Gitiles
Code Review Sign In
192.168.1.100 / R306 / 68aeec9aed9ed9ad5fb9f444cefbbbd00a622a9a / . / ap / os / linux / linux-3.4.x / net / bluetooth / l2cap_sock.c
blob: 4a26348444bda4564d66ff9c4cb47ad842616167 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/security.h>
31#include <linux/export.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/smp.h>
37
38static const struct proto_ops l2cap_sock_ops;
39static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
41
42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43{
44 struct sock *sk = sock->sk;
45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
58 if (la.l2_cid && la.l2_psm)
59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
88
89 if (err < 0)
90 goto done;
91
92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
95
96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
97
98 chan->state = BT_BOUND;
99 sk->sk_state = BT_BOUND;
100
101done:
102 release_sock(sk);
103 return err;
104}
105
106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107{
108 struct sock *sk = sock->sk;
109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
123 if (la.l2_cid && la.l2_psm)
124 return -EINVAL;
125
126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
127 &la.l2_bdaddr);
128 if (err)
129 return err;
130
131 lock_sock(sk);
132
133 err = bt_sock_wait_state(sk, BT_CONNECTED,
134 sock_sndtimeo(sk, flags & O_NONBLOCK));
135
136 release_sock(sk);
137
138 return err;
139}
140
141static int l2cap_sock_listen(struct socket *sock, int backlog)
142{
143 struct sock *sk = sock->sk;
144 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
145 int err = 0;
146
147 BT_DBG("sk %p backlog %d", sk, backlog);
148
149 lock_sock(sk);
150
151 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
152 || sk->sk_state != BT_BOUND) {
153 err = -EBADFD;
154 goto done;
155 }
156
157 switch (chan->mode) {
158 case L2CAP_MODE_BASIC:
159 break;
160 case L2CAP_MODE_ERTM:
161 case L2CAP_MODE_STREAMING:
162 if (!disable_ertm)
163 break;
164 /* fall through */
165 default:
166 err = -ENOTSUPP;
167 goto done;
168 }
169
170 sk->sk_max_ack_backlog = backlog;
171 sk->sk_ack_backlog = 0;
172
173 chan->state = BT_LISTEN;
174 sk->sk_state = BT_LISTEN;
175
176done:
177 release_sock(sk);
178 return err;
179}
180
181static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
182{
183 DECLARE_WAITQUEUE(wait, current);
184 struct sock *sk = sock->sk, *nsk;
185 long timeo;
186 int err = 0;
187
188 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
189
190 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
191
192 BT_DBG("sk %p timeo %ld", sk, timeo);
193
194 /* Wait for an incoming connection. (wake-one). */
195 add_wait_queue_exclusive(sk_sleep(sk), &wait);
196 while (1) {
197 set_current_state(TASK_INTERRUPTIBLE);
198
199 if (sk->sk_state != BT_LISTEN) {
200 err = -EBADFD;
201 break;
202 }
203
204 nsk = bt_accept_dequeue(sk, newsock);
205 if (nsk)
206 break;
207
208 if (!timeo) {
209 err = -EAGAIN;
210 break;
211 }
212
213 if (signal_pending(current)) {
214 err = sock_intr_errno(timeo);
215 break;
216 }
217
218 release_sock(sk);
219 timeo = schedule_timeout(timeo);
220 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
221 }
222 __set_current_state(TASK_RUNNING);
223 remove_wait_queue(sk_sleep(sk), &wait);
224
225 if (err)
226 goto done;
227
228 newsock->state = SS_CONNECTED;
229
230 BT_DBG("new socket %p", nsk);
231
232done:
233 release_sock(sk);
234 return err;
235}
236
237static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
238{
239 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
240 struct sock *sk = sock->sk;
