2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
49 bool l2cap_is_socket(struct socket *sock)
51 return sock && sock->ops == &l2cap_sock_ops;
53 EXPORT_SYMBOL(l2cap_is_socket);
55 static int l2cap_validate_bredr_psm(u16 psm)
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
68 static int l2cap_validate_le_psm(u16 psm)
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
98 if (la.l2_cid && la.l2_psm)
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
113 if (sk->sk_state != BT_OPEN) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
124 err = l2cap_validate_le_psm(psm);
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
152 chan->sec_level = BT_SECURITY_SDP;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
187 zapped = sock_flag(sk, SOCK_ZAPPED);
193 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
194 addr->sa_family != AF_BLUETOOTH)
197 memset(&la, 0, sizeof(la));
198 len = min_t(unsigned int, sizeof(la), alen);
199 memcpy(&la, addr, len);
201 if (la.l2_cid && la.l2_psm)
204 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
207 /* Check that the socket wasn't bound to something that
208 * conflicts with the address given to connect(). If chan->src
209 * is BDADDR_ANY it means bind() was never used, in which case
210 * chan->src_type and la.l2_bdaddr_type do not need to match.
212 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
213 bdaddr_type_is_le(la.l2_bdaddr_type)) {
214 /* Old user space versions will try to incorrectly bind
215 * the ATT socket using BDADDR_BREDR. We need to accept
216 * this and fix up the source address type only when
217 * both the source CID and destination CID indicate
218 * ATT. Anything else is an invalid combination.
220 if (chan->scid != L2CAP_CID_ATT ||
221 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
224 /* We don't have the hdev available here to make a
225 * better decision on random vs public, but since all
226 * user space versions that exhibit this issue anyway do
227 * not support random local addresses assuming public
228 * here is good enough.
230 chan->src_type = BDADDR_LE_PUBLIC;
233 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
236 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
237 /* We only allow ATT user space socket */
239 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
243 if (chan->psm && bdaddr_type_is_le(chan->src_type))
244 chan->mode = L2CAP_MODE_LE_FLOWCTL;
246 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
247 &la.l2_bdaddr, la.l2_bdaddr_type);
253 err = bt_sock_wait_state(sk, BT_CONNECTED,
254 sock_sndtimeo(sk, flags & O_NONBLOCK));
261 static int l2cap_sock_listen(struct socket *sock, int backlog)
263 struct sock *sk = sock->sk;
264 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
267 BT_DBG("sk %p backlog %d", sk, backlog);
271 if (sk->sk_state != BT_BOUND) {
276 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
281 switch (chan->mode) {
282 case L2CAP_MODE_BASIC:
283 case L2CAP_MODE_LE_FLOWCTL:
285 case L2CAP_MODE_ERTM:
286 case L2CAP_MODE_STREAMING:
295 sk->sk_max_ack_backlog = backlog;
296 sk->sk_ack_backlog = 0;
298 /* Listening channels need to use nested locking in order not to
299 * cause lockdep warnings when the created child channels end up
300 * being locked in the same thread as the parent channel.
302 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
304 chan->state = BT_LISTEN;
305 sk->sk_state = BT_LISTEN;
312 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
313 int flags, bool kern)
315 DEFINE_WAIT_FUNC(wait, woken_wake_function);
316 struct sock *sk = sock->sk, *nsk;
320 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
322 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
324 BT_DBG("sk %p timeo %ld", sk, timeo);
326 /* Wait for an incoming connection. (wake-one). */
327 add_wait_queue_exclusive(sk_sleep(sk), &wait);
329 if (sk->sk_state != BT_LISTEN) {
334 nsk = bt_accept_dequeue(sk, newsock);
343 if (signal_pending(current)) {
344 err = sock_intr_errno(timeo);
350 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
352 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
354 remove_wait_queue(sk_sleep(sk), &wait);
359 newsock->state = SS_CONNECTED;
361 BT_DBG("new socket %p", nsk);
368 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
371 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
372 struct sock *sk = sock->sk;
373 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
375 BT_DBG("sock %p, sk %p", sock, sk);
377 if (peer && sk->sk_state != BT_CONNECTED &&
378 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
379 sk->sk_state != BT_CONFIG)
382 memset(la, 0, sizeof(struct sockaddr_l2));
383 addr->sa_family = AF_BLUETOOTH;
385 la->l2_psm = chan->psm;
388 bacpy(&la->l2_bdaddr, &chan->dst);
389 la->l2_cid = cpu_to_le16(chan->dcid);
390 la->l2_bdaddr_type = chan->dst_type;
392 bacpy(&la->l2_bdaddr, &chan->src);
393 la->l2_cid = cpu_to_le16(chan->scid);
394 la->l2_bdaddr_type = chan->src_type;
397 return sizeof(struct sockaddr_l2);
400 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
401 char __user *optval, int __user *optlen)
403 struct sock *sk = sock->sk;
404 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
405 struct l2cap_options opts;
406 struct l2cap_conninfo cinfo;
412 if (get_user(len, optlen))
419 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
420 * legacy ATT code depends on getsockopt for
421 * L2CAP_OPTIONS we need to let this pass.
