1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 #include <linux/sched/signal.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/l2cap.h> 37 38 #include "smp.h" 39 40 static struct bt_sock_list l2cap_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 42 }; 43 44 static const struct proto_ops l2cap_sock_ops; 45 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 47 int proto, gfp_t prio, int kern); 48 49 bool l2cap_is_socket(struct socket *sock) 50 { 51 return sock && sock->ops == &l2cap_sock_ops; 52 } 53 EXPORT_SYMBOL(l2cap_is_socket); 54 55 static int l2cap_validate_bredr_psm(u16 psm) 56 { 57 /* PSM must be odd and lsb of upper byte must be 0 */ 58 if ((psm & 0x0101) != 0x0001) 59 return -EINVAL; 60 61 /* Restrict usage of well-known PSMs */ 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE)) 63 return -EACCES; 64 65 return 0; 66 } 67 68 static int l2cap_validate_le_psm(u16 psm) 69 { 70 /* Valid LE_PSM ranges are defined only until 0x00ff */ 71 if (psm > L2CAP_PSM_LE_DYN_END) 72 return -EINVAL; 73 74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE)) 76 return -EACCES; 77 78 return 0; 79 } 80 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82 { 83 struct sock *sk = sock->sk; 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 struct sockaddr_l2 la; 86 int len, err = 0; 87 88 BT_DBG("sk %p", sk); 89 90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) || 91 addr->sa_family != AF_BLUETOOTH) 92 return -EINVAL; 93 94 memset(&la, 0, sizeof(la)); 95 len = min_t(unsigned int, sizeof(la), alen); 96 memcpy(&la, addr, len); 97 98 if (la.l2_cid && la.l2_psm) 99 return -EINVAL; 100 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 102 return -EINVAL; 103 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 105 /* We only allow ATT user space socket */ 106 if (la.l2_cid && 107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 108 return -EINVAL; 109 } 110 111 lock_sock(sk); 112 113 if (sk->sk_state != BT_OPEN) { 114 err = -EBADFD; 115 goto done; 116 } 117 118 if (la.l2_psm) { 119 __u16 psm = __le16_to_cpu(la.l2_psm); 120 121 if (la.l2_bdaddr_type == BDADDR_BREDR) 122 err = l2cap_validate_bredr_psm(psm); 123 else 124 err = l2cap_validate_le_psm(psm); 125 126 if (err) 127 goto done; 128 } 129 130 bacpy(&chan->src, &la.l2_bdaddr); 131 chan->src_type = la.l2_bdaddr_type; 132 133 if (la.l2_cid) 134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 135 else 136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 137 138 if (err < 0) 139 goto done; 140 141 switch (chan->chan_type) { 142 case L2CAP_CHAN_CONN_LESS: 143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 144 chan->sec_level = BT_SECURITY_SDP; 145 break; 146 case L2CAP_CHAN_CONN_ORIENTED: 147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 149 chan->sec_level = BT_SECURITY_SDP; 150 break; 151 case L2CAP_CHAN_RAW: 152 chan->sec_level = BT_SECURITY_SDP; 153 break; 154 case L2CAP_CHAN_FIXED: 155 /* Fixed channels default to the L2CAP core not holding a 156 * hci_conn reference for them. For fixed channels mapping to 157 * L2CAP sockets we do want to hold a reference so set the 158 * appropriate flag to request it. 159 */ 160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 161 break; 162 } 163 164 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 165 chan->mode = L2CAP_MODE_LE_FLOWCTL; 166 167 chan->state = BT_BOUND; 168 sk->sk_state = BT_BOUND; 169 170 done: 171 release_sock(sk); 172 return err; 173 } 174 175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 176 int alen, int flags) 177 { 178 struct sock *sk = sock->sk; 179 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 180 struct sockaddr_l2 la; 181 int len, err = 0; 182 183 BT_DBG("sk %p", sk); 184 185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) || 186 addr->sa_family != AF_BLUETOOTH) 187 return -EINVAL; 188 189 memset(&la, 0, sizeof(la)); 190 len = min_t(unsigned int, sizeof(la), alen); 191 memcpy(&la, addr, len); 192 193 if (la.l2_cid && la.l2_psm) 194 return -EINVAL; 195 196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 197 return -EINVAL; 198 199 /* Check that the socket wasn't bound to something that 200 * conflicts with the address given to connect(). If chan->src 201 * is BDADDR_ANY it means bind() was never used, in which case 202 * chan->src_type and la.l2_bdaddr_type do not need to match. 203 */ 204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 205 bdaddr_type_is_le(la.l2_bdaddr_type)) { 206 /* Old user space versions will try to incorrectly bind 207 * the ATT socket using BDADDR_BREDR. We need to accept 208 * this and fix up the source address type only when 209 * both the source CID and destination CID indicate 210 * ATT. Anything else is an invalid combination. 211 */ 212 if (chan->scid != L2CAP_CID_ATT || 213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 214 return -EINVAL; 215 216 /* We don't have the hdev available here to make a 217 * better decision on random vs public, but since all 218 * user space versions that exhibit this issue anyway do 219 * not support random local addresses assuming public 220 * here is good enough. 