241 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
242
243 BT_DBG("sock %p, sk %p", sock, sk);
244
245 memset(la, 0, sizeof(struct sockaddr_l2));
246 addr->sa_family = AF_BLUETOOTH;
247 *len = sizeof(struct sockaddr_l2);
248
249 if (peer) {
250 la->l2_psm = chan->psm;
251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
252 la->l2_cid = cpu_to_le16(chan->dcid);
253 } else {
254 la->l2_psm = chan->sport;
255 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
256 la->l2_cid = cpu_to_le16(chan->scid);
257 }
258
259 return 0;
260}
261
262static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
263{
264 struct sock *sk = sock->sk;
265 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
266 struct l2cap_options opts;
267 struct l2cap_conninfo cinfo;
268 int len, err = 0;
269 u32 opt;
270
271 BT_DBG("sk %p", sk);
272
273 if (get_user(len, optlen))
274 return -EFAULT;
275
276 lock_sock(sk);
277
278 switch (optname) {
279 case L2CAP_OPTIONS:
280 memset(&opts, 0, sizeof(opts));
281 opts.imtu = chan->imtu;
282 opts.omtu = chan->omtu;
283 opts.flush_to = chan->flush_to;
284 opts.mode = chan->mode;
285 opts.fcs = chan->fcs;
286 opts.max_tx = chan->max_tx;
287 opts.txwin_size = chan->tx_win;
288
289 len = min_t(unsigned int, len, sizeof(opts));
290 if (copy_to_user(optval, (char *) &opts, len))
291 err = -EFAULT;
292
293 break;
294
295 case L2CAP_LM:
296 switch (chan->sec_level) {
297 case BT_SECURITY_LOW:
298 opt = L2CAP_LM_AUTH;
299 break;
300 case BT_SECURITY_MEDIUM:
301 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
302 break;
303 case BT_SECURITY_HIGH:
304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
305 L2CAP_LM_SECURE;
306 break;
307 default:
308 opt = 0;
309 break;
310 }
311
312 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
313 opt |= L2CAP_LM_MASTER;
314
315 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
316 opt |= L2CAP_LM_RELIABLE;
317
318 if (put_user(opt, (u32 __user *) optval))
319 err = -EFAULT;
320 break;
321
322 case L2CAP_CONNINFO:
323 if (sk->sk_state != BT_CONNECTED &&
324 !(sk->sk_state == BT_CONNECT2 &&
325 bt_sk(sk)->defer_setup)) {
326 err = -ENOTCONN;
327 break;
328 }
329
330 memset(&cinfo, 0, sizeof(cinfo));
331 cinfo.hci_handle = chan->conn->hcon->handle;
332 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
333
334 len = min_t(unsigned int, len, sizeof(cinfo));
335 if (copy_to_user(optval, (char *) &cinfo, len))
336 err = -EFAULT;
337
338 break;
339
340 default:
341 err = -ENOPROTOOPT;
342 break;
343 }
344
345 release_sock(sk);
346 return err;
347}
348
349static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
350{
351 struct sock *sk = sock->sk;
352 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
353 struct bt_security sec;
354 struct bt_power pwr;
355 int len, err = 0;
356
357 BT_DBG("sk %p", sk);
358
359 if (level == SOL_L2CAP)
360 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
361
362 if (level != SOL_BLUETOOTH)
363 return -ENOPROTOOPT;
364
365 if (get_user(len, optlen))
366 return -EFAULT;
367
368 lock_sock(sk);
369
370 switch (optname) {
371 case BT_SECURITY:
372 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
373 chan->chan_type != L2CAP_CHAN_RAW) {
374 err = -EINVAL;
375 break;
376 }
377
378 memset(&sec, 0, sizeof(sec));
379 sec.level = chan->sec_level;
380
381 if (sk->sk_state == BT_CONNECTED)
382 sec.key_size = chan->conn->hcon->enc_key_size;
383
384 len = min_t(unsigned int, len, sizeof(sec));
385 if (copy_to_user(optval, (char *) &sec, len))
386 err = -EFAULT;
387
388 break;
389
390 case BT_DEFER_SETUP:
391 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
392 err = -EINVAL;
393 break;
