linux/net/bluetooth/l2cap_sock.c
<<
>>
Prefs
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3   Copyright (C) 2000-2001 Qualcomm Incorporated
   4   Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
   5   Copyright (C) 2010 Google Inc.
   6   Copyright (C) 2011 ProFUSION Embedded Systems
   7
   8   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   9
  10   This program is free software; you can redistribute it and/or modify
  11   it under the terms of the GNU General Public License version 2 as
  12   published by the Free Software Foundation;
  13
  14   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  15   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  16   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  17   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  18   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  19   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  20   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  21   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  22
  23   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  24   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  25   SOFTWARE IS DISCLAIMED.
  26*/
  27
  28/* Bluetooth L2CAP sockets. */
  29
  30#include <linux/export.h>
  31
  32#include <net/bluetooth/bluetooth.h>
  33#include <net/bluetooth/hci_core.h>
  34#include <net/bluetooth/l2cap.h>
  35#include <net/bluetooth/smp.h>
  36
  37static const struct proto_ops l2cap_sock_ops;
  38static void l2cap_sock_init(struct sock *sk, struct sock *parent);
  39static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
  40
  41static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
  42{
  43        struct sock *sk = sock->sk;
  44        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
  45        struct sockaddr_l2 la;
  46        int len, err = 0;
  47
  48        BT_DBG("sk %p", sk);
  49
  50        if (!addr || addr->sa_family != AF_BLUETOOTH)
  51                return -EINVAL;
  52
  53        memset(&la, 0, sizeof(la));
  54        len = min_t(unsigned int, sizeof(la), alen);
  55        memcpy(&la, addr, len);
  56
  57        if (la.l2_cid && la.l2_psm)
  58                return -EINVAL;
  59
  60        lock_sock(sk);
  61
  62        if (sk->sk_state != BT_OPEN) {
  63                err = -EBADFD;
  64                goto done;
  65        }
  66
  67        if (la.l2_psm) {
  68                __u16 psm = __le16_to_cpu(la.l2_psm);
  69
  70                /* PSM must be odd and lsb of upper byte must be 0 */
  71                if ((psm & 0x0101) != 0x0001) {
  72                        err = -EINVAL;
  73                        goto done;
  74                }
  75
  76                /* Restrict usage of well-known PSMs */
  77                if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
  78                        err = -EACCES;
  79                        goto done;
  80                }
  81        }
  82
  83        if (la.l2_cid)
  84                err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
  85        else
  86                err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
  87
  88        if (err < 0)
  89                goto done;
  90
  91        if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
  92            __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
  93                chan->sec_level = BT_SECURITY_SDP;
  94
  95        bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
  96
  97        chan->state = BT_BOUND;
  98        sk->sk_state = BT_BOUND;
  99
 100done:
 101        release_sock(sk);
 102        return err;
 103}
 104
 105static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
 106{
 107        struct sock *sk = sock->sk;
 108        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 109        struct sockaddr_l2 la;
 110        int len, err = 0;
 111
 112        BT_DBG("sk %p", sk);
 113
 114        if (!addr || alen < sizeof(addr->sa_family) ||
 115            addr->sa_family != AF_BLUETOOTH)
 116                return -EINVAL;
 117
 118        memset(&la, 0, sizeof(la));
 119        len = min_t(unsigned int, sizeof(la), alen);
 120        memcpy(&la, addr, len);
 121
 122        if (la.l2_cid && la.l2_psm)
 123                return -EINVAL;
 124
 125        err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
 126                                 &la.l2_bdaddr, la.l2_bdaddr_type);
 127        if (err)
 128                return err;
 129
 130        lock_sock(sk);
 131
 132        err = bt_sock_wait_state(sk, BT_CONNECTED,
 133                        sock_sndtimeo(sk, flags & O_NONBLOCK));
 134
 135        release_sock(sk);
 136
 137        return err;
 138}
 139
 140static int l2cap_sock_listen(struct socket *sock, int backlog)
 141{
 142        struct sock *sk = sock->sk;
 143        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 144        int err = 0;
 145
 146        BT_DBG("sk %p backlog %d", sk, backlog);
 147
 148        lock_sock(sk);
 149
 150        if (sk->sk_state != BT_BOUND) {
 151                err = -EBADFD;
 152                goto done;
 153        }
 154
 155        if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
 156                err = -EINVAL;
 157                goto done;
 158        }
 159
 160        switch (chan->mode) {
 161        case L2CAP_MODE_BASIC:
 162                break;
 163        case L2CAP_MODE_ERTM:
 164        case L2CAP_MODE_STREAMING:
 165                if (!disable_ertm)