221 */ 222 chan->src_type = BDADDR_LE_PUBLIC; 223 } 224 225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 226 return -EINVAL; 227 228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 229 /* We only allow ATT user space socket */ 230 if (la.l2_cid && 231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 232 return -EINVAL; 233 } 234 235 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 236 chan->mode = L2CAP_MODE_LE_FLOWCTL; 237 238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 239 &la.l2_bdaddr, la.l2_bdaddr_type); 240 if (err) 241 return err; 242 243 lock_sock(sk); 244 245 err = bt_sock_wait_state(sk, BT_CONNECTED, 246 sock_sndtimeo(sk, flags & O_NONBLOCK)); 247 248 release_sock(sk); 249 250 return err; 251 } 252 253 static int l2cap_sock_listen(struct socket *sock, int backlog) 254 { 255 struct sock *sk = sock->sk; 256 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 257 int err = 0; 258 259 BT_DBG("sk %p backlog %d", sk, backlog); 260 261 lock_sock(sk); 262 263 if (sk->sk_state != BT_BOUND) { 264 err = -EBADFD; 265 goto done; 266 } 267 268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 269 err = -EINVAL; 270 goto done; 271 } 272 273 switch (chan->mode) { 274 case L2CAP_MODE_BASIC: 275 case L2CAP_MODE_LE_FLOWCTL: 276 break; 277 case L2CAP_MODE_ERTM: 278 case L2CAP_MODE_STREAMING: 279 if (!disable_ertm) 280 break; 281 /* fall through */ 282 default: 283 err = -EOPNOTSUPP; 284 goto done; 285 } 286 287 sk->sk_max_ack_backlog = backlog; 288 sk->sk_ack_backlog = 0; 289 290 /* Listening channels need to use nested locking in order not to 291 * cause lockdep warnings when the created child channels end up 292 * being locked in the same thread as the parent channel. 293 */ 294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 295 296 chan->state = BT_LISTEN; 297 sk->sk_state = BT_LISTEN; 298 299 done: 300 release_sock(sk); 301 return err; 302 } 303 304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 305 int flags, bool kern) 306 { 307 DEFINE_WAIT_FUNC(wait, woken_wake_function); 308 struct sock *sk = sock->sk, *nsk; 309 long timeo; 310 int err = 0; 311 312 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 313 314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 315 316 BT_DBG("sk %p timeo %ld", sk, timeo); 317 318 /* Wait for an incoming connection. (wake-one). */ 319 add_wait_queue_exclusive(sk_sleep(sk), &wait); 320 while (1) { 321 if (sk->sk_state != BT_LISTEN) { 322 err = -EBADFD; 323 break; 324 } 325 326 nsk = bt_accept_dequeue(sk, newsock); 327 if (nsk) 328 break; 329 330 if (!timeo) { 331 err = -EAGAIN; 332 break; 333 } 334 335 if (signal_pending(current)) { 336 err = sock_intr_errno(timeo); 337 break; 338 } 339 340 release_sock(sk); 341 342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 343 344 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 345 } 346 remove_wait_queue(sk_sleep(sk), &wait); 347 348 if (err) 349 goto done; 350 351 newsock->state = SS_CONNECTED; 352 353 BT_DBG("new socket %p", nsk); 354 355 done: 356 release_sock(sk); 357 return err; 358 } 359 360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 361 int *len, int peer) 362 { 363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 364 struct sock *sk = sock->sk; 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 366 367 BT_DBG("sock %p, sk %p", sock, sk); 368 369 if (peer && sk->sk_state != BT_CONNECTED && 370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 371 sk->sk_state != BT_CONFIG) 372 return -ENOTCONN; 373 374 memset(la, 0, sizeof(struct sockaddr_l2)); 375 addr->sa_family = AF_BLUETOOTH; 376 *len = sizeof(struct sockaddr_l2); 377 378 la->l2_psm = chan->psm; 379 380 if (peer) { 381 bacpy(&la->l2_bdaddr, &chan->dst); 382 la->l2_cid = cpu_to_le16(chan->dcid); 383 la->l2_bdaddr_type = chan->dst_type; 384 } else { 385 bacpy(&la->l2_bdaddr, &chan->src); 386 la->l2_cid = cpu_to_le16(chan->scid); 387 la->l2_bdaddr_type = chan->src_type; 388 } 389 390 return 0; 391 } 392 393 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 394 char __user *optval, int __user *optlen) 395 { 396 struct sock *sk = sock->sk; 397 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 398 struct l2cap_options opts; 399 struct l2cap_conninfo cinfo; 400 int len, err = 0; 401 u32 opt; 402 403 BT_DBG("sk %p", sk); 404 405 if (get_user(len, optlen)) 406 return -EFAULT; 407 408 lock_sock(sk); 409 410 switch (optname) { 411 case L2CAP_OPTIONS: 412 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 413 * legacy ATT code depends on getsockopt for 414 * L2CAP_OPTIONS we need to let this pass. 415 */ 416 if (bdaddr_type_is_le(chan->src_type) && 417 chan->scid != L2CAP_CID_ATT) { 418 err = -EINVAL; 419 break; 420 } 421 422 memset(&opts, 0, sizeof(opts)); 423 opts.imtu = chan->imtu; 424 opts.omtu = chan->omtu; 425 opts.flush_to = chan->flush_to; 426 opts.mode = chan->mode; 427 opts.fcs = chan->fcs; 428 opts.max_tx = chan->max_tx; 429 opts.txwin_size = chan->tx_win; 430 