1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/export.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/smp.h>
36
37static struct bt_sock_list l2cap_sk_list = {
38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
39};
40
41static const struct proto_ops l2cap_sock_ops;
42static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio);
45
46bool l2cap_is_socket(struct socket *sock)
47{
48 return sock && sock->ops == &l2cap_sock_ops;
49}
50EXPORT_SYMBOL(l2cap_is_socket);
51
52static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
53{
54 struct sock *sk = sock->sk;
55 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
56 struct sockaddr_l2 la;
57 int len, err = 0;
58
59 BT_DBG("sk %p", sk);
60
61 if (!addr || addr->sa_family != AF_BLUETOOTH)
62 return -EINVAL;
63
64 memset(&la, 0, sizeof(la));
65 len = min_t(unsigned int, sizeof(la), alen);
66 memcpy(&la, addr, len);
67
68 if (la.l2_cid && la.l2_psm)
69 return -EINVAL;
70
71 lock_sock(sk);
72
73 if (sk->sk_state != BT_OPEN) {
74 err = -EBADFD;
75 goto done;
76 }
77
78 if (la.l2_psm) {
79 __u16 psm = __le16_to_cpu(la.l2_psm);
80
81
82 if ((psm & 0x0101) != 0x0001) {
83 err = -EINVAL;
84 goto done;
85 }
86
87
88 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
89 err = -EACCES;
90 goto done;
91 }
92 }
93
94 if (la.l2_cid)
95 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
96 else
97 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
98
99 if (err < 0)
100 goto done;
101
102 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
103 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
104 chan->sec_level = BT_SECURITY_SDP;
105
106 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
107
108 chan->state = BT_BOUND;
109 sk->sk_state = BT_BOUND;
110
111done:
112 release_sock(sk);
113 return err;
114}
115
116static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
117 int alen, int flags)
118{
119 struct sock *sk = sock->sk;
120 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
121 struct sockaddr_l2 la;
122 int len, err = 0;
123
124 BT_DBG("sk %p", sk);
125
126 if (!addr || alen < sizeof(addr->sa_family) ||
127 addr->sa_family != AF_BLUETOOTH)
128 return -EINVAL;
129
130 memset(&la, 0, sizeof(la));
131 len = min_t(unsigned int, sizeof(la), alen);
132 memcpy(&la, addr, len);
133
134 if (la.l2_cid && la.l2_psm)
135 return -EINVAL;
136
137 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
138 &la.l2_bdaddr, la.l2_bdaddr_type);
139 if (err)
140 return err;
141
142 lock_sock(sk);
143
144 err = bt_sock_wait_state(sk, BT_CONNECTED,
145 sock_sndtimeo(sk, flags & O_NONBLOCK));
146
147 release_sock(sk);
148
149 return err;
150}
151
152static int l2cap_sock_listen(struct socket *sock, int backlog)
153{
154 struct sock *sk = sock->sk;
155 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
156 int err = 0;
157
158 BT_DBG("sk %p backlog %d", sk, backlog);
159
160 lock_sock(sk);
161
162 if (sk->sk_state != BT_BOUND) {
163 err = -EBADFD;
164 goto done;
165 }
166
167 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
168 err = -EINVAL;
169 goto done;
170 }
171
172 switch (chan->mode) {
173 case L2CAP_MODE_BASIC:
174 break;
175 case L2CAP_MODE_ERTM:
176 case L2CAP_MODE_STREAMING:
177 if (!disable_ertm)
178 break;
179
180 default:
181 err = -ENOTSUPP;
182 goto done;
183 }
184
185 sk->sk_max_ack_backlog = backlog;
186 sk->sk_ack_backlog = 0;
187
188 chan->state = BT_LISTEN;
189 sk->sk_state = BT_LISTEN;
190
191done:
192 release_sock(sk);
193 return err;
194}
195
196static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
