1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 #include <linux/sched/signal.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/l2cap.h> 37 38 #include "smp.h" 39 40 static struct bt_sock_list l2cap_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 42 }; 43 44 static const struct proto_ops l2cap_sock_ops; 45 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 47 int proto, gfp_t prio, int kern); 48 49 bool l2cap_is_socket(struct socket *sock) 50 { 51 return sock && sock->ops == &l2cap_sock_ops; 52 } 53 EXPORT_SYMBOL(l2cap_is_socket); 54 55 static int l2cap_validate_bredr_psm(u16 psm) 56 { 57 /* PSM must be odd and lsb of upper byte must be 0 */ 58 if ((psm & 0x0101) != 0x0001) 59 return -EINVAL; 60 61 /* Restrict usage of well-known PSMs */ 62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE)) 63 return -EACCES; 64 65 return 0; 66 } 67 68 static int l2cap_validate_le_psm(u16 psm) 69 { 70 /* Valid LE_PSM ranges are defined only until 0x00ff */ 71 if (psm > L2CAP_PSM_LE_DYN_END) 72 return -EINVAL; 73 74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE)) 76 return -EACCES; 77 78 return 0; 79 } 80 81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82 { 83 struct sock *sk = sock->sk; 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 85 struct sockaddr_l2 la; 86 int len, err = 0; 87 88 BT_DBG("sk %p", sk); 89 90 if (!addr || addr->sa_family != AF_BLUETOOTH) 91 return -EINVAL; 92 93 memset(&la, 0, sizeof(la)); 94 len = min_t(unsigned int, sizeof(la), alen); 95 memcpy(&la, addr, len); 96 97 if (la.l2_cid && la.l2_psm) 98 return -EINVAL; 99 100 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 101 return -EINVAL; 102 103 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 104 /* We only allow ATT user space socket */ 105 if (la.l2_cid && 106 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 107 return -EINVAL; 108 } 109 110 lock_sock(sk); 111 112 if (sk->sk_state != BT_OPEN) { 113 err = -EBADFD; 114 goto done; 115 } 116 117 if (la.l2_psm) { 118 __u16 psm = __le16_to_cpu(la.l2_psm); 119 120 if (la.l2_bdaddr_type == BDADDR_BREDR) 121 err = l2cap_validate_bredr_psm(psm); 122 else 123 err = l2cap_validate_le_psm(psm); 124 125 if (err) 126 goto done; 127 } 128 129 bacpy(&chan->src, &la.l2_bdaddr); 130 chan->src_type = la.l2_bdaddr_type; 131 132 if (la.l2_cid) 133 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 134 else 135 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 136 137 if (err < 0) 138 goto done; 139 140 switch (chan->chan_type) { 141 case L2CAP_CHAN_CONN_LESS: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 143 chan->sec_level = BT_SECURITY_SDP; 144 break; 145 case L2CAP_CHAN_CONN_ORIENTED: 146 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 147 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 148 chan->sec_level = BT_SECURITY_SDP; 149 break; 150 case L2CAP_CHAN_RAW: 151 chan->sec_level = BT_SECURITY_SDP; 152 break; 153 case L2CAP_CHAN_FIXED: 154 /* Fixed channels default to the L2CAP core not holding a 155 * hci_conn reference for them. For fixed channels mapping to 156 * L2CAP sockets we do want to hold a reference so set the 157 * appropriate flag to request it. 158 */ 159 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 160 break; 161 } 162 163 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 164 chan->mode = L2CAP_MODE_LE_FLOWCTL; 165 166 chan->state = BT_BOUND; 167 sk->sk_state = BT_BOUND; 168 169 done: 170 release_sock(sk); 171 return err; 172 } 173 174 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 175 int alen, int flags) 176 { 177 struct sock *sk = sock->sk; 178 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 179 struct sockaddr_l2 la; 180 int len, err = 0; 181 182 BT_DBG("sk %p", sk); 183 184 if (!addr || alen < sizeof(addr->sa_family) || 185 addr->sa_family != AF_BLUETOOTH) 186 return -EINVAL; 187 188 memset(&la, 0, sizeof(la)); 189 len = min_t(unsigned int, sizeof(la), alen); 190 memcpy(&la, addr, len); 191 192 if (la.l2_cid && la.l2_psm) 193 return -EINVAL; 194 195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 196 return -EINVAL; 197 198 /* Check that the socket wasn't bound to something that 199 * conflicts with the address given to connect(). If chan->src 200 * is BDADDR_ANY it means bind() was never used, in which case 201 * chan->src_type and la.l2_bdaddr_type do not need to match. 202 */ 203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 204 bdaddr_type_is_le(la.l2_bdaddr_type)) { 205 /* Old user space versions will try to incorrectly bind 206 * the ATT socket using BDADDR_BREDR. We need to accept 207 * this and fix up the source address type only when 208 * both the source CID and destination CID indicate 209 * ATT. Anything else is an invalid combination. 210 */ 211 if (chan->scid != L2CAP_CID_ATT || 212 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 213 return -EINVAL; 214 215 /* We don't have the hdev available here to make a 216 * better decision on random vs public, but since all 217 * user space versions that exhibit this issue anyway do 218 * not support random local addresses assuming public 219 * here is good enough. 