1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/security.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/smp.h> 37 38 static const struct proto_ops l2cap_sock_ops; 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 41 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 43 { 44 struct sock *sk = sock->sk; 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 46 struct sockaddr_l2 la; 47 int len, err = 0; 48 49 BT_DBG("sk %p", sk); 50 51 if (!addr || addr->sa_family != AF_BLUETOOTH) 52 return -EINVAL; 53 54 memset(&la, 0, sizeof(la)); 55 len = min_t(unsigned int, sizeof(la), alen); 56 memcpy(&la, addr, len); 57 58 if (la.l2_cid && la.l2_psm) 59 return -EINVAL; 60 61 lock_sock(sk); 62 63 if (sk->sk_state != BT_OPEN) { 64 err = -EBADFD; 65 goto done; 66 } 67 68 if (la.l2_psm) { 69 __u16 psm = __le16_to_cpu(la.l2_psm); 70 71 /* PSM must be odd and lsb of upper byte must be 0 */ 72 if ((psm & 0x0101) != 0x0001) { 73 err = -EINVAL; 74 goto done; 75 } 76 77 /* Restrict usage of well-known PSMs */ 78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 79 err = -EACCES; 80 goto done; 81 } 82 } 83 84 if (la.l2_cid) 85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 86 else 87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 88 89 if (err < 0) 90 goto done; 91 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 93 __le16_to_cpu(la.l2_psm) == 0x0003) 94 chan->sec_level = BT_SECURITY_SDP; 95 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 97 98 chan->state = BT_BOUND; 99 sk->sk_state = BT_BOUND; 100 101 done: 102 release_sock(sk); 103 return err; 104 } 105 106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 107 { 108 struct sock *sk = sock->sk; 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 110 struct sockaddr_l2 la; 111 int len, err = 0; 112 113 BT_DBG("sk %p", sk); 114 115 if (!addr || alen < sizeof(addr->sa_family) || 116 addr->sa_family != AF_BLUETOOTH) 117 return -EINVAL; 118 119 memset(&la, 0, sizeof(la)); 120 len = min_t(unsigned int, sizeof(la), alen); 121 memcpy(&la, addr, len); 122 123 if (la.l2_cid && la.l2_psm) 124 return -EINVAL; 125 126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 127 &la.l2_bdaddr); 128 if (err) 129 return err; 130 131 lock_sock(sk); 132 133 err = bt_sock_wait_state(sk, BT_CONNECTED, 134 sock_sndtimeo(sk, flags & O_NONBLOCK)); 135 136 release_sock(sk); 137 138 return err; 139 } 140 141 static int l2cap_sock_listen(struct socket *sock, int backlog) 142 { 143 struct sock *sk = sock->sk; 144 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 145 int err = 0; 146 147 BT_DBG("sk %p backlog %d", sk, backlog); 148 149 lock_sock(sk); 150 151 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 152 || sk->sk_state != BT_BOUND) { 153 err = -EBADFD; 154 goto done; 155 } 156 157 switch (chan->mode) { 158 case L2CAP_MODE_BASIC: 159 break; 160 case L2CAP_MODE_ERTM: 161 case L2CAP_MODE_STREAMING: 162 if (!disable_ertm) 163 break; 164 /* fall through */ 165 default: 166 err = -ENOTSUPP; 167 goto done; 168 } 169 170 sk->sk_max_ack_backlog = backlog; 171 sk->sk_ack_backlog = 0; 172 173 chan->state = BT_LISTEN; 174 sk->sk_state = BT_LISTEN; 175 176 done: 177 release_sock(sk); 178 return err; 179 } 180 181 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 182 { 183 DECLARE_WAITQUEUE(wait, current); 184 struct sock *sk = sock->sk, *nsk; 185 long timeo; 186 int err = 0; 187 188 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 189 190 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 191 192 BT_DBG("sk %p timeo %ld", sk, timeo); 193 194 /* Wait for an incoming connection. (wake-one). */ 195 