423 if (bdaddr_type_is_le(chan->src_type) &&
424 chan->scid != L2CAP_CID_ATT) {
429 memset(&opts, 0, sizeof(opts));
430 opts.imtu = chan->imtu;
431 opts.omtu = chan->omtu;
432 opts.flush_to = chan->flush_to;
433 opts.mode = chan->mode;
434 opts.fcs = chan->fcs;
435 opts.max_tx = chan->max_tx;
436 opts.txwin_size = chan->tx_win;
438 len = min_t(unsigned int, len, sizeof(opts));
439 if (copy_to_user(optval, (char *) &opts, len))
445 switch (chan->sec_level) {
446 case BT_SECURITY_LOW:
449 case BT_SECURITY_MEDIUM:
450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
452 case BT_SECURITY_HIGH:
453 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
456 case BT_SECURITY_FIPS:
457 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
458 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
465 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
466 opt |= L2CAP_LM_MASTER;
468 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
469 opt |= L2CAP_LM_RELIABLE;
471 if (put_user(opt, (u32 __user *) optval))
477 if (sk->sk_state != BT_CONNECTED &&
478 !(sk->sk_state == BT_CONNECT2 &&
479 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
484 memset(&cinfo, 0, sizeof(cinfo));
485 cinfo.hci_handle = chan->conn->hcon->handle;
486 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
488 len = min_t(unsigned int, len, sizeof(cinfo));
489 if (copy_to_user(optval, (char *) &cinfo, len))
503 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
504 char __user *optval, int __user *optlen)
506 struct sock *sk = sock->sk;
507 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
508 struct bt_security sec;
514 if (level == SOL_L2CAP)
515 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
517 if (level != SOL_BLUETOOTH)
520 if (get_user(len, optlen))
527 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
528 chan->chan_type != L2CAP_CHAN_FIXED &&
529 chan->chan_type != L2CAP_CHAN_RAW) {
534 memset(&sec, 0, sizeof(sec));
536 sec.level = chan->conn->hcon->sec_level;
538 if (sk->sk_state == BT_CONNECTED)
539 sec.key_size = chan->conn->hcon->enc_key_size;
541 sec.level = chan->sec_level;
544 len = min_t(unsigned int, len, sizeof(sec));
545 if (copy_to_user(optval, (char *) &sec, len))
551 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
556 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
557 (u32 __user *) optval))
563 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
564 (u32 __user *) optval))
570 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
571 && sk->sk_type != SOCK_RAW) {
576 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
578 len = min_t(unsigned int, len, sizeof(pwr));
579 if (copy_to_user(optval, (char *) &pwr, len))
584 case BT_CHANNEL_POLICY:
585 if (put_user(chan->chan_policy, (u32 __user *) optval))
590 if (!bdaddr_type_is_le(chan->src_type)) {
595 if (sk->sk_state != BT_CONNECTED) {
600 if (put_user(chan->omtu, (u16 __user *) optval))
605 if (!bdaddr_type_is_le(chan->src_type)) {
610 if (put_user(chan->imtu, (u16 __user *) optval))
623 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
625 switch (chan->scid) {
627 if (mtu < L2CAP_LE_MIN_MTU)
632 if (mtu < L2CAP_DEFAULT_MIN_MTU)
639 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
640 char __user *optval, unsigned int optlen)
642 struct sock *sk = sock->sk;
643 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
644 struct l2cap_options opts;
654 if (bdaddr_type_is_le(chan->src_type)) {
659 if (sk->sk_state == BT_CONNECTED) {
664 opts.imtu = chan->imtu;
665 opts.omtu = chan->omtu;
666 opts.flush_to = chan->flush_to;
667 opts.mode = chan->mode;
668 opts.fcs = chan->fcs;
669 opts.max_tx = chan->max_tx;
670 opts.txwin_size = chan->tx_win;
672 len = min_t(unsigned int, sizeof(opts), optlen);
673 if (copy_from_user((char *) &opts, optval, len)) {
678 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
683 if (!l2cap_valid_mtu(chan, opts.imtu)) {