 166                        break;
 167                /* fall through */
 168        default:
 169                err = -ENOTSUPP;
 170                goto done;
 171        }
 172
 173        sk->sk_max_ack_backlog = backlog;
 174        sk->sk_ack_backlog = 0;
 175
 176        chan->state = BT_LISTEN;
 177        sk->sk_state = BT_LISTEN;
 178
 179done:
 180        release_sock(sk);
 181        return err;
 182}
 183
 184static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
 185{
 186        DECLARE_WAITQUEUE(wait, current);
 187        struct sock *sk = sock->sk, *nsk;
 188        long timeo;
 189        int err = 0;
 190
 191        lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
 192
 193        timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
 194
 195        BT_DBG("sk %p timeo %ld", sk, timeo);
 196
 197        /* Wait for an incoming connection. (wake-one). */
 198        add_wait_queue_exclusive(sk_sleep(sk), &wait);
 199        while (1) {
 200                set_current_state(TASK_INTERRUPTIBLE);
 201
 202                if (sk->sk_state != BT_LISTEN) {
 203                        err = -EBADFD;
 204                        break;
 205                }
 206
 207                nsk = bt_accept_dequeue(sk, newsock);
 208                if (nsk)
 209                        break;
 210
 211                if (!timeo) {
 212                        err = -EAGAIN;
 213                        break;
 214                }
 215
 216                if (signal_pending(current)) {
 217                        err = sock_intr_errno(timeo);
 218                        break;
 219                }
 220
 221                release_sock(sk);
 222                timeo = schedule_timeout(timeo);
 223                lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
 224        }
 225        __set_current_state(TASK_RUNNING);
 226        remove_wait_queue(sk_sleep(sk), &wait);
 227
 228        if (err)
 229                goto done;
 230
 231        newsock->state = SS_CONNECTED;
 232
 233        BT_DBG("new socket %p", nsk);
 234
 235done:
 236        release_sock(sk);
 237        return err;
 238}
 239
 240static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
 241{
 242        struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
 243        struct sock *sk = sock->sk;
 244        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 245
 246        BT_DBG("sock %p, sk %p", sock, sk);
 247
 248        memset(la, 0, sizeof(struct sockaddr_l2));
 249        addr->sa_family = AF_BLUETOOTH;
 250        *len = sizeof(struct sockaddr_l2);
 251
 252        if (peer) {
 253                la->l2_psm = chan->psm;
 254                bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
 255                la->l2_cid = cpu_to_le16(chan->dcid);
 256        } else {
 257                la->l2_psm = chan->sport;
 258                bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
 259                la->l2_cid = cpu_to_le16(chan->scid);
 260        }
 261
 262        return 0;
 263}
 264
 265static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
 266{
 267        struct sock *sk = sock->sk;
 268        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 269        struct l2cap_options opts;
 270        struct l2cap_conninfo cinfo;
 271        int len, err = 0;
 272        u32 opt;
 273
 274        BT_DBG("sk %p", sk);
 275
 276        if (get_user(len, optlen))
 277                return -EFAULT;
 278
 279        lock_sock(sk);
 280
 281        switch (optname) {
 282        case L2CAP_OPTIONS:
 283                memset(&opts, 0, sizeof(opts));
 284                opts.imtu     = chan->imtu;
 285                opts.omtu     = chan->omtu;
 286                opts.flush_to = chan->flush_to;
 287                opts.mode     = chan->mode;
 288                opts.fcs      = chan->fcs;
 289                opts.max_tx   = chan->max_tx;
 290                opts.txwin_size = chan->tx_win;
 291
 292                len = min_t(unsigned int, len, sizeof(opts));
 293                if (copy_to_user(optval, (char *) &opts, len))
 294                        err = -EFAULT;
 295
 296                break;
 297
 298        case L2CAP_LM:
 299                switch (chan->sec_level) {
 300                case BT_SECURITY_LOW:
 301                        opt = L2CAP_LM_AUTH;
 302                        break;
 303                case BT_SECURITY_MEDIUM:
 304                        opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
 305                        break;
 306                case BT_SECURITY_HIGH:
 307                        opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
 308                                                        L2CAP_LM_SECURE;
 309                        break;
 310                default:
 311                        opt = 0;
 312                        break;
 313                }
 314
 315                if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
 316                        opt |= L2CAP_LM_MASTER;
 317
 318                if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
 319                        opt |= L2CAP_LM_RELIABLE;
 320
 321                if (put_user(opt, (u32 __user *) optval))
 322                        err = -EFAULT;
 323                break;
 324
 325        case L2CAP_CONNINFO:
 326                if (sk->sk_state != BT_CONNECTED &&
 327                    !(sk->sk_state == BT_CONNECT2 &&
 328                      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