add_wait_queue_exclusive(sk_sleep(sk), &wait); 196 while (1) { 197 set_current_state(TASK_INTERRUPTIBLE); 198 199 if (sk->sk_state != BT_LISTEN) { 200 err = -EBADFD; 201 break; 202 } 203 204 nsk = bt_accept_dequeue(sk, newsock); 205 if (nsk) 206 break; 207 208 if (!timeo) { 209 err = -EAGAIN; 210 break; 211 } 212 213 if (signal_pending(current)) { 214 err = sock_intr_errno(timeo); 215 break; 216 } 217 218 release_sock(sk); 219 timeo = schedule_timeout(timeo); 220 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 221 } 222 __set_current_state(TASK_RUNNING); 223 remove_wait_queue(sk_sleep(sk), &wait); 224 225 if (err) 226 goto done; 227 228 newsock->state = SS_CONNECTED; 229 230 BT_DBG("new socket %p", nsk); 231 232 done: 233 release_sock(sk); 234 return err; 235 } 236 237 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 238 { 239 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 240 struct sock *sk = sock->sk; 241 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 242 243 BT_DBG("sock %p, sk %p", sock, sk); 244 245 addr->sa_family = AF_BLUETOOTH; 246 *len = sizeof(struct sockaddr_l2); 247 248 if (peer) { 249 la->l2_psm = chan->psm; 250 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 251 la->l2_cid = cpu_to_le16(chan->dcid); 252 } else { 253 la->l2_psm = chan->sport; 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 255 la->l2_cid = cpu_to_le16(chan->scid); 256 } 257 258 return 0; 259 } 260 261 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 262 { 263 struct sock *sk = sock->sk; 264 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 265 struct l2cap_options opts; 266 struct l2cap_conninfo cinfo; 267 int len, err = 0; 268 u32 opt; 269 270 BT_DBG("sk %p", sk); 271 272 if (get_user(len, optlen)) 273 return -EFAULT; 274 275 lock_sock(sk); 276 277 switch (optname) { 278 case L2CAP_OPTIONS: 279 memset(&opts, 0, sizeof(opts)); 280 opts.imtu = chan->imtu; 281 opts.omtu = chan->omtu; 282 opts.flush_to = chan->flush_to; 283 opts.mode = chan->mode; 284 opts.fcs = chan->fcs; 285 opts.max_tx = chan->max_tx; 286 opts.txwin_size = chan->tx_win; 287 288 len = min_t(unsigned int, len, sizeof(opts)); 289 if (copy_to_user(optval, (char *) &opts, len)) 290 err = -EFAULT; 291 292 break; 293 294 case L2CAP_LM: 295 switch (chan->sec_level) { 296 case BT_SECURITY_LOW: 297 opt = L2CAP_LM_AUTH; 298 break; 299 case BT_SECURITY_MEDIUM: 300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 301 break; 302 case BT_SECURITY_HIGH: 303 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 304 L2CAP_LM_SECURE; 305 break; 306 default: 307 opt = 0; 308 break; 309 } 310 311 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 312 opt |= L2CAP_LM_MASTER; 313 314 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 315 opt |= L2CAP_LM_RELIABLE; 316 317 if (put_user(opt, (u32 __user *) optval)) 318 err = -EFAULT; 319 break; 320 321 case L2CAP_CONNINFO: 322 if (sk->sk_state != BT_CONNECTED && 323 !(sk->sk_state == BT_CONNECT2 && 324 bt_sk(sk)->defer_setup)) { 325 err = -ENOTCONN; 326 break; 327 } 328 329 memset(&cinfo, 0, sizeof(cinfo)); 330 cinfo.hci_handle = chan->conn->hcon->handle; 331 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 332 333 len = min_t(unsigned int, len, sizeof(cinfo)); 334 if (copy_to_user(optval, (char *) &cinfo, len)) 335 err = -EFAULT; 336 337 break; 338 339 default: 340 err = -ENOPROTOOPT; 341 break; 342 } 343 344 release_sock(sk); 345 return err; 346 } 347 348 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 349 { 350 struct sock *sk = sock->sk; 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 352 struct bt_security sec; 