220 */ 221 chan->src_type = BDADDR_LE_PUBLIC; 222 } 223 224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 225 return -EINVAL; 226 227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 228 /* We only allow ATT user space socket */ 229 if (la.l2_cid && 230 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 231 return -EINVAL; 232 } 233 234 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 235 chan->mode = L2CAP_MODE_LE_FLOWCTL; 236 237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 238 &la.l2_bdaddr, la.l2_bdaddr_type); 239 if (err) 240 return err; 241 242 lock_sock(sk); 243 244 err = bt_sock_wait_state(sk, BT_CONNECTED, 245 sock_sndtimeo(sk, flags & O_NONBLOCK)); 246 247 release_sock(sk); 248 249 return err; 250 } 251 252 static int l2cap_sock_listen(struct socket *sock, int backlog) 253 { 254 struct sock *sk = sock->sk; 255 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 256 int err = 0; 257 258 BT_DBG("sk %p backlog %d", sk, backlog); 259 260 lock_sock(sk); 261 262 if (sk->sk_state != BT_BOUND) { 263 err = -EBADFD; 264 goto done; 265 } 266 267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 268 err = -EINVAL; 269 goto done; 270 } 271 272 switch (chan->mode) { 273 case L2CAP_MODE_BASIC: 274 case L2CAP_MODE_LE_FLOWCTL: 275 break; 276 case L2CAP_MODE_ERTM: 277 case L2CAP_MODE_STREAMING: 278 if (!disable_ertm) 279 break; 280 /* fall through */ 281 default: 282 err = -EOPNOTSUPP; 283 goto done; 284 } 285 286 sk->sk_max_ack_backlog = backlog; 287 sk->sk_ack_backlog = 0; 288 289 /* Listening channels need to use nested locking in order not to 290 * cause lockdep warnings when the created child channels end up 291 * being locked in the same thread as the parent channel. 292 */ 293 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT); 294 295 chan->state = BT_LISTEN; 296 sk->sk_state = BT_LISTEN; 297 298 done: 299 release_sock(sk); 300 return err; 301 } 302 303 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 304 int flags, bool kern) 305 { 306 DEFINE_WAIT_FUNC(wait, woken_wake_function); 307 struct sock *sk = sock->sk, *nsk; 308 long timeo; 309 int err = 0; 310 311 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 312 313 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 314 315 BT_DBG("sk %p timeo %ld", sk, timeo); 316 317 /* Wait for an incoming connection. (wake-one). */ 318 add_wait_queue_exclusive(sk_sleep(sk), &wait); 319 while (1) { 320 if (sk->sk_state != BT_LISTEN) { 321 err = -EBADFD; 322 break; 323 } 324 325 nsk = bt_accept_dequeue(sk, newsock); 326 if (nsk) 327 break; 328 329 if (!timeo) { 330 err = -EAGAIN; 331 break; 332 } 333 334 if (signal_pending(current)) { 335 err = sock_intr_errno(timeo); 336 break; 337 } 338 339 release_sock(sk); 340 341 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 342 343 lock_sock_nested(sk, L2CAP_NESTING_PARENT); 344 } 345 remove_wait_queue(sk_sleep(sk), &wait); 346 347 if (err) 348 goto done; 349 350 newsock->state = SS_CONNECTED; 351 352 BT_DBG("new socket %p", nsk); 353 354 done: 355 release_sock(sk); 356 return err; 357 } 358 359 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 360 int *len, int peer) 361 { 362 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 363 struct sock *sk = sock->sk; 364 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 366 BT_DBG("sock %p, sk %p", sock, sk); 367 368 if (peer && sk->sk_state != BT_CONNECTED && 369 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 370 sk->sk_state != BT_CONFIG) 371 return -ENOTCONN; 372 373 memset(la, 0, sizeof(struct sockaddr_l2)); 374 addr->sa_family = AF_BLUETOOTH; 375 *len = sizeof(struct sockaddr_l2); 376 377 la->l2_psm = chan->psm; 378 379 if (peer) { 380 bacpy(&la->l2_bdaddr, &chan->dst); 381 la->l2_cid = cpu_to_le16(chan->dcid); 382 la->l2_bdaddr_type = chan->dst_type; 383 } else { 384 bacpy(&la->l2_bdaddr, &chan->src); 385 la->l2_cid = cpu_to_le16(chan->scid); 386 la->l2_bdaddr_type = chan->src_type; 387 } 388 389 return 0; 390 } 391 392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 393 char __user *optval, int __user *optlen) 394 { 395 struct sock *sk = sock->sk; 396 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 397 struct l2cap_options opts; 398 struct l2cap_conninfo cinfo; 399 int len, err = 0; 400 u32 opt; 401 402 BT_DBG("sk %p", sk); 403 404 if (get_user(len, optlen)) 405 return -EFAULT; 406 407 lock_sock(sk); 408 409 switch (optname) { 410 case L2CAP_OPTIONS: 411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 412 * legacy ATT code depends on getsockopt for 413 * L2CAP_OPTIONS we need to let this pass. 414 */ 415 if (bdaddr_type_is_le(chan->src_type) && 416 chan->scid != L2CAP_CID_ATT) { 417 err = -EINVAL; 418 break; 419 } 420 421 memset(&opts, 0, sizeof(opts)); 422 opts.imtu = chan->imtu; 423 opts.omtu = chan->omtu; 424 opts.flush_to = chan->flush_to; 425 opts.mode = chan->mode; 426 opts.fcs = chan->fcs; 427 opts.max_tx = chan->max_tx; 428 opts.txwin_size = chan->tx_win; 429 430 len = min_t(unsigned int, len, sizeof(opts)); 431 if (copy_to_user(optval, (char *) &opts, len)) 432 err = -EFAULT; 433 434 break; 435 436 case L2CAP_LM: 437 switch (chan->sec_level) { 438 case BT_SECURITY_LOW: 439 opt = L2CAP_LM_AUTH; 440 break; 441 case BT_SECURITY_MEDIUM: 442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 443 break; 444 case BT_SECURITY_HIGH: 445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 446 L2CAP_LM_SECURE; 447 break; 448 case BT_SECURITY_FIPS: 449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 450 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 451 break; 452 default: 453 opt = 0; 454 break; 455 } 456 457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 458 opt |= L2CAP_LM_MASTER; 459 460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 461 opt |= L2CAP_LM_RELIABLE; 462 463 if (put_user(opt, (u32 __user *) optval)) 464 err = -EFAULT; 465 466 break; 467 468 case L2CAP_CONNINFO: 469 if (sk->sk_state != BT_CONNECTED && 470 !(sk->sk_state == BT_CONNECT2 && 471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 472 err = -ENOTCONN; 473 break; 474 } 475 476 memset(&cinfo, 0, sizeof(cinfo)); 477 cinfo.hci_handle = chan->conn->hcon->handle; 478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 479 480 len = min_t(unsigned int, len, sizeof(cinfo)); 481 if (copy_to_user(optval, (char *) &cinfo, len)) 482 err = -EFAULT; 483 484 break; 485 486 default: 487 err = -ENOPROTOOPT; 488 break; 489 } 490 491 release_sock(sk); 492 return err; 493 } 494 495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 496 char __user *optval, int __user *optlen) 497 { 498 struct sock *sk = sock->sk; 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 500 struct bt_security sec; 501 struct bt_power pwr; 502 int len, err = 0; 503 504 BT_DBG("sk %p", sk); 505 506 if (level == SOL_L2CAP) 507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 508 509 if (level != SOL_BLUETOOTH) 510 return -ENOPROTOOPT; 511 512 if (get_user(len, optlen)) 513 return -EFAULT; 514 515 lock_sock(sk); 516 517 switch (optname) { 518 case BT_SECURITY: 519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 520 chan->chan_type != L2CAP_CHAN_FIXED && 521 chan->chan_type != L2CAP_CHAN_RAW) { 522 err = -EINVAL; 523 break; 524 } 525 526 memset(&sec, 0, sizeof(sec)); 527 if (chan->conn) { 528 sec.level = chan->conn->hcon->sec_level; 529 530 if (sk->sk_state == BT_CONNECTED) 531 sec.key_size = chan->conn->hcon->enc_key_size; 532 } else { 533 sec.level = chan->sec_level; 534 } 535 536 len = min_t(unsigned int, len, sizeof(sec)); 537 if (copy_to_user(optval, (char *) &sec, len)) 538 err = -EFAULT; 539 540 break; 541 542 case BT_DEFER_SETUP: 543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 544 err = -EINVAL; 545 break; 546 } 547 548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 549 (u32 __user *) optval)) 550 err = -EFAULT; 551 552 break; 553 554 case BT_FLUSHABLE: 555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 556 (u32 __user *) optval)) 557 err = -EFAULT; 558 559 break; 560 561 case BT_POWER: 562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 563 && sk->sk_type != SOCK_RAW) { 564 err = -EINVAL; 565 break; 566 } 567 568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 569 570 len = min_t(unsigned int, len, sizeof(pwr)); 571 if (copy_to_user(optval, (char *) &pwr, len)) 572 err = -EFAULT; 573 574 break; 575 576 case BT_CHANNEL_POLICY: 577 if (put_user(chan->chan_policy, (u32 __user *) optval)) 578 err = -EFAULT; 579 break; 580 581 case BT_SNDMTU: 582 if (!bdaddr_type_is_le(chan->src_type)) { 583 err = -EINVAL; 584 break; 585 } 586 587 if (sk->sk_state != BT_CONNECTED) { 588 err = -ENOTCONN; 589 break; 590 } 591 592 if (put_user(chan->omtu, (u16 __user *) optval)) 593 err = -EFAULT; 594 break; 595 596 case BT_RCVMTU: 597 if (!bdaddr_type_is_le(chan->src_type)) { 598 err = -EINVAL; 599 break; 600 } 601 602 if (put_user(chan->imtu, (u16 __user *) optval)) 603 err = -EFAULT; 604 break; 605 606 default: 607 err = -ENOPROTOOPT; 608 break; 609 } 610 611 release_sock(sk); 612 return err; 613 } 614 615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 616 { 617 switch (chan->scid) { 618 case L2CAP_CID_ATT: 619 if (mtu < L2CAP_LE_MIN_MTU) 620 return false; 621 break; 622 623 default: 624 if (mtu < L2CAP_DEFAULT_MIN_MTU) 625 return false; 626 } 627 628 return true; 629 } 630 631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 632 char __user *optval, unsigned int optlen) 633 { 634 struct sock *sk = sock->sk; 635 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 636 struct l2cap_options opts; 637 int len, err = 0; 638 u32 opt; 639 640 BT_DBG("sk %p", sk); 641 642 lock_sock(sk); 643 644 switch (optname) { 645 case L2CAP_OPTIONS: 646 if (bdaddr_type_is_le(chan->src_type)) { 647 err = -EINVAL; 648 break; 649 } 650 651 if (sk->sk_state == BT_CONNECTED) { 652 err = -EINVAL; 653 break; 654 } 655 656 opts.imtu = chan->imtu; 657 opts.omtu = chan->omtu; 658 opts.flush_to = chan->flush_to; 659 opts.mode = chan->mode; 660 opts.fcs = chan->fcs; 661 opts.max_tx = chan->max_tx; 662 opts.txwin_size = chan->tx_win; 663 664 len = min_t(unsigned int, sizeof(opts), optlen); 665 if (copy_from_user((char *) &opts, optval, len)) { 666 err = -EFAULT; 667 break; 668 } 669 670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 671 err = -EINVAL; 672 break; 673 } 674 675 if (!l2cap_valid_mtu(chan, opts.imtu)) { 676 err = -EINVAL; 677 break; 678 } 679 680 chan->mode = opts.mode; 681 switch (chan->mode) { 682 case L2CAP_MODE_LE_FLOWCTL: 683 break; 684 case L2CAP_MODE_BASIC: 685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 686 break; 687 case L2CAP_MODE_ERTM: 688 case L2CAP_MODE_STREAMING: 689 if (!disable_ertm) 690 break; 691 /* fall through */ 692 default: 693 err = -EINVAL; 694 break; 695 } 696 697 chan->imtu = opts.imtu; 698 chan->omtu = opts.omtu; 699 chan->fcs = opts.fcs; 700 chan->max_tx = opts.max_tx; 701 chan->tx_win = opts.txwin_size; 702 chan->flush_to = opts.flush_to; 703 break; 704 705 case L2CAP_LM: 706 if (get_user(opt, (u32 __user *) optval)) { 707 err = -EFAULT; 708 break; 709 } 710 711 if (opt & L2CAP_LM_FIPS) { 712 err = -EINVAL; 713 break; 714 } 715 716 if (opt & L2CAP_LM_AUTH) 717 chan->sec_level = BT_SECURITY_LOW; 718 if (opt & L2CAP_LM_ENCRYPT) 719 chan->sec_level = BT_SECURITY_MEDIUM; 720 if (opt & L2CAP_LM_SECURE) 721 chan->sec_level = BT_SECURITY_HIGH; 722 723 if (opt & L2CAP_LM_MASTER) 724 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 725 else 726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 727 728 if (opt & L2CAP_LM_RELIABLE) 729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 730 else 731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 732 break; 733 734 default: 735 err = -ENOPROTOOPT; 736 break; 737 } 738 739 release_sock(sk); 740 return err; 741 } 742 743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 744 char __user *optval, unsigned int optlen) 745 { 746 struct sock *sk = sock->sk; 747 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 748 struct bt_security sec; 749 struct bt_power pwr; 750 struct l2cap_conn *conn; 751 int len, err = 0; 752 u32 opt; 753 754 BT_DBG("sk %p", sk); 755 756 if (level == SOL_L2CAP) 757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 758 759 if (level != SOL_BLUETOOTH) 760 return -ENOPROTOOPT; 761 762 lock_sock(sk); 763 764 switch (optname) { 765 case BT_SECURITY: 766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 767 chan->chan_type != L2CAP_CHAN_FIXED && 768 chan->chan_type != L2CAP_CHAN_RAW) { 769 err = -EINVAL; 770 break; 771 } 772 773 sec.level = BT_SECURITY_LOW; 774 775 len = min_t(unsigned int, sizeof(sec), optlen); 776 if (copy_from_user((char *) &sec, optval, len)) { 777 err = -EFAULT; 778 break; 779 } 780 781 if (sec.level < BT_SECURITY_LOW || 782 sec.level > BT_SECURITY_FIPS) { 783 err = -EINVAL; 784 break; 785 } 786 787 chan->sec_level = sec.level; 788 789 if (!chan->conn) 790 break; 791 792 conn = chan->conn; 793 794 /*change security for LE channels */ 795 if (chan->scid == L2CAP_CID_ATT) { 796 if (smp_conn_security(conn->hcon, sec.level)) 797 break; 798 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 799 sk->sk_state = BT_CONFIG; 800 chan->state = BT_CONFIG; 801 802 /* or for ACL link */ 803 } else if ((sk->sk_state == BT_CONNECT2 && 804 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 805 sk->sk_state == BT_CONNECTED) { 806 if (!l2cap_chan_check_security(chan, true)) 807 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 808 else 809 sk->sk_state_change(sk); 810 } else { 811 err = -EINVAL; 812 } 813 break; 814 815 case BT_DEFER_SETUP: 816 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 817 err = -EINVAL; 818 break; 819 } 820 821 if (get_user(opt, (u32 __user *) optval)) { 822 err = -EFAULT; 823 break; 824 } 825 826 if (opt) { 827 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 828 set_bit(FLAG_DEFER_SETUP, &chan->flags); 829 } else { 830 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 831 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 832 } 833 break; 834 835 case BT_FLUSHABLE: 836 if (get_user(opt, (u32 __user *) optval)) { 837 err = -EFAULT; 838 break; 839 } 840 841 if (opt > BT_FLUSHABLE_ON) { 842 err = -EINVAL; 843 break; 844 } 845 846 if (opt == BT_FLUSHABLE_OFF) { 847 conn = chan->conn; 848 /* proceed further only when we have l2cap_conn and 849 No Flush support in the LM */ 850 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 851 err = -EINVAL; 852 break; 853 } 854 } 855 856 if (opt) 857 set_bit(FLAG_FLUSHABLE, &chan->flags); 858 else 859 clear_bit(FLAG_FLUSHABLE, &chan->flags); 860 break; 861 862 case BT_POWER: 863 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 864 chan->chan_type != L2CAP_CHAN_RAW) { 865 err = -EINVAL; 866 break; 867 } 868 869 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 870 871 len = min_t(unsigned int, sizeof(pwr), optlen); 872 if (copy_from_user((char *) &pwr, optval, len)) { 873 err = -EFAULT; 874 break; 875 } 876 877 if (pwr.force_active) 878 