 329                        err = -ENOTCONN;
 330                        break;
 331                }
 332
 333                memset(&cinfo, 0, sizeof(cinfo));
 334                cinfo.hci_handle = chan->conn->hcon->handle;
 335                memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
 336
 337                len = min_t(unsigned int, len, sizeof(cinfo));
 338                if (copy_to_user(optval, (char *) &cinfo, len))
 339                        err = -EFAULT;
 340
 341                break;
 342
 343        default:
 344                err = -ENOPROTOOPT;
 345                break;
 346        }
 347
 348        release_sock(sk);
 349        return err;
 350}
 351
 352static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
 353{
 354        struct sock *sk = sock->sk;
 355        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 356        struct bt_security sec;
 357        struct bt_power pwr;
 358        int len, err = 0;
 359
 360        BT_DBG("sk %p", sk);
 361
 362        if (level == SOL_L2CAP)
 363                return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
 364
 365        if (level != SOL_BLUETOOTH)
 366                return -ENOPROTOOPT;
 367
 368        if (get_user(len, optlen))
 369                return -EFAULT;
 370
 371        lock_sock(sk);
 372
 373        switch (optname) {
 374        case BT_SECURITY:
 375                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 376                                        chan->chan_type != L2CAP_CHAN_RAW) {
 377                        err = -EINVAL;
 378                        break;
 379                }
 380
 381                memset(&sec, 0, sizeof(sec));
 382                if (chan->conn)
 383                        sec.level = chan->conn->hcon->sec_level;
 384                else
 385                        sec.level = chan->sec_level;
 386
 387                if (sk->sk_state == BT_CONNECTED)
 388                        sec.key_size = chan->conn->hcon->enc_key_size;
 389
 390                len = min_t(unsigned int, len, sizeof(sec));
 391                if (copy_to_user(optval, (char *) &sec, len))
 392                        err = -EFAULT;
 393
 394                break;
 395
 396        case BT_DEFER_SETUP:
 397                if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 398                        err = -EINVAL;
 399                        break;
 400                }
 401
 402                if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
 403                             (u32 __user *) optval))
 404                        err = -EFAULT;
 405
 406                break;
 407
 408        case BT_FLUSHABLE:
 409                if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
 410                                                (u32 __user *) optval))
 411                        err = -EFAULT;
 412
 413                break;
 414
 415        case BT_POWER:
 416                if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
 417                                && sk->sk_type != SOCK_RAW) {
 418                        err = -EINVAL;
 419                        break;
 420                }
 421
 422                pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 423
 424                len = min_t(unsigned int, len, sizeof(pwr));
 425                if (copy_to_user(optval, (char *) &pwr, len))
 426                        err = -EFAULT;
 427
 428                break;
 429
 430        case BT_CHANNEL_POLICY:
 431                if (!enable_hs) {
 432                        err = -ENOPROTOOPT;
 433                        break;
 434                }
 435
 436                if (put_user(chan->chan_policy, (u32 __user *) optval))
 437                        err = -EFAULT;
 438                break;
 439
 440        default:
 441                err = -ENOPROTOOPT;
 442                break;
 443        }
 444
 445        release_sock(sk);
 446        return err;
 447}
 448
 449static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
 450{
 451        switch (chan->scid) {
 452        case L2CAP_CID_LE_DATA:
 453                if (mtu < L2CAP_LE_MIN_MTU)
 454                        return false;
 455                break;
 456
 457        default:
 458                if (mtu < L2CAP_DEFAULT_MIN_MTU)
 459                        return false;
 460        }
 461
 462        return true;
 463}
 464
 465static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
 466{
 467        struct sock *sk = sock->sk;
 468        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 469        struct l2cap_options opts;
 470        int len, err = 0;
 471        u32 opt;
 472
 473        BT_DBG("sk %p", sk);
 474
 475        lock_sock(sk);
 476
 477        switch (optname) {
 478        case L2CAP_OPTIONS:
 479                if (sk->sk_state == BT_CONNECTED) {
 480                        err = -EINVAL;
 481                        break;
 482                }
 483
 484                opts.imtu     = chan->imtu;
 485                opts.omtu     = chan->omtu;
 486                opts.flush_to = chan->flush_to;
 487                opts.mode     = chan->mode;
 488                opts.fcs      = chan->fcs;
 489                opts.max_tx   = chan->max_tx;
 490                opts.txwin_size = chan->tx_win;
 491
 492                len = min_t(unsigned int, sizeof(opts), optlen);
 493                if (copy_from_user((char *) &opts, optval, len)) {
 494                        err = -EFAULT;
 495                        break;