353 struct bt_power pwr; 354 int len, err = 0; 355 356 BT_DBG("sk %p", sk); 357 358 if (level == SOL_L2CAP) 359 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 360 361 if (level != SOL_BLUETOOTH) 362 return -ENOPROTOOPT; 363 364 if (get_user(len, optlen)) 365 return -EFAULT; 366 367 lock_sock(sk); 368 369 switch (optname) { 370 case BT_SECURITY: 371 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 372 chan->chan_type != L2CAP_CHAN_RAW) { 373 err = -EINVAL; 374 break; 375 } 376 377 memset(&sec, 0, sizeof(sec)); 378 sec.level = chan->sec_level; 379 380 if (sk->sk_state == BT_CONNECTED) 381 sec.key_size = chan->conn->hcon->enc_key_size; 382 383 len = min_t(unsigned int, len, sizeof(sec)); 384 if (copy_to_user(optval, (char *) &sec, len)) 385 err = -EFAULT; 386 387 break; 388 389 case BT_DEFER_SETUP: 390 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 391 err = -EINVAL; 392 break; 393 } 394 395 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 396 err = -EFAULT; 397 398 break; 399 400 case BT_FLUSHABLE: 401 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 402 (u32 __user *) optval)) 403 err = -EFAULT; 404 405 break; 406 407 case BT_POWER: 408 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 409 && sk->sk_type != SOCK_RAW) { 410 err = -EINVAL; 411 break; 412 } 413 414 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 415 416 len = min_t(unsigned int, len, sizeof(pwr)); 417 if (copy_to_user(optval, (char *) &pwr, len)) 418 err = -EFAULT; 419 420 break; 421 422 case BT_CHANNEL_POLICY: 423 if (!enable_hs) { 424 err = -ENOPROTOOPT; 425 break; 426 } 427 428 if (put_user(chan->chan_policy, (u32 __user *) optval)) 429 err = -EFAULT; 430 break; 431 432 default: 433 err = -ENOPROTOOPT; 434 break; 435 } 436 437 release_sock(sk); 438 return err; 439 } 440 441 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 442 { 443 struct sock *sk = sock->sk; 444 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 445 struct l2cap_options opts; 446 int len, err = 0; 447 u32 opt; 448 449 BT_DBG("sk %p", sk); 450 451 lock_sock(sk); 452 453 switch (optname) { 454 case L2CAP_OPTIONS: 455 if (sk->sk_state == BT_CONNECTED) { 456 err = -EINVAL; 457 break; 458 } 459 460 opts.imtu = chan->imtu; 461 opts.omtu = chan->omtu; 462 opts.flush_to = chan->flush_to; 463 opts.mode = chan->mode; 464 opts.fcs = chan->fcs; 465 opts.max_tx = chan->max_tx; 466 opts.txwin_size = chan->tx_win; 467 468 len = min_t(unsigned int, sizeof(opts), optlen); 469 if (copy_from_user((char *) &opts, optval, len)) { 470 err = -EFAULT; 471 break; 472 } 473 474 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 475 err = -EINVAL; 476 break; 477 } 478 479 chan->mode = opts.mode; 480 switch (chan->mode) { 481 case L2CAP_MODE_BASIC: 482 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 483 break; 484 case L2CAP_MODE_ERTM: 485 case L2CAP_MODE_STREAMING: 486 if (!disable_ertm) 487 break; 488 /* fall through */ 489 default: 490 err = -EINVAL; 491 break; 492 } 493 494 chan->imtu = opts.imtu; 495 chan->omtu = opts.omtu; 496 chan->fcs = opts.fcs; 497 chan->max_tx = opts.max_tx; 498 chan->tx_win = opts.txwin_size; 499 break; 500 501 case L2CAP_LM: 502 if (get_user(opt, (u32 __user *) optval)) { 503 err = -EFAULT; 504 break; 505 } 506 507 if (opt & L2CAP_LM_AUTH) 508 chan->sec_level = BT_SECURITY_LOW; 509 if (opt & L2CAP_LM_ENCRYPT) 510 chan->sec_level = BT_SECURITY_MEDIUM; 511 if (opt & L2CAP_LM_SECURE) 512 chan->sec_level = BT_SECURITY_HIGH; 513 514 if (opt & L2CAP_LM_MASTER) 515 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 516 else 517 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 