197 int flags)
198{
199 DECLARE_WAITQUEUE(wait, current);
200 struct sock *sk = sock->sk, *nsk;
201 long timeo;
202 int err = 0;
203
204 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
205
206 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
207
208 BT_DBG("sk %p timeo %ld", sk, timeo);
209
210
211 add_wait_queue_exclusive(sk_sleep(sk), &wait);
212 while (1) {
213 set_current_state(TASK_INTERRUPTIBLE);
214
215 if (sk->sk_state != BT_LISTEN) {
216 err = -EBADFD;
217 break;
218 }
219
220 nsk = bt_accept_dequeue(sk, newsock);
221 if (nsk)
222 break;
223
224 if (!timeo) {
225 err = -EAGAIN;
226 break;
227 }
228
229 if (signal_pending(current)) {
230 err = sock_intr_errno(timeo);
231 break;
232 }
233
234 release_sock(sk);
235 timeo = schedule_timeout(timeo);
236 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
237 }
238 __set_current_state(TASK_RUNNING);
239 remove_wait_queue(sk_sleep(sk), &wait);
240
241 if (err)
242 goto done;
243
244 newsock->state = SS_CONNECTED;
245
246 BT_DBG("new socket %p", nsk);
247
248done:
249 release_sock(sk);
250 return err;
251}
252
253static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
254 int *len, int peer)
255{
256 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
257 struct sock *sk = sock->sk;
258 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
259
260 BT_DBG("sock %p, sk %p", sock, sk);
261
262 memset(la, 0, sizeof(struct sockaddr_l2));
263 addr->sa_family = AF_BLUETOOTH;
264 *len = sizeof(struct sockaddr_l2);
265
266 if (peer) {
267 la->l2_psm = chan->psm;
268 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
269 la->l2_cid = cpu_to_le16(chan->dcid);
270 } else {
271 la->l2_psm = chan->sport;
272 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
273 la->l2_cid = cpu_to_le16(chan->scid);
274 }
275
276 return 0;
277}
278
279static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
280 char __user *optval, int __user *optlen)
281{
282 struct sock *sk = sock->sk;
283 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
284 struct l2cap_options opts;
285 struct l2cap_conninfo cinfo;
286 int len, err = 0;
287 u32 opt;
288
289 BT_DBG("sk %p", sk);
290
291 if (get_user(len, optlen))
292 return -EFAULT;
293
294 lock_sock(sk);
295
296 switch (optname) {
297 case L2CAP_OPTIONS:
298 memset(&opts, 0, sizeof(opts));
299 opts.imtu = chan->imtu;
300 opts.omtu = chan->omtu;
301 opts.flush_to = chan->flush_to;
302 opts.mode = chan->mode;
303 opts.fcs = chan->fcs;
304 opts.max_tx = chan->max_tx;
305 opts.txwin_size = chan->tx_win;
306
307 len = min_t(unsigned int, len, sizeof(opts));
308 if (copy_to_user(optval, (char *) &opts, len))
309 err = -EFAULT;
310
311 break;
312
313 case L2CAP_LM:
314 switch (chan->sec_level) {
315 case BT_SECURITY_LOW:
316 opt = L2CAP_LM_AUTH;
317 break;
318 case BT_SECURITY_MEDIUM:
319 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
320 break;
321 case BT_SECURITY_HIGH:
322 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
323 L2CAP_LM_SECURE;
324 break;
325 default:
326 opt = 0;
327 break;
328 }
329
330 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
331 opt |= L2CAP_LM_MASTER;
332
333 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
334 opt |= L2CAP_LM_RELIABLE;
335
336 if (put_user(opt, (u32 __user *) optval))
337 err = -EFAULT;
338 break;
339
340 case L2CAP_CONNINFO:
341 if (sk->sk_state != BT_CONNECTED &&
342 !(sk->sk_state == BT_CONNECT2 &&
343 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
344 err = -ENOTCONN;
345 break;
346 }
347
348 memset(&cinfo, 0, sizeof(cinfo));