688 chan->mode = opts.mode;
689 switch (chan->mode) {
690 case L2CAP_MODE_LE_FLOWCTL:
692 case L2CAP_MODE_BASIC:
693 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
695 case L2CAP_MODE_ERTM:
696 case L2CAP_MODE_STREAMING:
705 chan->imtu = opts.imtu;
706 chan->omtu = opts.omtu;
707 chan->fcs = opts.fcs;
708 chan->max_tx = opts.max_tx;
709 chan->tx_win = opts.txwin_size;
710 chan->flush_to = opts.flush_to;
714 if (get_user(opt, (u32 __user *) optval)) {
719 if (opt & L2CAP_LM_FIPS) {
724 if (opt & L2CAP_LM_AUTH)
725 chan->sec_level = BT_SECURITY_LOW;
726 if (opt & L2CAP_LM_ENCRYPT)
727 chan->sec_level = BT_SECURITY_MEDIUM;
728 if (opt & L2CAP_LM_SECURE)
729 chan->sec_level = BT_SECURITY_HIGH;
731 if (opt & L2CAP_LM_MASTER)
732 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
734 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
736 if (opt & L2CAP_LM_RELIABLE)
737 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
739 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
751 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
752 char __user *optval, unsigned int optlen)
754 struct sock *sk = sock->sk;
755 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
756 struct bt_security sec;
758 struct l2cap_conn *conn;
764 if (level == SOL_L2CAP)
765 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
767 if (level != SOL_BLUETOOTH)
774 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
775 chan->chan_type != L2CAP_CHAN_FIXED &&
776 chan->chan_type != L2CAP_CHAN_RAW) {
781 sec.level = BT_SECURITY_LOW;
783 len = min_t(unsigned int, sizeof(sec), optlen);
784 if (copy_from_user((char *) &sec, optval, len)) {
789 if (sec.level < BT_SECURITY_LOW ||
790 sec.level > BT_SECURITY_FIPS) {
795 chan->sec_level = sec.level;
802 /*change security for LE channels */
803 if (chan->scid == L2CAP_CID_ATT) {
804 if (smp_conn_security(conn->hcon, sec.level))
806 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
807 sk->sk_state = BT_CONFIG;
808 chan->state = BT_CONFIG;
810 /* or for ACL link */
811 } else if ((sk->sk_state == BT_CONNECT2 &&
812 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
813 sk->sk_state == BT_CONNECTED) {
814 if (!l2cap_chan_check_security(chan, true))
815 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
817 sk->sk_state_change(sk);
824 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
829 if (get_user(opt, (u32 __user *) optval)) {
835 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
836 set_bit(FLAG_DEFER_SETUP, &chan->flags);
838 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
839 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
844 if (get_user(opt, (u32 __user *) optval)) {
849 if (opt > BT_FLUSHABLE_ON) {
854 if (opt == BT_FLUSHABLE_OFF) {
856 /* proceed further only when we have l2cap_conn and
857 No Flush support in the LM */
858 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
865 set_bit(FLAG_FLUSHABLE, &chan->flags);
867 clear_bit(FLAG_FLUSHABLE, &chan->flags);
871 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
872 chan->chan_type != L2CAP_CHAN_RAW) {
877 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
879 len = min_t(unsigned int, sizeof(pwr), optlen);
880 if (copy_from_user((char *) &pwr, optval, len)) {
885 if (pwr.force_active)
886 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
888 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
891 case BT_CHANNEL_POLICY:
892 if (get_user(opt, (u32 __user *) optval)) {
897 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
902 if (chan->mode != L2CAP_MODE_ERTM &&
903 chan->mode != L2CAP_MODE_STREAMING) {
908 chan->chan_policy = (u8) opt;
910 if (sk->sk_state == BT_CONNECTED &&
911 chan->move_role == L2CAP_MOVE_ROLE_NONE)
912 l2cap_move_start(chan);
917 if (!bdaddr_type_is_le(chan->src_type)) {
922 /* Setting is not supported as it's the remote side that