431 len = min_t(unsigned int, len, sizeof(opts)); 432 if (copy_to_user(optval, (char *) &opts, len)) 433 err = -EFAULT; 434 435 break; 436 437 case L2CAP_LM: 438 switch (chan->sec_level) { 439 case BT_SECURITY_LOW: 440 opt = L2CAP_LM_AUTH; 441 break; 442 case BT_SECURITY_MEDIUM: 443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 444 break; 445 case BT_SECURITY_HIGH: 446 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 447 L2CAP_LM_SECURE; 448 break; 449 case BT_SECURITY_FIPS: 450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 451 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 452 break; 453 default: 454 opt = 0; 455 break; 456 } 457 458 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 459 opt |= L2CAP_LM_MASTER; 460 461 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 462 opt |= L2CAP_LM_RELIABLE; 463 464 if (put_user(opt, (u32 __user *) optval)) 465 err = -EFAULT; 466 467 break; 468 469 case L2CAP_CONNINFO: 470 if (sk->sk_state != BT_CONNECTED && 471 !(sk->sk_state == BT_CONNECT2 && 472 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 473 err = -ENOTCONN; 474 break; 475 } 476 477 memset(&cinfo, 0, sizeof(cinfo)); 478 cinfo.hci_handle = chan->conn->hcon->handle; 479 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 480 481 len = min_t(unsigned int, len, sizeof(cinfo)); 482 if (copy_to_user(optval, (char *) &cinfo, len)) 483 err = -EFAULT; 484 485 break; 486 487 default: 488 err = -ENOPROTOOPT; 489 break; 490 } 491 492 release_sock(sk); 493 return err; 494 } 495 496 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 497 char __user *optval, int __user *optlen) 498 { 499 struct sock *sk = sock->sk; 500 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 501 struct bt_security sec; 502 struct bt_power pwr; 503 int len, err = 0; 504 505 BT_DBG("sk %p", sk); 506 507 if (level == SOL_L2CAP) 508 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 509 510 if (level != SOL_BLUETOOTH) 511 return -ENOPROTOOPT; 512 513 if (get_user(len, optlen)) 514 return -EFAULT; 515 516 lock_sock(sk); 517 518 switch (optname) { 519 case BT_SECURITY: 520 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 521 chan->chan_type != L2CAP_CHAN_FIXED && 522 chan->chan_type != L2CAP_CHAN_RAW) { 523 err = -EINVAL; 524 break; 525 } 526 527 memset(&sec, 0, sizeof(sec)); 528 if (chan->conn) { 529 sec.level = chan->conn->hcon->sec_level; 530 531 if (sk->sk_state == BT_CONNECTED) 532 sec.key_size = chan->conn->hcon->enc_key_size; 533 } else { 534 sec.level = chan->sec_level; 535 } 536 537 len = min_t(unsigned int, len, sizeof(sec)); 538 if (copy_to_user(optval, (char *) &sec, len)) 539 err = -EFAULT; 540 541 break; 542 543 case BT_DEFER_SETUP: 544 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 545 err = -EINVAL; 546 break; 547 } 548 549 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 550 (u32 __user *) optval)) 551 err = -EFAULT; 552 553 break; 554 555 case BT_FLUSHABLE: 556 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 557 (u32 __user *) optval)) 558 err = -EFAULT; 559 560 break; 561 562 case BT_POWER: 563 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 564 && sk->sk_type != SOCK_RAW) { 565 err = -EINVAL; 566 break; 567 } 568 569 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 570 571 len = min_t(unsigned int, len, sizeof(pwr)); 572 if (copy_to_user(optval, (char *) &pwr, len)) 573 err = -EFAULT; 574 575 break; 576 577 case BT_CHANNEL_POLICY: 578 if (put_user(chan->chan_policy, (u32 __user *) optval)) 579 err = -EFAULT; 580 break; 581 582 case BT_SNDMTU: 583 if (!bdaddr_type_is_le(chan->src_type)) { 584 err = -EINVAL; 585 break; 586 } 587 588 if (sk->sk_state != BT_CONNECTED) { 589 err = -ENOTCONN; 590 break; 591 } 592 593 if (put_user(chan->omtu, (u16 __user *) optval)) 594 err = -EFAULT; 595 break; 596 597 case BT_RCVMTU: 598 if (!bdaddr_type_is_le(chan->src_type)) { 599 err = -EINVAL; 600 break; 601 } 602 603 if (put_user(chan->imtu, (u16 __user *) optval)) 604 err = -EFAULT; 605 break; 606 607 default: 608 err = -ENOPROTOOPT; 609 break; 610 } 611 612 release_sock(sk); 613 return err; 614 } 615 616 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 617 { 618 switch (chan->scid) { 619 case L2CAP_CID_ATT: 620 if (mtu < L2CAP_LE_MIN_MTU) 621 return false; 622 break; 623 624 default: 625 if (mtu < L2CAP_DEFAULT_MIN_MTU) 626 return false; 627 } 628 629 return true; 630 } 631 632 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 633 char __user *optval, unsigned int optlen) 634 { 635 struct sock *sk = sock->sk; 636 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 637 struct l2cap_options opts; 638 int len, err = 0; 639 u32 opt; 640 641 BT_DBG("sk %p", sk); 642 643 lock_sock(sk); 644 645 switch (optname) { 646 case L2CAP_OPTIONS: 647 if (bdaddr_type_is_le(chan->src_type)) { 648 err = -EINVAL; 649 break; 650 } 651 652 if (sk->sk_state == BT_CONNECTED) { 653 err = -EINVAL; 654 break; 655 } 656 657 opts.imtu = chan->imtu; 658 opts.omtu = chan->omtu; 659 opts.flush_to = chan->flush_to; 660 opts.mode = chan->mode; 