349 cinfo.hci_handle = chan->conn->hcon->handle;
350 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
351
352 len = min_t(unsigned int, len, sizeof(cinfo));
353 if (copy_to_user(optval, (char *) &cinfo, len))
354 err = -EFAULT;
355
356 break;
357
358 default:
359 err = -ENOPROTOOPT;
360 break;
361 }
362
363 release_sock(sk);
364 return err;
365}
366
367static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
368 char __user *optval, int __user *optlen)
369{
370 struct sock *sk = sock->sk;
371 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
372 struct bt_security sec;
373 struct bt_power pwr;
374 int len, err = 0;
375
376 BT_DBG("sk %p", sk);
377
378 if (level == SOL_L2CAP)
379 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
380
381 if (level != SOL_BLUETOOTH)
382 return -ENOPROTOOPT;
383
384 if (get_user(len, optlen))
385 return -EFAULT;
386
387 lock_sock(sk);
388
389 switch (optname) {
390 case BT_SECURITY:
391 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
392 chan->chan_type != L2CAP_CHAN_RAW) {
393 err = -EINVAL;
394 break;
395 }
396
397 memset(&sec, 0, sizeof(sec));
398 if (chan->conn) {
399 sec.level = chan->conn->hcon->sec_level;
400
401 if (sk->sk_state == BT_CONNECTED)
402 sec.key_size = chan->conn->hcon->enc_key_size;
403 } else {
404 sec.level = chan->sec_level;
405 }
406
407 len = min_t(unsigned int, len, sizeof(sec));
408 if (copy_to_user(optval, (char *) &sec, len))
409 err = -EFAULT;
410
411 break;
412
413 case BT_DEFER_SETUP:
414 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
415 err = -EINVAL;
416 break;
417 }
418
419 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
420 (u32 __user *) optval))
421 err = -EFAULT;
422
423 break;
424
425 case BT_FLUSHABLE:
426 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
427 (u32 __user *) optval))
428 err = -EFAULT;
429
430 break;
431
432 case BT_POWER:
433 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
434 && sk->sk_type != SOCK_RAW) {
435 err = -EINVAL;
436 break;
437 }
438
439 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
440
441 len = min_t(unsigned int, len, sizeof(pwr));
442 if (copy_to_user(optval, (char *) &pwr, len))
443 err = -EFAULT;
444
445 break;
446
447 case BT_CHANNEL_POLICY:
448 if (!enable_hs) {
449 err = -ENOPROTOOPT;
450 break;
451 }
452
453 if (put_user(chan->chan_policy, (u32 __user *) optval))
454 err = -EFAULT;
455 break;
456
457 default:
458 err = -ENOPROTOOPT;
459 break;
460 }
461
462 release_sock(sk);
463 return err;
464}
465
466static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
467{
468 switch (chan->scid) {
469 case L2CAP_CID_LE_DATA:
470 if (mtu < L2CAP_LE_MIN_MTU)
471 return false;
472 break;
473
474 default:
475 if (mtu < L2CAP_DEFAULT_MIN_MTU)
476 return false;
477 }
478
479 return true;
480}
481
482static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
483 char __user *optval, unsigned int optlen)
484{
485 struct sock *sk = sock->sk;
486 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
487 struct l2cap_options opts;
488 int len, err = 0;
489 u32 opt;
490
491 BT_DBG("sk %p", sk);
492
493 lock_sock(sk);
494
495 switch (optname) {
496 case L2CAP_OPTIONS:
497 if (sk->sk_state == BT_CONNECTED) {
498 err = -EINVAL;
499 break;
500 }
501
502 opts.imtu = chan->imtu;
503 opts.omtu = chan->omtu;
504 opts.flush_to = chan->flush_to;
505 opts.mode = chan->mode;
506 opts.fcs = chan->fcs;
507 opts.max_tx = chan->max_tx;
508 opts.txwin_size = chan->tx_win;
509
510 len = min_t(unsigned int, sizeof(opts), optlen);
511 if (copy_from_user((char *) &opts, optval, len)) {