929 if (!bdaddr_type_is_le(chan->src_type)) {
934 if (sk->sk_state == BT_CONNECTED) {
939 if (get_user(opt, (u16 __user *) optval)) {
956 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
959 struct sock *sk = sock->sk;
960 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
963 BT_DBG("sock %p, sk %p", sock, sk);
965 err = sock_error(sk);
969 if (msg->msg_flags & MSG_OOB)
972 if (sk->sk_state != BT_CONNECTED)
976 err = bt_sock_wait_ready(sk, msg->msg_flags);
981 l2cap_chan_lock(chan);
982 err = l2cap_chan_send(chan, msg, len);
983 l2cap_chan_unlock(chan);
988 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
989 size_t len, int flags)
991 struct sock *sk = sock->sk;
992 struct l2cap_pinfo *pi = l2cap_pi(sk);
997 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
998 &bt_sk(sk)->flags)) {
999 if (bdaddr_type_is_le(pi->chan->src_type)) {
1000 sk->sk_state = BT_CONNECTED;
1001 pi->chan->state = BT_CONNECTED;
1002 __l2cap_le_connect_rsp_defer(pi->chan);
1004 sk->sk_state = BT_CONFIG;
1005 pi->chan->state = BT_CONFIG;
1006 __l2cap_connect_rsp_defer(pi->chan);
1015 if (sock->type == SOCK_STREAM)
1016 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1018 err = bt_sock_recvmsg(sock, msg, len, flags);
1020 if (pi->chan->mode != L2CAP_MODE_ERTM)
1023 /* Attempt to put pending rx data in the socket buffer */
1027 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1030 if (pi->rx_busy_skb) {
1031 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1032 pi->rx_busy_skb = NULL;
1037 /* Restore data flow when half of the receive buffer is
1038 * available. This avoids resending large numbers of
1041 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1042 l2cap_chan_busy(pi->chan, 0);
1049 /* Kill socket (only if zapped and orphan)
1050 * Must be called on unlocked socket, with l2cap channel lock.
1052 static void l2cap_sock_kill(struct sock *sk)
1054 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1057 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1059 /* Kill poor orphan */
1061 l2cap_chan_put(l2cap_pi(sk)->chan);
1062 sock_set_flag(sk, SOCK_DEAD);
1066 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1068 DECLARE_WAITQUEUE(wait, current);
1070 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1071 /* Timeout to prevent infinite loop */
1072 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1074 add_wait_queue(sk_sleep(sk), &wait);
1075 set_current_state(TASK_INTERRUPTIBLE);
1077 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1078 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1079 jiffies_to_msecs(timeout - jiffies));
1082 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1084 if (signal_pending(current)) {
1085 err = sock_intr_errno(timeo);
1090 timeo = schedule_timeout(timeo);
1092 set_current_state(TASK_INTERRUPTIBLE);
1094 err = sock_error(sk);
1098 if (time_after(jiffies, timeout)) {
1103 } while (chan->unacked_frames > 0 &&
1104 chan->state == BT_CONNECTED);
1106 set_current_state(TASK_RUNNING);
1107 remove_wait_queue(sk_sleep(sk), &wait);
1111 static int l2cap_sock_shutdown(struct socket *sock, int how)
1113 struct sock *sk = sock->sk;
1114 struct l2cap_chan *chan;
1115 struct l2cap_conn *conn;
1118 BT_DBG("sock %p, sk %p", sock, sk);
1125 if (sk->sk_shutdown)
1126 goto shutdown_already;
1128 BT_DBG("Handling sock shutdown");
1130 /* prevent sk structure from being freed whilst unlocked */
1133 chan = l2cap_pi(sk)->chan;
1134 /* prevent chan structure from being freed whilst unlocked */
1135 l2cap_chan_hold(chan);
1137 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1139 if (chan->mode == L2CAP_MODE_ERTM &&
1140 chan->unacked_frames > 0 &&
1141 chan->state == BT_CONNECTED) {
1142 err = __l2cap_wait_ack(sk, chan);
1144 /* After waiting for ACKs, check whether shutdown
1145 * has already been actioned to close the L2CAP
1146 * link such as by l2cap_disconnection_req().
