2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
49 bool l2cap_is_socket(struct socket *sock)
51 return sock && sock->ops == &l2cap_sock_ops;
53 EXPORT_SYMBOL(l2cap_is_socket);
55 static int l2cap_validate_bredr_psm(u16 psm)
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
68 static int l2cap_validate_le_psm(u16 psm)
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
98 if (la.l2_cid && la.l2_psm)
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
113 if (sk->sk_state != BT_OPEN) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
124 err = l2cap_validate_le_psm(psm);
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
152 chan->sec_level = BT_SECURITY_SDP;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
193 if (la.l2_cid && la.l2_psm)
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
222 chan->src_type = BDADDR_LE_PUBLIC;
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
235 if (chan->psm && bdaddr_type_is_le(chan->src_type) && !chan->mode)
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
259 BT_DBG("sk %p backlog %d", sk, backlog);
263 if (sk->sk_state != BT_BOUND) {
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
277 case L2CAP_MODE_EXT_FLOWCTL:
283 case L2CAP_MODE_ERTM:
284 case L2CAP_MODE_STREAMING:
293 sk->sk_max_ack_backlog = backlog;
294 sk->sk_ack_backlog = 0;
296 /* Listening channels need to use nested locking in order not to
297 * cause lockdep warnings when the created child channels end up
298 * being locked in the same thread as the parent channel.
300 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
302 chan->state = BT_LISTEN;
303 sk->sk_state = BT_LISTEN;
310 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
311 int flags, bool kern)
313 DEFINE_WAIT_FUNC(wait, woken_wake_function);
314 struct sock *sk = sock->sk, *nsk;
318 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
320 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
322 BT_DBG("sk %p timeo %ld", sk, timeo);
324 /* Wait for an incoming connection. (wake-one). */
325 add_wait_queue_exclusive(sk_sleep(sk), &wait);
327 if (sk->sk_state != BT_LISTEN) {
332 nsk = bt_accept_dequeue(sk, newsock);
341 if (signal_pending(current)) {
342 err = sock_intr_errno(timeo);
348 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
350 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
352 remove_wait_queue(sk_sleep(sk), &wait);
357 newsock->state = SS_CONNECTED;
359 BT_DBG("new socket %p", nsk);
366 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
369 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
370 struct sock *sk = sock->sk;
371 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
373 BT_DBG("sock %p, sk %p", sock, sk);
375 if (peer && sk->sk_state != BT_CONNECTED &&
376 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
377 sk->sk_state != BT_CONFIG)
380 memset(la, 0, sizeof(struct sockaddr_l2));
381 addr->sa_family = AF_BLUETOOTH;
383 la->l2_psm = chan->psm;
386 bacpy(&la->l2_bdaddr, &chan->dst);
387 la->l2_cid = cpu_to_le16(chan->dcid);
388 la->l2_bdaddr_type = chan->dst_type;
390 bacpy(&la->l2_bdaddr, &chan->src);
391 la->l2_cid = cpu_to_le16(chan->scid);
392 la->l2_bdaddr_type = chan->src_type;
395 return sizeof(struct sockaddr_l2);
398 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
399 char __user *optval, int __user *optlen)
401 struct sock *sk = sock->sk;
402 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
403 struct l2cap_options opts;
404 struct l2cap_conninfo cinfo;
410 if (get_user(len, optlen))
417 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
418 * legacy ATT code depends on getsockopt for
419 * L2CAP_OPTIONS we need to let this pass.