512 err = -EFAULT;
513 break;
514 }
515
516 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
517 err = -EINVAL;
518 break;
519 }
520
521 if (!l2cap_valid_mtu(chan, opts.imtu)) {
522 err = -EINVAL;
523 break;
524 }
525
526 chan->mode = opts.mode;
527 switch (chan->mode) {
528 case L2CAP_MODE_BASIC:
529 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
530 break;
531 case L2CAP_MODE_ERTM:
532 case L2CAP_MODE_STREAMING:
533 if (!disable_ertm)
534 break;
535
536 default:
537 err = -EINVAL;
538 break;
539 }
540
541 chan->imtu = opts.imtu;
542 chan->omtu = opts.omtu;
543 chan->fcs = opts.fcs;
544 chan->max_tx = opts.max_tx;
545 chan->tx_win = opts.txwin_size;
546 chan->flush_to = opts.flush_to;
547 break;
548
549 case L2CAP_LM:
550 if (get_user(opt, (u32 __user *) optval)) {
551 err = -EFAULT;
552 break;
553 }
554
555 if (opt & L2CAP_LM_AUTH)
556 chan->sec_level = BT_SECURITY_LOW;
557 if (opt & L2CAP_LM_ENCRYPT)
558 chan->sec_level = BT_SECURITY_MEDIUM;
559 if (opt & L2CAP_LM_SECURE)
560 chan->sec_level = BT_SECURITY_HIGH;
561
562 if (opt & L2CAP_LM_MASTER)
563 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
564 else
565 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
566
567 if (opt & L2CAP_LM_RELIABLE)
568 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
569 else
570 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
571 break;
572
573 default:
574 err = -ENOPROTOOPT;
575 break;
576 }
577
578 release_sock(sk);
579 return err;
580}
581
582static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
583 char __user *optval, unsigned int optlen)
584{
585 struct sock *sk = sock->sk;
586 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
587 struct bt_security sec;
588 struct bt_power pwr;
589 struct l2cap_conn *conn;
590 int len, err = 0;
591 u32 opt;
592
593 BT_DBG("sk %p", sk);
594
595 if (level == SOL_L2CAP)
596 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
597
598 if (level != SOL_BLUETOOTH)
599 return -ENOPROTOOPT;
600
601 lock_sock(sk);
602
603 switch (optname) {
604 case BT_SECURITY:
605 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
606 chan->chan_type != L2CAP_CHAN_RAW) {
607 err = -EINVAL;
608 break;
609 }
610
611 sec.level = BT_SECURITY_LOW;
612
613 len = min_t(unsigned int, sizeof(sec), optlen);
614 if (copy_from_user((char *) &sec, optval, len)) {
615 err = -EFAULT;
616 break;
617 }
618
619 if (sec.level < BT_SECURITY_LOW ||
620 sec.level > BT_SECURITY_HIGH) {
621 err = -EINVAL;
622 break;
623 }
624
625 chan->sec_level = sec.level;
626
627 if (!chan->conn)
628 break;
629
630 conn = chan->conn;
631
632
633 if (chan->scid == L2CAP_CID_LE_DATA) {
634 if (!conn->hcon->out) {
635 err = -EINVAL;
636 break;
637 }
638
639 if (smp_conn_security(conn->hcon, sec.level))
640 break;
641 sk->sk_state = BT_CONFIG;
642 chan->state = BT_CONFIG;
643
644
645 } else if ((sk->sk_state == BT_CONNECT2 &&
646 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
647 sk->sk_state == BT_CONNECTED) {
648 if (!l2cap_chan_check_security(chan))
649 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
650 else
651 sk->sk_state_change(sk);
652 } else {
653 err = -EINVAL;
654 }
655 break;
656
657 case BT_DEFER_SETUP:
658 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
659 err = -EINVAL;
660 break;
661 }
662
663 if (get_user(opt, (u32 __user *) optval)) {
664 err = -EFAULT;
665 break;
666 }
667
668 if (opt)
669 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
670 else
671 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
672 break;
673