1148 if (sk->sk_shutdown)
1152 sk->sk_shutdown = SHUTDOWN_MASK;
1155 l2cap_chan_lock(chan);
1158 /* prevent conn structure from being freed */
1159 l2cap_conn_get(conn);
1160 l2cap_chan_unlock(chan);
1163 /* mutex lock must be taken before l2cap_chan_lock() */
1164 mutex_lock(&conn->chan_lock);
1166 l2cap_chan_lock(chan);
1167 l2cap_chan_close(chan, 0);
1168 l2cap_chan_unlock(chan);
1171 mutex_unlock(&conn->chan_lock);
1172 l2cap_conn_put(conn);
1177 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1178 !(current->flags & PF_EXITING))
1179 err = bt_sock_wait_state(sk, BT_CLOSED,
1183 l2cap_chan_put(chan);
1187 if (!err && sk->sk_err)
1192 BT_DBG("Sock shutdown complete err: %d", err);
1197 static int l2cap_sock_release(struct socket *sock)
1199 struct sock *sk = sock->sk;
1201 struct l2cap_chan *chan;
1203 BT_DBG("sock %p, sk %p", sock, sk);
1208 bt_sock_unlink(&l2cap_sk_list, sk);
1210 err = l2cap_sock_shutdown(sock, 2);
1211 chan = l2cap_pi(sk)->chan;
1213 l2cap_chan_hold(chan);
1214 l2cap_chan_lock(chan);
1217 l2cap_sock_kill(sk);
1219 l2cap_chan_unlock(chan);
1220 l2cap_chan_put(chan);
1225 static void l2cap_sock_cleanup_listen(struct sock *parent)
1229 BT_DBG("parent %p state %s", parent,
1230 state_to_string(parent->sk_state));
1232 /* Close not yet accepted channels */
1233 while ((sk = bt_accept_dequeue(parent, NULL))) {
1234 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1236 BT_DBG("child chan %p state %s", chan,
1237 state_to_string(chan->state));
1239 l2cap_chan_hold(chan);
1240 l2cap_chan_lock(chan);
1242 __clear_chan_timer(chan);
1243 l2cap_chan_close(chan, ECONNRESET);
1244 l2cap_sock_kill(sk);
1246 l2cap_chan_unlock(chan);
1247 l2cap_chan_put(chan);
1251 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1253 struct sock *sk, *parent = chan->data;
1257 /* Check for backlog size */
1258 if (sk_acceptq_is_full(parent)) {
1259 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1260 release_sock(parent);
1264 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1267 release_sock(parent);
1271 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1273 l2cap_sock_init(sk, parent);
1275 bt_accept_enqueue(parent, sk, false);
1277 release_sock(parent);
1279 return l2cap_pi(sk)->chan;
1282 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1284 struct sock *sk = chan->data;
1289 if (l2cap_pi(sk)->rx_busy_skb) {
1294 if (chan->mode != L2CAP_MODE_ERTM &&
1295 chan->mode != L2CAP_MODE_STREAMING) {
1296 /* Even if no filter is attached, we could potentially
1297 * get errors from security modules, etc.
1299 err = sk_filter(sk, skb);
1304 err = __sock_queue_rcv_skb(sk, skb);
1306 /* For ERTM, handle one skb that doesn't fit into the recv
1307 * buffer. This is important to do because the data frames
1308 * have already been acked, so the skb cannot be discarded.
