linux/net/bluetooth/l2cap_sock.c
<<
>>
Prefs
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3   Copyright (C) 2000-2001 Qualcomm Incorporated
   4   Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
   5   Copyright (C) 2010 Google Inc.
   6   Copyright (C) 2011 ProFUSION Embedded Systems
   7
   8   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   9
  10   This program is free software; you can redistribute it and/or modify
  11   it under the terms of the GNU General Public License version 2 as
  12   published by the Free Software Foundation;
  13
  14   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  15   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  16   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  17   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  18   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  19   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  20   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  21   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  22
  23   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  24   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  25   SOFTWARE IS DISCLAIMED.
  26*/
  27
  28/* Bluetooth L2CAP sockets. */
  29
  30#include <linux/export.h>
  31
  32#include <net/bluetooth/bluetooth.h>
  33#include <net/bluetooth/hci_core.h>
  34#include <net/bluetooth/l2cap.h>
  35#include <net/bluetooth/smp.h>
  36
  37static struct bt_sock_list l2cap_sk_list = {
  38        .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
  39};
  40
  41static const struct proto_ops l2cap_sock_ops;
  42static void l2cap_sock_init(struct sock *sk, struct sock *parent);
  43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
  44
  45static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
  46{
  47        struct sock *sk = sock->sk;
  48        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
  49        struct sockaddr_l2 la;
  50        int len, err = 0;
  51
  52        BT_DBG("sk %p", sk);
  53
  54        if (!addr || addr->sa_family != AF_BLUETOOTH)
  55                return -EINVAL;
  56
  57        memset(&la, 0, sizeof(la));
  58        len = min_t(unsigned int, sizeof(la), alen);
  59        memcpy(&la, addr, len);
  60
  61        if (la.l2_cid && la.l2_psm)
  62                return -EINVAL;
  63
  64        lock_sock(sk);
  65
  66        if (sk->sk_state != BT_OPEN) {
  67                err = -EBADFD;
  68                goto done;
  69        }
  70
  71        if (la.l2_psm) {
  72                __u16 psm = __le16_to_cpu(la.l2_psm);
  73
  74                /* PSM must be odd and lsb of upper byte must be 0 */
  75                if ((psm & 0x0101) != 0x0001) {
  76                        err = -EINVAL;
  77                        goto done;
  78                }
  79
  80                /* Restrict usage of well-known PSMs */
  81                if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
  82                        err = -EACCES;
  83                        goto done;
  84                }
  85        }
  86
  87        if (la.l2_cid)
  88                err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
  89        else
  90                err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
  91
  92        if (err < 0)
  93                goto done;
  94
  95        if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
  96            __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
  97                chan->sec_level = BT_SECURITY_SDP;
  98
  99        bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
 100
 101        chan->state = BT_BOUND;
 102        sk->sk_state = BT_BOUND;
 103
 104done:
 105        release_sock(sk);
 106        return err;
 107}
 108
 109static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
 110{
 111        struct sock *sk = sock->sk;
 112        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 113        struct sockaddr_l2 la;
 114        int len, err = 0;
 115
 116        BT_DBG("sk %p", sk);
 117
 118        if (!addr || alen < sizeof(addr->sa_family) ||
 119            addr->sa_family != AF_BLUETOOTH)
 120                return -EINVAL;
 121
 122        memset(&la, 0, sizeof(la));
 123        len = min_t(unsigned int, sizeof(la), alen);
 124        memcpy(&la, addr, len);
 125
 126        if (la.l2_cid && la.l2_psm)
 127                return -EINVAL;
 128
 129        err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
 130                                 &la.l2_bdaddr, la.l2_bdaddr_type);
 131        if (err)
 132                return err;
 133
 134        lock_sock(sk);
 135
 136        err = bt_sock_wait_state(sk, BT_CONNECTED,
 137                        sock_sndtimeo(sk, flags & O_NONBLOCK));
 138
 139        release_sock(sk);
 140
 141        return err;
 142}
 143
 144static int l2cap_sock_listen(struct socket *sock, int backlog)
 145{
 146        struct sock *sk = sock->sk;
 147        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 148        int err = 0;
 149
 150        BT_DBG("sk %p backlog %d", sk, backlog);
 151
 152        lock_sock(sk);
 153
 154        if (sk->sk_state != BT_BOUND) {
 155                err = -EBADFD;
 156                goto done;
 157        }
 158
 159        if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
 160                err = -EINVAL;
 161                goto done;
 162        }
 163
 164        switch (chan->mode) {
 165        case L2CAP_MODE_BASIC:
 166                break;
 167        case L2CAP_MODE_ERTM:
 168        case L2CAP_MODE_STREAMING:
 169                if (!disable_ertm)
 170                        break;
 171                /* fall through */
 172        default:
 173                err = -ENOTSUPP;
 174                goto done;
 175        }
 176
 177        sk->sk_max_ack_backlog = backlog;
 178        sk->sk_ack_backlog = 0;
 179
 180        chan->state = BT_LISTEN;
 181        sk->sk_state = BT_LISTEN;
 182
 183done:
 184        release_sock(sk);
 185        return err;
 186}
 187
 188static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
 189{
 190        DECLARE_WAITQUEUE(wait, current);
 191        struct sock *sk = sock->sk, *nsk;
 192        long timeo;
 193        int err = 0;
 194
 195        lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
 196
 197        timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
 198
 199        BT_DBG("sk %p timeo %ld", sk, timeo);
 200
 201        /* Wait for an incoming connection. (wake-one). */
 202        add_wait_queue_exclusive(sk_sleep(sk), &wait);
 203        while (1) {
 204                set_current_state(TASK_INTERRUPTIBLE);
 205
 206                if (sk->sk_state != BT_LISTEN) {
 207                        err = -EBADFD;
 208                        break;
 209                }
 210
 211                nsk = bt_accept_dequeue(sk, newsock);
 212                if (nsk)
 213                        break;
 214
 215                if (!timeo) {
 216                        err = -EAGAIN;
 217                        break;
 218                }
 219
 220                if (signal_pending(current)) {
 221                        err = sock_intr_errno(timeo);
 222                        break;
 223                }
 224
 225                release_sock(sk);
 226                timeo = schedule_timeout(timeo);
 227                lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
 228        }
 229        __set_current_state(TASK_RUNNING);
 230        remove_wait_queue(sk_sleep(sk), &wait);
 231
 232        if (err)
 233                goto done;
 234
 235        newsock->state = SS_CONNECTED;
 236
 237        BT_DBG("new socket %p", nsk);
 238
 239done:
 240        release_sock(sk);
 241        return err;
 242}
 243
 244static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
 245{
 246        struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
 247        struct sock *sk = sock->sk;
 248        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 249
 250        BT_DBG("sock %p, sk %p", sock, sk);
 251
 252        memset(la, 0, sizeof(struct sockaddr_l2));
 253        addr->sa_family = AF_BLUETOOTH;
 254        *len = sizeof(struct sockaddr_l2);
 255
 256        if (peer) {
 257                la->l2_psm = chan->psm;
 258                bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
 259                la->l2_cid = cpu_to_le16(chan->dcid);
 260        } else {
 261                la->l2_psm = chan->sport;
 262                bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
 263                la->l2_cid = cpu_to_le16(chan->scid);
 264        }
 265
 266        return 0;
 267}
 268
 269static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
 270{
 271        struct sock *sk = sock->sk;
 272        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 273        struct l2cap_options opts;
 274        struct l2cap_conninfo cinfo;
 275        int len, err = 0;
 276        u32 opt;
 277
 278        BT_DBG("sk %p", sk);
 279
 280        if (get_user(len, optlen))
 281                return -EFAULT;
 282
 283        lock_sock(sk);
 284
 285        switch (optname) {
 286        case L2CAP_OPTIONS:
 287                memset(&opts, 0, sizeof(opts));
 288                opts.imtu     = chan->imtu;
 289                opts.omtu     = chan->omtu;
 290                opts.flush_to = chan->flush_to;
 291                opts.mode     = chan->mode;
 292                opts.fcs      = chan->fcs;
 293                opts.max_tx   = chan->max_tx;
 294                opts.txwin_size = chan->tx_win;
 295
 296                len = min_t(unsigned int, len, sizeof(opts));
 297                if (copy_to_user(optval, (char *) &opts, len))
 298                        err = -EFAULT;
 299
 300                break;
 301
 302        case L2CAP_LM:
 303                switch (chan->sec_level) {
 304                case BT_SECURITY_LOW:
 305                        opt = L2CAP_LM_AUTH;
 306                        break;
 307                case BT_SECURITY_MEDIUM:
 308                        opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
 309                        break;
 310                case BT_SECURITY_HIGH:
 311                        opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
 312                                                        L2CAP_LM_SECURE;
 313                        break;
 314                default:
 315                        opt = 0;
 316                        break;
 317                }
 318
 319                if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
 320                        opt |= L2CAP_LM_MASTER;
 321
 322                if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
 323                        opt |= L2CAP_LM_RELIABLE;
 324
 325                if (put_user(opt, (u32 __user *) optval))
 326                        err = -EFAULT;
 327                break;
 328
 329        case L2CAP_CONNINFO:
 330                if (sk->sk_state != BT_CONNECTED &&
 331                    !(sk->sk_state == BT_CONNECT2 &&
 332                      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
 333                        err = -ENOTCONN;