661 opts.fcs = chan->fcs; 662 opts.max_tx = chan->max_tx; 663 opts.txwin_size = chan->tx_win; 664 665 len = min_t(unsigned int, sizeof(opts), optlen); 666 if (copy_from_user((char *) &opts, optval, len)) { 667 err = -EFAULT; 668 break; 669 } 670 671 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 672 err = -EINVAL; 673 break; 674 } 675 676 if (!l2cap_valid_mtu(chan, opts.imtu)) { 677 err = -EINVAL; 678 break; 679 } 680 681 chan->mode = opts.mode; 682 switch (chan->mode) { 683 case L2CAP_MODE_LE_FLOWCTL: 684 break; 685 case L2CAP_MODE_BASIC: 686 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 687 break; 688 case L2CAP_MODE_ERTM: 689 case L2CAP_MODE_STREAMING: 690 if (!disable_ertm) 691 break; 692 /* fall through */ 693 default: 694 err = -EINVAL; 695 break; 696 } 697 698 chan->imtu = opts.imtu; 699 chan->omtu = opts.omtu; 700 chan->fcs = opts.fcs; 701 chan->max_tx = opts.max_tx; 702 chan->tx_win = opts.txwin_size; 703 chan->flush_to = opts.flush_to; 704 break; 705 706 case L2CAP_LM: 707 if (get_user(opt, (u32 __user *) optval)) { 708 err = -EFAULT; 709 break; 710 } 711 712 if (opt & L2CAP_LM_FIPS) { 713 err = -EINVAL; 714 break; 715 } 716 717 if (opt & L2CAP_LM_AUTH) 718 chan->sec_level = BT_SECURITY_LOW; 719 if (opt & L2CAP_LM_ENCRYPT) 720 chan->sec_level = BT_SECURITY_MEDIUM; 721 if (opt & L2CAP_LM_SECURE) 722 chan->sec_level = BT_SECURITY_HIGH; 723 724 if (opt & L2CAP_LM_MASTER) 725 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 726 else 727 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 728 729 if (opt & L2CAP_LM_RELIABLE) 730 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 731 else 732 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 733 break; 734 735 default: 736 err = -ENOPROTOOPT; 737 break; 738 } 739 740 release_sock(sk); 741 return err; 742 } 743 744 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 745 char __user *optval, unsigned int optlen) 746 { 747 struct sock *sk = sock->sk; 748 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 749 struct bt_security sec; 750 struct bt_power pwr; 751 struct l2cap_conn *conn; 752 int len, err = 0; 753 u32 opt; 754 755 BT_DBG("sk %p", sk); 756 757 if (level == SOL_L2CAP) 758 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 759 760 if (level != SOL_BLUETOOTH) 761 return -ENOPROTOOPT; 762 763 lock_sock(sk); 764 765 switch (optname) { 766 case BT_SECURITY: 767 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 768 chan->chan_type != L2CAP_CHAN_FIXED && 769 chan->chan_type != L2CAP_CHAN_RAW) { 770 err = -EINVAL; 771 break; 772 } 773 774 sec.level = BT_SECURITY_LOW; 775 776 len = min_t(unsigned int, sizeof(sec), optlen); 777 if (copy_from_user((char *) &sec, optval, len)) { 778 err = -EFAULT; 779 break; 780 } 781 782 if (sec.level < BT_SECURITY_LOW || 783 sec.level > BT_SECURITY_FIPS) { 784 err = -EINVAL; 785 break; 786 } 787 788 chan->sec_level = sec.level; 789 790 if (!chan->conn) 791 break; 792 793 conn = chan->conn; 794 795 /*change security for LE channels */ 796 if (chan->scid == L2CAP_CID_ATT) { 797 if (smp_conn_security(conn->hcon, sec.level)) 798 break; 799 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 800 sk->sk_state = BT_CONFIG; 801 chan->state = BT_CONFIG; 802 803 /* or for ACL link */ 804 } else if ((sk->sk_state == BT_CONNECT2 && 805 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 806 sk->sk_state == BT_CONNECTED) { 807 if (!l2cap_chan_check_security(chan, true)) 808 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 809 else 810 sk->sk_state_change(sk); 811 } else { 812 err = -EINVAL; 813 } 814 break; 815 816 case BT_DEFER_SETUP: 817 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 818 err = -EINVAL; 819 break; 820 } 821 822 if (get_user(opt, (u32 __user *) optval)) { 823 err = -EFAULT; 824 break; 825 } 826 827 if (opt) { 828 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 829 set_bit(FLAG_DEFER_SETUP, &chan->flags); 830 } else { 831 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 832 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 833 } 834 break; 835 836 case BT_FLUSHABLE: 837 if (get_user(opt, (u32 __user *) optval)) { 838 err = -EFAULT; 839 break; 840 } 841 842 if (opt > BT_FLUSHABLE_ON) { 843 err = -EINVAL; 844 break; 845 } 846 847 if (opt == BT_FLUSHABLE_OFF) { 848 conn = chan->conn; 849 /* proceed further only when we have l2cap_conn and 850 No Flush support in the LM */ 851 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 852 err = -EINVAL; 853 break; 854 } 855 } 856 857 if (opt) 858 set_bit(FLAG_FLUSHABLE, &chan->flags); 859 else 860 clear_bit(FLAG_FLUSHABLE, &chan->flags); 861 break; 862 863 case BT_POWER: 864 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 865 chan->chan_type != L2CAP_CHAN_RAW) { 866 err = -EINVAL; 867 break; 868 } 869 870 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 871 872 len = min_t(unsigned int, sizeof(pwr), optlen); 873 if (copy_from_user((char *) &pwr, optval, len)) { 874 err = -EFAULT; 875 break; 876 } 877 878 if (pwr.force_active) 879 