518 519 if (opt & L2CAP_LM_RELIABLE) 520 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 521 else 522 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 523 break; 524 525 default: 526 err = -ENOPROTOOPT; 527 break; 528 } 529 530 release_sock(sk); 531 return err; 532 } 533 534 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 535 { 536 struct sock *sk = sock->sk; 537 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 538 struct bt_security sec; 539 struct bt_power pwr; 540 struct l2cap_conn *conn; 541 int len, err = 0; 542 u32 opt; 543 544 BT_DBG("sk %p", sk); 545 546 if (level == SOL_L2CAP) 547 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 548 549 if (level != SOL_BLUETOOTH) 550 return -ENOPROTOOPT; 551 552 lock_sock(sk); 553 554 switch (optname) { 555 case BT_SECURITY: 556 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 557 chan->chan_type != L2CAP_CHAN_RAW) { 558 err = -EINVAL; 559 break; 560 } 561 562 sec.level = BT_SECURITY_LOW; 563 564 len = min_t(unsigned int, sizeof(sec), optlen); 565 if (copy_from_user((char *) &sec, optval, len)) { 566 err = -EFAULT; 567 break; 568 } 569 570 if (sec.level < BT_SECURITY_LOW || 571 sec.level > BT_SECURITY_HIGH) { 572 err = -EINVAL; 573 break; 574 } 575 576 chan->sec_level = sec.level; 577 578 if (!chan->conn) 579 break; 580 581 conn = chan->conn; 582 583 /*change security for LE channels */ 584 if (chan->scid == L2CAP_CID_LE_DATA) { 585 if (!conn->hcon->out) { 586 err = -EINVAL; 587 break; 588 } 589 590 if (smp_conn_security(conn, sec.level)) 591 break; 592 sk->sk_state = BT_CONFIG; 593 chan->state = BT_CONFIG; 594 595 /* or for ACL link */ 596 } else if ((sk->sk_state == BT_CONNECT2 && 597 bt_sk(sk)->defer_setup) || 598 sk->sk_state == BT_CONNECTED) { 599 if (!l2cap_chan_check_security(chan)) 600 bt_sk(sk)->suspended = true; 601 else 602 sk->sk_state_change(sk); 603 } else { 604 err = -EINVAL; 605 } 606 break; 607 608 case BT_DEFER_SETUP: 609 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 610 err = -EINVAL; 611 break; 612 } 613 614 if (get_user(opt, (u32 __user *) optval)) { 615 err = -EFAULT; 616 break; 617 } 618 619 bt_sk(sk)->defer_setup = opt; 620 break; 621 622 case BT_FLUSHABLE: 623 if (get_user(opt, (u32 __user *) optval)) { 624 err = -EFAULT; 625 break; 626 } 627 628 if (opt > BT_FLUSHABLE_ON) { 629 err = -EINVAL; 630 break; 631 } 632 633 if (opt == BT_FLUSHABLE_OFF) { 634 struct l2cap_conn *conn = chan->conn; 635 /* proceed further only when we have l2cap_conn and 636 No Flush support in the LM */ 637 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 638 err = -EINVAL; 639 break; 640 } 641 } 642 643 if (opt) 644 set_bit(FLAG_FLUSHABLE, &chan->flags); 645 else 646 clear_bit(FLAG_FLUSHABLE, &chan->flags); 647 break; 648 649 case BT_POWER: 650 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 651 chan->chan_type != L2CAP_CHAN_RAW) { 652 err = -EINVAL; 653 break; 654 } 655 656 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 657 658 len = min_t(unsigned int, sizeof(pwr), optlen); 659 if (copy_from_user((char *) &pwr, optval, len)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (pwr.force_active) 665 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 666 else 667 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 668 break; 669 670 case BT_CHANNEL_POLICY: 671 if (!enable_hs) { 672 err = -ENOPROTOOPT; 673 break; 674 } 675 676 if (get_user(opt, (u32 __user *) optval)) { 677 err = -EFAULT; 678 break; 679 } 680 681 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 682 err = -EINVAL; 683 break; 684 } 685 686 if (chan->mode != L2CAP_MODE_ERTM && 