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 879 else 880 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 881 break; 882 883 case BT_CHANNEL_POLICY: 884 if (get_user(opt, (u32 __user *) optval)) { 885 err = -EFAULT; 886 break; 887 } 888 889 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 890 err = -EINVAL; 891 break; 892 } 893 894 if (chan->mode != L2CAP_MODE_ERTM && 895 chan->mode != L2CAP_MODE_STREAMING) { 896 err = -EOPNOTSUPP; 897 break; 898 } 899 900 chan->chan_policy = (u8) opt; 901 902 if (sk->sk_state == BT_CONNECTED && 903 chan->move_role == L2CAP_MOVE_ROLE_NONE) 904 l2cap_move_start(chan); 905 906 break; 907 908 case BT_SNDMTU: 909 if (!bdaddr_type_is_le(chan->src_type)) { 910 err = -EINVAL; 911 break; 912 } 913 914 /* Setting is not supported as it's the remote side that 915 * decides this. 916 */ 917 err = -EPERM; 918 break; 919 920 case BT_RCVMTU: 921 if (!bdaddr_type_is_le(chan->src_type)) { 922 err = -EINVAL; 923 break; 924 } 925 926 if (sk->sk_state == BT_CONNECTED) { 927 err = -EISCONN; 928 break; 929 } 930 931 if (get_user(opt, (u16 __user *) optval)) { 932 err = -EFAULT; 933 break; 934 } 935 936 chan->imtu = opt; 937 break; 938 939 default: 940 err = -ENOPROTOOPT; 941 break; 942 } 943 944 release_sock(sk); 945 return err; 946 } 947 948 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, 949 size_t len) 950 { 951 struct sock *sk = sock->sk; 952 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 953 int err; 954 955 BT_DBG("sock %p, sk %p", sock, sk); 956 957 err = sock_error(sk); 958 if (err) 959 return err; 960 961 if (msg->msg_flags & MSG_OOB) 962 return -EOPNOTSUPP; 963 964 if (sk->sk_state != BT_CONNECTED) 965 return -ENOTCONN; 966 967 lock_sock(sk); 968 err = bt_sock_wait_ready(sk, msg->msg_flags); 969 release_sock(sk); 970 if (err) 971 return err; 972 973 l2cap_chan_lock(chan); 974 err = l2cap_chan_send(chan, msg, len); 975 l2cap_chan_unlock(chan); 976 977 return err; 978 } 979 980 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, 981 size_t len, int flags) 982 { 983 struct sock *sk = sock->sk; 984 struct l2cap_pinfo *pi = l2cap_pi(sk); 985 int err; 986 987 lock_sock(sk); 988 989 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 990 &bt_sk(sk)->flags)) { 991 if (bdaddr_type_is_le(pi->chan->src_type)) { 992 sk->sk_state = BT_CONNECTED; 993 pi->chan->state = BT_CONNECTED; 994 __l2cap_le_connect_rsp_defer(pi->chan); 995 } else { 996 sk->sk_state = BT_CONFIG; 997 pi->chan->state = BT_CONFIG; 998 __l2cap_connect_rsp_defer(pi->chan); 999 } 1000 1001 err = 0; 1002 goto done; 1003 } 1004 1005 release_sock(sk); 1006 1007 if (sock->type == SOCK_STREAM) 1008 err = bt_sock_stream_recvmsg(sock, msg, len, flags); 1009 else 1010 err = bt_sock_recvmsg(sock, msg, len, flags); 1011 1012 if (pi->chan->mode != L2CAP_MODE_ERTM) 1013 return err; 1014 1015 /* Attempt to put pending rx data in the socket buffer */ 1016 1017 lock_sock(sk); 1018 1019 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1020 goto done; 1021 1022 if (pi->rx_busy_skb) { 1023 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1024 pi->rx_busy_skb = NULL; 1025 else 1026 goto done; 1027 } 1028 1029 /* Restore data flow when half of the receive buffer is 1030 * available. This avoids resending large numbers of 1031 * frames. 1032 */ 1033 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1034 l2cap_chan_busy(pi->chan, 0); 1035 1036 done: 1037 release_sock(sk); 1038 return err; 1039 } 1040 1041 /* Kill socket (only if zapped and orphan) 1042 * Must be called on unlocked socket. 1043 */ 1044 static void l2cap_sock_kill(struct sock *sk) 1045 { 1046 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1047 return; 1048 1049 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1050 1051 /* Kill poor orphan */ 1052 1053 l2cap_chan_put(l2cap_pi(sk)->chan); 1054 sock_set_flag(sk, SOCK_DEAD); 1055 sock_put(sk); 1056 } 1057 1058 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan) 1059 { 1060 DECLARE_WAITQUEUE(wait, current); 1061 int err = 0; 1062 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1063 /* Timeout to prevent infinite loop */ 1064 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT; 1065 1066 add_wait_queue(sk_sleep(sk), &wait); 1067 set_current_state(TASK_INTERRUPTIBLE); 1068 do { 1069 BT_DBG("Waiting for %d ACKs, timeout %04d ms", 1070 chan->unacked_frames, time_after(jiffies, timeout) ? 