 334                        break;
 335                }
 336
 337                memset(&cinfo, 0, sizeof(cinfo));
 338                cinfo.hci_handle = chan->conn->hcon->handle;
 339                memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
 340
 341                len = min_t(unsigned int, len, sizeof(cinfo));
 342                if (copy_to_user(optval, (char *) &cinfo, len))
 343                        err = -EFAULT;
 344
 345                break;
 346
 347        default:
 348                err = -ENOPROTOOPT;
 349                break;
 350        }
 351
 352        release_sock(sk);
 353        return err;
 354}
 355
 356static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
 357{
 358        struct sock *sk = sock->sk;
 359        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 360        struct bt_security sec;
 361        struct bt_power pwr;
 362        int len, err = 0;
 363
 364        BT_DBG("sk %p", sk);
 365
 366        if (level == SOL_L2CAP)
 367                return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
 368
 369        if (level != SOL_BLUETOOTH)
 370                return -ENOPROTOOPT;
 371
 372        if (get_user(len, optlen))
 373                return -EFAULT;
 374
 375        lock_sock(sk);
 376
 377        switch (optname) {
 378        case BT_SECURITY:
 379                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 380                                        chan->chan_type != L2CAP_CHAN_RAW) {
 381                        err = -EINVAL;
 382                        break;
 383                }
 384
 385                memset(&sec, 0, sizeof(sec));
 386                if (chan->conn)
 387                        sec.level = chan->conn->hcon->sec_level;
 388                else
 389                        sec.level = chan->sec_level;
 390
 391                if (sk->sk_state == BT_CONNECTED)
 392                        sec.key_size = chan->conn->hcon->enc_key_size;
 393
 394                len = min_t(unsigned int, len, sizeof(sec));
 395                if (copy_to_user(optval, (char *) &sec, len))
 396                        err = -EFAULT;
 397
 398                break;
 399
 400        case BT_DEFER_SETUP:
 401                if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 402                        err = -EINVAL;
 403                        break;
 404                }
 405
 406                if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
 407                             (u32 __user *) optval))
 408                        err = -EFAULT;
 409
 410                break;
 411
 412        case BT_FLUSHABLE:
 413                if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
 414                                                (u32 __user *) optval))
 415                        err = -EFAULT;
 416
 417                break;
 418
 419        case BT_POWER:
 420                if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
 421                                && sk->sk_type != SOCK_RAW) {
 422                        err = -EINVAL;
 423                        break;
 424                }
 425
 426                pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 427
 428                len = min_t(unsigned int, len, sizeof(pwr));
 429                if (copy_to_user(optval, (char *) &pwr, len))
 430                        err = -EFAULT;
 431
 432                break;
 433
 434        case BT_CHANNEL_POLICY:
 435                if (!enable_hs) {
 436                        err = -ENOPROTOOPT;
 437                        break;
 438                }
 439
 440                if (put_user(chan->chan_policy, (u32 __user *) optval))
 441                        err = -EFAULT;
 442                break;
 443
 444        default:
 445                err = -ENOPROTOOPT;
 446                break;
 447        }
 448
 449        release_sock(sk);
 450        return err;
 451}
 452
 453static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
 454{
 455        switch (chan->scid) {
 456        case L2CAP_CID_LE_DATA:
 457                if (mtu < L2CAP_LE_MIN_MTU)
 458                        return false;
 459                break;
 460
 461        default:
 462                if (mtu < L2CAP_DEFAULT_MIN_MTU)
 463                        return false;
 464        }
 465
 466        return true;
 467}
 468
 469static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
 470{
 471        struct sock *sk = sock->sk;
 472        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 473        struct l2cap_options opts;
 474        int len, err = 0;
 475        u32 opt;
 476
 477        BT_DBG("sk %p", sk);
 478
 479        lock_sock(sk);
 480
 481        switch (optname) {
 482        case L2CAP_OPTIONS:
 483                if (sk->sk_state == BT_CONNECTED) {
 484                        err = -EINVAL;
 485                        break;
 486                }
 487
 488                opts.imtu     = chan->imtu;
 489                opts.omtu     = chan->omtu;
 490                opts.flush_to = chan->flush_to;
 491                opts.mode     = chan->mode;
 492                opts.fcs      = chan->fcs;
 493                opts.max_tx   = chan->max_tx;
 494                opts.txwin_size = chan->tx_win;
 495
 496                len = min_t(unsigned int, sizeof(opts), optlen);
 497                if (copy_from_user((char *) &opts, optval, len)) {
 498                        err = -EFAULT;
 499                        break;
 500                }
 501
 502                if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
 503                        err = -EINVAL;