687 chan->mode != L2CAP_MODE_STREAMING) { 688 err = -EOPNOTSUPP; 689 break; 690 } 691 692 chan->chan_policy = (u8) opt; 693 break; 694 695 default: 696 err = -ENOPROTOOPT; 697 break; 698 } 699 700 release_sock(sk); 701 return err; 702 } 703 704 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 705 { 706 struct sock *sk = sock->sk; 707 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 708 int err; 709 710 BT_DBG("sock %p, sk %p", sock, sk); 711 712 err = sock_error(sk); 713 if (err) 714 return err; 715 716 if (msg->msg_flags & MSG_OOB) 717 return -EOPNOTSUPP; 718 719 lock_sock(sk); 720 721 if (sk->sk_state != BT_CONNECTED) { 722 release_sock(sk); 723 return -ENOTCONN; 724 } 725 726 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 727 728 release_sock(sk); 729 return err; 730 } 731 732 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 733 { 734 struct sock *sk = sock->sk; 735 struct l2cap_pinfo *pi = l2cap_pi(sk); 736 int err; 737 738 lock_sock(sk); 739 740 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 741 sk->sk_state = BT_CONFIG; 742 pi->chan->state = BT_CONFIG; 743 744 __l2cap_connect_rsp_defer(pi->chan); 745 release_sock(sk); 746 return 0; 747 } 748 749 release_sock(sk); 750 751 if (sock->type == SOCK_STREAM) 752 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 753 else 754 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 755 756 if (pi->chan->mode != L2CAP_MODE_ERTM) 757 return err; 758 759 /* Attempt to put pending rx data in the socket buffer */ 760 761 lock_sock(sk); 762 763 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 764 goto done; 765 766 if (pi->rx_busy_skb) { 767 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 768 pi->rx_busy_skb = NULL; 769 else 770 goto done; 771 } 772 773 /* Restore data flow when half of the receive buffer is 774 * available. This avoids resending large numbers of 775 * frames. 776 */ 777 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 778 l2cap_chan_busy(pi->chan, 0); 779 780 done: 781 release_sock(sk); 782 return err; 783 } 784 785 /* Kill socket (only if zapped and orphan) 786 * Must be called on unlocked socket. 787 */ 788 static void l2cap_sock_kill(struct sock *sk) 789 { 790 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 791 return; 792 793 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 794 795 /* Kill poor orphan */ 796 797 l2cap_chan_destroy(l2cap_pi(sk)->chan); 798 sock_set_flag(sk, SOCK_DEAD); 799 sock_put(sk); 800 } 801 802 static int l2cap_sock_shutdown(struct socket *sock, int how) 803 { 804 struct sock *sk = sock->sk; 805 struct l2cap_chan *chan; 806 struct l2cap_conn *conn; 807 int err = 0; 808 809 BT_DBG("sock %p, sk %p", sock, sk); 810 811 if (!sk) 812 return 0; 813 814 chan = l2cap_pi(sk)->chan; 815 conn = chan->conn; 816 817 if (conn) 818 mutex_lock(&conn->chan_lock); 819 820 l2cap_chan_lock(chan); 821 lock_sock(sk); 822 823 if (!sk->sk_shutdown) { 824 if (chan->mode == L2CAP_MODE_ERTM) 825 err = __l2cap_wait_ack(sk); 826 827 sk->sk_shutdown = SHUTDOWN_MASK; 828 829 release_sock(sk); 830 l2cap_chan_close(chan, 0); 831 lock_sock(sk); 832 833 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 834 err = bt_sock_wait_state(sk, BT_CLOSED, 835 sk->sk_lingertime); 836 } 837 838 if (!err && sk->sk_err) 839 err = -sk->sk_err; 840 841 release_sock(sk); 842 l2cap_chan_unlock(chan); 843 844 if (conn) 845 mutex_unlock(&conn->chan_lock); 846 847 return err; 848 } 849 850 static int l2cap_sock_release(struct socket *sock) 851 { 852 struct sock *sk = sock->sk; 853 int err; 854 855 BT_DBG("sock %p, sk %p", sock, sk); 856 857 if (!sk) 858 return 0; 859 860 