394 }
395
396 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
397 err = -EFAULT;
398
399 break;
400
401 case BT_FLUSHABLE:
402 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
403 (u32 __user *) optval))
404 err = -EFAULT;
405
406 break;
407
408 case BT_POWER:
409 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
410 && sk->sk_type != SOCK_RAW) {
411 err = -EINVAL;
412 break;
413 }
414
415 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
416
417 len = min_t(unsigned int, len, sizeof(pwr));
418 if (copy_to_user(optval, (char *) &pwr, len))
419 err = -EFAULT;
420
421 break;
422
423 case BT_CHANNEL_POLICY:
424 if (!enable_hs) {
425 err = -ENOPROTOOPT;
426 break;
427 }
428
429 if (put_user(chan->chan_policy, (u32 __user *) optval))
430 err = -EFAULT;
431 break;
432
433 default:
434 err = -ENOPROTOOPT;
435 break;
436 }
437
438 release_sock(sk);
439 return err;
440}
441
442static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
443{
444 struct sock *sk = sock->sk;
445 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
446 struct l2cap_options opts;
447 int len, err = 0;
448 u32 opt;
449
450 BT_DBG("sk %p", sk);
451
452 lock_sock(sk);
453
454 switch (optname) {
455 case L2CAP_OPTIONS:
456 if (sk->sk_state == BT_CONNECTED) {
457 err = -EINVAL;
458 break;
459 }
460
461 opts.imtu = chan->imtu;
462 opts.omtu = chan->omtu;
463 opts.flush_to = chan->flush_to;
464 opts.mode = chan->mode;
465 opts.fcs = chan->fcs;
466 opts.max_tx = chan->max_tx;
467 opts.txwin_size = chan->tx_win;
468
469 len = min_t(unsigned int, sizeof(opts), optlen);
470 if (copy_from_user((char *) &opts, optval, len)) {
471 err = -EFAULT;
472 break;
473 }
474
475 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
476 err = -EINVAL;
477 break;
478 }
479
480 chan->mode = opts.mode;
481 switch (chan->mode) {
482 case L2CAP_MODE_BASIC:
483 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
484 break;
485 case L2CAP_MODE_ERTM:
486 case L2CAP_MODE_STREAMING:
487 if (!disable_ertm)
488 break;
489 /* fall through */
490 default:
491 err = -EINVAL;
492 break;
493 }
494
495 chan->imtu = opts.imtu;
496 chan->omtu = opts.omtu;
497 chan->fcs = opts.fcs;
498 chan->max_tx = opts.max_tx;
499 chan->tx_win = opts.txwin_size;
500 break;
501
502 case L2CAP_LM:
503 if (get_user(opt, (u32 __user *) optval)) {
504 err = -EFAULT;
505 break;
506 }
507
508 if (opt & L2CAP_LM_AUTH)
509 chan->sec_level = BT_SECURITY_LOW;
510 if (opt & L2CAP_LM_ENCRYPT)
511 chan->sec_level = BT_SECURITY_MEDIUM;
512 if (opt & L2CAP_LM_SECURE)
513 chan->sec_level = BT_SECURITY_HIGH;
514
515 if (opt & L2CAP_LM_MASTER)
516 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
517 else
518 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
519
520 if (opt & L2CAP_LM_RELIABLE)
521 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
522 else
523 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
524 break;
525
526 default:
527 err = -ENOPROTOOPT;
528 break;
529 }
530
531 release_sock(sk);
532 return err;
533}
534
535static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
536{
537 struct sock *sk = sock->sk;
538 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
539 struct bt_security sec;
540 struct bt_power pwr;
541 struct l2cap_conn *conn;
542 int len, err = 0;
543 u32 opt;
544
545 BT_DBG("sk %p", sk);
546
547 if (level == SOL_L2CAP)
548 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
549
550 if (level != SOL_BLUETOOTH)
551 return -ENOPROTOOPT;
552
553 lock_sock(sk);
554
555 switch (optname) {
556 case BT_SECURITY:
557 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
558 chan->chan_type != L2CAP_CHAN_RAW) {