 496                }
 497
 498                if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
 499                        err = -EINVAL;
 500                        break;
 501                }
 502
 503                if (!l2cap_valid_mtu(chan, opts.imtu)) {
 504                        err = -EINVAL;
 505                        break;
 506                }
 507
 508                chan->mode = opts.mode;
 509                switch (chan->mode) {
 510                case L2CAP_MODE_BASIC:
 511                        clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
 512                        break;
 513                case L2CAP_MODE_ERTM:
 514                case L2CAP_MODE_STREAMING:
 515                        if (!disable_ertm)
 516                                break;
 517                        /* fall through */
 518                default:
 519                        err = -EINVAL;
 520                        break;
 521                }
 522
 523                chan->imtu = opts.imtu;
 524                chan->omtu = opts.omtu;
 525                chan->fcs  = opts.fcs;
 526                chan->max_tx = opts.max_tx;
 527                chan->tx_win = opts.txwin_size;
 528                break;
 529
 530        case L2CAP_LM:
 531                if (get_user(opt, (u32 __user *) optval)) {
 532                        err = -EFAULT;
 533                        break;
 534                }
 535
 536                if (opt & L2CAP_LM_AUTH)
 537                        chan->sec_level = BT_SECURITY_LOW;
 538                if (opt & L2CAP_LM_ENCRYPT)
 539                        chan->sec_level = BT_SECURITY_MEDIUM;
 540                if (opt & L2CAP_LM_SECURE)
 541                        chan->sec_level = BT_SECURITY_HIGH;
 542
 543                if (opt & L2CAP_LM_MASTER)
 544                        set_bit(FLAG_ROLE_SWITCH, &chan->flags);
 545                else
 546                        clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
 547
 548                if (opt & L2CAP_LM_RELIABLE)
 549                        set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
 550                else
 551                        clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
 552                break;
 553
 554        default:
 555                err = -ENOPROTOOPT;
 556                break;
 557        }
 558
 559        release_sock(sk);
 560        return err;
 561}
 562
 563static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
 564{
 565        struct sock *sk = sock->sk;
 566        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 567        struct bt_security sec;
 568        struct bt_power pwr;
 569        struct l2cap_conn *conn;
 570        int len, err = 0;
 571        u32 opt;
 572
 573        BT_DBG("sk %p", sk);
 574
 575        if (level == SOL_L2CAP)
 576                return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
 577
 578        if (level != SOL_BLUETOOTH)
 579                return -ENOPROTOOPT;
 580
 581        lock_sock(sk);
 582
 583        switch (optname) {
 584        case BT_SECURITY:
 585                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 586                                        chan->chan_type != L2CAP_CHAN_RAW) {
 587                        err = -EINVAL;
 588                        break;
 589                }
 590
 591                sec.level = BT_SECURITY_LOW;
 592
 593                len = min_t(unsigned int, sizeof(sec), optlen);
 594                if (copy_from_user((char *) &sec, optval, len)) {
 595                        err = -EFAULT;
 596                        break;
 597                }
 598
 599                if (sec.level < BT_SECURITY_LOW ||
 600                                        sec.level > BT_SECURITY_HIGH) {
 601                        err = -EINVAL;
 602                        break;
 603                }
 604
 605                chan->sec_level = sec.level;
 606
 607                if (!chan->conn)
 608                        break;
 609
 610                conn = chan->conn;
 611
 612                /*change security for LE channels */
 613                if (chan->scid == L2CAP_CID_LE_DATA) {
 614                        if (!conn->hcon->out) {
 615                                err = -EINVAL;
 616                                break;
 617                        }
 618
 619                        if (smp_conn_security(conn->hcon, sec.level))
 620                                break;
 621                        sk->sk_state = BT_CONFIG;
 622                        chan->state = BT_CONFIG;
 623
 624                /* or for ACL link */
 625                } else if ((sk->sk_state == BT_CONNECT2 &&
 626                           test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
 627                           sk->sk_state == BT_CONNECTED) {
 628                        if (!l2cap_chan_check_security(chan))
 629                                set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
 630                        else
 631                                sk->sk_state_change(sk);
 632                } else {
 633                        err = -EINVAL;
 634                }
 635                break;
 636
 637        case BT_DEFER_SETUP:
 638                if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 639                        err = -EINVAL;
 640                        break;
 641                }
 642
 643                if (get_user(opt, (u32 __user *) optval)) {
 644                        err = -EFAULT;
