034 1035 done: 1036 release_sock(sk); 1037 return err; 1038 } 1039 1040 /* Kill socket (only if zapped and orphan) 1041 * Must be called on unlocked socket. 1042 */ 1043 static void l2cap_sock_kill(struct sock *sk) 1044 { 1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1046 return; 1047 1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1049 1050 /* Kill poor orphan */ 1051 1052 l2cap_chan_put(l2cap_pi(sk)->chan); 1053 sock_set_flag(sk, SOCK_DEAD); 1054 sock_put(sk); 1055 } 1056 1057 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan) 1058 { 1059 DECLARE_WAITQUEUE(wait, current); 1060 int err = 0; 1061 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1062 /* Timeout to prevent infinite loop */ 1063 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT; 1064 1065 add_wait_queue(sk_sleep(sk), &wait); 1066 set_current_state(TASK_INTERRUPTIBLE); 1067 do { 1068 BT_DBG("Waiting for %d ACKs, timeout %04d ms", 1069 chan->unacked_frames, time_after(jiffies, timeout) ? 0 : 1070 jiffies_to_msecs(timeout - jiffies)); 1071 1072 if (!timeo) 1073 timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1074 1075 if (signal_pending(current)) { 1076 err = sock_intr_errno(timeo); 1077 break; 1078 } 1079 1080 release_sock(sk); 1081 timeo = schedule_timeout(timeo); 1082 lock_sock(sk); 1083 set_current_state(TASK_INTERRUPTIBLE); 1084 1085 err = sock_error(sk); 1086 if (err) 1087 break; 1088 1089 if (time_after(jiffies, timeout)) { 1090 err = -ENOLINK; 1091 break; 1092 } 1093 1094 } while (chan->unacked_frames > 0 && 1095 chan->state == BT_CONNECTED); 1096 1097 set_current_state(TASK_RUNNING); 1098 remove_wait_queue(sk_sleep(sk), &wait); 1099 return err; 1100 } 1101 1102 static int l2cap_sock_shutdown(struct socket *sock, int how) 1103 { 1104 struct sock *sk = sock->sk; 1105 struct l2cap_chan *chan; 1106 struct l2cap_conn *conn; 1107 int err = 0; 1108 1109 BT_DBG("sock %p, sk %p", sock, sk); 1110 1111 if (!sk) 1112 return 0; 1113 1114 lock_sock(sk); 1115 1116 if (sk->sk_shutdown) 1117 goto shutdown_already; 1118 1119 BT_DBG("Handling sock shutdown"); 1120 1121 /* prevent sk structure from being freed whilst unlocked */ 1122 sock_hold(sk); 1123 1124 chan = l2cap_pi(sk)->chan; 1125 /* prevent chan structure from being freed whilst unlocked */ 1126 l2cap_chan_hold(chan); 1127 1128 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1129 1130 if (chan->mode == L2CAP_MODE_ERTM && 1131 chan->unacked_frames > 0 && 1132 chan->state == BT_CONNECTED) { 1133 err = __l2cap_wait_ack(sk, chan); 1134 1135 /* After waiting for ACKs, check whether shutdown 1136 * has already been actioned to close the L2CAP 1137 * link such as by l2cap_disconnection_req(). 1138 */ 1139 if (sk->sk_shutdown) 1140 goto has_shutdown; 1141 } 1142 1143 sk->sk_shutdown = SHUTDOWN_MASK; 1144 release_sock(sk); 1145 1146 l2cap_chan_lock(chan); 1147 conn = chan->conn; 1148 if (conn) 1149 /* prevent conn structure from being freed */ 1150 l2cap_conn_get(conn); 1151 l2cap_chan_unlock(chan); 1152 1153 if (conn) 1154 /* mutex lock must be taken before l2cap_chan_lock() */ 1155 mutex_lock(&conn->chan_lock); 1156 1157 l2cap_chan_lock(chan); 1158 l2cap_chan_close(chan, 0); 1159 l2cap_chan_unlock(chan); 1160 1161 if (conn) { 1162 mutex_unlock(&conn->chan_lock); 1163 l2cap_conn_put(conn); 1164 } 1165 1166 lock_sock(sk); 1167 1168 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1169 !