err = l2cap_sock_shutdown(sock, 2); 861 862 sock_orphan(sk); 863 l2cap_sock_kill(sk); 864 return err; 865 } 866 867 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) 868 { 869 struct sock *sk, *parent = data; 870 871 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 872 GFP_ATOMIC); 873 if (!sk) 874 return NULL; 875 876 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 877 878 l2cap_sock_init(sk, parent); 879 880 return l2cap_pi(sk)->chan; 881 } 882 883 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) 884 { 885 int err; 886 struct sock *sk = data; 887 struct l2cap_pinfo *pi = l2cap_pi(sk); 888 889 lock_sock(sk); 890 891 if (pi->rx_busy_skb) { 892 err = -ENOMEM; 893 goto done; 894 } 895 896 err = sock_queue_rcv_skb(sk, skb); 897 898 /* For ERTM, handle one skb that doesn't fit into the recv 899 * buffer. This is important to do because the data frames 900 * have already been acked, so the skb cannot be discarded. 901 * 902 * Notify the l2cap core that the buffer is full, so the 903 * LOCAL_BUSY state is entered and no more frames are 904 * acked and reassembled until there is buffer space 905 * available. 906 */ 907 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 908 pi->rx_busy_skb = skb; 909 l2cap_chan_busy(pi->chan, 1); 910 err = 0; 911 } 912 913 done: 914 release_sock(sk); 915 916 return err; 917 } 918 919 static void l2cap_sock_close_cb(void *data) 920 { 921 struct sock *sk = data; 922 923 l2cap_sock_kill(sk); 924 } 925 926 static void l2cap_sock_state_change_cb(void *data, int state) 927 { 928 struct sock *sk = data; 929 930 sk->sk_state = state; 931 } 932 933 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 934 unsigned long len, int nb, 935 int *err) 936 { 937 struct sock *sk = chan->sk; 938 939 return bt_skb_send_alloc(sk, len, nb, err); 940 } 941 942 static struct l2cap_ops l2cap_chan_ops = { 943 .name = "L2CAP Socket Interface", 944 .new_connection = l2cap_sock_new_connection_cb, 945 .recv = l2cap_sock_recv_cb, 946 .close = l2cap_sock_close_cb, 947 .state_change = l2cap_sock_state_change_cb, 948 .alloc_skb = l2cap_sock_alloc_skb_cb, 949 }; 950 951 static void l2cap_sock_destruct(struct sock *sk) 952 { 953 BT_DBG("sk %p", sk); 954 955 if (l2cap_pi(sk)->rx_busy_skb) { 956 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 957 l2cap_pi(sk)->rx_busy_skb = NULL; 958 } 959 960 skb_queue_purge(&sk->sk_receive_queue); 961 skb_queue_purge(&sk->sk_write_queue); 962 } 963 964 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 965 { 966 struct l2cap_pinfo *pi = l2cap_pi(sk); 967 struct l2cap_chan *chan = pi->chan; 968 969 BT_DBG("sk %p", sk); 970 971 if (parent) { 972 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 973 974 sk->sk_type = parent->sk_type; 975 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 976 977 chan->chan_type = pchan->chan_type; 978 chan->imtu = pchan->imtu; 979 chan->omtu = pchan->omtu; 980 chan->conf_state = pchan->conf_state; 981 chan->mode = pchan->mode; 982 chan->fcs = pchan->fcs; 983 chan->max_tx = pchan->max_tx; 984 chan->tx_win = pchan->tx_win; 985 chan->tx_win_max = pchan->tx_win_max; 986 chan->sec_level = pchan->sec_level; 987 chan->flags = pchan->flags; 988 989 security_sk_clone(parent, sk); 990 } else { 991 992 switch (sk->sk_type) { 993 case SOCK_RAW: 994 chan->chan_type = L2CAP_CHAN_RAW; 995 break; 996 case SOCK_DGRAM: 997 chan->chan_type = L2CAP_CHAN_CONN_LESS; 998 break; 999 case SOCK_SEQPACKET: 1000 case SOCK_STREAM: 1001 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1002 break; 1003 } 1004 1005 chan->imtu = L2CAP_DEFAULT_MTU; 1006 chan->omtu = 0; 1007 