 645                        break;
 646                }
 647
 648                if (opt)
 649                        set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 650                else
 651                        clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 652                break;
 653
 654        case BT_FLUSHABLE:
 655                if (get_user(opt, (u32 __user *) optval)) {
 656                        err = -EFAULT;
 657                        break;
 658                }
 659
 660                if (opt > BT_FLUSHABLE_ON) {
 661                        err = -EINVAL;
 662                        break;
 663                }
 664
 665                if (opt == BT_FLUSHABLE_OFF) {
 666                        struct l2cap_conn *conn = chan->conn;
 667                        /* proceed further only when we have l2cap_conn and
 668                           No Flush support in the LM */
 669                        if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
 670                                err = -EINVAL;
 671                                break;
 672                        }
 673                }
 674
 675                if (opt)
 676                        set_bit(FLAG_FLUSHABLE, &chan->flags);
 677                else
 678                        clear_bit(FLAG_FLUSHABLE, &chan->flags);
 679                break;
 680
 681        case BT_POWER:
 682                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 683                                        chan->chan_type != L2CAP_CHAN_RAW) {
 684                        err = -EINVAL;
 685                        break;
 686                }
 687
 688                pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
 689
 690                len = min_t(unsigned int, sizeof(pwr), optlen);
 691                if (copy_from_user((char *) &pwr, optval, len)) {
 692                        err = -EFAULT;
 693                        break;
 694                }
 695
 696                if (pwr.force_active)
 697                        set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 698                else
 699                        clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 700                break;
 701
 702        case BT_CHANNEL_POLICY:
 703                if (!enable_hs) {
 704                        err = -ENOPROTOOPT;
 705                        break;
 706                }
 707
 708                if (get_user(opt, (u32 __user *) optval)) {
 709                        err = -EFAULT;
 710                        break;
 711                }
 712
 713                if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
 714                        err = -EINVAL;
 715                        break;
 716                }
 717
 718                if (chan->mode != L2CAP_MODE_ERTM &&
 719                                chan->mode != L2CAP_MODE_STREAMING) {
 720                        err = -EOPNOTSUPP;
 721                        break;
 722                }
 723
 724                chan->chan_policy = (u8) opt;
 725                break;
 726
 727        default:
 728                err = -ENOPROTOOPT;
 729                break;
 730        }
 731
 732        release_sock(sk);
 733        return err;
 734}
 735
 736static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
 737{
 738        struct sock *sk = sock->sk;
 739        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 740        int err;
 741
 742        BT_DBG("sock %p, sk %p", sock, sk);
 743
 744        err = sock_error(sk);
 745        if (err)
 746                return err;
 747
 748        if (msg->msg_flags & MSG_OOB)
 749                return -EOPNOTSUPP;
 750
 751        if (sk->sk_state != BT_CONNECTED)
 752                return -ENOTCONN;
 753
 754        l2cap_chan_lock(chan);
 755        err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
 756        l2cap_chan_unlock(chan);
 757
 758        return err;
 759}
 760
 761static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
 762{
 763        struct sock *sk = sock->sk;
 764        struct l2cap_pinfo *pi = l2cap_pi(sk);
 765        int err;
 766
 767        lock_sock(sk);
 768
 769        if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
 770                                                    &bt_sk(sk)->flags)) {
 771                sk->sk_state = BT_CONFIG;
 772                pi->chan->state = BT_CONFIG;
 773
 774                __l2cap_connect_rsp_defer(pi->chan);
 775                release_sock(sk);
 776                return 0;
 777        }
 778
 779        release_sock(sk);
 780
 781        if (sock->type == SOCK_STREAM)
 782                err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
 783        else
 784                err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
 785
 786        if (pi->chan->mode != L2CAP_MODE_ERTM)
 787                return err;
 788
 789        /* Attempt to put pending rx data in the socket buffer */
 790
 791        lock_sock(sk);
 792
 793        if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
 794                goto done;
 795
 796        if (pi->rx_busy_skb) {
 797                if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
 798                        pi->rx_busy_skb = NULL;
 799                else
 800                        goto done;
 801        }
 802
 803        /* Restore data flow when half of the receive buffer is
 804         * available.  This avoids resending large numbers of
 805         * frames.