421 if (bdaddr_type_is_le(chan->src_type) &&
422 chan->scid != L2CAP_CID_ATT) {
427 memset(&opts, 0, sizeof(opts));
428 opts.imtu = chan->imtu;
429 opts.omtu = chan->omtu;
430 opts.flush_to = chan->flush_to;
431 opts.mode = chan->mode;
432 opts.fcs = chan->fcs;
433 opts.max_tx = chan->max_tx;
434 opts.txwin_size = chan->tx_win;
436 BT_DBG("mode 0x%2.2x", chan->mode);
438 len = min_t(unsigned int, len, sizeof(opts));
439 if (copy_to_user(optval, (char *) &opts, len))
445 switch (chan->sec_level) {
446 case BT_SECURITY_LOW:
449 case BT_SECURITY_MEDIUM:
450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
452 case BT_SECURITY_HIGH:
453 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
456 case BT_SECURITY_FIPS:
457 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
458 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
465 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
466 opt |= L2CAP_LM_MASTER;
468 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
469 opt |= L2CAP_LM_RELIABLE;
471 if (put_user(opt, (u32 __user *) optval))
477 if (sk->sk_state != BT_CONNECTED &&
478 !(sk->sk_state == BT_CONNECT2 &&
479 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
484 memset(&cinfo, 0, sizeof(cinfo));
485 cinfo.hci_handle = chan->conn->hcon->handle;
486 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
488 len = min_t(unsigned int, len, sizeof(cinfo));
489 if (copy_to_user(optval, (char *) &cinfo, len))
503 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
504 char __user *optval, int __user *optlen)
506 struct sock *sk = sock->sk;
507 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
508 struct bt_security sec;
515 if (level == SOL_L2CAP)
516 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
518 if (level != SOL_BLUETOOTH)
521 if (get_user(len, optlen))
528 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
529 chan->chan_type != L2CAP_CHAN_FIXED &&
530 chan->chan_type != L2CAP_CHAN_RAW) {
535 memset(&sec, 0, sizeof(sec));
537 sec.level = chan->conn->hcon->sec_level;
539 if (sk->sk_state == BT_CONNECTED)
540 sec.key_size = chan->conn->hcon->enc_key_size;
542 sec.level = chan->sec_level;
545 len = min_t(unsigned int, len, sizeof(sec));
546 if (copy_to_user(optval, (char *) &sec, len))
552 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
557 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
558 (u32 __user *) optval))
564 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
565 (u32 __user *) optval))
571 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
572 && sk->sk_type != SOCK_RAW) {
577 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
579 len = min_t(unsigned int, len, sizeof(pwr));
580 if (copy_to_user(optval, (char *) &pwr, len))
585 case BT_CHANNEL_POLICY:
586 if (put_user(chan->chan_policy, (u32 __user *) optval))
591 if (!bdaddr_type_is_le(chan->src_type)) {
596 if (sk->sk_state != BT_CONNECTED) {
601 if (put_user(chan->omtu, (u16 __user *) optval))
606 if (!bdaddr_type_is_le(chan->src_type)) {
611 if (put_user(chan->imtu, (u16 __user *) optval))
616 if (sk->sk_state != BT_CONNECTED) {
621 phys = hci_conn_get_phy(chan->conn->hcon);
623 if (put_user(phys, (u32 __user *) optval))
636 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
638 switch (chan->scid) {
640 if (mtu < L2CAP_LE_MIN_MTU)
645 if (mtu < L2CAP_DEFAULT_MIN_MTU)
652 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
653 char __user *optval, unsigned int optlen)
655 struct sock *sk = sock->sk;
656 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
657 struct l2cap_options opts;
667 if (bdaddr_type_is_le(chan->src_type)) {
672 if (sk->sk_state == BT_CONNECTED) {
677 opts.imtu = chan->imtu;
678 opts.omtu = chan->omtu;
679 opts.flush_to = chan->flush_to;
680 opts.mode = chan->mode;
681 opts.fcs = chan->fcs;
682 opts.max_tx = chan->max_tx;
683 opts.txwin_size = chan->tx_win;
685 len = min_t(unsigned int, sizeof(opts), optlen);
686 if (copy_from_user((char *) &opts, optval, len)) {
691 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
696 if (!l2cap_valid_mtu(chan, opts.imtu)) {