(current->flags & PF_EXITING)) 1170 err = bt_sock_wait_state(sk, BT_CLOSED, 1171 sk->sk_lingertime); 1172 1173 has_shutdown: 1174 l2cap_chan_put(chan); 1175 sock_put(sk); 1176 1177 shutdown_already: 1178 if (!err && sk->sk_err) 1179 err = -sk->sk_err; 1180 1181 release_sock(sk); 1182 1183 BT_DBG("Sock shutdown complete err: %d", err); 1184 1185 return err; 1186 } 1187 1188 static int l2cap_sock_release(struct socket *sock) 1189 { 1190 struct sock *sk = sock->sk; 1191 int err; 1192 1193 BT_DBG("sock %p, sk %p", sock, sk); 1194 1195 if (!sk) 1196 return 0; 1197 1198 bt_sock_unlink(&l2cap_sk_list, sk); 1199 1200 err = l2cap_sock_shutdown(sock, 2); 1201 1202 sock_orphan(sk); 1203 l2cap_sock_kill(sk); 1204 return err; 1205 } 1206 1207 static void l2cap_sock_cleanup_listen(struct sock *parent) 1208 { 1209 struct sock *sk; 1210 1211 BT_DBG("parent %p state %s", parent, 1212 state_to_string(parent->sk_state)); 1213 1214 /* Close not yet accepted channels */ 1215 while ((sk = bt_accept_dequeue(parent, NULL))) { 1216 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1217 1218 BT_DBG("child chan %p state %s", chan, 1219 state_to_string(chan->state)); 1220 1221 l2cap_chan_lock(chan); 1222 __clear_chan_timer(chan); 1223 l2cap_chan_close(chan, ECONNRESET); 1224 l2cap_chan_unlock(chan); 1225 1226 l2cap_sock_kill(sk); 1227 } 1228 } 1229 1230 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1231 { 1232 struct sock *sk, *parent = chan->data; 1233 1234 lock_sock(parent); 1235 1236 /* Check for backlog size */ 1237 if (sk_acceptq_is_full(parent)) { 1238 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1239 release_sock(parent); 1240 return NULL; 1241 } 1242 1243 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1244 GFP_ATOMIC, 0); 1245 if (!sk) { 1246 release_sock(parent); 1247 return NULL; 1248 } 1249 1250 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1251 1252 l2cap_sock_init(sk, parent); 1253 1254 bt_accept_enqueue(parent, sk); 1255 1256 release_sock(parent); 1257 1258 return l2cap_pi(sk)->chan; 1259 } 1260 1261 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1262 { 1263 struct sock *sk = chan->data; 1264 int err; 1265 1266 lock_sock(sk); 1267 1268 if (l2cap_pi(sk)->rx_busy_skb) { 1269 err = -ENOMEM; 1270 goto done; 1271 } 1272 1273 err = sock_queue_rcv_skb(sk, skb); 1274 1275 /* For ERTM, handle one skb that doesn't fit into the recv 1276 * buffer. This is important to do because the data frames 1277 * have already been acked, so the skb cannot be discarded. 1278 * 1279 * Notify the l2cap core that the buffer is full, so the 1280 * LOCAL_BUSY state is entered and no more frames are 1281 * acked and reassembled until there is buffer space 1282 * available. 1283 */ 1284 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1285 l2cap_pi(sk)->rx_busy_skb = skb; 1286 l2cap_chan_busy(chan, 1); 1287 err = 0; 1288 } 1289 1290 done: 1291 release_sock(sk); 1292 1293 return err; 1294 } 1295 1296 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1297 { 1298 struct sock *sk = chan->data; 1299 1300 l2cap_sock_kill(sk); 1301 } 1302 1303 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1304 { 1305 struct sock *sk = chan->data; 1306 struct sock *parent; 1307 1308 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1309 1310 /* This callback can be called both for server (BT_LISTEN) 1311 * sockets as well as "normal" ones. To avoid lockdep warnings 1312 * with child socket locking (through l2cap_sock_cleanup_listen) 1313 * we need separation into separate nesting levels. The simplest 1314 * way to accomplish this is to inherit the nesting level used 1315 * for the channel. 