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 880 else 881 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 882 break; 883 884 case BT_CHANNEL_POLICY: 885 if (get_user(opt, (u32 __user *) optval)) { 886 err = -EFAULT; 887 break; 888 } 889 890 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 891 err = -EINVAL; 892 break; 893 } 894 895 if (chan->mode != L2CAP_MODE_ERTM && 896 chan->mode != L2CAP_MODE_STREAMING) { 897 err = -EOPNOTSUPP; 898 break; 899 } 900 901 chan->chan_policy = (u8) opt; 902 903 if (sk->sk_state == BT_CONNECTED && 904 chan->move_role == L2CAP_MOVE_ROLE_NONE) 905 l2cap_move_start(chan); 906 907 break; 908 909 case BT_SNDMTU: 910 if (!bdaddr_type_is_le(chan->src_type)) { 911 err = -EINVAL; 912 break; 913 } 914 915 /* Setting is not supported as it's the remote side that 916 * decides this. 917 */ 918 err = -EPERM; 919 break; 920 921 case BT_RCVMTU: 922 if (!bdaddr_type_is_le(chan->src_type)) { 923 err = -EINVAL; 924 break; 925 } 926 927 if (sk->sk_state == BT_CONNECTED) { 928 err = -EISCONN; 929 break; 930 } 931 932 if (get_user(opt, (u16 __user *) optval)) { 933 err = -EFAULT; 934 break; 935 } 936 937 chan->imtu = opt; 938 break; 939 940 default: 941 err = -ENOPROTOOPT; 942 break; 943 } 944 945 release_sock(sk); 946 return err; 947 } 948 949 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, 950 size_t len) 951 { 952 struct sock *sk = sock->sk; 953 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 954 int err; 955 956 BT_DBG("sock %p, sk %p", sock, sk); 957 958 err = sock_error(sk); 959 if (err) 960 return err; 961 962 if (msg->msg_flags & MSG_OOB) 963 return -EOPNOTSUPP; 964 965 if (sk->sk_state != BT_CONNECTED) 966 return -ENOTCONN; 967 968 lock_sock(sk); 969 err = bt_sock_wait_ready(sk, msg->msg_flags); 970 release_sock(sk); 971 if (err) 972 return err; 973 974 l2cap_chan_lock(chan); 975 err = l2cap_chan_send(chan, msg, len); 976 l2cap_chan_unlock(chan); 977 978 return err; 979 } 980 981 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, 982 size_t len, int flags) 983 { 984 struct sock *sk = sock->sk; 985 struct l2cap_pinfo *pi = l2cap_pi(sk); 986 int err; 987 988 lock_sock(sk); 989 990 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 991 &bt_sk(sk)->flags)) { 992 if (bdaddr_type_is_le(pi->chan->src_type)) { 993 sk->sk_state = BT_CONNECTED; 994 pi->chan->state = BT_CONNECTED; 995 __l2cap_le_connect_rsp_defer(pi->chan); 996 } else { 997 sk->sk_state = BT_CONFIG; 998 pi->chan->state = BT_CONFIG; 999 __l2cap_connect_rsp_defer(pi->chan); 1000 } 1001 1002 err = 0; 1003 goto done; 1004 } 1005 1006 release_sock(sk); 1007 1008 if (sock->type == SOCK_STREAM) 1009 err = bt_sock_stream_recvmsg(sock, msg, len, flags); 1010 else 1011 err = bt_sock_recvmsg(sock, msg, len, flags); 1012 1013 if (pi->chan->mode != L2CAP_MODE_ERTM) 1014 return err; 1015 1016 /* Attempt to put pending rx data in the socket buffer */ 1017 1018 lock_sock(sk); 1019 1020 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1021 goto done; 1022 1023 if (pi->rx_busy_skb) { 1024 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1025 pi->rx_busy_skb = NULL; 1026 else 1027 goto done; 1028 } 1029 1030 /* Restore data flow when half of the receive buffer is 1031 * available. This avoids resending large numbers of 1032 * frames. 1033 */ 1034 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1035 l2cap_chan_busy(pi->chan, 0); 1036 1037 done: 1038 release_sock(sk); 1039 return err; 1040 } 1041 1042 /* Kill socket (only if zapped and orphan) 1043 * Must be called on unlocked socket. 1044 */ 1045 static void l2cap_sock_kill(struct sock *sk) 1046 { 1047 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1048 return; 1049 1050 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1051 1052 /* Kill poor orphan */ 1053 1054 l2cap_chan_put(l2cap_pi(sk)->chan); 1055 sock_set_flag(sk, SOCK_DEAD); 1056 sock_put(sk); 1057 } 1058 1059 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan) 1060 { 1061 DECLARE_WAITQUEUE(wait, current); 1062 int err = 0; 1063 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1064 /* Timeout to prevent infinite loop */ 1065 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT; 1066 1067 add_wait_queue(sk_sleep(sk), &wait); 1068 set_current_state(TASK_INTERRUPTIBLE); 1069 do { 1070 BT_DBG("Waiting for %d ACKs, timeout %04d ms", 1071 chan->unacked_frames, time_after(jiffies, timeout) ? 