559 err = -EINVAL;
560 break;
561 }
562
563 sec.level = BT_SECURITY_LOW;
564
565 len = min_t(unsigned int, sizeof(sec), optlen);
566 if (copy_from_user((char *) &sec, optval, len)) {
567 err = -EFAULT;
568 break;
569 }
570
571 if (sec.level < BT_SECURITY_LOW ||
572 sec.level > BT_SECURITY_HIGH) {
573 err = -EINVAL;
574 break;
575 }
576
577 chan->sec_level = sec.level;
578
579 if (!chan->conn)
580 break;
581
582 conn = chan->conn;
583
584 /*change security for LE channels */
585 if (chan->scid == L2CAP_CID_LE_DATA) {
586 if (!conn->hcon->out) {
587 err = -EINVAL;
588 break;
589 }
590
591 if (smp_conn_security(conn->hcon, sec.level))
592 break;
593 sk->sk_state = BT_CONFIG;
594 chan->state = BT_CONFIG;
595
596 /* or for ACL link */
597 } else if ((sk->sk_state == BT_CONNECT2 &&
598 bt_sk(sk)->defer_setup) ||
599 sk->sk_state == BT_CONNECTED) {
600 if (!l2cap_chan_check_security(chan))
601 bt_sk(sk)->suspended = true;
602 else
603 sk->sk_state_change(sk);
604 } else {
605 err = -EINVAL;
606 }
607 break;
608
609 case BT_DEFER_SETUP:
610 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
611 err = -EINVAL;
612 break;
613 }
614
615 if (get_user(opt, (u32 __user *) optval)) {
616 err = -EFAULT;
617 break;
618 }
619
620 bt_sk(sk)->defer_setup = opt;
621 break;
622
623 case BT_FLUSHABLE:
624 if (get_user(opt, (u32 __user *) optval)) {
625 err = -EFAULT;
626 break;
627 }
628
629 if (opt > BT_FLUSHABLE_ON) {
630 err = -EINVAL;
631 break;
632 }
633
634 if (opt == BT_FLUSHABLE_OFF) {
635 struct l2cap_conn *conn = chan->conn;
636 /* proceed further only when we have l2cap_conn and
637 No Flush support in the LM */
638 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
639 err = -EINVAL;
640 break;
641 }
642 }
643
644 if (opt)
645 set_bit(FLAG_FLUSHABLE, &chan->flags);
646 else
647 clear_bit(FLAG_FLUSHABLE, &chan->flags);
648 break;
649
650 case BT_POWER:
651 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
652 chan->chan_type != L2CAP_CHAN_RAW) {
653 err = -EINVAL;
654 break;
655 }
656
657 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
658
659 len = min_t(unsigned int, sizeof(pwr), optlen);
660 if (copy_from_user((char *) &pwr, optval, len)) {
661 err = -EFAULT;
662 break;
663 }
664
665 if (pwr.force_active)
666 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
667 else
668 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
669 break;
670
671 case BT_CHANNEL_POLICY:
672 if (!enable_hs) {
673 err = -ENOPROTOOPT;
674 break;
675 }
676
677 if (get_user(opt, (u32 __user *) optval)) {
678 err = -EFAULT;
679 break;
680 }
681
682 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
683 err = -EINVAL;
684 break;
685 }
686
687 if (chan->mode != L2CAP_MODE_ERTM &&
688 chan->mode != L2CAP_MODE_STREAMING) {
689 err = -EOPNOTSUPP;
690 break;
691 }
692
693 chan->chan_policy = (u8) opt;
694 break;
695
696 default:
697 err = -ENOPROTOOPT;
698 break;
699 }
700
701 release_sock(sk);
702 return err;
703}
704
705static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
706{
707 struct sock *sk = sock->sk;
708 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
709 int err;
710
711 BT_DBG("sock %p, sk %p", sock, sk);
712
713 err = sock_error(sk);
714 if (err)
715 return err;
716
717 if (msg->msg_flags & MSG_OOB)
718 return -EOPNOTSUPP;
719
720 lock_sock(sk);
721
722 if (sk->sk_state != BT_CONNECTED) {
723 release_sock(sk);
724 return -ENOTCONN;
725 }
726
727 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
728
729 release_sock(sk);
730 return err;
731}
732
733static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
734{
735 struct sock *sk = sock->sk;
736 struct l2cap_pinfo *pi = l2cap_pi(sk);
