tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25*/
26
27/* Bluetooth L2CAP sockets. */
28
29#include <linux/security.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/smp.h>
35
36static const struct proto_ops l2cap_sock_ops;
37static void l2cap_sock_init(struct sock *sk, struct sock *parent);
38static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
39
40static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
41{
42 struct sock *sk = sock->sk;
43 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
44 struct sockaddr_l2 la;
45 int len, err = 0;
46
47 BT_DBG("sk %p", sk);
48
49 if (!addr || addr->sa_family != AF_BLUETOOTH)
50 return -EINVAL;
51
52 memset(&la, 0, sizeof(la));
53 len = min_t(unsigned int, sizeof(la), alen);
54 memcpy(&la, addr, len);
55
56 if (la.l2_cid && la.l2_psm)
57 return -EINVAL;
58
59 lock_sock(sk);
60
61 if (sk->sk_state != BT_OPEN) {
62 err = -EBADFD;
63 goto done;
64 }
65
66 if (la.l2_psm) {
67 __u16 psm = __le16_to_cpu(la.l2_psm);
68
69 /* PSM must be odd and lsb of upper byte must be 0 */
70 if ((psm & 0x0101) != 0x0001) {
71 err = -EINVAL;
72 goto done;
73 }
74
75 /* Restrict usage of well-known PSMs */
76 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
77 err = -EACCES;
78 goto done;
79 }
80 }
81
82 if (la.l2_cid)
83 err = l2cap_add_scid(chan, la.l2_cid);
84 else
85 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
86
87 if (err < 0)
88 goto done;
89
90 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
91 __le16_to_cpu(la.l2_psm) == 0x0003)
92 chan->sec_level = BT_SECURITY_SDP;
93
94 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
95
96 chan->state = BT_BOUND;
97 sk->sk_state = BT_BOUND;
98
99done:
100 release_sock(sk);
101 return err;
102}
103
104static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
105{
106 struct sock *sk = sock->sk;
107 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
108 struct sockaddr_l2 la;
109 int len, err = 0;
110
111 BT_DBG("sk %p", sk);
112
113 if (!addr || alen < sizeof(addr->sa_family) ||
114 addr->sa_family != AF_BLUETOOTH)
115 return -EINVAL;
116
117 memset(&la, 0, sizeof(la));
118 len = min_t(unsigned int, sizeof(la), alen);
119 memcpy(&la, addr, len);
120
121 if (la.l2_cid && la.l2_psm)
122 return -EINVAL;
123
124 lock_sock(sk);
125
126 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
127 && !(la.l2_psm || la.l2_cid)) {
128 err = -EINVAL;
129 goto done;
130 }
131
132 switch (chan->mode) {
133 case L2CAP_MODE_BASIC:
134 break;
135 case L2CAP_MODE_ERTM:
136 case L2CAP_MODE_STREAMING:
137 if (!disable_ertm)
138 break;
139 /* fall through */
140 default:
141 err = -ENOTSUPP;
142 goto done;
143 }
144
145 switch (sk->sk_state) {
146 case BT_CONNECT:
147 case BT_CONNECT2:
148 case BT_CONFIG:
149 /* Already connecting */
150 goto wait;
151
152 case BT_CONNECTED:
153 /* Already connected */
154 err = -EISCONN;
155 goto done;
156
157 case BT_OPEN:
158 case BT_BOUND:
159 /* Can connect */
160 break;
161
162 default:
163 err = -EBADFD;
164 goto done;
165 }
166
167 /* PSM must be odd and lsb of upper byte must be 0 */
168 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
169 chan->chan_type != L2CAP_CHAN_RAW) {
170 err = -EINVAL;
171 goto done;
172 }
173
174 /* Set destination address and psm */
175 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
176 chan->psm = la.l2_psm;
177 chan->dcid = la.l2_cid;
178
179 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
180 if (err)
181 goto done;
182
183wait:
184 err = bt_sock_wait_state(sk, BT_CONNECTED,
185 sock_sndtimeo(sk, flags & O_NONBLOCK));
186done:
187 release_sock(sk);
188 return err;
189}
190
191static int l2cap_sock_listen(struct socket *sock, int backlog)