0 : 1071 jiffies_to_msecs(timeout - jiffies)); 1072 1073 if (!timeo) 1074 timeo = L2CAP_WAIT_ACK_POLL_PERIOD; 1075 1076 if (signal_pending(current)) { 1077 err = sock_intr_errno(timeo); 1078 break; 1079 } 1080 1081 release_sock(sk); 1082 timeo = schedule_timeout(timeo); 1083 lock_sock(sk); 1084 set_current_state(TASK_INTERRUPTIBLE); 1085 1086 err = sock_error(sk); 1087 if (err) 1088 break; 1089 1090 if (time_after(jiffies, timeout)) { 1091 err = -ENOLINK; 1092 break; 1093 } 1094 1095 } while (chan->unacked_frames > 0 && 1096 chan->state == BT_CONNECTED); 1097 1098 set_current_state(TASK_RUNNING); 1099 remove_wait_queue(sk_sleep(sk), &wait); 1100 return err; 1101 } 1102 1103 static int l2cap_sock_shutdown(struct socket *sock, int how) 1104 { 1105 struct sock *sk = sock->sk; 1106 struct l2cap_chan *chan; 1107 struct l2cap_conn *conn; 1108 int err = 0; 1109 1110 BT_DBG("sock %p, sk %p", sock, sk); 1111 1112 if (!sk) 1113 return 0; 1114 1115 lock_sock(sk); 1116 1117 if (sk->sk_shutdown) 1118 goto shutdown_already; 1119 1120 BT_DBG("Handling sock shutdown"); 1121 1122 /* prevent sk structure from being freed whilst unlocked */ 1123 sock_hold(sk); 1124 1125 chan = l2cap_pi(sk)->chan; 1126 /* prevent chan structure from being freed whilst unlocked */ 1127 l2cap_chan_hold(chan); 1128 1129 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1130 1131 if (chan->mode == L2CAP_MODE_ERTM && 1132 chan->unacked_frames > 0 && 1133 chan->state == BT_CONNECTED) { 1134 err = __l2cap_wait_ack(sk, chan); 1135 1136 /* After waiting for ACKs, check whether shutdown 1137 * has already been actioned to close the L2CAP 1138 * link such as by l2cap_disconnection_req(). 1139 */ 1140 if (sk->sk_shutdown) 1141 goto has_shutdown; 1142 } 1143 1144 sk->sk_shutdown = SHUTDOWN_MASK; 1145 release_sock(sk); 1146 1147 l2cap_chan_lock(chan); 1148 conn = chan->conn; 1149 if (conn) 1150 /* prevent conn structure from being freed */ 1151 l2cap_conn_get(conn); 1152 l2cap_chan_unlock(chan); 1153 1154 if (conn) 1155 /* mutex lock must be taken before l2cap_chan_lock() */ 1156 mutex_lock(&conn->chan_lock); 1157 1158 l2cap_chan_lock(chan); 1159 l2cap_chan_close(chan, 0); 1160 l2cap_chan_unlock(chan); 1161 1162 if (conn) { 1163 mutex_unlock(&conn->chan_lock); 1164 l2cap_conn_put(conn); 1165 } 1166 1167 lock_sock(sk); 1168 1169 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1170 !(current->flags & PF_EXITING)) 1171 err = bt_sock_wait_state(sk, BT_CLOSED, 1172 sk->sk_lingertime); 1173 1174 has_shutdown: 1175 l2cap_chan_put(chan); 1176 sock_put(sk); 1177 1178 shutdown_already: 1179 if (!err && sk->sk_err) 1180 err = -sk->sk_err; 1181 1182 release_sock(sk); 1183 1184 BT_DBG("Sock shutdown complete err: %d", err); 1185 1186 return err; 1187 } 1188 1189 static int l2cap_sock_release(struct socket *sock) 1190 { 1191 struct sock *sk = sock->sk; 1192 int err; 1193 1194 BT_DBG("sock %p, sk %p", sock, sk); 1195 1196 if (!sk) 1197 return 0; 1198 1199 bt_sock_unlink(&l2cap_sk_list, sk); 1200 1201 err = l2cap_sock_shutdown(sock, 2); 1202 1203 sock_orphan(sk); 1204 l2cap_sock_kill(sk); 1205 return err; 1206 } 1207 1208 static void l2cap_sock_cleanup_listen(struct sock *parent) 1209 { 1210 struct sock *sk; 1211 1212 BT_DBG("parent %p state %s", parent, 1213 state_to_string(parent->sk_state)); 1214 1215 /* Close not yet accepted channels */ 1216 while ((sk = bt_accept_dequeue(parent, NULL))) { 1217 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1218 1219 BT_DBG("child chan %p state %s", chan, 1220 state_to_string(chan->state)); 1221 1222 l2cap_chan_lock(chan); 1223 __clear_chan_timer(chan); 1224 l2cap_chan_close(chan, ECONNRESET); 1225 l2cap_chan_unlock(chan); 1226 1227 l2cap_sock_kill(sk); 1228 } 1229 } 1230 1231 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1232 { 1233 struct sock *sk, *parent = chan->data; 1234 1235 lock_sock(parent); 1236 1237 /* Check for backlog size */ 1238 if (sk_acceptq_is_full(parent)) { 1239 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1240 release_sock(parent); 1241 return NULL; 1242 } 1243 1244 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1245 GFP_ATOMIC, 0); 1246 if (!sk) { 1247 release_sock(parent); 1248 return NULL; 1249 } 1250 1251 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1252 1253 l2cap_sock_init(sk, parent); 1254 1255 bt_accept_enqueue(parent, sk); 1256 1257 release_sock(parent); 1258 1259 return l2cap_pi(sk)->chan; 1260 } 1261 1262 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1263 { 1264 struct sock *sk = chan->data; 1265 int err; 1266 1267 lock_sock(sk); 1268 1269 if (l2cap_pi(sk)->rx_busy_skb) { 1270 err = -ENOMEM; 1271 goto done; 1272 } 1273 1274 if (chan->mode != L2CAP_MODE_ERTM && 1275 chan->mode != L2CAP_MODE_STREAMING) { 1276 /* Even if no filter is attached, we could potentially 1277 * get errors from security modules, etc. 1278 */ 1279 err = sk_filter(sk, skb); 1280 if (err) 1281 goto done; 1282 } 1283 1284 err = __sock_queue_rcv_skb(sk, skb); 1285 1286 /* For ERTM, handle one skb that doesn't fit into the recv 1287 * buffer. This is important to do because the data frames 1288 * have already been acked, so the skb cannot be discarded. 1289 * 1290 * Notify the l2cap core that the buffer is full, so the 1291 * LOCAL_BUSY state is entered and no more frames are 1292 * acked and reassembled until there is buffer space 1293 * available. 