701 chan->mode = opts.mode;
702 switch (chan->mode) {
703 case L2CAP_MODE_LE_FLOWCTL:
705 case L2CAP_MODE_BASIC:
706 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
708 case L2CAP_MODE_ERTM:
709 case L2CAP_MODE_STREAMING:
718 BT_DBG("mode 0x%2.2x", chan->mode);
720 chan->imtu = opts.imtu;
721 chan->omtu = opts.omtu;
722 chan->fcs = opts.fcs;
723 chan->max_tx = opts.max_tx;
724 chan->tx_win = opts.txwin_size;
725 chan->flush_to = opts.flush_to;
729 if (get_user(opt, (u32 __user *) optval)) {
734 if (opt & L2CAP_LM_FIPS) {
739 if (opt & L2CAP_LM_AUTH)
740 chan->sec_level = BT_SECURITY_LOW;
741 if (opt & L2CAP_LM_ENCRYPT)
742 chan->sec_level = BT_SECURITY_MEDIUM;
743 if (opt & L2CAP_LM_SECURE)
744 chan->sec_level = BT_SECURITY_HIGH;
746 if (opt & L2CAP_LM_MASTER)
747 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
749 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
751 if (opt & L2CAP_LM_RELIABLE)
752 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
754 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
766 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
767 char __user *optval, unsigned int optlen)
769 struct sock *sk = sock->sk;
770 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
771 struct bt_security sec;
773 struct l2cap_conn *conn;
779 if (level == SOL_L2CAP)
780 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
782 if (level != SOL_BLUETOOTH)
789 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
790 chan->chan_type != L2CAP_CHAN_FIXED &&
791 chan->chan_type != L2CAP_CHAN_RAW) {
796 sec.level = BT_SECURITY_LOW;
798 len = min_t(unsigned int, sizeof(sec), optlen);
799 if (copy_from_user((char *) &sec, optval, len)) {
804 if (sec.level < BT_SECURITY_LOW ||
805 sec.level > BT_SECURITY_FIPS) {
810 chan->sec_level = sec.level;
817 /* change security for LE channels */
818 if (chan->scid == L2CAP_CID_ATT) {
819 if (smp_conn_security(conn->hcon, sec.level)) {
824 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
825 sk->sk_state = BT_CONFIG;
826 chan->state = BT_CONFIG;
828 /* or for ACL link */
829 } else if ((sk->sk_state == BT_CONNECT2 &&
830 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
831 sk->sk_state == BT_CONNECTED) {
832 if (!l2cap_chan_check_security(chan, true))
833 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
835 sk->sk_state_change(sk);
842 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
847 if (get_user(opt, (u32 __user *) optval)) {
853 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
854 set_bit(FLAG_DEFER_SETUP, &chan->flags);
856 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
857 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
862 if (get_user(opt, (u32 __user *) optval)) {
867 if (opt > BT_FLUSHABLE_ON) {
872 if (opt == BT_FLUSHABLE_OFF) {
874 /* proceed further only when we have l2cap_conn and
875 No Flush support in the LM */
876 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
883 set_bit(FLAG_FLUSHABLE, &chan->flags);
885 clear_bit(FLAG_FLUSHABLE, &chan->flags);
889 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
890 chan->chan_type != L2CAP_CHAN_RAW) {
895 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
897 len = min_t(unsigned int, sizeof(pwr), optlen);
898 if (copy_from_user((char *) &pwr, optval, len)) {
903 if (pwr.force_active)
904 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
906 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
909 case BT_CHANNEL_POLICY:
910 if (get_user(opt, (u32 __user *) optval)) {
915 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
920 if (chan->mode != L2CAP_MODE_ERTM &&
921 chan->mode != L2CAP_MODE_STREAMING) {
926 chan->chan_policy = (u8) opt;
928 if (sk->sk_state == BT_CONNECTED &&
929 chan->move_role == L2CAP_MOVE_ROLE_NONE)
930 l2cap_move_start(chan);
935 if (!bdaddr_type_is_le(chan->src_type)) {
940 /* Setting is not supported as it's the remote side that
947 if (!bdaddr_type_is_le(chan->src_type)) {
952 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
953 sk->sk_state == BT_CONNECTED) {
958 if (get_user(opt, (u16 __user *) optval)) {