192{
193 struct sock *sk = sock->sk;
194 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
195 int err = 0;
196
197 BT_DBG("sk %p backlog %d", sk, backlog);
198
199 lock_sock(sk);
200
201 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
202 || sk->sk_state != BT_BOUND) {
203 err = -EBADFD;
204 goto done;
205 }
206
207 switch (chan->mode) {
208 case L2CAP_MODE_BASIC:
209 break;
210 case L2CAP_MODE_ERTM:
211 case L2CAP_MODE_STREAMING:
212 if (!disable_ertm)
213 break;
214 /* fall through */
215 default:
216 err = -ENOTSUPP;
217 goto done;
218 }
219
220 sk->sk_max_ack_backlog = backlog;
221 sk->sk_ack_backlog = 0;
222
223 chan->state = BT_LISTEN;
224 sk->sk_state = BT_LISTEN;
225
226done:
227 release_sock(sk);
228 return err;
229}
230
231static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
232{
233 DECLARE_WAITQUEUE(wait, current);
234 struct sock *sk = sock->sk, *nsk;
235 long timeo;
236 int err = 0;
237
238 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
239
240 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
241
242 BT_DBG("sk %p timeo %ld", sk, timeo);
243
244 /* Wait for an incoming connection. (wake-one). */
245 add_wait_queue_exclusive(sk_sleep(sk), &wait);
246 while (1) {
247 set_current_state(TASK_INTERRUPTIBLE);
248
249 if (sk->sk_state != BT_LISTEN) {
250 err = -EBADFD;
251 break;
252 }
253
254 nsk = bt_accept_dequeue(sk, newsock);
255 if (nsk)
256 break;
257
258 if (!timeo) {
259 err = -EAGAIN;
260 break;
261 }
262
263 if (signal_pending(current)) {
264 err = sock_intr_errno(timeo);
265 break;
266 }
267
268 release_sock(sk);
269 timeo = schedule_timeout(timeo);
270 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
271 }
272 __set_current_state(TASK_RUNNING);
273 remove_wait_queue(sk_sleep(sk), &wait);
274
275 if (err)
276 goto done;
277
278 newsock->state = SS_CONNECTED;
279
280 BT_DBG("new socket %p", nsk);
281
282done:
283 release_sock(sk);
284 return err;
285}
286
287static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
288{
289 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
290 struct sock *sk = sock->sk;
291 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
292
293 BT_DBG("sock %p, sk %p", sock, sk);
294
295 addr->sa_family = AF_BLUETOOTH;
296 *len = sizeof(struct sockaddr_l2);
297
298 if (peer) {
299 la->l2_psm = chan->psm;
300 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
301 la->l2_cid = cpu_to_le16(chan->dcid);
302 } else {
303 la->l2_psm = chan->sport;
304 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
305 la->l2_cid = cpu_to_le16(chan->scid);
306 }
307
308 return 0;
309}
310
311static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
312{
313 struct sock *sk = sock->sk;
314 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
315 struct l2cap_options opts;
316 struct l2cap_conninfo cinfo;
317 int len, err = 0;
318 u32 opt;
319
320 BT_DBG("sk %p", sk);
321
322 if (get_user(len, optlen))
323 return -EFAULT;
324
325 lock_sock(sk);
326
327 switch (optname) {
328 case L2CAP_OPTIONS:
329 memset(&opts, 0, sizeof(opts));
330 opts.imtu = chan->imtu;
331 opts.omtu = chan->omtu;
332 opts.flush_to = chan->flush_to;
333 opts.mode = chan->mode;
334 opts.fcs = chan->fcs;
335 opts.max_tx = chan->max_tx;
336 opts.txwin_size = (__u16)chan->tx_win;
337
338 len = min_t(unsigned int, len, sizeof(opts));
339 if (copy_to_user(optval, (char *) &opts, len))
340 err = -EFAULT;
341
342 break;
343
344 case L2CAP_LM:
345 switch (chan->sec_level) {
346 case BT_SECURITY_LOW:
347 opt = L2CAP_LM_AUTH;
348 break;
349 case BT_SECURITY_MEDIUM:
350 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
351 break;
352 case BT_SECURITY_HIGH:
353 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
354 L2CAP_LM_SECURE;
355 break;
356 default:
357 opt = 0;
358 break;
359 }
360
361 if (chan->role_switch)
362 opt |= L2CAP_LM_MASTER;
363
364 if (chan->force_reliable)
365 opt |= L2CAP_LM_RELIABLE;
366
367 if (put_user(opt, (u32 __user *) optval))
368 err = -EFAULT;
369 break;
370
371 case L2CAP_CONNINFO:
372 if (sk->sk_state != BT_CONNECTED &&
373 !(sk->sk_state == BT_CONNECT2 &&
374 bt_sk(sk)->defer_setup)) {
375 err = -ENOTCONN;
376 break;
377 }
378
379 memset(&cinfo, 0, sizeof(cinfo));
380 cinfo.hci_handle = chan->conn->hcon->handle;
381 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
382
383 len = min_t(unsigned int, len, sizeof(cinfo));
384 if (copy_to_user(optval, (char *) &cinfo, len))
385 err = -EFAULT;
386
387 break;
388
389 default:
390 err = -ENOPROTOOPT;
391 break;
392 }
393
394 release_sock(sk);
395 return err;
396}
397
398static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
399{
400 struct sock *sk = sock->sk;
401 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
402 struct bt_security sec;
403 struct bt_power pwr;
404 int len, err = 0;
405
406 BT_DBG("sk %p", sk);
407
408 if (level == SOL_L2CAP)
409 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
410
411 if (level != SOL_BLUETOOTH)
412 return -ENOPROTOOPT;
413
414 if (get_user(len, optlen))
415 return -EFAULT;
416
417 lock_sock(sk);
418
419 switch (optname) {
420 case BT_SECURITY:
421 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
422 chan->chan_type != L2CAP_CHAN_RAW) {
423 err = -EINVAL;
424 break;
425 }
426
427 memset(&sec, 0, sizeof(sec));
428 sec.level = chan->sec_level;
429
430 if (sk->sk_state == BT_CONNECTED)
431 sec.key_size = chan->conn->hcon->enc_key_size;
432
433 len = min_t(unsigned int, len, sizeof(sec));
434 if (copy_to_user(optval, (char *) &sec, len))
435 err = -EFAULT;
436
437 break;
438
439 case BT_DEFER_SETUP:
440 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
441 err = -EINVAL;
442 break;
443 }
444
445 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
446 err = -EFAULT;
447
448 break;
449
450 case BT_FLUSHABLE:
451 if (put_user(chan->flushable, (u32 __user *) optval))
452 err = -EFAULT;
453
454 break;
455
456 case BT_POWER:
457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
458 && sk->sk_type != SOCK_RAW) {
459 err = -EINVAL;
460 break;
461 }
462
463 pwr.force_active = chan->force_active;
464
465 len = min_t(unsigned int, len, sizeof(pwr));
466 if (copy_to_user(optval, (char *) &pwr, len))
467 err = -EFAULT;
468
469 break;
470
471 default:
472 err = -ENOPROTOOPT;
473 break;
474 }
475
476 release_sock(sk);
477 return err;
478}
479
480static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
481{
482 struct sock *sk = sock->sk;
483 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
484 struct l2cap_options opts;
485 int len, err = 0;
486 u32 opt;
487
488 BT_DBG("sk %p", sk);
489
490 lock_sock(sk);
491
492 switch (optname) {
493 case L2CAP_OPTIONS:
494 if (sk->sk_state == BT_CONNECTED) {
495 err = -EINVAL;
496 break;
497 }
498
499 opts.imtu = chan->imtu;
500 opts.omtu = chan->omtu;
501 opts.flush_to = chan->flush_to;
502 opts.mode = chan->mode;
503 opts.fcs = chan->fcs;
504 opts.max_tx = chan->max_tx;
505 opts.txwin_size = (__u16)chan->tx_win;
506
507 len = min_t(unsigned int, sizeof(opts), optlen);
508 if (copy_from_user((char *) &opts, optval, len)) {
509 err = -EFAULT;
510 break;
511 }
512
513 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
514 err = -EINVAL;
515 break;
516 }
517
518 chan->mode = opts.mode;
519 switch (chan->mode) {
520 case L2CAP_MODE_BASIC:
521 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