 806         */
 807        if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
 808                l2cap_chan_busy(pi->chan, 0);
 809
 810done:
 811        release_sock(sk);
 812        return err;
 813}
 814
 815/* Kill socket (only if zapped and orphan)
 816 * Must be called on unlocked socket.
 817 */
 818static void l2cap_sock_kill(struct sock *sk)
 819{
 820        if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
 821                return;
 822
 823        BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
 824
 825        /* Kill poor orphan */
 826
 827        l2cap_chan_destroy(l2cap_pi(sk)->chan);
 828        sock_set_flag(sk, SOCK_DEAD);
 829        sock_put(sk);
 830}
 831
 832static int l2cap_sock_shutdown(struct socket *sock, int how)
 833{
 834        struct sock *sk = sock->sk;
 835        struct l2cap_chan *chan;
 836        struct l2cap_conn *conn;
 837        int err = 0;
 838
 839        BT_DBG("sock %p, sk %p", sock, sk);
 840
 841        if (!sk)
 842                return 0;
 843
 844        chan = l2cap_pi(sk)->chan;
 845        conn = chan->conn;
 846
 847        if (conn)
 848                mutex_lock(&conn->chan_lock);
 849
 850        l2cap_chan_lock(chan);
 851        lock_sock(sk);
 852
 853        if (!sk->sk_shutdown) {
 854                if (chan->mode == L2CAP_MODE_ERTM)
 855                        err = __l2cap_wait_ack(sk);
 856
 857                sk->sk_shutdown = SHUTDOWN_MASK;
 858
 859                release_sock(sk);
 860                l2cap_chan_close(chan, 0);
 861                lock_sock(sk);
 862
 863                if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
 864                        err = bt_sock_wait_state(sk, BT_CLOSED,
 865                                                        sk->sk_lingertime);
 866        }
 867
 868        if (!err && sk->sk_err)
 869                err = -sk->sk_err;
 870
 871        release_sock(sk);
 872        l2cap_chan_unlock(chan);
 873
 874        if (conn)
 875                mutex_unlock(&conn->chan_lock);
 876
 877        return err;
 878}
 879
 880static int l2cap_sock_release(struct socket *sock)
 881{
 882        struct sock *sk = sock->sk;
 883        int err;
 884
 885        BT_DBG("sock %p, sk %p", sock, sk);
 886
 887        if (!sk)
 888                return 0;
 889
 890        err = l2cap_sock_shutdown(sock, 2);
 891
 892        sock_orphan(sk);
 893        l2cap_sock_kill(sk);
 894        return err;
 895}
 896
 897static void l2cap_sock_cleanup_listen(struct sock *parent)
 898{
 899        struct sock *sk;
 900
 901        BT_DBG("parent %p", parent);
 902
 903        /* Close not yet accepted channels */
 904        while ((sk = bt_accept_dequeue(parent, NULL))) {
 905                struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 906
 907                l2cap_chan_lock(chan);
 908                __clear_chan_timer(chan);
 909                l2cap_chan_close(chan, ECONNRESET);
 910                l2cap_chan_unlock(chan);
 911
 912                l2cap_sock_kill(sk);
 913        }
 914}
 915
 916static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
 917{
 918        struct sock *sk, *parent = chan->data;
 919
 920        /* Check for backlog size */
 921        if (sk_acceptq_is_full(parent)) {
 922                BT_DBG("backlog full %d", parent->sk_ack_backlog);
 923                return NULL;
 924        }
 925
 926        sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
 927                                                                GFP_ATOMIC);
 928        if (!sk)
 929                return NULL;
 930
 931        bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
 932
 933        l2cap_sock_init(sk, parent);
 934
 935        return l2cap_pi(sk)->chan;
 936}
 937
 938static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
 939{
 940        int err;
 941        struct sock *sk = chan->data;
 942        struct l2cap_pinfo *pi = l2cap_pi(sk);
 943
 944        lock_sock(sk);
 945
 946        if (pi->rx_busy_skb) {
 947                err = -ENOMEM;
 948                goto done;
 949        }
 950
 951        err = sock_queue_rcv_skb(sk, skb);
 952
 953        /* For ERTM, handle one skb that doesn't fit into the recv
 954         * buffer.  This is important to do because the data frames
 955         * have already been acked, so the skb cannot be discarded.
 956         *
 957         * Notify the l2cap core that the buffer is full, so the
 958         * LOCAL_BUSY state is entered and no more frames are
 959         * acked and reassembled until there is buffer space
 960         * available.