737 int err;
738
739 lock_sock(sk);
740
741 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
742 sk->sk_state = BT_CONFIG;
743 pi->chan->state = BT_CONFIG;
744
745 __l2cap_connect_rsp_defer(pi->chan);
746 release_sock(sk);
747 return 0;
748 }
749
750 release_sock(sk);
751
752 if (sock->type == SOCK_STREAM)
753 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
754 else
755 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
756
757 if (pi->chan->mode != L2CAP_MODE_ERTM)
758 return err;
759
760 /* Attempt to put pending rx data in the socket buffer */
761
762 lock_sock(sk);
763
764 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
765 goto done;
766
767 if (pi->rx_busy_skb) {
768 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
769 pi->rx_busy_skb = NULL;
770 else
771 goto done;
772 }
773
774 /* Restore data flow when half of the receive buffer is
775 * available. This avoids resending large numbers of
776 * frames.
777 */
778 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
779 l2cap_chan_busy(pi->chan, 0);
780
781done:
782 release_sock(sk);
783 return err;
784}
785
786/* Kill socket (only if zapped and orphan)
787 * Must be called on unlocked socket.
788 */
789static void l2cap_sock_kill(struct sock *sk)
790{
791 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
792 return;
793
794 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
795
796 /* Kill poor orphan */
797
798 l2cap_chan_destroy(l2cap_pi(sk)->chan);
799 sock_set_flag(sk, SOCK_DEAD);
800 sock_put(sk);
801}
802
803static int l2cap_sock_shutdown(struct socket *sock, int how)
804{
805 struct sock *sk = sock->sk;
806 struct l2cap_chan *chan;
807 struct l2cap_conn *conn;
808 int err = 0;
809
810 BT_DBG("sock %p, sk %p", sock, sk);
811
812 if (!sk)
813 return 0;
814
815 chan = l2cap_pi(sk)->chan;
816 conn = chan->conn;
817
818 if (conn)
819 mutex_lock(&conn->chan_lock);
820
821 l2cap_chan_lock(chan);
822 lock_sock(sk);
823
824 if (!sk->sk_shutdown) {
825 if (chan->mode == L2CAP_MODE_ERTM)
826 err = __l2cap_wait_ack(sk);
827
828 sk->sk_shutdown = SHUTDOWN_MASK;
829
830 release_sock(sk);
831 l2cap_chan_close(chan, 0);
832 lock_sock(sk);
833
834 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
835 err = bt_sock_wait_state(sk, BT_CLOSED,
836 sk->sk_lingertime);
837 }
838
839 if (!err && sk->sk_err)
840 err = -sk->sk_err;
841
842 release_sock(sk);
843 l2cap_chan_unlock(chan);
844
845 if (conn)
846 mutex_unlock(&conn->chan_lock);
847
848 return err;
849}
850
851static int l2cap_sock_release(struct socket *sock)
852{
853 struct sock *sk = sock->sk;
854 int err;
855
856 BT_DBG("sock %p, sk %p", sock, sk);
857
858 if (!sk)
859 return 0;
860
861 err = l2cap_sock_shutdown(sock, 2);
862
863 sock_orphan(sk);
864 l2cap_sock_kill(sk);
865 return err;
866}
867
868static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
869{
870 struct sock *sk, *parent = data;
871
872 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
873 GFP_ATOMIC);
874 if (!sk)
875 return NULL;
876
877 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
878
879 l2cap_sock_init(sk, parent);
880
881 return l2cap_pi(sk)->chan;
882}
883
884static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
885{
886 int err;
887 struct sock *sk = data;
888 struct l2cap_pinfo *pi = l2cap_pi(sk);
889
890 lock_sock(sk);
891
892 if (pi->rx_busy_skb) {
893 err = -ENOMEM;
894 goto done;
895 }
896
897 err = sock_queue_rcv_skb(sk, skb);
898
899 /* For ERTM, handle one skb that doesn't fit into the recv
900 * buffer. This is important to do because the data frames
901 * have already been acked, so the skb cannot be discarded.