522 break;
523 case L2CAP_MODE_ERTM:
524 case L2CAP_MODE_STREAMING:
525 if (!disable_ertm)
526 break;
527 /* fall through */
528 default:
529 err = -EINVAL;
530 break;
531 }
532
533 chan->imtu = opts.imtu;
534 chan->omtu = opts.omtu;
535 chan->fcs = opts.fcs;
536 chan->max_tx = opts.max_tx;
537 chan->tx_win = (__u8)opts.txwin_size;
538 break;
539
540 case L2CAP_LM:
541 if (get_user(opt, (u32 __user *) optval)) {
542 err = -EFAULT;
543 break;
544 }
545
546 if (opt & L2CAP_LM_AUTH)
547 chan->sec_level = BT_SECURITY_LOW;
548 if (opt & L2CAP_LM_ENCRYPT)
549 chan->sec_level = BT_SECURITY_MEDIUM;
550 if (opt & L2CAP_LM_SECURE)
551 chan->sec_level = BT_SECURITY_HIGH;
552
553 chan->role_switch = (opt & L2CAP_LM_MASTER);
554 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
555 break;
556
557 default:
558 err = -ENOPROTOOPT;
559 break;
560 }
561
562 release_sock(sk);
563 return err;
564}
565
566static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
567{
568 struct sock *sk = sock->sk;
569 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
570 struct bt_security sec;
571 struct bt_power pwr;
572 struct l2cap_conn *conn;
573 int len, err = 0;
574 u32 opt;
575
576 BT_DBG("sk %p", sk);
577
578 if (level == SOL_L2CAP)
579 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
580
581 if (level != SOL_BLUETOOTH)
582 return -ENOPROTOOPT;
583
584 lock_sock(sk);
585
586 switch (optname) {
587 case BT_SECURITY:
588 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
589 chan->chan_type != L2CAP_CHAN_RAW) {
590 err = -EINVAL;
591 break;
592 }
593
594 sec.level = BT_SECURITY_LOW;
595
596 len = min_t(unsigned int, sizeof(sec), optlen);
597 if (copy_from_user((char *) &sec, optval, len)) {
598 err = -EFAULT;
599 break;
600 }
601
602 if (sec.level < BT_SECURITY_LOW ||
603 sec.level > BT_SECURITY_HIGH) {
604 err = -EINVAL;
605 break;
606 }
607
608 chan->sec_level = sec.level;
609
610 conn = chan->conn;
611 if (conn && chan->scid == L2CAP_CID_LE_DATA) {
612 if (!conn->hcon->out) {
613 err = -EINVAL;
614 break;
615 }
616
617 if (smp_conn_security(conn, sec.level))
618 break;
619
620 err = 0;
621 sk->sk_state = BT_CONFIG;
622 }
623 break;
624
625 case BT_DEFER_SETUP:
626 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
627 err = -EINVAL;
628 break;
629 }
630
631 if (get_user(opt, (u32 __user *) optval)) {
632 err = -EFAULT;
633 break;
634 }
635
636 bt_sk(sk)->defer_setup = opt;
637 break;
638
639 case BT_FLUSHABLE:
640 if (get_user(opt, (u32 __user *) optval)) {
641 err = -EFAULT;
642 break;
643 }
644
645 if (opt > BT_FLUSHABLE_ON) {
646 err = -EINVAL;
647 break;
648 }
649
650 if (opt == BT_FLUSHABLE_OFF) {
651 struct l2cap_conn *conn = chan->conn;
652 /* proceed further only when we have l2cap_conn and
653 No Flush support in the LM */
654 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
655 err = -EINVAL;
656 break;
657 }
658 }
659
660 chan->flushable = opt;
661 break;
662
663 case BT_POWER:
664 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
665 chan->chan_type != L2CAP_CHAN_RAW) {
666 err = -EINVAL;
667 break;
668 }
669
670 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
671
672 len = min_t(unsigned int, sizeof(pwr), optlen);
673 if (copy_from_user((char *) &pwr, optval, len)) {
674 err = -EFAULT;
675 break;
676 }
677 chan->force_active = pwr.force_active;
678 break;
679
680 default:
681 err = -ENOPROTOOPT;
682 break;
683 }
684
685 release_sock(sk);
686 return err;
687}
688
689static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
690{
691 struct sock *sk = sock->sk;
692 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
693 int err;
694
695 BT_DBG("sock %p, sk %p", sock, sk);
696