963 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
964 sk->sk_state == BT_CONNECTED)
965 err = l2cap_chan_reconfigure(chan, opt);
980 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
983 struct sock *sk = sock->sk;
984 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
987 BT_DBG("sock %p, sk %p", sock, sk);
989 err = sock_error(sk);
993 if (msg->msg_flags & MSG_OOB)
996 if (sk->sk_state != BT_CONNECTED)
1000 err = bt_sock_wait_ready(sk, msg->msg_flags);
1005 l2cap_chan_lock(chan);
1006 err = l2cap_chan_send(chan, msg, len);
1007 l2cap_chan_unlock(chan);
1012 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1013 size_t len, int flags)
1015 struct sock *sk = sock->sk;
1016 struct l2cap_pinfo *pi = l2cap_pi(sk);
1021 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1022 &bt_sk(sk)->flags)) {
1023 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1024 sk->sk_state = BT_CONNECTED;
1025 pi->chan->state = BT_CONNECTED;
1026 __l2cap_ecred_conn_rsp_defer(pi->chan);
1027 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1028 sk->sk_state = BT_CONNECTED;
1029 pi->chan->state = BT_CONNECTED;
1030 __l2cap_le_connect_rsp_defer(pi->chan);
1032 sk->sk_state = BT_CONFIG;
1033 pi->chan->state = BT_CONFIG;
1034 __l2cap_connect_rsp_defer(pi->chan);
1043 if (sock->type == SOCK_STREAM)
1044 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1046 err = bt_sock_recvmsg(sock, msg, len, flags);
1048 if (pi->chan->mode != L2CAP_MODE_ERTM)
1051 /* Attempt to put pending rx data in the socket buffer */
1055 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1058 if (pi->rx_busy_skb) {
1059 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1060 pi->rx_busy_skb = NULL;
1065 /* Restore data flow when half of the receive buffer is
1066 * available. This avoids resending large numbers of
1069 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1070 l2cap_chan_busy(pi->chan, 0);
1077 /* Kill socket (only if zapped and orphan)
1078 * Must be called on unlocked socket, with l2cap channel lock.
1080 static void l2cap_sock_kill(struct sock *sk)
1082 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1085 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1087 /* Kill poor orphan */
1089 l2cap_chan_put(l2cap_pi(sk)->chan);
1090 sock_set_flag(sk, SOCK_DEAD);
1094 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1096 DECLARE_WAITQUEUE(wait, current);
1098 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1099 /* Timeout to prevent infinite loop */
1100 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1102 add_wait_queue(sk_sleep(sk), &wait);
1103 set_current_state(TASK_INTERRUPTIBLE);
1105 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1106 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1107 jiffies_to_msecs(timeout - jiffies));
1110 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1112 if (signal_pending(current)) {
1113 err = sock_intr_errno(timeo);
1118 timeo = schedule_timeout(timeo);
1120 set_current_state(TASK_INTERRUPTIBLE);
1122 err = sock_error(sk);
1126 if (time_after(jiffies, timeout)) {
1131 } while (chan->unacked_frames > 0 &&
1132 chan->state == BT_CONNECTED);
1134 set_current_state(TASK_RUNNING);
1135 remove_wait_queue(sk_sleep(sk), &wait);
1139 static int l2cap_sock_shutdown(struct socket *sock, int how)
1141 struct sock *sk = sock->sk;
1142 struct l2cap_chan *chan;
1143 struct l2cap_conn *conn;
1146 BT_DBG("sock %p, sk %p", sock, sk);
1153 if (sk->sk_shutdown)
1154 goto shutdown_already;
1156 BT_DBG("Handling sock shutdown");
1158 /* prevent sk structure from being freed whilst unlocked */
1161 chan = l2cap_pi(sk)->chan;
1162 /* prevent chan structure from being freed whilst unlocked */
1163 l2cap_chan_hold(chan);
1165 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1167 if (chan->mode == L2CAP_MODE_ERTM &&
1168 chan->unacked_frames > 0 &&
1169 chan->state == BT_CONNECTED) {
1170 err = __l2cap_wait_ack(sk, chan);
1172 /* After waiting for ACKs, check whether shutdown
1173 * has already been actioned to close the L2CAP
1174 * link such as by l2cap_disconnection_req().