902 *
903 * Notify the l2cap core that the buffer is full, so the
904 * LOCAL_BUSY state is entered and no more frames are
905 * acked and reassembled until there is buffer space
906 * available.
907 */
908 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
909 pi->rx_busy_skb = skb;
910 l2cap_chan_busy(pi->chan, 1);
911 err = 0;
912 }
913
914done:
915 release_sock(sk);
916
917 return err;
918}
919
920static void l2cap_sock_close_cb(void *data)
921{
922 struct sock *sk = data;
923
924 l2cap_sock_kill(sk);
925}
926
927static void l2cap_sock_state_change_cb(void *data, int state)
928{
929 struct sock *sk = data;
930
931 sk->sk_state = state;
932}
933
934static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
935 unsigned long len, int nb,
936 int *err)
937{
938 struct sock *sk = chan->sk;
939
940 return bt_skb_send_alloc(sk, len, nb, err);
941}
942
943static struct l2cap_ops l2cap_chan_ops = {
944 .name = "L2CAP Socket Interface",
945 .new_connection = l2cap_sock_new_connection_cb,
946 .recv = l2cap_sock_recv_cb,
947 .close = l2cap_sock_close_cb,
948 .state_change = l2cap_sock_state_change_cb,
949 .alloc_skb = l2cap_sock_alloc_skb_cb,
950};
951
952static void l2cap_sock_destruct(struct sock *sk)
953{
954 BT_DBG("sk %p", sk);
955
956 if (l2cap_pi(sk)->rx_busy_skb) {
957 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
958 l2cap_pi(sk)->rx_busy_skb = NULL;
959 }
960
961 skb_queue_purge(&sk->sk_receive_queue);
962 skb_queue_purge(&sk->sk_write_queue);
963}
964
965static void l2cap_sock_init(struct sock *sk, struct sock *parent)
966{
967 struct l2cap_pinfo *pi = l2cap_pi(sk);
968 struct l2cap_chan *chan = pi->chan;
969
970 BT_DBG("sk %p", sk);
971
972 if (parent) {
973 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
974
975 sk->sk_type = parent->sk_type;
976 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
977
978 chan->chan_type = pchan->chan_type;
979 chan->imtu = pchan->imtu;
980 chan->omtu = pchan->omtu;
981 chan->conf_state = pchan->conf_state;
982 chan->mode = pchan->mode;
983 chan->fcs = pchan->fcs;
984 chan->max_tx = pchan->max_tx;
985 chan->tx_win = pchan->tx_win;
986 chan->tx_win_max = pchan->tx_win_max;
987 chan->sec_level = pchan->sec_level;
988 chan->flags = pchan->flags;
989
990 security_sk_clone(parent, sk);
991 } else {
992
993 switch (sk->sk_type) {
994 case SOCK_RAW:
995 chan->chan_type = L2CAP_CHAN_RAW;
996 break;
997 case SOCK_DGRAM:
998 chan->chan_type = L2CAP_CHAN_CONN_LESS;
999 break;
1000 case SOCK_SEQPACKET:
1001 case SOCK_STREAM:
1002 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1003 break;
1004 }
1005
1006 chan->imtu = L2CAP_DEFAULT_MTU;
1007 chan->omtu = 0;
1008 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1009 chan->mode = L2CAP_MODE_ERTM;
1010 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1011 } else {
1012 chan->mode = L2CAP_MODE_BASIC;
1013 }
1014 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
1015 chan->fcs = L2CAP_FCS_CRC16;
1016 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
1017 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
1018 chan->sec_level = BT_SECURITY_LOW;
1019 chan->flags = 0;