697 err = sock_error(sk);
698 if (err)
699 return err;
700
701 if (msg->msg_flags & MSG_OOB)
702 return -EOPNOTSUPP;
703
704 lock_sock(sk);
705
706 if (sk->sk_state != BT_CONNECTED) {
707 release_sock(sk);
708 return -ENOTCONN;
709 }
710
711 err = l2cap_chan_send(chan, msg, len);
712
713 release_sock(sk);
714 return err;
715}
716
717static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
718{
719 struct sock *sk = sock->sk;
720 struct l2cap_pinfo *pi = l2cap_pi(sk);
721 int err;
722
723 lock_sock(sk);
724
725 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
726 sk->sk_state = BT_CONFIG;
727
728 __l2cap_connect_rsp_defer(pi->chan);
729 release_sock(sk);
730 return 0;
731 }
732
733 release_sock(sk);
734
735 if (sock->type == SOCK_STREAM)
736 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
737 else
738 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
739
740 if (pi->chan->mode != L2CAP_MODE_ERTM)
741 return err;
742
743 /* Attempt to put pending rx data in the socket buffer */
744
745 lock_sock(sk);
746
747 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
748 goto done;
749
750 if (pi->rx_busy_skb) {
751 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
752 pi->rx_busy_skb = NULL;
753 else
754 goto done;
755 }
756
757 /* Restore data flow when half of the receive buffer is
758 * available. This avoids resending large numbers of
759 * frames.
760 */
761 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
762 l2cap_chan_busy(pi->chan, 0);
763
764done:
765 release_sock(sk);
766 return err;
767}
768
769/* Kill socket (only if zapped and orphan)
770 * Must be called on unlocked socket.
771 */
772static void l2cap_sock_kill(struct sock *sk)
773{
774 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
775 return;
776
777 BT_DBG("sk %p state %d", sk, sk->sk_state);
778
779 /* Kill poor orphan */
780
781 l2cap_chan_destroy(l2cap_pi(sk)->chan);
782 sock_set_flag(sk, SOCK_DEAD);
783 sock_put(sk);
784}
785
786static int l2cap_sock_shutdown(struct socket *sock, int how)
787{
788 struct sock *sk = sock->sk;
789 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
790 int err = 0;
791
792 BT_DBG("sock %p, sk %p", sock, sk);
793
794 if (!sk)
795 return 0;
796
797 lock_sock(sk);
798 if (!sk->sk_shutdown) {
799 if (chan->mode == L2CAP_MODE_ERTM)
800 err = __l2cap_wait_ack(sk);
801
802 sk->sk_shutdown = SHUTDOWN_MASK;
803 l2cap_chan_close(chan, 0);
804
805 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
806 err = bt_sock_wait_state(sk, BT_CLOSED,
807 sk->sk_lingertime);
808 }
809
810 if (!err && sk->sk_err)
811 err = -sk->sk_err;
812
813 release_sock(sk);
814 return err;
815}
816
817static int l2cap_sock_release(struct socket *sock)
818{
819 struct sock *sk = sock->sk;
820 int err;
821
822 BT_DBG("sock %p, sk %p", sock, sk);
823
824 if (!sk)
825 return 0;
826
827 err = l2cap_sock_shutdown(sock, 2);
828
829 sock_orphan(sk);
830 l2cap_sock_kill(sk);
831 return err;
832}
833
834static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
835{
836 struct sock *sk, *parent = data;
837
838 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
839 GFP_ATOMIC);
840 if (!sk)
841 return NULL;
842
843 l2cap_sock_init(sk, parent);
844
845 return l2cap_pi(sk)->chan;
846}
847
848static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
849{
850 int err;
851 struct sock *sk = data;
852 struct l2cap_pinfo *pi = l2cap_pi(sk);
853
854 if (pi->rx_busy_skb)
855 return -ENOMEM;
856
857 err = sock_queue_rcv_skb(sk, skb);
858
859 /* For ERTM, handle one skb that doesn't fit into the recv
860 * buffer. This is important to do because the data frames
861 * have already been acked, so the skb cannot be discarded.