 504                        break;
 505                }
 506
 507                if (!l2cap_valid_mtu(chan, opts.imtu)) {
 508                        err = -EINVAL;
 509                        break;
 510                }
 511
 512                chan->mode = opts.mode;
 513                switch (chan->mode) {
 514                case L2CAP_MODE_BASIC:
 515                        clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
 516                        break;
 517                case L2CAP_MODE_ERTM:
 518                case L2CAP_MODE_STREAMING:
 519                        if (!disable_ertm)
 520                                break;
 521                        /* fall through */
 522                default:
 523                        err = -EINVAL;
 524                        break;
 525                }
 526
 527                chan->imtu = opts.imtu;
 528                chan->omtu = opts.omtu;
 529                chan->fcs  = opts.fcs;
 530                chan->max_tx = opts.max_tx;
 531                chan->tx_win = opts.txwin_size;
 532                break;
 533
 534        case L2CAP_LM:
 535                if (get_user(opt, (u32 __user *) optval)) {
 536                        err = -EFAULT;
 537                        break;
 538                }
 539
 540                if (opt & L2CAP_LM_AUTH)
 541                        chan->sec_level = BT_SECURITY_LOW;
 542                if (opt & L2CAP_LM_ENCRYPT)
 543                        chan->sec_level = BT_SECURITY_MEDIUM;
 544                if (opt & L2CAP_LM_SECURE)
 545                        chan->sec_level = BT_SECURITY_HIGH;
 546
 547                if (opt & L2CAP_LM_MASTER)
 548                        set_bit(FLAG_ROLE_SWITCH, &chan->flags);
 549                else
 550                        clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
 551
 552                if (opt & L2CAP_LM_RELIABLE)
 553                        set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
 554                else
 555                        clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
 556                break;
 557
 558        default:
 559                err = -ENOPROTOOPT;
 560                break;
 561        }
 562
 563        release_sock(sk);
 564        return err;
 565}
 566
 567static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
 568{
 569        struct sock *sk = sock->sk;
 570        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 571        struct bt_security sec;
 572        struct bt_power pwr;
 573        struct l2cap_conn *conn;
 574        int len, err = 0;
 575        u32 opt;
 576
 577        BT_DBG("sk %p", sk);
 578
 579        if (level == SOL_L2CAP)
 580                return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
 581
 582        if (level != SOL_BLUETOOTH)
 583                return -ENOPROTOOPT;
 584
 585        lock_sock(sk);
 586
 587        switch (optname) {
 588        case BT_SECURITY:
 589                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 590                                        chan->chan_type != L2CAP_CHAN_RAW) {
 591                        err = -EINVAL;
 592                        break;
 593                }
 594
 595                sec.level = BT_SECURITY_LOW;
 596
 597                len = min_t(unsigned int, sizeof(sec), optlen);
 598                if (copy_from_user((char *) &sec, optval, len)) {
 599                        err = -EFAULT;
 600                        break;
 601                }
 602
 603                if (sec.level < BT_SECURITY_LOW ||
 604                                        sec.level > BT_SECURITY_HIGH) {
 605                        err = -EINVAL;
 606                        break;
 607                }
 608
 609                chan->sec_level = sec.level;
 610
 611                if (!chan->conn)
 612                        break;
 613
 614                conn = chan->conn;
 615
 616                /*change security for LE channels */
 617                if (chan->scid == L2CAP_CID_LE_DATA) {
 618                        if (!conn->hcon->out) {
 619                                err = -EINVAL;
 620                                break;
 621                        }
 622
 623                        if (smp_conn_security(conn->hcon, sec.level))
 624                                break;
 625                        sk->sk_state = BT_CONFIG;
 626                        chan->state = BT_CONFIG;
 627
 628                /* or for ACL link */
 629                } else if ((sk->sk_state == BT_CONNECT2 &&
 630                           test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
 631                           sk->sk_state == BT_CONNECTED) {
 632                        if (!l2cap_chan_check_security(chan))
 633                                set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
 634                        else
 635                                sk->sk_state_change(sk);
 636                } else {
 637                        err = -EINVAL;
 638                }
 639                break;
 640
 641        case BT_DEFER_SETUP:
 642                if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 643                        err = -EINVAL;
 644                        break;
 645                }
 646
 647                if (get_user(opt, (u32 __user *) optval)) {
 648                        err = -EFAULT;
 649                        break;
 650                }
 651
 652                if (opt)
 653                        set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 654                else