1316 */ 1317 lock_sock_nested(sk, atomic_read(&chan->nesting)); 1318 1319 parent = bt_sk(sk)->parent; 1320 1321 sock_set_flag(sk, SOCK_ZAPPED); 1322 1323 switch (chan->state) { 1324 case BT_OPEN: 1325 case BT_BOUND: 1326 case BT_CLOSED: 1327 break; 1328 case BT_LISTEN: 1329 l2cap_sock_cleanup_listen(sk); 1330 sk->sk_state = BT_CLOSED; 1331 chan->state = BT_CLOSED; 1332 1333 break; 1334 default: 1335 sk->sk_state = BT_CLOSED; 1336 chan->state = BT_CLOSED; 1337 1338 sk->sk_err = err; 1339 1340 if (parent) { 1341 bt_accept_unlink(sk); 1342 parent->sk_data_ready(parent); 1343 } else { 1344 sk->sk_state_change(sk); 1345 } 1346 1347 break; 1348 } 1349 1350 release_sock(sk); 1351 } 1352 1353 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1354 int err) 1355 { 1356 struct sock *sk = chan->data; 1357 1358 sk->sk_state = state; 1359 1360 if (err) 1361 sk->sk_err = err; 1362 } 1363 1364 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1365 unsigned long hdr_len, 1366 unsigned long len, int nb) 1367 { 1368 struct sock *sk = chan->data; 1369 struct sk_buff *skb; 1370 int err; 1371 1372 l2cap_chan_unlock(chan); 1373 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1374 l2cap_chan_lock(chan); 1375 1376 if (!skb) 1377 return ERR_PTR(err); 1378 1379 skb->priority = sk->sk_priority; 1380 1381 bt_cb(skb)->l2cap.chan = chan; 1382 1383 return skb; 1384 } 1385 1386 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1387 { 1388 struct sock *sk = chan->data; 1389 struct sock *parent; 1390 1391 lock_sock(sk); 1392 1393 parent = bt_sk(sk)->parent; 1394 1395 BT_DBG("sk %p, parent %p", sk, parent); 1396 1397 sk->sk_state = BT_CONNECTED; 1398 sk->sk_state_change(sk); 1399 1400 if (parent) 1401 parent->sk_data_ready(parent); 1402 1403 release_sock(sk); 1404 } 1405 1406 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1407 { 1408 struct sock *parent, *sk = chan->data; 1409 1410 lock_sock(sk); 1411 1412 parent = bt_sk(sk)->parent; 1413 if (parent) 1414 parent->sk_data_ready(parent); 1415 1416 release_sock(sk); 1417 } 1418 1419 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1420 { 1421 struct sock *sk = chan->data; 1422 1423 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1424 sk->sk_state = BT_CONNECTED; 1425 chan->state = BT_CONNECTED; 1426 } 1427 1428 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1429 sk->sk_state_change(sk); 1430 } 1431 1432 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1433 { 1434 struct sock *sk = chan->data; 1435 1436 lock_sock(sk); 1437 sk->sk_shutdown = SHUTDOWN_MASK; 1438 release_sock(sk); 1439 } 1440 1441 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1442 { 1443 struct sock *sk = chan->data; 1444 1445 return sk->sk_sndtimeo; 1446 } 1447 1448 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1449 { 1450 struct sock *sk = chan->data; 1451 1452 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1453 