1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/security.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/smp.h> 37 38 static const struct proto_ops l2cap_sock_ops; 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43 { 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101 done: 102 release_sock(sk); 103 return err; 104 } 105 106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107 { 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 127 &la.l2_bdaddr, la.l2_bdaddr_type); 128 if (err) 129 return err; 130 131 lock_sock(sk); 132 133 err = bt_sock_wait_state(sk, BT_CONNECTED, 134 sock_sndtimeo(sk, flags & O_NONBLOCK)); 135 136 release_sock(sk); 137 138 return err; 139 } 140 141 static int l2cap_sock_listen(struct socket *sock, int backlog) 142 { 143 struct sock *sk = sock->sk; 144 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 145 int err = 0; 146 147 BT_DBG("sk %p backlog %d", sk, backlog); 148 149 lock_sock(sk); 150 151 if (sk->sk_state != BT_BOUND) { 152 err = -EBADFD; 153 goto done; 154 } 155 156 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 157 err = -EINVAL; 158 goto done; 159 } 160 161 switch (chan->mode) { 162 case L2CAP_MODE_BASIC: 163 break; 164 case L2CAP_MODE_ERTM: 165 case L2CAP_MODE_STREAMING: 166 if (!disable_ertm) 167 break; 168 /* fall through */ 169 default: 170 err = -ENOTSUPP; 171 goto done; 172 } 173 174 sk->sk_max_ack_backlog = backlog; 175 sk->sk_ack_backlog = 0; 176 177 chan->state = BT_LISTEN; 178 sk->sk_state = BT_LISTEN; 179 180 done: 181 release_sock(sk); 182 return err; 183 } 184 185 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 186 { 187 DECLARE_WAITQUEUE(wait, current); 188 struct sock *sk = sock->sk, *nsk; 189 long timeo; 190 int err = 0; 191 192 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 193 194 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 195 196 BT_DBG("sk %p timeo %ld", sk, timeo); 197 198 /* Wait for an incoming connection. (wake-one). */ 199 add_wait_queue_exclusive(sk_sleep(sk), &wait); 200 while (1) { 201 set_current_state(TASK_INTERRUPTIBLE); 202 203 if (sk->sk_state != BT_LISTEN) { 204 err = -EBADFD; 205 break; 206 } 207 208 nsk = bt_accept_dequeue(sk, newsock); 209 if (nsk) 210 break; 211 212 if (!timeo) { 213 err = -EAGAIN; 214 break; 215 } 216 217 if (signal_pending(current)) { 218 err = sock_intr_errno(timeo); 219 break; 220 } 221 222 release_sock(sk); 223 timeo = schedule_timeout(timeo); 224 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 225 } 226 __set_current_state(TASK_RUNNING); 227 remove_wait_queue(sk_sleep(sk), &wait); 228 229 if (err) 230 goto done; 231 232 newsock->state = SS_CONNECTED; 233 234 BT_DBG("new socket %p", nsk); 235 236 done: 237 release_sock(sk); 238 return err; 239 } 240 241 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 242 { 243 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 244 struct sock *sk = sock->sk; 245 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 246 247 BT_DBG("sock %p, sk %p", sock, sk); 248 249 addr->sa_family = AF_BLUETOOTH; 250 *len = sizeof(struct sockaddr_l2); 251 252 if (peer) { 253 la->l2_psm = chan->psm; 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 255 la->l2_cid = cpu_to_le16(chan->dcid); 256 } else { 257 la->l2_psm = chan->sport; 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 259 la->l2_cid = cpu_to_le16(chan->scid); 260 } 261 262 return 0; 263 } 264 265 