1020 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1021 }
1022
1023 /* Default config options */
1024 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1025
1026 chan->data = sk;
1027 chan->ops = &l2cap_chan_ops;
1028}
1029
1030static struct proto l2cap_proto = {
1031 .name = "L2CAP",
1032 .owner = THIS_MODULE,
1033 .obj_size = sizeof(struct l2cap_pinfo)
1034};
1035
1036static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1037{
1038 struct sock *sk;
1039 struct l2cap_chan *chan;
1040
1041 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1042 if (!sk)
1043 return NULL;
1044
1045 sock_init_data(sock, sk);
1046 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1047
1048 sk->sk_destruct = l2cap_sock_destruct;
1049 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1050
1051 sock_reset_flag(sk, SOCK_ZAPPED);
1052
1053 sk->sk_protocol = proto;
1054 sk->sk_state = BT_OPEN;
1055
1056 chan = l2cap_chan_create(sk);
1057 if (!chan) {
1058 l2cap_sock_kill(sk);
1059 return NULL;
1060 }
1061
1062 l2cap_pi(sk)->chan = chan;
1063
1064 return sk;
1065}
1066
1067static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1068 int kern)
1069{
1070 struct sock *sk;
1071
1072 BT_DBG("sock %p", sock);
1073
1074 sock->state = SS_UNCONNECTED;
1075
1076 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1077 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1078 return -ESOCKTNOSUPPORT;
1079
1080 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1081 return -EPERM;
1082
1083 sock->ops = &l2cap_sock_ops;
1084
1085 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1086 if (!sk)
1087 return -ENOMEM;
1088
1089 l2cap_sock_init(sk, NULL);
1090 return 0;
1091}
1092
1093static const struct proto_ops l2cap_sock_ops = {
1094 .family = PF_BLUETOOTH,
1095 .owner = THIS_MODULE,
1096 .release = l2cap_sock_release,
1097 .bind = l2cap_sock_bind,
1098 .connect = l2cap_sock_connect,
1099 .listen = l2cap_sock_listen,
1100 .accept = l2cap_sock_accept,
1101 .getname = l2cap_sock_getname,
1102 .sendmsg = l2cap_sock_sendmsg,
1103 .recvmsg = l2cap_sock_recvmsg,
1104 .poll = bt_sock_poll,
1105 .ioctl = bt_sock_ioctl,
1106 .mmap = sock_no_mmap,
1107 .socketpair = sock_no_socketpair,
1108 .shutdown = l2cap_sock_shutdown,
1109 .setsockopt = l2cap_sock_setsockopt,
1110 .getsockopt = l2cap_sock_getsockopt
1111};
1112
1113static const struct net_proto_family l2cap_sock_family_ops = {
1114 .family = PF_BLUETOOTH,
1115 .owner = THIS_MODULE,
1116 .create = l2cap_sock_create,
1117};
1118
1119int __init l2cap_init_sockets(void)
1120{
1121 int err;
1122
1123 err = proto_register(&l2cap_proto, 0);
1124 if (err < 0)
1125 return err;
1126
1127 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1128 if (err < 0)
1129 goto error;
1130
1131 BT_INFO("L2CAP socket layer initialized");
1132
1133 return 0;
1134
1135error:
1136 BT_ERR("L2CAP socket registration failed");
1137 proto_unregister(&l2cap_proto);
1138 return err;
1139}
1140
1141void l2cap_cleanup_sockets(void)
1142{
1143 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1144 BT_ERR("L2CAP socket unregistration failed");
1145
1146 proto_unregister(&l2cap_proto);
1147}