0 : 1072 jiffies_to_msecs(timeout - jiffies)); 1073 1074 if (!timeo) 1075 timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1076 1077 if (signal_pending(current)) { 1078 err = sock_intr_errno(timeo); 1079 break; 1080 } 1081 1082 release_sock(sk); 1083 timeo = schedule_timeout(timeo); 1084 lock_sock(sk); 1085 set_current_state(TASK_INTERRUPTIBLE); 1086 1087 err = sock_error(sk); 1088 if (err) 1089 break; 1090 1091 if (time_after(jiffies, timeout)) { 1092 err = -ENOLINK; 1093 break; 1094 } 1095 1096 } while (chan->unacked_frames > 0 && 1097 chan->state == BT_CONNECTED); 1098 1099 set_current_state(TASK_RUNNING); 1100 remove_wait_queue(sk_sleep(sk), &wait); 1101 return err; 1102 } 1103 1104 static int l2cap_sock_shutdown(struct socket *sock, int how) 1105 { 1106 struct sock *sk = sock->sk; 1107 struct l2cap_chan *chan; 1108 struct l2cap_conn *conn; 1109 int err = 0; 1110 1111 BT_DBG("sock %p, sk %p", sock, sk); 1112 1113 if (!sk) 1114 return 0; 1115 1116 lock_sock(sk); 1117 1118 if (sk->sk_shutdown) 1119 goto shutdown_already; 1120 1121 BT_DBG("Handling sock shutdown"); 1122 1123 /* prevent sk structure from being freed whilst unlocked */ 1124 sock_hold(sk); 1125 1126 chan = l2cap_pi(sk)->chan; 1127 /* prevent chan structure from being freed whilst unlocked */ 1128 l2cap_chan_hold(chan); 1129 1130 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1131 1132 if (chan->mode == L2CAP_MODE_ERTM && 1133 chan->unacked_frames > 0 && 1134 chan->state == BT_CONNECTED) { 1135 err = __l2cap_wait_ack(sk, chan); 1136 1137 /* After waiting for ACKs, check whether shutdown 1138 * has already been actioned to close the L2CAP 1139 * link such as by l2cap_disconnection_req(). 1140 */ 1141 if (sk->sk_shutdown) 1142 goto has_shutdown; 1143 } 1144 1145 sk->sk_shutdown = SHUTDOWN_MASK; 1146 release_sock(sk); 1147 1148 l2cap_chan_lock(chan); 1149 conn = chan->conn; 1150 if (conn) 1151 /* prevent conn structure from being freed */ 1152 l2cap_conn_get(conn); 1153 l2cap_chan_unlock(chan); 1154 1155 if (conn) 1156 /* mutex lock must be taken before l2cap_chan_lock() */ 1157 mutex_lock(&conn->chan_lock); 1158 1159 l2cap_chan_lock(chan); 1160 l2cap_chan_close(chan, 0); 1161 l2cap_chan_unlock(chan); 1162 1163 if (conn) { 1164 mutex_unlock(&conn->chan_lock); 1165 l2cap_conn_put(conn); 1166 } 1167 1168 lock_sock(sk); 1169 1170 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1171 !(current->flags & PF_EXITING)) 1172 err = bt_sock_wait_state(sk, BT_CLOSED, 1173 sk->sk_lingertime); 1174 1175 has_shutdown: 1176 l2cap_chan_put(chan); 1177 sock_put(sk); 1178 1179 shutdown_already: 1180 if (!err && sk->sk_err) 1181 err = -sk->sk_err; 1182 1183 release_sock(sk); 1184 1185 BT_DBG("Sock shutdown complete err: %d", err); 1186 1187 return err; 1188 } 1189 1190 static int l2cap_sock_release(struct socket *sock) 1191 { 1192 struct sock *sk = sock->sk; 1193 int err; 1194 1195 BT_DBG("sock %p, sk %p", sock, sk); 1196 1197 if (!sk) 1198 return 0; 1199 1200 bt_sock_unlink(&l2cap_sk_list, sk); 1201 1202 err = l2cap_sock_shutdown(sock, 2); 1203 1204 sock_orphan(sk); 1205 l2cap_sock_kill(sk); 1206 return err; 1207 } 1208 1209 static void l2cap_sock_cleanup_listen(struct sock *parent) 1210 { 1211 struct sock *sk; 1212 1213 BT_DBG("parent %p state %s", parent, 1214 state_to_string(parent->sk_state)); 1215 1216 /* Close not yet accepted channels */ 1217 while ((sk = bt_accept_dequeue(parent, NULL))) { 1218 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1219 1220 BT_DBG("child chan %p state %s", chan, 1221 state_to_string(chan->state)); 1222 1223 l2cap_chan_lock(chan); 1224 __clear_chan_timer(chan); 1225 l2cap_chan_close(chan, ECONNRESET); 1226 l2cap_chan_unlock(chan); 1227 1228 l2cap_sock_kill(sk); 1229 } 1230 } 1231 1232 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1233 { 1234 struct sock *sk, *parent = chan->data; 1235 1236 lock_sock(parent); 1237 1238 /* Check for backlog size */ 1239 if (sk_acceptq_is_full(parent)) { 1240 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1241 release_sock(parent); 1242 return NULL; 1243 } 1244 1245 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1246 GFP_ATOMIC, 0); 1247 if (!sk) { 1248 release_sock(parent); 1249 return NULL; 1250 } 1251 1252 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1253 1254 l2cap_sock_init(sk, parent); 1255 1256 bt_accept_enqueue(parent, sk); 1257 1258 release_sock(parent); 1259 1260 return l2cap_pi(sk)->chan; 1261 } 1262 1263 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1264 { 1265 struct sock *sk = chan->data; 1266 int err; 1267 1268 lock_sock(sk); 1269 1270 if (l2cap_pi(sk)->rx_busy_skb) { 1271 err = -ENOMEM; 1272 goto done; 1273 } 1274 1275 if (chan->mode != L2CAP_MODE_ERTM && 1276 chan->mode != L2CAP_MODE_STREAMING) { 1277 /* Even if no filter is attached, we could potentially 1278 * get errors from security modules, etc. 1279 */ 1280 err = sk_filter(sk, skb); 1281 if (err) 1282 goto done; 1283 } 1284 1285 err = __sock_queue_rcv_skb(sk, skb); 1286 1287 /* For ERTM, handle one skb that doesn't fit into the recv 1288 * buffer. This is important to do because the data frames 1289 * have already been acked, so the skb cannot be discarded. 1290 * 1291 * Notify the l2cap core that the buffer is full, so the 1292 * LOCAL_BUSY state is entered and no more frames are 1293 * acked and reassembled until there is buffer space 1294 * available. 