1176 if (sk->sk_shutdown)
1180 sk->sk_shutdown = SHUTDOWN_MASK;
1183 l2cap_chan_lock(chan);
1186 /* prevent conn structure from being freed */
1187 l2cap_conn_get(conn);
1188 l2cap_chan_unlock(chan);
1191 /* mutex lock must be taken before l2cap_chan_lock() */
1192 mutex_lock(&conn->chan_lock);
1194 l2cap_chan_lock(chan);
1195 l2cap_chan_close(chan, 0);
1196 l2cap_chan_unlock(chan);
1199 mutex_unlock(&conn->chan_lock);
1200 l2cap_conn_put(conn);
1205 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1206 !(current->flags & PF_EXITING))
1207 err = bt_sock_wait_state(sk, BT_CLOSED,
1211 l2cap_chan_put(chan);
1215 if (!err && sk->sk_err)
1220 BT_DBG("Sock shutdown complete err: %d", err);
1225 static int l2cap_sock_release(struct socket *sock)
1227 struct sock *sk = sock->sk;
1229 struct l2cap_chan *chan;
1231 BT_DBG("sock %p, sk %p", sock, sk);
1236 bt_sock_unlink(&l2cap_sk_list, sk);
1238 err = l2cap_sock_shutdown(sock, 2);
1239 chan = l2cap_pi(sk)->chan;
1241 l2cap_chan_hold(chan);
1242 l2cap_chan_lock(chan);
1245 l2cap_sock_kill(sk);
1247 l2cap_chan_unlock(chan);
1248 l2cap_chan_put(chan);
1253 static void l2cap_sock_cleanup_listen(struct sock *parent)
1257 BT_DBG("parent %p state %s", parent,
1258 state_to_string(parent->sk_state));
1260 /* Close not yet accepted channels */
1261 while ((sk = bt_accept_dequeue(parent, NULL))) {
1262 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1264 BT_DBG("child chan %p state %s", chan,
1265 state_to_string(chan->state));
1267 l2cap_chan_hold(chan);
1268 l2cap_chan_lock(chan);
1270 __clear_chan_timer(chan);
1271 l2cap_chan_close(chan, ECONNRESET);
1272 l2cap_sock_kill(sk);
1274 l2cap_chan_unlock(chan);
1275 l2cap_chan_put(chan);
1279 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1281 struct sock *sk, *parent = chan->data;
1285 /* Check for backlog size */
1286 if (sk_acceptq_is_full(parent)) {
1287 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1288 release_sock(parent);
1292 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1295 release_sock(parent);
1299 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1301 l2cap_sock_init(sk, parent);
1303 bt_accept_enqueue(parent, sk, false);
1305 release_sock(parent);
1307 return l2cap_pi(sk)->chan;
1310 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1312 struct sock *sk = chan->data;
1317 if (l2cap_pi(sk)->rx_busy_skb) {
1322 if (chan->mode != L2CAP_MODE_ERTM &&
1323 chan->mode != L2CAP_MODE_STREAMING) {
1324 /* Even if no filter is attached, we could potentially
1325 * get errors from security modules, etc.
1327 err = sk_filter(sk, skb);
1332 err = __sock_queue_rcv_skb(sk, skb);
1334 /* For ERTM, handle one skb that doesn't fit into the recv
1335 * buffer. This is important to do because the data frames
1336 * have already been acked, so the skb cannot be discarded.