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 266 { 267 struct sock *sk = sock->sk; 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 269 struct l2cap_options opts; 270 struct l2cap_conninfo cinfo; 271 int len, err = 0; 272 u32 opt; 273 274 BT_DBG("sk %p", sk); 275 276 if (get_user(len, optlen)) 277 return -EFAULT; 278 279 lock_sock(sk); 280 281 switch (optname) { 282 case L2CAP_OPTIONS: 283 memset(&opts, 0, sizeof(opts)); 284 opts.imtu = chan->imtu; 285 opts.omtu = chan->omtu; 286 opts.flush_to = chan->flush_to; 287 opts.mode = chan->mode; 288 opts.fcs = chan->fcs; 289 opts.max_tx = chan->max_tx; 290 opts.txwin_size = chan->tx_win; 291 292 len = min_t(unsigned int, len, sizeof(opts)); 293 if (copy_to_user(optval, (char *) &opts, len)) 294 err = -EFAULT; 295 296 break; 297 298 case L2CAP_LM: 299 switch (chan->sec_level) { 300 case BT_SECURITY_LOW: 301 opt = L2CAP_LM_AUTH; 302 break; 303 case BT_SECURITY_MEDIUM: 304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 305 break; 306 case BT_SECURITY_HIGH: 307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 308 L2CAP_LM_SECURE; 309 break; 310 default: 311 opt = 0; 312 break; 313 } 314 315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 316 opt |= L2CAP_LM_MASTER; 317 318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 319 opt |= L2CAP_LM_RELIABLE; 320 321 if (put_user(opt, (u32 __user *) optval)) 322 err = -EFAULT; 323 break; 324 325 case L2CAP_CONNINFO: 326 if (sk->sk_state != BT_CONNECTED && 327 !(sk->sk_state == BT_CONNECT2 && 328 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 329 err = -ENOTCONN; 330 break; 331 } 332 333 memset(&cinfo, 0, sizeof(cinfo)); 334 cinfo.hci_handle = chan->conn->hcon->handle; 335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 336 337 len = min_t(unsigned int, len, sizeof(cinfo)); 338 if (copy_to_user(optval, (char *) &cinfo, len)) 339 err = -EFAULT; 340 341 break; 342 343 default: 344 err = -ENOPROTOOPT; 345 break; 346 } 347 348 release_sock(sk); 349 return err; 350 } 351 352 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 353 { 354 struct sock *sk = sock->sk; 355 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 356 struct bt_security sec; 357 struct bt_power pwr; 358 int len, err = 0; 359 360 BT_DBG("sk %p", sk); 361 362 if (level == SOL_L2CAP) 363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 364 365 if (level != SOL_BLUETOOTH) 366 return -ENOPROTOOPT; 367 368 if (get_user(len, optlen)) 369 return -EFAULT; 370 371 lock_sock(sk); 372 373 switch (optname) { 374 case BT_SECURITY: 375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 376 chan->chan_type != L2CAP_CHAN_RAW) { 377 err = -EINVAL; 378 break; 379 } 380 381 memset(&sec, 0, sizeof(sec)); 382 if (chan->conn) 383 sec.level = chan->conn->hcon->sec_level; 384 else 385 sec.level = chan->sec_level; 386 387 if (sk->sk_state == BT_CONNECTED) 388 sec.key_size = chan->conn->hcon->enc_key_size; 389 390 len = min_t(unsigned int, len, sizeof(sec)); 391 if (copy_to_user(optval, (char *) &sec, len)) 392 err = -EFAULT; 393 394 break; 395 396 case BT_DEFER_SETUP: 397 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 398 err = -EINVAL; 399 break; 400 } 401 402 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 403 (u32 __user *) optval)) 404 err = -EFAULT; 405 406 break; 407 408 case BT_FLUSHABLE: 409 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 410 (u32 __user *) optval)) 