sk->sk_state_change(sk); 1454 } 1455 1456 static const struct l2cap_ops l2cap_chan_ops = { 1457 .name = "L2CAP Socket Interface", 1458 .new_connection = l2cap_sock_new_connection_cb, 1459 .recv = l2cap_sock_recv_cb, 1460 .close = l2cap_sock_close_cb, 1461 .teardown = l2cap_sock_teardown_cb, 1462 .state_change = l2cap_sock_state_change_cb, 1463 .ready = l2cap_sock_ready_cb, 1464 .defer = l2cap_sock_defer_cb, 1465 .resume = l2cap_sock_resume_cb, 1466 .suspend = l2cap_sock_suspend_cb, 1467 .set_shutdown = l2cap_sock_set_shutdown_cb, 1468 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1469 .alloc_skb = l2cap_sock_alloc_skb_cb, 1470 }; 1471 1472 static void l2cap_sock_destruct(struct sock *sk) 1473 { 1474 BT_DBG("sk %p", sk); 1475 1476 if (l2cap_pi(sk)->chan) 1477 l2cap_chan_put(l2cap_pi(sk)->chan); 1478 1479 if (l2cap_pi(sk)->rx_busy_skb) { 1480 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1481 l2cap_pi(sk)->rx_busy_skb = NULL; 1482 } 1483 1484 skb_queue_purge(&sk->sk_receive_queue); 1485 skb_queue_purge(&sk->sk_write_queue); 1486 } 1487 1488 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1489 int *msg_namelen) 1490 { 1491 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1492 1493 memset(la, 0, sizeof(struct sockaddr_l2)); 1494 la->l2_family = AF_BLUETOOTH; 1495 la->l2_psm = bt_cb(skb)->l2cap.psm; 1496 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr); 1497 1498 *msg_namelen = sizeof(struct sockaddr_l2); 1499 } 1500 1501 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1502 { 1503 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1504 1505 BT_DBG("sk %p", sk); 1506 1507 if (parent) { 1508 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1509 1510 sk->sk_type = parent->sk_type; 1511 bt_sk(sk)->flags = bt_sk(parent)->flags; 1512 1513 chan->chan_type = pchan->chan_type; 1514 chan->imtu = pchan->imtu; 1515 chan->omtu = pchan->omtu; 1516 chan->conf_state = pchan->conf_state; 1517 chan->mode = pchan->mode; 1518 chan->fcs = pchan->fcs; 1519 chan->max_tx = pchan->max_tx; 1520 chan->tx_win = pchan->tx_win; 1521 chan->tx_win_max = pchan->tx_win_max; 1522 chan->sec_level = pchan->sec_level; 1523 chan->flags = pchan->flags; 1524 chan->tx_credits = pchan->tx_credits; 1525 chan->rx_credits = pchan->rx_credits; 1526 1527 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1528 chan->scid = pchan->scid; 1529 chan->dcid = pchan->scid; 1530 } 1531 1532 security_sk_clone(parent, sk); 1533 } else { 1534 switch (sk->sk_type) { 1535 case SOCK_RAW: 1536 chan->chan_type = L2CAP_CHAN_RAW; 1537 break; 1538 case SOCK_DGRAM: 1539 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1540 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1541 break; 1542 case SOCK_SEQPACKET: 1543 case SOCK_STREAM: 1544 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1545 break; 1546 } 1547 1548 chan->imtu = L2CAP_DEFAULT_MTU; 1549 chan->omtu = 0; 1550 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1551 chan->mode = L2CAP_MODE_ERTM; 1552 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1553 } else { 1554 chan->mode = L2CAP_MODE_BASIC; 1555 } 1556 1557 l2cap_chan_set_defaults(chan); 1558 } 1559 1560 /* Default config options */ 1561 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1562 1563 chan->data = sk; 1564 chan->ops = &l2cap_chan_ops; 