674 case BT_FLUSHABLE:
675 if (get_user(opt, (u32 __user *) optval)) {
676 err = -EFAULT;
677 break;
678 }
679
680 if (opt > BT_FLUSHABLE_ON) {
681 err = -EINVAL;
682 break;
683 }
684
685 if (opt == BT_FLUSHABLE_OFF) {
686 struct l2cap_conn *conn = chan->conn;
687
688
689 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
690 err = -EINVAL;
691 break;
692 }
693 }
694
695 if (opt)
696 set_bit(FLAG_FLUSHABLE, &chan->flags);
697 else
698 clear_bit(FLAG_FLUSHABLE, &chan->flags);
699 break;
700
701 case BT_POWER:
702 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
703 chan->chan_type != L2CAP_CHAN_RAW) {
704 err = -EINVAL;
705 break;
706 }
707
708 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
709
710 len = min_t(unsigned int, sizeof(pwr), optlen);
711 if (copy_from_user((char *) &pwr, optval, len)) {
712 err = -EFAULT;
713 break;
714 }
715
716 if (pwr.force_active)
717 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
718 else
719 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
720 break;
721
722 case BT_CHANNEL_POLICY:
723 if (!enable_hs) {
724 err = -ENOPROTOOPT;
725 break;
726 }
727
728 if (get_user(opt, (u32 __user *) optval)) {
729 err = -EFAULT;
730 break;
731 }
732
733 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
734 err = -EINVAL;
735 break;
736 }
737
738 if (chan->mode != L2CAP_MODE_ERTM &&
739 chan->mode != L2CAP_MODE_STREAMING) {
740 err = -EOPNOTSUPP;
741 break;
742 }
743
744 chan->chan_policy = (u8) opt;
745
746 if (sk->sk_state == BT_CONNECTED &&
747 chan->move_role == L2CAP_MOVE_ROLE_NONE)
748 l2cap_move_start(chan);
749
750 break;
751
752 default:
753 err = -ENOPROTOOPT;
754 break;
755 }
756
757 release_sock(sk);
758 return err;
759}
760
761static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
762 struct msghdr *msg, size_t len)
763{
764 struct sock *sk = sock->sk;
765 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
766 int err;
767
768 BT_DBG("sock %p, sk %p", sock, sk);
769
770 err = sock_error(sk);
771 if (err)
772 return err;
773
774 if (msg->msg_flags & MSG_OOB)
775 return -EOPNOTSUPP;
776
777 if (sk->sk_state != BT_CONNECTED)
778 return -ENOTCONN;
779
780 l2cap_chan_lock(chan);
781 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
782 l2cap_chan_unlock(chan);
783
784 return err;
785}
786
787static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
788 struct msghdr *msg, size_t len, int flags)
789{
790 struct sock *sk = sock->sk;
791 struct l2cap_pinfo *pi = l2cap_pi(sk);
792 int err;
793
794 lock_sock(sk);
795
796 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
797 &bt_sk(sk)->flags)) {
798 sk->sk_state = BT_CONFIG;
799 pi->chan->state = BT_CONFIG;
800
801 __l2cap_connect_rsp_defer(pi->chan);
802 release_sock(sk);
803 return 0;
804 }
805
806 release_sock(sk);
807
808 if (sock->type == SOCK_STREAM)
809 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
810 else
811 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
812
813 if (pi->chan->mode != L2CAP_MODE_ERTM)
814 return err;
815
816
817
818 lock_sock(sk);
819
820 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
821 goto done;
822
823 if (pi->rx_busy_skb) {
824 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
825 pi->rx_busy_skb = NULL;
826 else
827 goto done;
828 }
829
830
831
832
833
834 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
835 l2cap_chan_busy(pi->chan, 0);
836
837done:
838 release_sock(sk);
839 return err;
840}
841
842
843
844
845static void l2cap_sock_kill(struct sock *sk)
846{
847 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