1294 */ 1295 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1296 l2cap_pi(sk)->rx_busy_skb = skb; 1297 l2cap_chan_busy(chan, 1); 1298 err = 0; 1299 } 1300 1301 done: 1302 release_sock(sk); 1303 1304 return err; 1305 } 1306 1307 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1308 { 1309 struct sock *sk = chan->data; 1310 1311 l2cap_sock_kill(sk); 1312 } 1313 1314 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1315 { 1316 struct sock *sk = chan->data; 1317 struct sock *parent; 1318 1319 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); 1320 1321 /* This callback can be called both for server (BT_LISTEN) 1322 * sockets as well as "normal" ones. To avoid lockdep warnings 1323 * with child socket locking (through l2cap_sock_cleanup_listen) 1324 * we need separation into separate nesting levels. The simplest 1325 * way to accomplish this is to inherit the nesting level used 1326 * for the channel. 1327 */ 1328 lock_sock_nested(sk, atomic_read(&chan->nesting)); 1329 1330 parent = bt_sk(sk)->parent; 1331 1332 sock_set_flag(sk, SOCK_ZAPPED); 1333 1334 switch (chan->state) { 1335 case BT_OPEN: 1336 case BT_BOUND: 1337 case BT_CLOSED: 1338 break; 1339 case BT_LISTEN: 1340 l2cap_sock_cleanup_listen(sk); 1341 sk->sk_state = BT_CLOSED; 1342 chan->state = BT_CLOSED; 1343 1344 break; 1345 default: 1346 sk->sk_state = BT_CLOSED; 1347 chan->state = BT_CLOSED; 1348 1349 sk->sk_err = err; 1350 1351 if (parent) { 1352 bt_accept_unlink(sk); 1353 parent->sk_data_ready(parent); 1354 } else { 1355 sk->sk_state_change(sk); 1356 } 1357 1358 break; 1359 } 1360 1361 release_sock(sk); 1362 } 1363 1364 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1365 int err) 1366 { 1367 struct sock *sk = chan->data; 1368 1369 sk->sk_state = state; 1370 1371 if (err) 1372 sk->sk_err = err; 1373 } 1374 1375 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1376 unsigned long hdr_len, 1377 unsigned long len, int nb) 1378 { 1379 struct sock *sk = chan->data; 1380 struct sk_buff *skb; 1381 int err; 1382 1383 l2cap_chan_unlock(chan); 1384 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1385 l2cap_chan_lock(chan); 1386 1387 if (!skb) 1388 return ERR_PTR(err); 1389 1390 skb->priority = sk->sk_priority; 1391 1392 bt_cb(skb)->l2cap.chan = chan; 1393 1394 return skb; 1395 } 1396 1397 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1398 { 1399 struct sock *sk = chan->data; 1400 struct sock *parent; 1401 1402 lock_sock(sk); 1403 1404 parent = bt_sk(sk)->parent; 1405 1406 BT_DBG("sk %p, parent %p", sk, parent); 1407 1408 sk->sk_state = BT_CONNECTED; 1409 sk->sk_state_change(sk); 1410 1411 if (parent) 1412 parent->sk_data_ready(parent); 1413 1414 release_sock(sk); 1415 } 1416 1417 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1418 { 1419 struct sock *parent, *sk = chan->data; 1420 1421 lock_sock(sk); 1422 1423 parent = bt_sk(sk)->parent; 1424 if (parent) 1425 parent->sk_data_ready(parent); 1426 1427 release_sock(sk); 1428 } 1429 1430 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1431 { 1432 struct sock *sk = chan->data; 1433 1434 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1435 sk->sk_state = BT_CONNECTED; 1436 chan->state = BT_CONNECTED; 1437 } 1438 1439 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1440 sk->sk_state_change(sk); 1441 } 1442 1443 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1444 { 1445 struct sock *sk = chan->data; 1446 1447 lock_sock(sk); 1448 sk->sk_shutdown = SHUTDOWN_MASK; 1449 release_sock(sk); 1450 } 1451 1452 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1453 { 1454 struct sock *sk = chan->data; 1455 1456 return sk->sk_sndtimeo; 1457 } 1458 1459 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1460 { 1461 struct sock *sk = chan->data; 1462 1463 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1464 sk->sk_state_change(sk); 1465 } 1466 1467 static const struct l2cap_ops l2cap_chan_ops = { 1468 .name = "L2CAP Socket Interface", 1469 .new_connection = l2cap_sock_new_connection_cb, 1470 .recv = l2cap_sock_recv_cb, 1471 .close = l2cap_sock_close_cb, 1472 .teardown = l2cap_sock_teardown_cb, 1473 .state_change = l2cap_sock_state_change_cb, 1474 .ready = l2cap_sock_ready_cb, 1475 .defer = l2cap_sock_defer_cb, 1476 .resume = l2cap_sock_resume_cb, 1477 .suspend = l2cap_sock_suspend_cb, 1478 .set_shutdown = l2cap_sock_set_shutdown_cb, 1479 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1480 .alloc_skb = l2cap_sock_alloc_skb_cb, 1481 }; 1482 1483 static void l2cap_sock_destruct(struct sock *sk) 1484 { 1485 BT_DBG("sk %p", sk); 1486 1487 if (l2cap_pi(sk)->chan) 1488 l2cap_chan_put(l2cap_pi(sk)->chan); 1489 1490 if (l2cap_pi(sk)->rx_busy_skb) { 1491 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1492 l2cap_pi(sk)->rx_busy_skb = NULL; 1493 } 1494 1495 skb_queue_purge(&sk->sk_receive_queue); 1496 skb_queue_purge(&sk->sk_write_queue); 1497 } 1498 1499 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1500 int *msg_namelen) 1501 { 1502 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1503 1504 memset(la, 0, sizeof(struct sockaddr_l2)); 1505 la->l2_family = AF_BLUETOOTH; 1506 la->l2_psm = bt_cb(skb)->l2cap.psm; 1507 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr); 1508 1509 *msg_namelen = sizeof(struct sockaddr_l2); 1510 } 1511 1512 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1513 { 1514 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1515 