1338 * Notify the l2cap core that the buffer is full, so the
1339 * LOCAL_BUSY state is entered and no more frames are
1340 * acked and reassembled until there is buffer space
1343 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1344 l2cap_pi(sk)->rx_busy_skb = skb;
1345 l2cap_chan_busy(chan, 1);
1355 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1357 struct sock *sk = chan->data;
1359 l2cap_sock_kill(sk);
1362 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1364 struct sock *sk = chan->data;
1365 struct sock *parent;
1367 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1369 /* This callback can be called both for server (BT_LISTEN)
1370 * sockets as well as "normal" ones. To avoid lockdep warnings
1371 * with child socket locking (through l2cap_sock_cleanup_listen)
1372 * we need separation into separate nesting levels. The simplest
1373 * way to accomplish this is to inherit the nesting level used
1376 lock_sock_nested(sk, atomic_read(&chan->nesting));
1378 parent = bt_sk(sk)->parent;
1380 sock_set_flag(sk, SOCK_ZAPPED);
1382 switch (chan->state) {
1388 l2cap_sock_cleanup_listen(sk);
1389 sk->sk_state = BT_CLOSED;
1390 chan->state = BT_CLOSED;
1394 sk->sk_state = BT_CLOSED;
1395 chan->state = BT_CLOSED;
1400 bt_accept_unlink(sk);
1401 parent->sk_data_ready(parent);
1403 sk->sk_state_change(sk);
1412 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1415 struct sock *sk = chan->data;
1417 sk->sk_state = state;
1423 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1424 unsigned long hdr_len,
1425 unsigned long len, int nb)
1427 struct sock *sk = chan->data;
1428 struct sk_buff *skb;
1431 l2cap_chan_unlock(chan);
1432 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1433 l2cap_chan_lock(chan);
1436 return ERR_PTR(err);
1438 skb->priority = sk->sk_priority;
1440 bt_cb(skb)->l2cap.chan = chan;
1445 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1447 struct sock *sk = chan->data;
1448 struct sock *parent;
1452 parent = bt_sk(sk)->parent;
1454 BT_DBG("sk %p, parent %p", sk, parent);
1456 sk->sk_state = BT_CONNECTED;
1457 sk->sk_state_change(sk);
1460 parent->sk_data_ready(parent);
1465 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1467 struct sock *parent, *sk = chan->data;
1471 parent = bt_sk(sk)->parent;
1473 parent->sk_data_ready(parent);
1478 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1480 struct sock *sk = chan->data;
1482 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1483 sk->sk_state = BT_CONNECTED;
1484 chan->state = BT_CONNECTED;
1487 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1488 sk->sk_state_change(sk);
1491 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1493 struct sock *sk = chan->data;
1496 sk->sk_shutdown = SHUTDOWN_MASK;
1500 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1502 struct sock *sk = chan->data;
1504 return sk->sk_sndtimeo;
1507 static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1509 struct sock *sk = chan->data;
1511 return sk->sk_peer_pid;
1514 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1516 struct sock *sk = chan->data;
1518 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1519 sk->sk_state_change(sk);
1522 static const struct l2cap_ops l2cap_chan_ops = {
1523 .name = "L2CAP Socket Interface",
1524 .new_connection = l2cap_sock_new_connection_cb,
1525 .recv = l2cap_sock_recv_cb,
1526 .close = l2cap_sock_close_cb,
1527 .teardown = l2cap_sock_teardown_cb,
1528 .state_change = l2cap_sock_state_change_cb,
1529 .ready = l2cap_sock_ready_cb,
1530 .defer = l2cap_sock_defer_cb,
1531 .resume = l2cap_sock_resume_cb,
1532 .suspend = l2cap_sock_suspend_cb,
1533 .set_shutdown = l2cap_sock_set_shutdown_cb,
1534 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1535 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1536 .alloc_skb = l2cap_sock_alloc_skb_cb,
1539 static void l2cap_sock_destruct(struct sock *sk)
1541 BT_DBG("sk %p", sk);
1543 if (l2cap_pi(sk)->chan)
1544 l2cap_chan_put(l2cap_pi(sk)->chan);
1546 if (l2cap_pi(sk)->rx_busy_skb) {
1547 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1548 l2cap_pi(sk)->rx_busy_skb = NULL;
1551 skb_queue_purge(&sk->sk_receive_queue);
1552 skb_queue_purge(&sk->sk_write_queue);
1555 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1558 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1560 memset(la, 0, sizeof(struct sockaddr_l2));