848 return;
849
850 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
851
852
853
854 l2cap_chan_put(l2cap_pi(sk)->chan);
855 sock_set_flag(sk, SOCK_DEAD);
856 sock_put(sk);
857}
858
859static int l2cap_sock_shutdown(struct socket *sock, int how)
860{
861 struct sock *sk = sock->sk;
862 struct l2cap_chan *chan;
863 struct l2cap_conn *conn;
864 int err = 0;
865
866 BT_DBG("sock %p, sk %p", sock, sk);
867
868 if (!sk)
869 return 0;
870
871 chan = l2cap_pi(sk)->chan;
872 conn = chan->conn;
873
874 if (conn)
875 mutex_lock(&conn->chan_lock);
876
877 l2cap_chan_lock(chan);
878 lock_sock(sk);
879
880 if (!sk->sk_shutdown) {
881 if (chan->mode == L2CAP_MODE_ERTM)
882 err = __l2cap_wait_ack(sk);
883
884 sk->sk_shutdown = SHUTDOWN_MASK;
885
886 release_sock(sk);
887 l2cap_chan_close(chan, 0);
888 lock_sock(sk);
889
890 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
891 err = bt_sock_wait_state(sk, BT_CLOSED,
892 sk->sk_lingertime);
893 }
894
895 if (!err && sk->sk_err)
896 err = -sk->sk_err;
897
898 release_sock(sk);
899 l2cap_chan_unlock(chan);
900
901 if (conn)
902 mutex_unlock(&conn->chan_lock);
903
904 return err;
905}
906
907static int l2cap_sock_release(struct socket *sock)
908{
909 struct sock *sk = sock->sk;
910 int err;
911
912 BT_DBG("sock %p, sk %p", sock, sk);
913
914 if (!sk)
915 return 0;
916
917 bt_sock_unlink(&l2cap_sk_list, sk);
918
919 err = l2cap_sock_shutdown(sock, 2);
920
921 sock_orphan(sk);
922 l2cap_sock_kill(sk);
923 return err;
924}
925
926static void l2cap_sock_cleanup_listen(struct sock *parent)
927{
928 struct sock *sk;
929
930 BT_DBG("parent %p", parent);
931
932
933 while ((sk = bt_accept_dequeue(parent, NULL))) {
934 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
935
936 l2cap_chan_lock(chan);
937 __clear_chan_timer(chan);
938 l2cap_chan_close(chan, ECONNRESET);
939 l2cap_chan_unlock(chan);
940
941 l2cap_sock_kill(sk);
942 }
943}
944
945static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
946{
947 struct sock *sk, *parent = chan->data;
948
949
950 if (sk_acceptq_is_full(parent)) {
951 BT_DBG("backlog full %d", parent->sk_ack_backlog);
952 return NULL;
953 }
954
955 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
956 GFP_ATOMIC);
957 if (!sk)
958 return NULL;
959
960 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
961
962 l2cap_sock_init(sk, parent);
963
964 bt_accept_enqueue(parent, sk);
965
966 return l2cap_pi(sk)->chan;
967}
968
969static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
970{
971 int err;
972 struct sock *sk = chan->data;
973 struct l2cap_pinfo *pi = l2cap_pi(sk);
974
975 lock_sock(sk);
976
977 if (pi->rx_busy_skb) {
978 err = -ENOMEM;
979 goto done;
980 }
981
982 err = sock_queue_rcv_skb(sk, skb);
983
984
985
986
987
988
989
990
991
992
993 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
994 pi->rx_busy_skb = skb;
995 l2cap_chan_busy(pi->chan, 1);
996 err = 0;
997 }
998
999done:
1000 release_sock(sk);
1001
1002 return err;
1003}
1004
1005static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1006{
1007 struct sock *sk = chan->data;
1008
1009 l2cap_sock_kill(sk);
1010}
1011
1012static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1013{
1014 struct sock *sk = chan->data;
1015 struct sock *parent;
1016
1017 lock_sock(sk);
1018
1019 parent = bt_sk(sk)->parent;
1020
1021 sock_set_flag(sk, SOCK_ZAPPED);
1022
1023 switch (chan->state) {
1024 case BT_OPEN:
1025 case BT_BOUND:
1026 case BT_CLOSED:
1027 break;
1028 case BT_LISTEN:
1029 l2cap_sock_cleanup_listen(sk);
1030 sk->sk_state = BT_CLOSED;