411 err = -EFAULT; 412 413 break; 414 415 case BT_POWER: 416 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 417 && sk->sk_type != SOCK_RAW) { 418 err = -EINVAL; 419 break; 420 } 421 422 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 423 424 len = min_t(unsigned int, len, sizeof(pwr)); 425 if (copy_to_user(optval, (char *) &pwr, len)) 426 err = -EFAULT; 427 428 break; 429 430 case BT_CHANNEL_POLICY: 431 if (!enable_hs) { 432 err = -ENOPROTOOPT; 433 break; 434 } 435 436 if (put_user(chan->chan_policy, (u32 __user *) optval)) 437 err = -EFAULT; 438 break; 439 440 default: 441 err = -ENOPROTOOPT; 442 break; 443 } 444 445 release_sock(sk); 446 return err; 447 } 448 449 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 450 { 451 struct sock *sk = sock->sk; 452 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 453 struct l2cap_options opts; 454 int len, err = 0; 455 u32 opt; 456 457 BT_DBG("sk %p", sk); 458 459 lock_sock(sk); 460 461 switch (optname) { 462 case L2CAP_OPTIONS: 463 if (sk->sk_state == BT_CONNECTED) { 464 err = -EINVAL; 465 break; 466 } 467 468 opts.imtu = chan->imtu; 469 opts.omtu = chan->omtu; 470 opts.flush_to = chan->flush_to; 471 opts.mode = chan->mode; 472 opts.fcs = chan->fcs; 473 opts.max_tx = chan->max_tx; 474 opts.txwin_size = chan->tx_win; 475 476 len = min_t(unsigned int, sizeof(opts), optlen); 477 if (copy_from_user((char *) &opts, optval, len)) { 478 err = -EFAULT; 479 break; 480 } 481 482 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 483 err = -EINVAL; 484 break; 485 } 486 487 chan->mode = opts.mode; 488 switch (chan->mode) { 489 case L2CAP_MODE_BASIC: 490 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 491 break; 492 case L2CAP_MODE_ERTM: 493 case L2CAP_MODE_STREAMING: 494 if (!disable_ertm) 495 break; 496 /* fall through */ 497 default: 498 err = -EINVAL; 499 break; 500 } 501 502 chan->imtu = opts.imtu; 503 chan->omtu = opts.omtu; 504 chan->fcs = opts.fcs; 505 chan->max_tx = opts.max_tx; 506 chan->tx_win = opts.txwin_size; 507 break; 508 509 case L2CAP_LM: 510 if (get_user(opt, (u32 __user *) optval)) { 511 err = -EFAULT; 512 break; 513 } 514 515 if (opt & L2CAP_LM_AUTH) 516 chan->sec_level = BT_SECURITY_LOW; 517 if (opt & L2CAP_LM_ENCRYPT) 518 chan->sec_level = BT_SECURITY_MEDIUM; 519 if (opt & L2CAP_LM_SECURE) 520 chan->sec_level = BT_SECURITY_HIGH; 521 522 if (opt & L2CAP_LM_MASTER) 523 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 524 else 525 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 526 527 if (opt & L2CAP_LM_RELIABLE) 528 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 529 else 530 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 531 break; 532 533 default: 534 err = -ENOPROTOOPT; 535 break; 536 } 537 538 release_sock(sk); 539 return err; 540 } 541 542 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 543 { 544 struct sock *sk = sock->sk; 545 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 546 struct bt_security sec; 547 struct bt_power pwr; 548 struct l2cap_conn *conn; 549 int len, err = 0; 550 u32 opt; 551 552 BT_DBG("sk %p", sk); 553 554 if (level == SOL_L2CAP) 555 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 556 557 if (level != SOL_BLUETOOTH) 558 return -ENOPROTOOPT; 559 560 lock_sock(sk); 561 562 switch (optname) { 563 case BT_SECURITY: 564 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 565 chan->chan_type != L2CAP_CHAN_RAW) { 