1310 * Notify the l2cap core that the buffer is full, so the
1311 * LOCAL_BUSY state is entered and no more frames are
1312 * acked and reassembled until there is buffer space
1315 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1316 l2cap_pi(sk)->rx_busy_skb = skb;
1317 l2cap_chan_busy(chan, 1);
1327 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1329 struct sock *sk = chan->data;
1331 l2cap_sock_kill(sk);
1334 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1336 struct sock *sk = chan->data;
1337 struct sock *parent;
1339 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1341 /* This callback can be called both for server (BT_LISTEN)
1342 * sockets as well as "normal" ones. To avoid lockdep warnings
1343 * with child socket locking (through l2cap_sock_cleanup_listen)
1344 * we need separation into separate nesting levels. The simplest
1345 * way to accomplish this is to inherit the nesting level used
1348 lock_sock_nested(sk, atomic_read(&chan->nesting));
1350 parent = bt_sk(sk)->parent;
1352 switch (chan->state) {
1358 l2cap_sock_cleanup_listen(sk);
1359 sk->sk_state = BT_CLOSED;
1360 chan->state = BT_CLOSED;
1364 sk->sk_state = BT_CLOSED;
1365 chan->state = BT_CLOSED;
1370 bt_accept_unlink(sk);
1371 parent->sk_data_ready(parent);
1373 sk->sk_state_change(sk);
1380 /* Only zap after cleanup to avoid use after free race */
1381 sock_set_flag(sk, SOCK_ZAPPED);
1385 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1388 struct sock *sk = chan->data;
1390 sk->sk_state = state;
1396 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1397 unsigned long hdr_len,
1398 unsigned long len, int nb)
1400 struct sock *sk = chan->data;
1401 struct sk_buff *skb;
1404 l2cap_chan_unlock(chan);
1405 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1406 l2cap_chan_lock(chan);
1409 return ERR_PTR(err);
1411 skb->priority = sk->sk_priority;
1413 bt_cb(skb)->l2cap.chan = chan;
1418 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1420 struct sock *sk = chan->data;
1421 struct sock *parent;
1425 parent = bt_sk(sk)->parent;
1427 BT_DBG("sk %p, parent %p", sk, parent);
1429 sk->sk_state = BT_CONNECTED;
1430 sk->sk_state_change(sk);
1433 parent->sk_data_ready(parent);
1438 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1440 struct sock *parent, *sk = chan->data;
1444 parent = bt_sk(sk)->parent;
1446 parent->sk_data_ready(parent);
1451 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1453 struct sock *sk = chan->data;
1455 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1456 sk->sk_state = BT_CONNECTED;
1457 chan->state = BT_CONNECTED;
1460 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1461 sk->sk_state_change(sk);
1464 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1466 struct sock *sk = chan->data;
1469 sk->sk_shutdown = SHUTDOWN_MASK;
1473 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1475 struct sock *sk = chan->data;
1477 return sk->sk_sndtimeo;
1480 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1482 struct sock *sk = chan->data;
1484 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1485 sk->sk_state_change(sk);
1488 static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1490 struct sock *sk = chan->data;
1492 switch (chan->mode) {
1493 case L2CAP_MODE_ERTM:
1494 case L2CAP_MODE_STREAMING:
1495 return sk_filter(sk, skb);
1501 static const struct l2cap_ops l2cap_chan_ops = {
1502 .name = "L2CAP Socket Interface",
1503 .new_connection = l2cap_sock_new_connection_cb,
1504 .recv = l2cap_sock_recv_cb,
1505 .close = l2cap_sock_close_cb,
1506 .teardown = l2cap_sock_teardown_cb,
1507 .state_change = l2cap_sock_state_change_cb,
1508 .ready = l2cap_sock_ready_cb,
1509 .defer = l2cap_sock_defer_cb,
1510 .resume = l2cap_sock_resume_cb,
1511 .suspend = l2cap_sock_suspend_cb,
1512 .set_shutdown = l2cap_sock_set_shutdown_cb,
1513 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1514 .alloc_skb = l2cap_sock_alloc_skb_cb,
1515 .filter = l2cap_sock_filter,
1518 static void l2cap_sock_destruct(struct sock *sk)
1520 BT_DBG("sk %p", sk);
1522 if (l2cap_pi(sk)->chan)
1523 l2cap_chan_put(l2cap_pi(sk)->chan);
1525 if (l2cap_pi(sk)->rx_busy_skb) {
1526 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1527 l2cap_pi(sk)->rx_busy_skb = NULL;
1530 skb_queue_purge(&sk->sk_receive_queue);
1531 skb_queue_purge(&sk->sk_write_queue);
1534 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1537 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1539 memset(la, 0, sizeof(struct sockaddr_l2));