 655                        clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 656                break;
 657
 658        case BT_FLUSHABLE:
 659                if (get_user(opt, (u32 __user *) optval)) {
 660                        err = -EFAULT;
 661                        break;
 662                }
 663
 664                if (opt > BT_FLUSHABLE_ON) {
 665                        err = -EINVAL;
 666                        break;
 667                }
 668
 669                if (opt == BT_FLUSHABLE_OFF) {
 670                        struct l2cap_conn *conn = chan->conn;
 671                        /* proceed further only when we have l2cap_conn and
 672                           No Flush support in the LM */
 673                        if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
 674                                err = -EINVAL;
 675                                break;
 676                        }
 677                }
 678
 679                if (opt)
 680                        set_bit(FLAG_FLUSHABLE, &chan->flags);
 681                else
 682                        clear_bit(FLAG_FLUSHABLE, &chan->flags);
 683                break;
 684
 685        case BT_POWER:
 686                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
 687                                        chan->chan_type != L2CAP_CHAN_RAW) {
 688                        err = -EINVAL;
 689                        break;
 690                }
 691
 692                pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
 693
 694                len = min_t(unsigned int, sizeof(pwr), optlen);
 695                if (copy_from_user((char *) &pwr, optval, len)) {
 696                        err = -EFAULT;
 697                        break;
 698                }
 699
 700                if (pwr.force_active)
 701                        set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 702                else
 703                        clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
 704                break;
 705
 706        case BT_CHANNEL_POLICY:
 707                if (!enable_hs) {
 708                        err = -ENOPROTOOPT;
 709                        break;
 710                }
 711
 712                if (get_user(opt, (u32 __user *) optval)) {
 713                        err = -EFAULT;
 714                        break;
 715                }
 716
 717                if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
 718                        err = -EINVAL;
 719                        break;
 720                }
 721
 722                if (chan->mode != L2CAP_MODE_ERTM &&
 723                                chan->mode != L2CAP_MODE_STREAMING) {
 724                        err = -EOPNOTSUPP;
 725                        break;
 726                }
 727
 728                chan->chan_policy = (u8) opt;
 729                break;
 730
 731        default:
 732                err = -ENOPROTOOPT;
 733                break;
 734        }
 735
 736        release_sock(sk);
 737        return err;
 738}
 739
 740static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
 741{
 742        struct sock *sk = sock->sk;
 743        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 744        int err;
 745
 746        BT_DBG("sock %p, sk %p", sock, sk);
 747
 748        err = sock_error(sk);
 749        if (err)
 750                return err;
 751
 752        if (msg->msg_flags & MSG_OOB)
 753                return -EOPNOTSUPP;
 754
 755        if (sk->sk_state != BT_CONNECTED)
 756                return -ENOTCONN;
 757
 758        l2cap_chan_lock(chan);
 759        err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
 760        l2cap_chan_unlock(chan);
 761
 762        return err;
 763}
 764
 765static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
 766{
 767        struct sock *sk = sock->sk;
 768        struct l2cap_pinfo *pi = l2cap_pi(sk);
 769        int err;
 770
 771        lock_sock(sk);
 772
 773        if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
 774                                                    &bt_sk(sk)->flags)) {
 775                sk->sk_state = BT_CONFIG;
 776                pi->chan->state = BT_CONFIG;
 777
 778                __l2cap_connect_rsp_defer(pi->chan);
 779                release_sock(sk);
 780                return 0;
 781        }
 782
 783        release_sock(sk);
 784
 785        if (sock->type == SOCK_STREAM)
 786                err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
 787        else
 788                err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
 789
 790        if (pi->chan->mode != L2CAP_MODE_ERTM)
 791                return err;
 792
 793        /* Attempt to put pending rx data in the socket buffer */
 794
 795        lock_sock(sk);
 796
 797        if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
 798                goto done;
 799
 800        if (pi->rx_busy_skb) {
 801                if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
 802                        pi->rx_busy_skb = NULL;
 803                else
 804                        goto done;
 805        }
 806
 807        /* Restore data flow when half of the receive buffer is
 808         * available.  This avoids resending large numbers of
 809         * frames.
 810         */
 811        if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
 812                l2cap_chan_busy(pi->chan, 0);
 813
 814done:
 815        release_sock(sk);
 816        return err;
 817}
 818
 819/* Kill socket (only if zapped and orphan)
 820 * Must be called on unlocked socket.