 961         */
 962        if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
 963                pi->rx_busy_skb = skb;
 964                l2cap_chan_busy(pi->chan, 1);
 965                err = 0;
 966        }
 967
 968done:
 969        release_sock(sk);
 970
 971        return err;
 972}
 973
 974static void l2cap_sock_close_cb(struct l2cap_chan *chan)
 975{
 976        struct sock *sk = chan->data;
 977
 978        l2cap_sock_kill(sk);
 979}
 980
 981static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
 982{
 983        struct sock *sk = chan->data;
 984        struct sock *parent;
 985
 986        lock_sock(sk);
 987
 988        parent = bt_sk(sk)->parent;
 989
 990        sock_set_flag(sk, SOCK_ZAPPED);
 991
 992        switch (chan->state) {
 993        case BT_OPEN:
 994        case BT_BOUND:
 995        case BT_CLOSED:
 996                break;
 997        case BT_LISTEN:
 998                l2cap_sock_cleanup_listen(sk);
 999                sk->sk_state = BT_CLOSED;
1000                chan->state = BT_CLOSED;
1001
1002                break;
1003        default:
1004                sk->sk_state = BT_CLOSED;
1005                chan->state = BT_CLOSED;
1006
1007                sk->sk_err = err;
1008
1009                if (parent) {
1010                        bt_accept_unlink(sk);
1011                        parent->sk_data_ready(parent, 0);
1012                } else {
1013                        sk->sk_state_change(sk);
1014                }
1015
1016                break;
1017        }
1018
1019        release_sock(sk);
1020}
1021
1022static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1023{
1024        struct sock *sk = chan->data;
1025
1026        sk->sk_state = state;
1027}
1028
1029static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1030                                               unsigned long len, int nb)
1031{
1032        struct sk_buff *skb;
1033        int err;
1034
1035        l2cap_chan_unlock(chan);
1036        skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1037        l2cap_chan_lock(chan);
1038
1039        if (!skb)
1040                return ERR_PTR(err);
1041
1042        return skb;
1043}
1044
1045static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1046{
1047        struct sock *sk = chan->data;
1048        struct sock *parent;
1049
1050        lock_sock(sk);
1051
1052        parent = bt_sk(sk)->parent;
1053
1054        BT_DBG("sk %p, parent %p", sk, parent);
1055
1056        sk->sk_state = BT_CONNECTED;
1057        sk->sk_state_change(sk);
1058
1059        if (parent)
1060                parent->sk_data_ready(parent, 0);
1061
1062        release_sock(sk);
1063}
1064
1065static struct l2cap_ops l2cap_chan_ops = {
1066        .name           = "L2CAP Socket Interface",
1067        .new_connection = l2cap_sock_new_connection_cb,
1068        .recv           = l2cap_sock_recv_cb,
1069        .close          = l2cap_sock_close_cb,
1070        .teardown       = l2cap_sock_teardown_cb,
1071        .state_change   = l2cap_sock_state_change_cb,
1072        .ready          = l2cap_sock_ready_cb,
1073        .alloc_skb      = l2cap_sock_alloc_skb_cb,
1074};
1075
1076static void l2cap_sock_destruct(struct sock *sk)
1077{
1078        BT_DBG("sk %p", sk);
1079
1080        l2cap_chan_put(l2cap_pi(sk)->chan);
1081        if (l2cap_pi(sk)->rx_busy_skb) {
1082                kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1083                l2cap_pi(sk)->rx_busy_skb = NULL;
1084        }
1085
1086        skb_queue_purge(&sk->sk_receive_queue);
1087        skb_queue_purge(&sk->sk_write_queue);
1088}
1089
1090static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1091{
1092        struct l2cap_pinfo *pi = l2cap_pi(sk);
1093        struct l2cap_chan *chan = pi->chan;
1094
1095        BT_DBG("sk %p", sk);
1096
1097        if (parent) {
1098                struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1099
1100                sk->sk_type = parent->sk_type;
1101                bt_sk(sk)->flags = bt_sk(parent)->flags;
1102
1103                chan->chan_type = pchan->chan_type;
1104                chan->imtu = pchan->imtu;
1105                chan->omtu = pchan->omtu;
1106                chan->conf_state = pchan->conf_state;
1107                chan->mode = pchan->mode;
1108                chan->fcs  = pchan->fcs;
1109                chan->max_tx = pchan->max_tx;
1110                chan->tx_win = pchan->tx_win;
1111                chan->tx_win_max = pchan->tx_win_max;
1112                chan->sec_level = pchan->sec_level;
1113                chan->flags = pchan->flags;
1114
1115                security_sk_clone(parent, sk);
1116        } else {
1117
1118                switch (sk->sk_type) {
1119                case SOCK_RAW:
1120                        chan->chan_type = L2CAP_CHAN_RAW;
1121                        break;