1516 BT_DBG("sk %p", sk); 1517 1518 if (parent) { 1519 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1520 1521 sk->sk_type = parent->sk_type; 1522 bt_sk(sk)->flags = bt_sk(parent)->flags; 1523 1524 chan->chan_type = pchan->chan_type; 1525 chan->imtu = pchan->imtu; 1526 chan->omtu = pchan->omtu; 1527 chan->conf_state = pchan->conf_state; 1528 chan->mode = pchan->mode; 1529 chan->fcs = pchan->fcs; 1530 chan->max_tx = pchan->max_tx; 1531 chan->tx_win = pchan->tx_win; 1532 chan->tx_win_max = pchan->tx_win_max; 1533 chan->sec_level = pchan->sec_level; 1534 chan->flags = pchan->flags; 1535 chan->tx_credits = pchan->tx_credits; 1536 chan->rx_credits = pchan->rx_credits; 1537 1538 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1539 chan->scid = pchan->scid; 1540 chan->dcid = pchan->scid; 1541 } 1542 1543 security_sk_clone(parent, sk); 1544 } else { 1545 switch (sk->sk_type) { 1546 case SOCK_RAW: 1547 chan->chan_type = L2CAP_CHAN_RAW; 1548 break; 1549 case SOCK_DGRAM: 1550 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1551 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1552 break; 1553 case SOCK_SEQPACKET: 1554 case SOCK_STREAM: 1555 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1556 break; 1557 } 1558 1559 chan->imtu = L2CAP_DEFAULT_MTU; 1560 chan->omtu = 0; 1561 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1562 chan->mode = L2CAP_MODE_ERTM; 1563 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1564 } else { 1565 chan->mode = L2CAP_MODE_BASIC; 1566 } 1567 1568 l2cap_chan_set_defaults(chan); 1569 } 1570 1571 /* Default config options */ 1572 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1573 1574 chan->data = sk; 1575 chan->ops = &l2cap_chan_ops; 1576 } 1577 1578 static struct proto l2cap_proto = { 1579 .name = "L2CAP", 1580 .owner = THIS_MODULE, 1581 .obj_size = sizeof(struct l2cap_pinfo) 1582 }; 1583 1584 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1585 int proto, gfp_t prio, int kern) 1586 { 1587 struct sock *sk; 1588 struct l2cap_chan *chan; 1589 1590 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern); 1591 if (!sk) 1592 return NULL; 1593 1594 sock_init_data(sock, sk); 1595 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1596 1597 sk->sk_destruct = l2cap_sock_destruct; 1598 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1599 1600 sock_reset_flag(sk, SOCK_ZAPPED); 1601 1602 sk->sk_protocol = proto; 1603 sk->sk_state = BT_OPEN; 1604 1605 chan = l2cap_chan_create(); 1606 if (!chan) { 1607 sk_free(sk); 1608 return NULL; 1609 } 1610 1611 l2cap_chan_hold(chan); 1612 1613 l2cap_pi(sk)->chan = chan; 1614 1615 return sk; 1616 } 1617 1618 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1619 int kern) 1620 { 1621 struct sock *sk; 1622 1623 BT_DBG("sock %p", sock); 1624 1625 sock->state = SS_UNCONNECTED; 1626 1627 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1628 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1629 return -ESOCKTNOSUPPORT; 1630 1631 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1632 return -EPERM; 1633 1634 sock->ops = &l2cap_sock_ops; 1635 1636 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 1637 if (!sk) 1638 return -ENOMEM; 1639 1640 l2cap_sock_init(sk, NULL); 1641 bt_sock_link(&l2cap_sk_list, sk); 1642 return 0; 1643 } 1644 1645 static const struct proto_ops l2cap_sock_ops = { 1646 .family = PF_BLUETOOTH, 1647 .owner = THIS_MODULE, 1648 .release = l2cap_sock_release, 1649 .bind = l2cap_sock_bind, 1650 .connect = l2cap_sock_connect, 1651 .listen = l2cap_sock_listen, 1652 .accept = l2cap_sock_accept, 1653 .getname = l2cap_sock_getname, 1654 .sendmsg = l2cap_sock_sendmsg, 1655 .recvmsg = l2cap_sock_recvmsg, 1656 .poll = bt_sock_poll, 1657 .ioctl = bt_sock_ioctl, 1658 .mmap = sock_no_mmap, 1659 .socketpair = sock_no_socketpair, 1660 .shutdown = l2cap_sock_shutdown, 1661 .setsockopt = l2cap_sock_setsockopt, 1662 .getsockopt = l2cap_sock_getsockopt 1663 }; 1664 1665 static const struct net_proto_family l2cap_sock_family_ops = { 1666 .family = PF_BLUETOOTH, 1667 .owner = THIS_MODULE, 1668 .create = l2cap_sock_create, 1669 }; 1670 1671 int __init l2cap_init_sockets(void) 1672 { 1673 int err; 1674 1675 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr)); 1676 1677 err = proto_register(&l2cap_proto, 0); 1678 if (err < 0) 1679 return err; 1680 1681 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1682 if (err < 0) { 1683 BT_ERR("L2CAP socket registration failed"); 1684 goto error; 1685 } 1686 1687 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1688 NULL); 1689 if (err < 0) { 1690 BT_ERR("Failed to create L2CAP proc file"); 1691 bt_sock_unregister(BTPROTO_L2CAP); 1692 goto error; 1693 } 1694 1695 BT_INFO("L2CAP socket layer initialized"); 1696 1697 return 0; 1698 1699 error: 1700 proto_unregister(&l2cap_proto); 1701 return err; 1702 } 1703 1704 void l2cap_cleanup_sockets(void) 1705 { 1706 bt_procfs_cleanup(&init_net, "l2cap"); 1707 bt_sock_unregister(BTPROTO_L2CAP); 1708 proto_unregister(&l2cap_proto); 1709 } 1710