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1008 chan->mode = L2CAP_MODE_ERTM; 1009 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1010 } else { 1011 chan->mode = L2CAP_MODE_BASIC; 1012 } 1013 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 1014 chan->fcs = L2CAP_FCS_CRC16; 1015 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1016 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 1017 chan->sec_level = BT_SECURITY_LOW; 1018 chan->flags = 0; 1019 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 1020 } 1021 1022 /* Default config options */ 1023 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1024 1025 chan->data = sk; 1026 chan->ops = &l2cap_chan_ops; 1027 } 1028 1029 static struct proto l2cap_proto = { 1030 .name = "L2CAP", 1031 .owner = THIS_MODULE, 1032 .obj_size = sizeof(struct l2cap_pinfo) 1033 }; 1034 1035 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1036 { 1037 struct sock *sk; 1038 struct l2cap_chan *chan; 1039 1040 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1041 if (!sk) 1042 return NULL; 1043 1044 sock_init_data(sock, sk); 1045 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1046 1047 sk->sk_destruct = l2cap_sock_destruct; 1048 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1049 1050 sock_reset_flag(sk, SOCK_ZAPPED); 1051 1052 sk->sk_protocol = proto; 1053 sk->sk_state = BT_OPEN; 1054 1055 chan = l2cap_chan_create(sk); 1056 if (!chan) { 1057 l2cap_sock_kill(sk); 1058 return NULL; 1059 } 1060 1061 l2cap_pi(sk)->chan = chan; 1062 1063 return sk; 1064 } 1065 1066 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1067 int kern) 1068 { 1069 struct sock *sk; 1070 1071 BT_DBG("sock %p", sock); 1072 1073 sock->state = SS_UNCONNECTED; 1074 1075 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1076 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1077 return -ESOCKTNOSUPPORT; 1078 1079 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1080 return -EPERM; 1081 1082 sock->ops = &l2cap_sock_ops; 1083 1084 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1085 if (!sk) 1086 return -ENOMEM; 1087 1088 l2cap_sock_init(sk, NULL); 1089 return 0; 1090 } 1091 1092 static const struct proto_ops l2cap_sock_ops = { 1093 .family = PF_BLUETOOTH, 1094 .owner = THIS_MODULE, 1095 .release = l2cap_sock_release, 1096 .bind = l2cap_sock_bind, 1097 .connect = l2cap_sock_connect, 1098 .listen = l2cap_sock_listen, 1099 .accept = l2cap_sock_accept, 1100 .getname = l2cap_sock_getname, 1101 .sendmsg = l2cap_sock_sendmsg, 1102 .recvmsg = l2cap_sock_recvmsg, 1103 .poll = bt_sock_poll, 1104 .ioctl = bt_sock_ioctl, 1105 .mmap = sock_no_mmap, 1106 .socketpair = sock_no_socketpair, 1107 .shutdown = l2cap_sock_shutdown, 1108 .setsockopt = l2cap_sock_setsockopt, 1109 .getsockopt = l2cap_sock_getsockopt 1110 }; 1111 1112 static const struct net_proto_family l2cap_sock_family_ops = { 1113 .family = PF_BLUETOOTH, 1114 .owner = THIS_MODULE, 1115 .create = l2cap_sock_create, 1116 }; 1117 1118 int __init l2cap_init_sockets(void) 1119 { 1120 int err; 1121 1122 err = proto_register(&l2cap_proto, 0); 1123 if (err < 0) 1124 return err; 1125 1126 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1127 if (err < 0) 1128 goto error; 1129 1130 BT_INFO("L2CAP socket layer initialized"); 1131 1132 return 0; 1133 1134 error: 1135 BT_ERR("L2CAP socket registration failed"); 1136 proto_unregister(&l2cap_proto); 1137 return err; 1138 } 1139 1140 void l2cap_cleanup_sockets(void) 1141 { 1142 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 1143 BT_ERR("L2CAP socket unregistration failed"); 1144 1145 proto_unregister(&l2cap_proto); 1146 } 1147