1122                case SOCK_DGRAM:
1123                        chan->chan_type = L2CAP_CHAN_CONN_LESS;
1124                        break;
1125                case SOCK_SEQPACKET:
1126                case SOCK_STREAM:
1127                        chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1128                        break;
1129                }
1130
1131                chan->imtu = L2CAP_DEFAULT_MTU;
1132                chan->omtu = 0;
1133                if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1134                        chan->mode = L2CAP_MODE_ERTM;
1135                        set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1136                } else {
1137                        chan->mode = L2CAP_MODE_BASIC;
1138                }
1139
1140                l2cap_chan_set_defaults(chan);
1141        }
1142
1143        /* Default config options */
1144        chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1145
1146        chan->data = sk;
1147        chan->ops = &l2cap_chan_ops;
1148}
1149
1150static struct proto l2cap_proto = {
1151        .name           = "L2CAP",
1152        .owner          = THIS_MODULE,
1153        .obj_size       = sizeof(struct l2cap_pinfo)
1154};
1155
1156static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1157{
1158        struct sock *sk;
1159        struct l2cap_chan *chan;
1160
1161        sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1162        if (!sk)
1163                return NULL;
1164
1165        sock_init_data(sock, sk);
1166        INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1167
1168        sk->sk_destruct = l2cap_sock_destruct;
1169        sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1170
1171        sock_reset_flag(sk, SOCK_ZAPPED);
1172
1173        sk->sk_protocol = proto;
1174        sk->sk_state = BT_OPEN;
1175
1176        chan = l2cap_chan_create();
1177        if (!chan) {
1178                sk_free(sk);
1179                return NULL;
1180        }
1181
1182        l2cap_chan_hold(chan);
1183
1184        chan->sk = sk;
1185
1186        l2cap_pi(sk)->chan = chan;
1187
1188        return sk;
1189}
1190
1191static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1192                             int kern)
1193{
1194        struct sock *sk;
1195
1196        BT_DBG("sock %p", sock);
1197
1198        sock->state = SS_UNCONNECTED;
1199
1200        if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1201                        sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1202                return -ESOCKTNOSUPPORT;
1203
1204        if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1205                return -EPERM;
1206
1207        sock->ops = &l2cap_sock_ops;
1208
1209        sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1210        if (!sk)
1211                return -ENOMEM;
1212
1213        l2cap_sock_init(sk, NULL);
1214        return 0;
1215}
1216
1217static const struct proto_ops l2cap_sock_ops = {
1218        .family         = PF_BLUETOOTH,
1219        .owner          = THIS_MODULE,
1220        .release        = l2cap_sock_release,
1221        .bind           = l2cap_sock_bind,
1222        .connect        = l2cap_sock_connect,
1223        .listen         = l2cap_sock_listen,
1224        .accept         = l2cap_sock_accept,
1225        .getname        = l2cap_sock_getname,
1226        .sendmsg        = l2cap_sock_sendmsg,
1227        .recvmsg        = l2cap_sock_recvmsg,
1228        .poll           = bt_sock_poll,
1229        .ioctl          = bt_sock_ioctl,
1230        .mmap           = sock_no_mmap,
1231        .socketpair     = sock_no_socketpair,
1232        .shutdown       = l2cap_sock_shutdown,
1233        .setsockopt     = l2cap_sock_setsockopt,
1234        .getsockopt     = l2cap_sock_getsockopt
1235};
1236
1237static const struct net_proto_family l2cap_sock_family_ops = {
1238        .family = PF_BLUETOOTH,
1239        .owner  = THIS_MODULE,
1240        .create = l2cap_sock_create,
1241};
1242
1243int __init l2cap_init_sockets(void)
1244{
1245        int err;
1246
1247        err = proto_register(&l2cap_proto, 0);
1248        if (err < 0)
1249                return err;
1250
1251        err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1252        if (err < 0)
1253                goto error;
1254
1255        BT_INFO("L2CAP socket layer initialized");
1256
1257        return 0;
1258
1259error:
1260        BT_ERR("L2CAP socket registration failed");
1261        proto_unregister(&l2cap_proto);
1262        return err;
1263}
1264
1265void l2cap_cleanup_sockets(void)
1266{
1267        if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1268                BT_ERR("L2CAP socket unregistration failed");
1269
1270        proto_unregister(&l2cap_proto);
1271}
1272
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.