862 *
863 * Notify the l2cap core that the buffer is full, so the
864 * LOCAL_BUSY state is entered and no more frames are
865 * acked and reassembled until there is buffer space
866 * available.
867 */
868 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
869 pi->rx_busy_skb = skb;
870 l2cap_chan_busy(pi->chan, 1);
871 err = 0;
872 }
873
874 return err;
875}
876
877static void l2cap_sock_close_cb(void *data)
878{
879 struct sock *sk = data;
880
881 l2cap_sock_kill(sk);
882}
883
884static void l2cap_sock_state_change_cb(void *data, int state)
885{
886 struct sock *sk = data;
887
888 sk->sk_state = state;
889}
890
891static struct l2cap_ops l2cap_chan_ops = {
892 .name = "L2CAP Socket Interface",
893 .new_connection = l2cap_sock_new_connection_cb,
894 .recv = l2cap_sock_recv_cb,
895 .close = l2cap_sock_close_cb,
896 .state_change = l2cap_sock_state_change_cb,
897};
898
899static void l2cap_sock_destruct(struct sock *sk)
900{
901 BT_DBG("sk %p", sk);
902
903 if (l2cap_pi(sk)->rx_busy_skb) {
904 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
905 l2cap_pi(sk)->rx_busy_skb = NULL;
906 }
907
908 skb_queue_purge(&sk->sk_receive_queue);
909 skb_queue_purge(&sk->sk_write_queue);
910}
911
912static void l2cap_sock_init(struct sock *sk, struct sock *parent)
913{
914 struct l2cap_pinfo *pi = l2cap_pi(sk);
915 struct l2cap_chan *chan = pi->chan;
916
917 BT_DBG("sk %p", sk);
918
919 if (parent) {
920 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
921
922 sk->sk_type = parent->sk_type;
923 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
924
925 chan->chan_type = pchan->chan_type;
926 chan->imtu = pchan->imtu;
927 chan->omtu = pchan->omtu;
928 chan->conf_state = pchan->conf_state;
929 chan->mode = pchan->mode;
930 chan->fcs = pchan->fcs;
931 chan->max_tx = pchan->max_tx;
932 chan->tx_win = pchan->tx_win;
933 chan->sec_level = pchan->sec_level;
934 chan->role_switch = pchan->role_switch;
935 chan->force_reliable = pchan->force_reliable;
936 chan->flushable = pchan->flushable;
937 chan->force_active = pchan->force_active;
938
939 security_sk_clone(parent, sk);
940 } else {
941
942 switch (sk->sk_type) {
943 case SOCK_RAW:
944 chan->chan_type = L2CAP_CHAN_RAW;
945 break;
946 case SOCK_DGRAM:
947 chan->chan_type = L2CAP_CHAN_CONN_LESS;
948 break;
949 case SOCK_SEQPACKET:
950 case SOCK_STREAM:
951 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
952 break;
953 }
954
955 chan->imtu = L2CAP_DEFAULT_MTU;
956 chan->omtu = 0;
957 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
958 chan->mode = L2CAP_MODE_ERTM;
959 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
960 } else {
961 chan->mode = L2CAP_MODE_BASIC;
962 }
963 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
964 chan->fcs = L2CAP_FCS_CRC16;
965 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
966 chan->sec_level = BT_SECURITY_LOW;
967 chan->role_switch = 0;
968 chan->force_reliable = 0;
969 chan->flushable = BT_FLUSHABLE_OFF;
970 chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
971
972 }
973