1565 } 1566 1567 static struct proto l2cap_proto = { 1568 .name = "L2CAP", 1569 .owner = THIS_MODULE, 1570 .obj_size = sizeof(struct l2cap_pinfo) 1571 }; 1572 1573 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1574 int proto, gfp_t prio, int kern) 1575 { 1576 struct sock *sk; 1577 struct l2cap_chan *chan; 1578 1579 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern); 1580 if (!sk) 1581 return NULL; 1582 1583 sock_init_data(sock, sk); 1584 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1585 1586 sk->sk_destruct = l2cap_sock_destruct; 1587 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1588 1589 sock_reset_flag(sk, SOCK_ZAPPED); 1590 1591 sk->sk_protocol = proto; 1592 sk->sk_state = BT_OPEN; 1593 1594 chan = l2cap_chan_create(); 1595 if (!chan) { 1596 sk_free(sk); 1597 return NULL; 1598 } 1599 1600 l2cap_chan_hold(chan); 1601 1602 l2cap_pi(sk)->chan = chan; 1603 1604 return sk; 1605 } 1606 1607 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1608 int kern) 1609 { 1610 struct sock *sk; 1611 1612 BT_DBG("sock %p", sock); 1613 1614 sock->state = SS_UNCONNECTED; 1615 1616 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1617 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1618 return -ESOCKTNOSUPPORT; 1619 1620 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1621 return -EPERM; 1622 1623 sock->ops = &l2cap_sock_ops; 1624 1625 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 1626 if (!sk) 1627 return -ENOMEM; 1628 1629 l2cap_sock_init(sk, NULL); 1630 bt_sock_link(&l2cap_sk_list, sk); 1631 return 0; 1632 } 1633 1634 static const struct proto_ops l2cap_sock_ops = { 1635 .family = PF_BLUETOOTH, 1636 .owner = THIS_MODULE, 1637 .release = l2cap_sock_release, 1638 .bind = l2cap_sock_bind, 1639 .connect = l2cap_sock_connect, 1640 .listen = l2cap_sock_listen, 1641 .accept = l2cap_sock_accept, 1642 .getname = l2cap_sock_getname, 1643 .sendmsg = l2cap_sock_sendmsg, 1644 .recvmsg = l2cap_sock_recvmsg, 1645 .poll = bt_sock_poll, 1646 .ioctl = bt_sock_ioctl, 1647 .mmap = sock_no_mmap, 1648 .socketpair = sock_no_socketpair, 1649 .shutdown = l2cap_sock_shutdown, 1650 .setsockopt = l2cap_sock_setsockopt, 1651 .getsockopt = l2cap_sock_getsockopt 1652 }; 1653 1654 static const struct net_proto_family l2cap_sock_family_ops = { 1655 .family = PF_BLUETOOTH, 1656 .owner = THIS_MODULE, 1657 .create = l2cap_sock_create, 1658 }; 1659 1660 int __init l2cap_init_sockets(void) 1661 { 1662 int err; 1663 1664 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr)); 1665 1666 err = proto_register(&l2cap_proto, 0); 1667 if (err < 0) 1668 return err; 1669 1670 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1671 if (err < 0) { 1672 BT_ERR("L2CAP socket registration failed"); 1673 goto error; 1674 } 1675 1676 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1677 NULL); 1678 if (err < 0) { 1679 BT_ERR("Failed to create L2CAP proc file"); 1680 bt_sock_unregister(BTPROTO_L2CAP); 1681 goto error; 1682 } 1683 1684 BT_INFO("L2CAP socket layer initialized"); 1685 1686 return 0; 1687 1688 error: 1689 proto_unregister(&l2cap_proto); 1690 return err; 1691 } 1692 1693 void l2cap_cleanup_sockets(void) 1694 { 1695 bt_procfs_cleanup(&init_net, "l2cap"); 1696 bt_sock_unregister(BTPROTO_L2CAP); 1697 proto_unregister(&l2cap_proto); 1698 } 1699