1031 chan->state = BT_CLOSED;
1032
1033 break;
1034 default:
1035 sk->sk_state = BT_CLOSED;
1036 chan->state = BT_CLOSED;
1037
1038 sk->sk_err = err;
1039
1040 if (parent) {
1041 bt_accept_unlink(sk);
1042 parent->sk_data_ready(parent, 0);
1043 } else {
1044 sk->sk_state_change(sk);
1045 }
1046
1047 break;
1048 }
1049
1050 release_sock(sk);
1051}
1052
1053static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1054{
1055 struct sock *sk = chan->data;
1056
1057 sk->sk_state = state;
1058}
1059
1060static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1061 unsigned long len, int nb)
1062{
1063 struct sk_buff *skb;
1064 int err;
1065
1066 l2cap_chan_unlock(chan);
1067 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1068 l2cap_chan_lock(chan);
1069
1070 if (!skb)
1071 return ERR_PTR(err);
1072
1073 return skb;
1074}
1075
1076static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1077{
1078 struct sock *sk = chan->data;
1079 struct sock *parent;
1080
1081 lock_sock(sk);
1082
1083 parent = bt_sk(sk)->parent;
1084
1085 BT_DBG("sk %p, parent %p", sk, parent);
1086
1087 sk->sk_state = BT_CONNECTED;
1088 sk->sk_state_change(sk);
1089
1090 if (parent)
1091 parent->sk_data_ready(parent, 0);
1092
1093 release_sock(sk);
1094}
1095
1096static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1097{
1098 struct sock *sk = chan->data;
1099 struct sock *parent = bt_sk(sk)->parent;
1100
1101 if (parent)
1102 parent->sk_data_ready(parent, 0);
1103}
1104
1105static struct l2cap_ops l2cap_chan_ops = {
1106 .name = "L2CAP Socket Interface",
1107 .new_connection = l2cap_sock_new_connection_cb,
1108 .recv = l2cap_sock_recv_cb,
1109 .close = l2cap_sock_close_cb,
1110 .teardown = l2cap_sock_teardown_cb,
1111 .state_change = l2cap_sock_state_change_cb,
1112 .ready = l2cap_sock_ready_cb,
1113 .defer = l2cap_sock_defer_cb,
1114 .alloc_skb = l2cap_sock_alloc_skb_cb,
1115};
1116
1117static void l2cap_sock_destruct(struct sock *sk)
1118{
1119 BT_DBG("sk %p", sk);
1120
1121 if (l2cap_pi(sk)->chan)
1122 l2cap_chan_put(l2cap_pi(sk)->chan);
1123 if (l2cap_pi(sk)->rx_busy_skb) {
1124 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1125 l2cap_pi(sk)->rx_busy_skb = NULL;
1126 }
1127
1128 skb_queue_purge(&sk->sk_receive_queue);
1129 skb_queue_purge(&sk->sk_write_queue);
1130}
1131
1132static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1133{
1134 struct l2cap_pinfo *pi = l2cap_pi(sk);
1135 struct l2cap_chan *chan = pi->chan;
1136
1137 BT_DBG("sk %p", sk);
1138
1139 if (parent) {
1140 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1141
1142 sk->sk_type = parent->sk_type;
1143 bt_sk(sk)->flags = bt_sk(parent)->flags;
1144
1145 chan->chan_type = pchan->chan_type;
1146 chan->imtu = pchan->imtu;
1147 chan->omtu = pchan->omtu;
1148 chan->conf_state = pchan->conf_state;
1149 chan->mode = pchan->mode;
1150 chan->fcs = pchan->fcs;
1151 chan->max_tx = pchan->max_tx;
1152 chan->tx_win = pchan->tx_win;
1153 chan->tx_win_max = pchan->tx_win_max;
1154 chan->sec_level = pchan->sec_level;
1155 chan->flags = pchan->flags;
1156
1157 security_sk_clone(parent, sk);
1158 } else {
1159
1160 switch (sk->sk_type) {
1161 case SOCK_RAW:
1162 chan->chan_type = L2CAP_CHAN_RAW;
1163 break;
1164 case SOCK_DGRAM:
1165 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1166 break;
1167 case SOCK_SEQPACKET:
1168 case SOCK_STREAM:
1169 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1170 break;
1171 }
1172
1173 chan->imtu = L2CAP_DEFAULT_MTU;
1174 chan->omtu = 0;
1175 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1176 chan->mode = L2CAP_MODE_ERTM;