1540 la->l2_family = AF_BLUETOOTH;
1541 la->l2_psm = bt_cb(skb)->l2cap.psm;
1542 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1544 *msg_namelen = sizeof(struct sockaddr_l2);
1547 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1549 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1551 BT_DBG("sk %p", sk);
1554 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1556 sk->sk_type = parent->sk_type;
1557 bt_sk(sk)->flags = bt_sk(parent)->flags;
1559 chan->chan_type = pchan->chan_type;
1560 chan->imtu = pchan->imtu;
1561 chan->omtu = pchan->omtu;
1562 chan->conf_state = pchan->conf_state;
1563 chan->mode = pchan->mode;
1564 chan->fcs = pchan->fcs;
1565 chan->max_tx = pchan->max_tx;
1566 chan->tx_win = pchan->tx_win;
1567 chan->tx_win_max = pchan->tx_win_max;
1568 chan->sec_level = pchan->sec_level;
1569 chan->flags = pchan->flags;
1570 chan->tx_credits = pchan->tx_credits;
1571 chan->rx_credits = pchan->rx_credits;
1573 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1574 chan->scid = pchan->scid;
1575 chan->dcid = pchan->scid;
1578 security_sk_clone(parent, sk);
1580 switch (sk->sk_type) {
1582 chan->chan_type = L2CAP_CHAN_RAW;
1585 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1586 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1588 case SOCK_SEQPACKET:
1590 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1594 chan->imtu = L2CAP_DEFAULT_MTU;
1596 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1597 chan->mode = L2CAP_MODE_ERTM;
1598 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1600 chan->mode = L2CAP_MODE_BASIC;
1603 l2cap_chan_set_defaults(chan);
1606 /* Default config options */
1607 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1610 chan->ops = &l2cap_chan_ops;
1613 static struct proto l2cap_proto = {
1615 .owner = THIS_MODULE,
1616 .obj_size = sizeof(struct l2cap_pinfo)
1619 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1620 int proto, gfp_t prio, int kern)
1623 struct l2cap_chan *chan;
1625 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1629 sock_init_data(sock, sk);
1630 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1632 sk->sk_destruct = l2cap_sock_destruct;
1633 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1635 sock_reset_flag(sk, SOCK_ZAPPED);
1637 sk->sk_protocol = proto;
1638 sk->sk_state = BT_OPEN;
1640 chan = l2cap_chan_create();
1646 l2cap_chan_hold(chan);
1648 l2cap_pi(sk)->chan = chan;
1653 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1658 BT_DBG("sock %p", sock);
1660 sock->state = SS_UNCONNECTED;
1662 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1663 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1664 return -ESOCKTNOSUPPORT;
1666 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1669 sock->ops = &l2cap_sock_ops;
1671 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1675 l2cap_sock_init(sk, NULL);
1676 bt_sock_link(&l2cap_sk_list, sk);
1680 static const struct proto_ops l2cap_sock_ops = {
1681 .family = PF_BLUETOOTH,
1682 .owner = THIS_MODULE,
1683 .release = l2cap_sock_release,
1684 .bind = l2cap_sock_bind,
1685 .connect = l2cap_sock_connect,
1686 .listen = l2cap_sock_listen,
1687 .accept = l2cap_sock_accept,
1688 .getname = l2cap_sock_getname,
1689 .sendmsg = l2cap_sock_sendmsg,
1690 .recvmsg = l2cap_sock_recvmsg,
1691 .poll = bt_sock_poll,
1692 .ioctl = bt_sock_ioctl,
1693 .mmap = sock_no_mmap,
1694 .socketpair = sock_no_socketpair,
1695 .shutdown = l2cap_sock_shutdown,
1696 .setsockopt = l2cap_sock_setsockopt,
1697 .getsockopt = l2cap_sock_getsockopt
1700 static const struct net_proto_family l2cap_sock_family_ops = {
1701 .family = PF_BLUETOOTH,
1702 .owner = THIS_MODULE,
1703 .create = l2cap_sock_create,
1706 int __init l2cap_init_sockets(void)
1710 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1712 err = proto_register(&l2cap_proto, 0);
1716 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1718 BT_ERR("L2CAP socket registration failed");
1722 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1725 BT_ERR("Failed to create L2CAP proc file");
1726 bt_sock_unregister(BTPROTO_L2CAP);
1730 BT_INFO("L2CAP socket layer initialized");
1735 proto_unregister(&l2cap_proto);
1739 void l2cap_cleanup_sockets(void)
1741 bt_procfs_cleanup(&init_net, "l2cap");
1742 bt_sock_unregister(BTPROTO_L2CAP);
1743 proto_unregister(&l2cap_proto);
projects / releases.git / blob