 821 */
 822static void l2cap_sock_kill(struct sock *sk)
 823{
 824        if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
 825                return;
 826
 827        BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
 828
 829        /* Kill poor orphan */
 830
 831        l2cap_chan_put(l2cap_pi(sk)->chan);
 832        sock_set_flag(sk, SOCK_DEAD);
 833        sock_put(sk);
 834}
 835
 836static int l2cap_sock_shutdown(struct socket *sock, int how)
 837{
 838        struct sock *sk = sock->sk;
 839        struct l2cap_chan *chan;
 840        struct l2cap_conn *conn;
 841        int err = 0;
 842
 843        BT_DBG("sock %p, sk %p", sock, sk);
 844
 845        if (!sk)
 846                return 0;
 847
 848        chan = l2cap_pi(sk)->chan;
 849        conn = chan->conn;
 850
 851        if (conn)
 852                mutex_lock(&conn->chan_lock);
 853
 854        l2cap_chan_lock(chan);
 855        lock_sock(sk);
 856
 857        if (!sk->sk_shutdown) {
 858                if (chan->mode == L2CAP_MODE_ERTM)
 859                        err = __l2cap_wait_ack(sk);
 860
 861                sk->sk_shutdown = SHUTDOWN_MASK;
 862
 863                release_sock(sk);
 864                l2cap_chan_close(chan, 0);
 865                lock_sock(sk);
 866
 867                if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
 868                        err = bt_sock_wait_state(sk, BT_CLOSED,
 869                                                        sk->sk_lingertime);
 870        }
 871
 872        if (!err && sk->sk_err)
 873                err = -sk->sk_err;
 874
 875        release_sock(sk);
 876        l2cap_chan_unlock(chan);
 877
 878        if (conn)
 879                mutex_unlock(&conn->chan_lock);
 880
 881        return err;
 882}
 883
 884static int l2cap_sock_release(struct socket *sock)
 885{
 886        struct sock *sk = sock->sk;
 887        int err;
 888
 889        BT_DBG("sock %p, sk %p", sock, sk);
 890
 891        if (!sk)
 892                return 0;
 893
 894        bt_sock_unlink(&l2cap_sk_list, sk);
 895
 896        err = l2cap_sock_shutdown(sock, 2);
 897
 898        sock_orphan(sk);
 899        l2cap_sock_kill(sk);
 900        return err;
 901}
 902
 903static void l2cap_sock_cleanup_listen(struct sock *parent)
 904{
 905        struct sock *sk;
 906
 907        BT_DBG("parent %p", parent);
 908
 909        /* Close not yet accepted channels */
 910        while ((sk = bt_accept_dequeue(parent, NULL))) {
 911                struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 912
 913                l2cap_chan_lock(chan);
 914                __clear_chan_timer(chan);
 915                l2cap_chan_close(chan, ECONNRESET);
 916                l2cap_chan_unlock(chan);
 917
 918                l2cap_sock_kill(sk);
 919        }
 920}
 921
 922static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
 923{
 924        struct sock *sk, *parent = chan->data;
 925
 926        /* Check for backlog size */
 927        if (sk_acceptq_is_full(parent)) {
 928                BT_DBG("backlog full %d", parent->sk_ack_backlog);
 929                return NULL;
 930        }
 931
 932        sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
 933                                                                GFP_ATOMIC);
 934        if (!sk)
 935                return NULL;
 936
 937        bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
 938
 939        l2cap_sock_init(sk, parent);
 940
 941        return l2cap_pi(sk)->chan;
 942}
 943
 944static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
 945{
 946        int err;
 947        struct sock *sk = chan->data;
 948        struct l2cap_pinfo *pi = l2cap_pi(sk);
 949
 950        lock_sock(sk);
 951
 952        if (pi->rx_busy_skb) {
 953                err = -ENOMEM;
 954                goto done;
 955        }
 956
 957        err = sock_queue_rcv_skb(sk, skb);
 958
 959        /* For ERTM, handle one skb that doesn't fit into the recv
 960         * buffer.  This is important to do because the data frames
 961         * have already been acked, so the skb cannot be discarded.
 962         *
 963         * Notify the l2cap core that the buffer is full, so the
 964         * LOCAL_BUSY state is entered and no more frames are
 965         * acked and reassembled until there is buffer space
 966         * available.