566 err = -EINVAL; 567 break; 568 } 569 570 sec.level = BT_SECURITY_LOW; 571 572 len = min_t(unsigned int, sizeof(sec), optlen); 573 if (copy_from_user((char *) &sec, optval, len)) { 574 err = -EFAULT; 575 break; 576 } 577 578 if (sec.level < BT_SECURITY_LOW || 579 sec.level > BT_SECURITY_HIGH) { 580 err = -EINVAL; 581 break; 582 } 583 584 chan->sec_level = sec.level; 585 586 if (!chan->conn) 587 break; 588 589 conn = chan->conn; 590 591 /*change security for LE channels */ 592 if (chan->scid == L2CAP_CID_LE_DATA) { 593 if (!conn->hcon->out) { 594 err = -EINVAL; 595 break; 596 } 597 598 if (smp_conn_security(conn, sec.level)) 599 break; 600 sk->sk_state = BT_CONFIG; 601 chan->state = BT_CONFIG; 602 603 /* or for ACL link */ 604 } else if ((sk->sk_state == BT_CONNECT2 && 605 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 606 sk->sk_state == BT_CONNECTED) { 607 if (!l2cap_chan_check_security(chan)) 608 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 609 else 610 sk->sk_state_change(sk); 611 } else { 612 err = -EINVAL; 613 } 614 break; 615 616 case BT_DEFER_SETUP: 617 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 618 err = -EINVAL; 619 break; 620 } 621 622 if (get_user(opt, (u32 __user *) optval)) { 623 err = -EFAULT; 624 break; 625 } 626 627 if (opt) 628 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 629 else 630 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 631 break; 632 633 case BT_FLUSHABLE: 634 if (get_user(opt, (u32 __user *) optval)) { 635 err = -EFAULT; 636 break; 637 } 638 639 if (opt > BT_FLUSHABLE_ON) { 640 err = -EINVAL; 641 break; 642 } 643 644 if (opt == BT_FLUSHABLE_OFF) { 645 struct l2cap_conn *conn = chan->conn; 646 /* proceed further only when we have l2cap_conn and 647 No Flush support in the LM */ 648 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 649 err = -EINVAL; 650 break; 651 } 652 } 653 654 if (opt) 655 set_bit(FLAG_FLUSHABLE, &chan->flags); 656 else 657 clear_bit(FLAG_FLUSHABLE, &chan->flags); 658 break; 659 660 case BT_POWER: 661 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 662 chan->chan_type != L2CAP_CHAN_RAW) { 663 err = -EINVAL; 664 break; 665 } 666 667 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 668 669 len = min_t(unsigned int, sizeof(pwr), optlen); 670 if (copy_from_user((char *) &pwr, optval, len)) { 671 err = -EFAULT; 672 break; 673 } 674 675 if (pwr.force_active) 676 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 677 else 678 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 679 break; 680 681 case BT_CHANNEL_POLICY: 682 if (!enable_hs) { 683 err = -ENOPROTOOPT; 684 break; 685 } 686 687 if (get_user(opt, (u32 __user *) optval)) { 688 err = -EFAULT; 689 break; 690 } 691 692 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 693 err = -EINVAL; 694 break; 695 } 696 697 if (chan->mode != L2CAP_MODE_ERTM && 698 chan->mode != L2CAP_MODE_STREAMING) { 699 err = -EOPNOTSUPP; 700 break; 701 } 702 703 chan->chan_policy = (u8) opt; 704 break; 705 706 default: 707 err = -ENOPROTOOPT; 708 break; 709 } 710 711 release_sock(sk); 712 return err; 713 } 714 715 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 716 { 717 struct sock *sk = sock->sk; 718 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 719 int err; 720 721 BT_DBG("sock %p, sk %p", sock, sk); 722 723 err = sock_error(sk); 724 if (err) 725 return err; 726 727 if (msg->msg_flags & MSG_OOB) 728 return -EOPNOTSUPP; 729 730 if (sk->sk_state != BT_CONNECTED) 731 return -ENOTCONN; 732 733 l2cap_chan_lock(chan); 734 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 735 l2cap_chan_unlock(chan); 736 737 return err; 738 } 739 740 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 741 { 742 struct sock *sk = sock->sk; 743 struct l2cap_pinfo *pi = l2cap_pi(sk); 744 int err; 745 746 lock_sock(sk); 747 748 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 749 &bt_sk(sk)->flags)) { 750 sk->sk_state = BT_CONFIG; 751 pi->chan->state = BT_CONFIG; 752 753 __l2cap_connect_rsp_defer(pi->chan); 754 release_sock(sk); 755 return 0; 756 } 757 758 release_sock(sk); 759 760 if (sock->type == SOCK_STREAM) 761 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 762 else 763 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 764 765 if (pi->chan->mode != L2CAP_MODE_ERTM) 766 return err; 767 768 /* Attempt to put pending rx data in the socket buffer */ 769 770 lock_sock(sk); 771 772 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 773 goto done; 774 775 if (pi->rx_busy_skb) { 776 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 777 pi->rx_busy_skb = NULL; 778 else 779 goto done; 780 } 781 782 /* Restore data flow when half of the receive buffer is 783 * available. This avoids resending large numbers of 784 * frames. 785 */ 786 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 787 l2cap_chan_busy(pi->chan, 0); 788 789 done: 790 release_sock(sk); 791 return err; 792 } 793 794 /* Kill socket (only if zapped and orphan) 795 * Must be called on unlocked socket. 796 */ 797 static void l2cap_sock_kill(struct sock *sk) 798 { 799 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 800 return; 801 802 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 803 804 /* Kill poor orphan */ 805 806 l2cap_chan_destroy(l2cap_pi(sk)->chan); 807 sock_set_flag(sk, SOCK_DEAD); 808 sock_put(sk); 809 } 810 811 static int l2cap_sock_shutdown(struct socket *sock, int how) 812 { 813 struct sock *sk = sock->sk; 814 struct l2cap_chan *chan; 815 struct l2cap_conn *conn; 816 int err = 0; 817 818 BT_DBG("sock %p, sk %p", sock, sk); 819 820 if (!sk) 821 return 0; 822 823 chan = l2cap_pi(sk)->chan; 824 conn = chan->conn; 825 826 if (conn) 827 mutex_lock(&conn->chan_lock); 828 829 l2cap_chan_lock(chan); 830 lock_sock(sk); 831 832 if (!sk->sk_shutdown) { 833 if (chan->mode == L2CAP_MODE_ERTM) 834 err = __l2cap_wait_ack(sk); 835 836 sk->sk_shutdown = SHUTDOWN_MASK; 837 838 release_sock(sk); 839 l2cap_chan_close(chan, 0); 840 lock_sock(sk); 841 842 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 843 err = bt_sock_wait_state(sk, BT_CLOSED, 844 sk->sk_lingertime); 845 } 846 847 if (!err && sk->sk_err) 848 err = -sk->sk_err; 849 850 release_sock(sk); 851 l2cap_chan_unlock(chan); 852 853 if (conn) 854 mutex_unlock(&conn->chan_lock); 855 856 return err; 857 } 858 859 static int l2cap_sock_release(struct socket *sock) 860 { 861 struct sock *sk = sock->sk; 862 int err; 863 864 BT_DBG("sock %p, sk %p", sock, sk); 865 866 if (!sk) 867 return 0; 868 869 err = l2cap_sock_shutdown(sock, 2); 870 871 sock_orphan(sk); 872 l2cap_sock_kill(sk); 873 return err; 874 } 875 876 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 877 { 878 struct sock *sk, *parent = data; 879 880 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 881 GFP_ATOMIC); 882 if (!sk) 883 return NULL; 884 885 