1295 */ 1296 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1297 l2cap_pi(sk)->rx_busy_skb = skb; 1298 l2cap_chan_busy(chan, 1); 1299 err = 0; 1300 } 1301 1302 done: 1303 release_sock(sk); 1304 1305 return err; 1306 } 1307 1308 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1309 { 1310 struct sock *sk = chan->data; 1311 1312 l2cap_sock_kill(sk); 1313 } 1314 1315 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1316 { 1317 struct sock *sk = chan->data; 1318 struct sock *parent; 1319 1320 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1321 1322 /* This callback can be called both for server (BT_LISTEN) 1323 * sockets as well as "normal" ones. To avoid lockdep warnings 1324 * with child socket locking (through l2cap_sock_cleanup_listen) 1325 * we need separation into separate nesting levels. The simplest 1326 * way to accomplish this is to inherit the nesting level used 1327 * for the channel. 1328 */ 1329 lock_sock_nested(sk, atomic_read(&chan->nesting)); 1330 1331 parent = bt_sk(sk)->parent; 1332 1333 sock_set_flag(sk, SOCK_ZAPPED); 1334 1335 switch (chan->state) { 1336 case BT_OPEN: 1337 case BT_BOUND: 1338 case BT_CLOSED: 1339 break; 1340 case BT_LISTEN: 1341 l2cap_sock_cleanup_listen(sk); 1342 sk->sk_state = BT_CLOSED; 1343 chan->state = BT_CLOSED; 1344 1345 break; 1346 default: 1347 sk->sk_state = BT_CLOSED; 1348 chan->state = BT_CLOSED; 1349 1350 sk->sk_err = err; 1351 1352 if (parent) { 1353 bt_accept_unlink(sk); 1354 parent->sk_data_ready(parent); 1355 } else { 1356 sk->sk_state_change(sk); 1357 } 1358 1359 break; 1360 } 1361 1362 release_sock(sk); 1363 } 1364 1365 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1366 int err) 1367 { 1368 struct sock *sk = chan->data; 1369 1370 sk->sk_state = state; 1371 1372 if (err) 1373 sk->sk_err = err; 1374 } 1375 1376 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1377 unsigned long hdr_len, 1378 unsigned long len, int nb) 1379 { 1380 struct sock *sk = chan->data; 1381 struct sk_buff *skb; 1382 int err; 1383 1384 l2cap_chan_unlock(chan); 1385 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1386 l2cap_chan_lock(chan); 1387 1388 if (!skb) 1389 return ERR_PTR(err); 1390 1391 skb->priority = sk->sk_priority; 1392 1393 bt_cb(skb)->l2cap.chan = chan; 1394 1395 return skb; 1396 } 1397 1398 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1399 { 1400 struct sock *sk = chan->data; 1401 struct sock *parent; 1402 1403 lock_sock(sk); 1404 1405 parent = bt_sk(sk)->parent; 1406 1407 BT_DBG("sk %p, parent %p", sk, parent); 1408 1409 sk->sk_state = BT_CONNECTED; 1410 sk->sk_state_change(sk); 1411 1412 if (parent) 1413 parent->sk_data_ready(parent); 1414 1415 release_sock(sk); 1416 } 1417 1418 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1419 { 1420 struct sock *parent, *sk = chan->data; 1421 1422 lock_sock(sk); 1423 1424 parent = bt_sk(sk)->parent; 1425 if (parent) 1426 parent->sk_data_ready(parent); 1427 1428 release_sock(sk); 1429 } 1430 1431 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1432 { 1433 struct sock *sk = chan->data; 1434 1435 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1436 sk->sk_state = BT_CONNECTED; 1437 chan->state = BT_CONNECTED; 1438 } 1439 1440 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1441 sk->sk_state_change(sk); 1442 } 1443 1444 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1445 { 1446 struct sock *sk = chan->data; 1447 1448 lock_sock(sk); 1449 sk->sk_shutdown = SHUTDOWN_MASK; 1450 release_sock(sk); 1451 } 1452 1453 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1454 { 1455 struct sock *sk = chan->data; 1456 1457 return sk->sk_sndtimeo; 1458 } 1459 1460 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1461 { 1462 struct sock *sk = chan->data; 1463 1464 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1465 sk->sk_state_change(sk); 1466 } 1467 1468 static const struct l2cap_ops l2cap_chan_ops = { 1469 .name = "L2CAP Socket Interface", 1470 .new_connection = l2cap_sock_new_connection_cb, 1471 .recv = l2cap_sock_recv_cb, 1472 .close = l2cap_sock_close_cb, 1473 .teardown = l2cap_sock_teardown_cb, 1474 .state_change = l2cap_sock_state_change_cb, 1475 .ready = l2cap_sock_ready_cb, 1476 .defer = l2cap_sock_defer_cb, 1477 .resume = l2cap_sock_resume_cb, 1478 .suspend = l2cap_sock_suspend_cb, 1479 .set_shutdown = l2cap_sock_set_shutdown_cb, 1480 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1481 .alloc_skb = l2cap_sock_alloc_skb_cb, 1482 }; 1483 1484 static void l2cap_sock_destruct(struct sock *sk) 1485 { 1486 BT_DBG("sk %p", sk); 1487 1488 if (l2cap_pi(sk)->chan) 1489 l2cap_chan_put(l2cap_pi(sk)->chan); 1490 1491 if (l2cap_pi(sk)->rx_busy_skb) { 1492 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1493 l2cap_pi(sk)->rx_busy_skb = NULL; 1494 } 1495 1496 skb_queue_purge(&sk->sk_receive_queue); 1497 skb_queue_purge(&sk->sk_write_queue); 1498 } 1499 1500 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1501 int *msg_namelen) 1502 { 1503 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1504 1505 memset(la, 0, sizeof(struct sockaddr_l2)); 1506 la->l2_family = AF_BLUETOOTH; 1507 la->l2_psm = bt_cb(skb)->l2cap.psm; 1508 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr); 1509 1510 *msg_namelen = sizeof(struct sockaddr_l2); 1511 } 1512 1513 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1514 { 1515 