974 /* Default config options */
975 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
976
977 chan->data = sk;
978 chan->ops = &l2cap_chan_ops;
979}
980
981static struct proto l2cap_proto = {
982 .name = "L2CAP",
983 .owner = THIS_MODULE,
984 .obj_size = sizeof(struct l2cap_pinfo)
985};
986
987static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
988{
989 struct sock *sk;
990 struct l2cap_chan *chan;
991
992 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
993 if (!sk)
994 return NULL;
995
996 sock_init_data(sock, sk);
997 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
998
999 sk->sk_destruct = l2cap_sock_destruct;
1000 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1001
1002 sock_reset_flag(sk, SOCK_ZAPPED);
1003
1004 sk->sk_protocol = proto;
1005 sk->sk_state = BT_OPEN;
1006
1007 chan = l2cap_chan_create(sk);
1008 if (!chan) {
1009 l2cap_sock_kill(sk);
1010 return NULL;
1011 }
1012
1013 l2cap_pi(sk)->chan = chan;
1014
1015 return sk;
1016}
1017
1018static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1019 int kern)
1020{
1021 struct sock *sk;
1022
1023 BT_DBG("sock %p", sock);
1024
1025 sock->state = SS_UNCONNECTED;
1026
1027 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1028 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1029 return -ESOCKTNOSUPPORT;
1030
1031 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1032 return -EPERM;
1033
1034 sock->ops = &l2cap_sock_ops;
1035
1036 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1037 if (!sk)
1038 return -ENOMEM;
1039
1040 l2cap_sock_init(sk, NULL);
1041 return 0;
1042}
1043
1044static const struct proto_ops l2cap_sock_ops = {
1045 .family = PF_BLUETOOTH,
1046 .owner = THIS_MODULE,
1047 .release = l2cap_sock_release,
1048 .bind = l2cap_sock_bind,
1049 .connect = l2cap_sock_connect,
1050 .listen = l2cap_sock_listen,
1051 .accept = l2cap_sock_accept,
1052 .getname = l2cap_sock_getname,
1053 .sendmsg = l2cap_sock_sendmsg,
1054 .recvmsg = l2cap_sock_recvmsg,
1055 .poll = bt_sock_poll,
1056 .ioctl = bt_sock_ioctl,
1057 .mmap = sock_no_mmap,
1058 .socketpair = sock_no_socketpair,
1059 .shutdown = l2cap_sock_shutdown,
1060 .setsockopt = l2cap_sock_setsockopt,
1061 .getsockopt = l2cap_sock_getsockopt
1062};
1063
1064static const struct net_proto_family l2cap_sock_family_ops = {
1065 .family = PF_BLUETOOTH,
1066 .owner = THIS_MODULE,
1067 .create = l2cap_sock_create,
1068};
1069
1070int __init l2cap_init_sockets(void)
1071{
1072 int err;
1073
1074 err = proto_register(&l2cap_proto, 0);
1075 if (err < 0)
1076 return err;
1077
1078 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1079 if (err < 0)
1080 goto error;
1081
1082 BT_INFO("L2CAP socket layer initialized");
1083
1084 return 0;
1085
1086error:
1087 BT_ERR("L2CAP socket registration failed");
1088 proto_unregister(&l2cap_proto);
1089 return err;
1090}
1091
1092void l2cap_cleanup_sockets(void)
1093{
1094 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1095 BT_ERR("L2CAP socket unregistration failed");
1096
1097 proto_unregister(&l2cap_proto);
1098}