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 886 887 l2cap_sock_init(sk, parent); 888 889 return l2cap_pi(sk)->chan; 890 } 891 892 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 893 { 894 int err; 895 struct sock *sk = data; 896 struct l2cap_pinfo *pi = l2cap_pi(sk); 897 898 lock_sock(sk); 899 900 if (pi->rx_busy_skb) { 901 err = -ENOMEM; 902 goto done; 903 } 904 905 err = sock_queue_rcv_skb(sk, skb); 906 907 /* For ERTM, handle one skb that doesn't fit into the recv 908 * buffer. This is important to do because the data frames 909 * have already been acked, so the skb cannot be discarded. 910 * 911 * Notify the l2cap core that the buffer is full, so the 912 * LOCAL_BUSY state is entered and no more frames are 913 * acked and reassembled until there is buffer space 914 * available. 915 */ 916 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 917 pi->rx_busy_skb = skb; 918 l2cap_chan_busy(pi->chan, 1); 919 err = 0; 920 } 921 922 done: 923 release_sock(sk); 924 925 return err; 926 } 927 928 static void l2cap_sock_close_cb(void *data) 929 { 930 struct sock *sk = data; 931 932 l2cap_sock_kill(sk); 933 } 934 935 static void l2cap_sock_state_change_cb(void *data, int state) 936 { 937 struct sock *sk = data; 938 939 sk->sk_state = state; 940 } 941 942 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 943 unsigned long len, int nb) 944 { 945 struct sk_buff *skb; 946 int err; 947 948 l2cap_chan_unlock(chan); 949 skb = bt_skb_send_alloc(chan->sk, len, nb, &err); 950 l2cap_chan_lock(chan); 951 952 if (!skb) 953 return ERR_PTR(err); 954 955 return skb; 956 } 957 958 static struct l2cap_ops l2cap_chan_ops = { 959 .name = "L2CAP Socket Interface", 960 .new_connection = l2cap_sock_new_connection_cb, 961 .recv = l2cap_sock_recv_cb, 962 .close = l2cap_sock_close_cb, 963 .state_change = l2cap_sock_state_change_cb, 964 .alloc_skb = l2cap_sock_alloc_skb_cb, 965 }; 966 967 static void l2cap_sock_destruct(struct sock *sk) 968 { 969 BT_DBG("sk %p", sk); 970 971 l2cap_chan_put(l2cap_pi(sk)->chan); 972 if (l2cap_pi(sk)->rx_busy_skb) { 973 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 974 l2cap_pi(sk)->rx_busy_skb = NULL; 975 } 976 977 skb_queue_purge(&sk->sk_receive_queue); 978 skb_queue_purge(&sk->sk_write_queue); 979 } 980 981 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 982 { 983 struct l2cap_pinfo *pi = l2cap_pi(sk); 984 struct l2cap_chan *chan = pi->chan; 985 986 BT_DBG("sk %p", sk); 987 988 if (parent) { 989 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 990 991 sk->sk_type = parent->sk_type; 992 bt_sk(sk)->flags = bt_sk(parent)->flags; 993 994 chan->chan_type = pchan->chan_type; 995 chan->imtu = pchan->imtu; 996 chan->omtu = pchan->omtu; 997 chan->conf_state = pchan->conf_state; 998 chan->mode = pchan->mode; 999 chan->fcs = pchan->fcs; 1000 chan->max_tx = pchan->max_tx; 1001 chan->tx_win = pchan->tx_win; 1002 chan->tx_win_max = pchan->tx_win_max; 1003 chan->sec_level = pchan->sec_level; 1004 chan->flags = pchan->flags; 1005 1006 security_sk_clone(parent, sk); 1007 } else { 1008 1009 switch (sk->sk_type) { 1010 case SOCK_RAW: 1011 chan->chan_type = L2CAP_CHAN_RAW; 1012 break; 1013 case SOCK_DGRAM: 1014 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1015 break; 1016 case SOCK_SEQPACKET: 1017 case SOCK_STREAM: 1018 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1019 break; 1020 } 1021 1022 chan->imtu = L2CAP_DEFAULT_MTU; 1023 chan->omtu = 0; 1024 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1025 chan->mode = L2CAP_MODE_ERTM; 1026 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1027 } else { 1028 chan->mode = L2CAP_MODE_BASIC; 1029 } 1030 1031 l2cap_chan_set_defaults(chan); 1032 } 1033 1034 /* Default config options */ 1035 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1036 1037 chan->data = sk; 1038 chan->ops = &l2cap_chan_ops; 1039 } 1040 1041 static struct proto l2cap_proto = { 1042 .name = "L2CAP", 1043 .owner = THIS_MODULE, 1044 .obj_size = sizeof(struct l2cap_pinfo) 1045 }; 1046 1047 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1048 { 1049 struct sock *sk; 1050 struct l2cap_chan *chan; 1051 1052 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1053 if (!sk) 1054 return NULL; 1055 1056 sock_init_data(sock, sk); 1057 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1058 1059 sk->sk_destruct = l2cap_sock_destruct; 1060 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1061 1062 sock_reset_flag(sk, SOCK_ZAPPED); 1063 1064 sk->sk_protocol = proto; 1065 sk->sk_state = BT_OPEN; 1066 1067 chan = l2cap_chan_create(); 1068 if (!chan) { 1069 l2cap_sock_kill(sk); 1070 return NULL; 1071 } 1072 1073 l2cap_chan_hold(chan); 1074 1075 chan->sk = sk; 1076 1077 l2cap_pi(sk)->chan = chan; 1078 1079 return sk; 1080 } 1081 1082 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1083 int kern) 1084 { 1085 struct sock *sk; 1086 1087 BT_DBG("sock %p", sock); 1088 1089 sock->state = SS_UNCONNECTED; 1090 1091 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1092 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1093 return -ESOCKTNOSUPPORT; 1094 1095 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1096 return -EPERM; 1097 1098 sock->ops = &l2cap_sock_ops; 1099 1100 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1101 if (!sk) 1102 return -ENOMEM; 1103 1104 l2cap_sock_init(sk, NULL); 1105 return 0; 1106 } 1107 1108 static const struct proto_ops l2cap_sock_ops = { 1109 .family = PF_BLUETOOTH, 1110 .owner = THIS_MODULE, 1111 .release = l2cap_sock_release, 1112 .bind = l2cap_sock_bind, 1113 .connect = l2cap_sock_connect, 1114 .listen = l2cap_sock_listen, 1115 .accept = l2cap_sock_accept, 1116 .getname = l2cap_sock_getname, 1117 .sendmsg = l2cap_sock_sendmsg, 1118 .recvmsg = l2cap_sock_recvmsg, 1119 .poll = bt_sock_poll, 1120 .ioctl = bt_sock_ioctl, 1121 .mmap = sock_no_mmap, 1122 .socketpair = sock_no_socketpair, 1123 .shutdown = l2cap_sock_shutdown, 1124 .setsockopt = l2cap_sock_setsockopt, 1125 .getsockopt = l2cap_sock_getsockopt 1126 }; 1127 1128 static const struct net_proto_family l2cap_sock_family_ops = { 1129 .family = PF_BLUETOOTH, 1130 .owner = THIS_MODULE, 1131 .create = l2cap_sock_create, 1132 }; 1133 1134 int __init l2cap_init_sockets(void) 1135 { 1136 int err; 1137 1138 err = proto_register(&l2cap_proto, 0); 1139 if (err < 0) 1140 return err; 1141 1142 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1143 if (err < 0) 1144 goto error; 1145 1146 BT_INFO("L2CAP socket layer initialized"); 1147 1148 return 0; 1149 1150 error: 1151 BT_ERR("L2CAP socket registration failed"); 1152 proto_unregister(&l2cap_proto); 1153 return err; 1154 } 1155 1156 void l2cap_cleanup_sockets(void) 1157 { 1158 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1159 BT_ERR("L2CAP socket unregistration failed"); 1160 1161 proto_unregister(&l2cap_proto); 1162 } 1163