1177 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1178 } else {
1179 chan->mode = L2CAP_MODE_BASIC;
1180 }
1181
1182 l2cap_chan_set_defaults(chan);
1183 }
1184
1185
1186 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1187
1188 chan->data = sk;
1189 chan->ops = &l2cap_chan_ops;
1190}
1191
1192static struct proto l2cap_proto = {
1193 .name = "L2CAP",
1194 .owner = THIS_MODULE,
1195 .obj_size = sizeof(struct l2cap_pinfo)
1196};
1197
1198static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1199 int proto, gfp_t prio)
1200{
1201 struct sock *sk;
1202 struct l2cap_chan *chan;
1203
1204 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1205 if (!sk)
1206 return NULL;
1207
1208 sock_init_data(sock, sk);
1209 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1210
1211 sk->sk_destruct = l2cap_sock_destruct;
1212 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1213
1214 sock_reset_flag(sk, SOCK_ZAPPED);
1215
1216 sk->sk_protocol = proto;
1217 sk->sk_state = BT_OPEN;
1218
1219 chan = l2cap_chan_create();
1220 if (!chan) {
1221 sk_free(sk);
1222 return NULL;
1223 }
1224
1225 l2cap_chan_hold(chan);
1226
1227 chan->sk = sk;
1228
1229 l2cap_pi(sk)->chan = chan;
1230
1231 return sk;
1232}
1233
1234static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1235 int kern)
1236{
1237 struct sock *sk;
1238
1239 BT_DBG("sock %p", sock);
1240
1241 sock->state = SS_UNCONNECTED;
1242
1243 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1244 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1245 return -ESOCKTNOSUPPORT;
1246
1247 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1248 return -EPERM;
1249
1250 sock->ops = &l2cap_sock_ops;
1251
1252 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1253 if (!sk)
1254 return -ENOMEM;
1255
1256 l2cap_sock_init(sk, NULL);
1257 bt_sock_link(&l2cap_sk_list, sk);
1258 return 0;
1259}
1260
1261static const struct proto_ops l2cap_sock_ops = {
1262 .family = PF_BLUETOOTH,
1263 .owner = THIS_MODULE,
1264 .release = l2cap_sock_release,
1265 .bind = l2cap_sock_bind,
1266 .connect = l2cap_sock_connect,
1267 .listen = l2cap_sock_listen,
1268 .accept = l2cap_sock_accept,
1269 .getname = l2cap_sock_getname,
1270 .sendmsg = l2cap_sock_sendmsg,
1271 .recvmsg = l2cap_sock_recvmsg,
1272 .poll = bt_sock_poll,
1273 .ioctl = bt_sock_ioctl,
1274 .mmap = sock_no_mmap,
1275 .socketpair = sock_no_socketpair,
1276 .shutdown = l2cap_sock_shutdown,
1277 .setsockopt = l2cap_sock_setsockopt,
1278 .getsockopt = l2cap_sock_getsockopt
1279};
1280
1281static const struct net_proto_family l2cap_sock_family_ops = {
1282 .family = PF_BLUETOOTH,
1283 .owner = THIS_MODULE,
1284 .create = l2cap_sock_create,
1285};
1286
1287int __init l2cap_init_sockets(void)
1288{
1289 int err;
1290
1291 err = proto_register(&l2cap_proto, 0);
1292 if (err < 0)
1293 return err;
1294
1295 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1296 if (err < 0) {
1297 BT_ERR("L2CAP socket registration failed");
1298 goto error;
1299 }
1300
1301 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1302 NULL);
1303 if (err < 0) {
1304 BT_ERR("Failed to create L2CAP proc file");
1305 bt_sock_unregister(BTPROTO_L2CAP);
1306 goto error;
1307 }
1308
1309 BT_INFO("L2CAP socket layer initialized");
1310
1311 return 0;
1312
1313error:
1314 proto_unregister(&l2cap_proto);
1315 return err;
1316}
1317
1318void l2cap_cleanup_sockets(void)
1319{
1320 bt_procfs_cleanup(&init_net, "l2cap");
1321 bt_sock_unregister(BTPROTO_L2CAP);
1322 proto_unregister(&l2cap_proto);
1323}
1324