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1516 1517 BT_DBG("sk %p", sk); 1518 1519 if (parent) { 1520 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1521 1522 sk->sk_type = parent->sk_type; 1523 bt_sk(sk)->flags = bt_sk(parent)->flags; 1524 1525 chan->chan_type = pchan->chan_type; 1526 chan->imtu = pchan->imtu; 1527 chan->omtu = pchan->omtu; 1528 chan->conf_state = pchan->conf_state; 1529 chan->mode = pchan->mode; 1530 chan->fcs = pchan->fcs; 1531 chan->max_tx = pchan->max_tx; 1532 chan->tx_win = pchan->tx_win; 1533 chan->tx_win_max = pchan->tx_win_max; 1534 chan->sec_level = pchan->sec_level; 1535 chan->flags = pchan->flags; 1536 chan->tx_credits = pchan->tx_credits; 1537 chan->rx_credits = pchan->rx_credits; 1538 1539 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1540 chan->scid = pchan->scid; 1541 chan->dcid = pchan->scid; 1542 } 1543 1544 security_sk_clone(parent, sk); 1545 } else { 1546 switch (sk->sk_type) { 1547 case SOCK_RAW: 1548 chan->chan_type = L2CAP_CHAN_RAW; 1549 break; 1550 case SOCK_DGRAM: 1551 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1552 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1553 break; 1554 case SOCK_SEQPACKET: 1555 case SOCK_STREAM: 1556 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1557 break; 1558 } 1559 1560 chan->imtu = L2CAP_DEFAULT_MTU; 1561 chan->omtu = 0; 1562 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1563 chan->mode = L2CAP_MODE_ERTM; 1564 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1565 } else { 1566 chan->mode = L2CAP_MODE_BASIC; 1567 } 1568 1569 l2cap_chan_set_defaults(chan); 1570 } 1571 1572 /* Default config options */ 1573 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1574 1575 chan->data = sk; 1576 chan->ops = &l2cap_chan_ops; 1577 } 1578 1579 static struct proto l2cap_proto = { 1580 .name = "L2CAP", 1581 .owner = THIS_MODULE, 1582 .obj_size = sizeof(struct l2cap_pinfo) 1583 }; 1584 1585 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1586 int proto, gfp_t prio, int kern) 1587 { 1588 struct sock *sk; 1589 struct l2cap_chan *chan; 1590 1591 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern); 1592 if (!sk) 1593 return NULL; 1594 1595 sock_init_data(sock, sk); 1596 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1597 1598 sk->sk_destruct = l2cap_sock_destruct; 1599 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1600 1601 sock_reset_flag(sk, SOCK_ZAPPED); 1602 1603 sk->sk_protocol = proto; 1604 sk->sk_state = BT_OPEN; 1605 1606 chan = l2cap_chan_create(); 1607 if (!chan) { 1608 sk_free(sk); 1609 return NULL; 1610 } 1611 1612 l2cap_chan_hold(chan); 1613 1614 l2cap_pi(sk)->chan = chan; 1615 1616 return sk; 1617 } 1618 1619 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1620 int kern) 1621 { 1622 struct sock *sk; 1623 1624 BT_DBG("sock %p", sock); 1625 1626 sock->state = SS_UNCONNECTED; 1627 1628 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1629 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1630 return -ESOCKTNOSUPPORT; 1631 1632 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1633 return -EPERM; 1634 1635 sock->ops = &l2cap_sock_ops; 1636 1637 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 1638 if (!sk) 1639 return -ENOMEM; 1640 1641 l2cap_sock_init(sk, NULL); 1642 bt_sock_link(&l2cap_sk_list, sk); 1643 return 0; 1644 } 1645 1646 static const struct proto_ops l2cap_sock_ops = { 1647 .family = PF_BLUETOOTH, 1648 .owner = THIS_MODULE, 1649 .release = l2cap_sock_release, 1650 .bind = l2cap_sock_bind, 1651 .connect = l2cap_sock_connect, 1652 .listen = l2cap_sock_listen, 1653 .accept = l2cap_sock_accept, 1654 .getname = l2cap_sock_getname, 1655 .sendmsg = l2cap_sock_sendmsg, 1656 .recvmsg = l2cap_sock_recvmsg, 1657 .poll = bt_sock_poll, 1658 .ioctl = bt_sock_ioctl, 1659 .mmap = sock_no_mmap, 1660 .socketpair = sock_no_socketpair, 1661 .shutdown = l2cap_sock_shutdown, 1662 .setsockopt = l2cap_sock_setsockopt, 1663 .getsockopt = l2cap_sock_getsockopt 1664 }; 1665 1666 static const struct net_proto_family l2cap_sock_family_ops = { 1667 .family = PF_BLUETOOTH, 1668 .owner = THIS_MODULE, 1669 .create = l2cap_sock_create, 1670 }; 1671 1672 int __init l2cap_init_sockets(void) 1673 { 1674 int err; 1675 1676 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr)); 1677 1678 err = proto_register(&l2cap_proto, 0); 1679 if (err < 0) 1680 return err; 1681 1682 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1683 if (err < 0) { 1684 BT_ERR("L2CAP socket registration failed"); 1685 goto error; 1686 } 1687 1688 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1689 NULL); 1690 if (err < 0) { 1691 BT_ERR("Failed to create L2CAP proc file"); 1692 bt_sock_unregister(BTPROTO_L2CAP); 1693 goto error; 1694 } 1695 1696 BT_INFO("L2CAP socket layer initialized"); 1697 1698 return 0; 1699 1700 error: 1701 proto_unregister(&l2cap_proto); 1702 return err; 1703 } 1704 1705 void l2cap_cleanup_sockets(void) 1706 { 1707 bt_procfs_cleanup(&init_net, "l2cap"); 1708 bt_sock_unregister(BTPROTO_L2CAP); 1709 proto_unregister(&l2cap_proto); 1710 } 1711