 967         */
 968        if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
 969                pi->rx_busy_skb = skb;
 970                l2cap_chan_busy(pi->chan, 1);
 971                err = 0;
 972        }
 973
 974done:
 975        release_sock(sk);
 976
 977        return err;
 978}
 979
 980static void l2cap_sock_close_cb(struct l2cap_chan *chan)
 981{
 982        struct sock *sk = chan->data;
 983
 984        l2cap_sock_kill(sk);
 985}
 986
 987static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
 988{
 989        struct sock *sk = chan->data;
 990        struct sock *parent;
 991
 992        lock_sock(sk);
 993
 994        parent = bt_sk(sk)->parent;
 995
 996        sock_set_flag(sk, SOCK_ZAPPED);
 997
 998        switch (chan->state) {
 999        case BT_OPEN:
1000        case BT_BOUND:
1001        case BT_CLOSED:
1002                break;
1003        case BT_LISTEN:
1004                l2cap_sock_cleanup_listen(sk);
1005                sk->sk_state = BT_CLOSED;
1006                chan->state = BT_CLOSED;
1007
1008                break;
1009        default:
1010                sk->sk_state = BT_CLOSED;
1011                chan->state = BT_CLOSED;
1012
1013                sk->sk_err = err;
1014
1015                if (parent) {
1016                        bt_accept_unlink(sk);
1017                        parent->sk_data_ready(parent, 0);
1018                } else {
1019                        sk->sk_state_change(sk);
1020                }
1021
1022                break;
1023        }
1024
1025        release_sock(sk);
1026}
1027
1028static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1029{
1030        struct sock *sk = chan->data;
1031
1032        sk->sk_state = state;
1033}
1034
1035static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1036                                               unsigned long len, int nb)
1037{
1038        struct sk_buff *skb;
1039        int err;
1040
1041        l2cap_chan_unlock(chan);
1042        skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1043        l2cap_chan_lock(chan);
1044
1045        if (!skb)
1046                return ERR_PTR(err);
1047
1048        return skb;
1049}
1050
1051static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1052{
1053        struct sock *sk = chan->data;
1054        struct sock *parent;
1055
1056        lock_sock(sk);
1057
1058        parent = bt_sk(sk)->parent;
1059
1060        BT_DBG("sk %p, parent %p", sk, parent);
1061
1062        sk->sk_state = BT_CONNECTED;
1063        sk->sk_state_change(sk);
1064
1065        if (parent)
1066                parent->sk_data_ready(parent, 0);
1067
1068        release_sock(sk);
1069}
1070
1071static struct l2cap_ops l2cap_chan_ops = {
1072        .name           = "L2CAP Socket Interface",
1073        .new_connection = l2cap_sock_new_connection_cb,
1074        .recv           = l2cap_sock_recv_cb,
1075        .close          = l2cap_sock_close_cb,
1076        .teardown       = l2cap_sock_teardown_cb,
1077        .state_change   = l2cap_sock_state_change_cb,
1078        .ready          = l2cap_sock_ready_cb,
1079        .alloc_skb      = l2cap_sock_alloc_skb_cb,
1080};
1081
1082static void l2cap_sock_destruct(struct sock *sk)
1083{
1084        BT_DBG("sk %p", sk);
1085
1086        l2cap_chan_put(l2cap_pi(sk)->chan);
1087        if (l2cap_pi(sk)->rx_busy_skb) {
1088                kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1089                l2cap_pi(sk)->rx_busy_skb = NULL;
1090        }
1091
1092        skb_queue_purge(&sk->sk_receive_queue);
1093        skb_queue_purge(&sk->sk_write_queue);
1094}
1095
1096static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1097{
1098        struct l2cap_pinfo *pi = l2cap_pi(sk);
1099        struct l2cap_chan *chan = pi->chan;
1100
1101        BT_DBG("sk %p", sk);
1102
1103        if (parent) {
1104                struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1105
1106                sk->sk_type = parent->sk_type;
1107                bt_sk(sk)->flags = bt_sk(parent)->flags;
1108
1109                chan->chan_type = pchan->chan_type;
1110                chan->imtu = pchan->imtu;
1111                chan->omtu = pchan->omtu;
1112                chan->conf_state = pchan->conf_state;
1113                chan->mode = pchan->mode;
1114                chan->fcs  = pchan->fcs;
1115                chan->max_tx = pchan->max_tx;
1116                chan->tx_win = pchan->tx_win;
1117                chan->tx_win_max = pchan->tx_win_max;
1118                chan->sec_level = pchan->sec_level;
1119                chan->flags = pchan->flags;
1120
1121                security_sk_clone(parent, sk);
1122        } else {
1123
1124                switch (sk->sk_type) {
1125                case SOCK_RAW:
1126                        chan->chan_type = L2CAP_CHAN_RAW;
1127                        break;
1128                case SOCK_DGRAM:
1129                        chan->chan_type = L2CAP_CHAN_CONN_LESS;
1130                        break;
1131                case SOCK_SEQPACKET:
1132                case SOCK_STREAM:
1133                        chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1134                        break;
1135                }
1136
1137                chan->imtu = L2CAP_DEFAULT_MTU;
1138                chan->omtu = 0;
1139                if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1140                        chan->mode = L2CAP_MODE_ERTM;
1141                        set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1142                } else {
1143                        chan->mode = L2CAP_MODE_BASIC;
1144                }
1145
1146                l2cap_chan_set_defaults(chan);
1147        }
1148
1149        /* Default config options */
1150        chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1151
1152        chan->data = sk;
1153        chan->ops = &l2cap_chan_ops;
1154}
1155
1156static struct proto l2cap_proto = {
1157        .name           = "L2CAP",
1158        .owner          = THIS_MODULE,
1159        .obj_size       = sizeof(struct l2cap_pinfo)
1160};
1161
1162static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1163{
1164        struct sock *sk;
1165        struct l2cap_chan *chan;
1166
1167        sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1168        if (!sk)
1169                return NULL;
1170
1171        sock_init_data(sock, sk);
1172        INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1173
1174        sk->sk_destruct = l2cap_sock_destruct;
1175        sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1176
1177        sock_reset_flag(sk, SOCK_ZAPPED);
1178
1179        sk->sk_protocol = proto;
1180        sk->sk_state = BT_OPEN;
1181
1182        chan = l2cap_chan_create();
1183        if (!chan) {
1184                sk_free(sk);
1185                return NULL;
1186        }
1187
1188        l2cap_chan_hold(chan);
1189
1190        chan->sk = sk;
1191
1192        l2cap_pi(sk)->chan = chan;
1193
1194        return sk;
1195}
1196
1197static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1198                             int kern)
1199{
1200        struct sock *sk;
1201
1202        BT_DBG("sock %p", sock);
1203
1204        sock->state = SS_UNCONNECTED;
1205
1206        if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1207                        sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1208                return -ESOCKTNOSUPPORT;
1209
1210        if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1211                return -EPERM;
1212
1213        sock->ops = &l2cap_sock_ops;
1214
1215        sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1216        if (!sk)
1217                return -ENOMEM;
1218
1219        l2cap_sock_init(sk, NULL);
1220        bt_sock_link(&l2cap_sk_list, sk);
1221        return 0;
1222}
1223
1224static const struct proto_ops l2cap_sock_ops = {
1225        .family         = PF_BLUETOOTH,
1226        .owner          = THIS_MODULE,
1227        .release        = l2cap_sock_release,
1228        .bind           = l2cap_sock_bind,
1229        .connect        = l2cap_sock_connect,
1230        .listen         = l2cap_sock_listen,
1231        .accept         = l2cap_sock_accept,
1232        .getname        = l2cap_sock_getname,
1233        .sendmsg        = l2cap_sock_sendmsg,
1234        .recvmsg        = l2cap_sock_recvmsg,
1235        .poll           = bt_sock_poll,
1236        .ioctl          = bt_sock_ioctl,
1237        .mmap           = sock_no_mmap,
1238        .socketpair     = sock_no_socketpair,
1239        .shutdown       = l2cap_sock_shutdown,
1240        .setsockopt     = l2cap_sock_setsockopt,
1241        .getsockopt     = l2cap_sock_getsockopt
1242};
1243
1244static const struct net_proto_family l2cap_sock_family_ops = {
1245        .family = PF_BLUETOOTH,
1246        .owner  = THIS_MODULE,
1247        .create = l2cap_sock_create,
1248};
1249
1250int __init l2cap_init_sockets(void)
1251{
1252        int err;
1253
1254        err = proto_register(&l2cap_proto, 0);
1255        if (err < 0)
1256                return err;
1257
1258        err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1259        if (err < 0) {
1260                BT_ERR("L2CAP socket registration failed");
1261                goto error;
1262        }
1263
1264        err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL);
1265        if (err < 0) {
1266                BT_ERR("Failed to create L2CAP proc file");
1267                bt_sock_unregister(BTPROTO_L2CAP);
1268                goto error;
1269        }
1270
1271        BT_INFO("L2CAP socket layer initialized");
1272
1273        return 0;
1274
1275error:
1276        proto_unregister(&l2cap_proto);
1277        return err;
1278}
1279
1280void l2cap_cleanup_sockets(void)
1281{
1282        bt_procfs_cleanup(&init_net, "l2cap");
1283        if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1284                BT_ERR("L2CAP socket unregistration failed");
1285
1286        proto_unregister(&l2cap_proto);
1287}
1288
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.