1561 la->l2_family = AF_BLUETOOTH;
1562 la->l2_psm = bt_cb(skb)->l2cap.psm;
1563 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1565 *msg_namelen = sizeof(struct sockaddr_l2);
1568 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1570 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1572 BT_DBG("sk %p", sk);
1575 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1577 sk->sk_type = parent->sk_type;
1578 bt_sk(sk)->flags = bt_sk(parent)->flags;
1580 chan->chan_type = pchan->chan_type;
1581 chan->imtu = pchan->imtu;
1582 chan->omtu = pchan->omtu;
1583 chan->conf_state = pchan->conf_state;
1584 chan->mode = pchan->mode;
1585 chan->fcs = pchan->fcs;
1586 chan->max_tx = pchan->max_tx;
1587 chan->tx_win = pchan->tx_win;
1588 chan->tx_win_max = pchan->tx_win_max;
1589 chan->sec_level = pchan->sec_level;
1590 chan->flags = pchan->flags;
1591 chan->tx_credits = pchan->tx_credits;
1592 chan->rx_credits = pchan->rx_credits;
1594 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1595 chan->scid = pchan->scid;
1596 chan->dcid = pchan->scid;
1599 security_sk_clone(parent, sk);
1601 switch (sk->sk_type) {
1603 chan->chan_type = L2CAP_CHAN_RAW;
1606 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1607 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1609 case SOCK_SEQPACKET:
1611 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1615 chan->imtu = L2CAP_DEFAULT_MTU;
1617 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1618 chan->mode = L2CAP_MODE_ERTM;
1619 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1621 chan->mode = L2CAP_MODE_BASIC;
1624 l2cap_chan_set_defaults(chan);
1627 /* Default config options */
1628 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1631 chan->ops = &l2cap_chan_ops;
1634 static struct proto l2cap_proto = {
1636 .owner = THIS_MODULE,
1637 .obj_size = sizeof(struct l2cap_pinfo)
1640 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1641 int proto, gfp_t prio, int kern)
1644 struct l2cap_chan *chan;
1646 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1650 sock_init_data(sock, sk);
1651 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1653 sk->sk_destruct = l2cap_sock_destruct;
1654 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1656 sock_reset_flag(sk, SOCK_ZAPPED);
1658 sk->sk_protocol = proto;
1659 sk->sk_state = BT_OPEN;
1661 chan = l2cap_chan_create();
1667 l2cap_chan_hold(chan);
1669 l2cap_pi(sk)->chan = chan;
1674 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1679 BT_DBG("sock %p", sock);
1681 sock->state = SS_UNCONNECTED;
1683 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1684 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1685 return -ESOCKTNOSUPPORT;
1687 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1690 sock->ops = &l2cap_sock_ops;
1692 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1696 l2cap_sock_init(sk, NULL);
1697 bt_sock_link(&l2cap_sk_list, sk);
1701 static const struct proto_ops l2cap_sock_ops = {
1702 .family = PF_BLUETOOTH,
1703 .owner = THIS_MODULE,
1704 .release = l2cap_sock_release,
1705 .bind = l2cap_sock_bind,
1706 .connect = l2cap_sock_connect,
1707 .listen = l2cap_sock_listen,
1708 .accept = l2cap_sock_accept,
1709 .getname = l2cap_sock_getname,
1710 .sendmsg = l2cap_sock_sendmsg,
1711 .recvmsg = l2cap_sock_recvmsg,
1712 .poll = bt_sock_poll,
1713 .ioctl = bt_sock_ioctl,
1714 .gettstamp = sock_gettstamp,
1715 .mmap = sock_no_mmap,
1716 .socketpair = sock_no_socketpair,
1717 .shutdown = l2cap_sock_shutdown,
1718 .setsockopt = l2cap_sock_setsockopt,
1719 .getsockopt = l2cap_sock_getsockopt
1722 static const struct net_proto_family l2cap_sock_family_ops = {
1723 .family = PF_BLUETOOTH,
1724 .owner = THIS_MODULE,
1725 .create = l2cap_sock_create,
1728 int __init l2cap_init_sockets(void)
1732 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1734 err = proto_register(&l2cap_proto, 0);
1738 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1740 BT_ERR("L2CAP socket registration failed");
1744 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1747 BT_ERR("Failed to create L2CAP proc file");
1748 bt_sock_unregister(BTPROTO_L2CAP);
1752 BT_INFO("L2CAP socket layer initialized");
1757 proto_unregister(&l2cap_proto);
1761 void l2cap_cleanup_sockets(void)
1763 bt_procfs_cleanup(&init_net, "l2cap");
1764 bt_sock_unregister(BTPROTO_L2CAP);
1765 proto_unregister(&l2cap_proto);
projects / linux.git / blob