Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
l2cap_sock.c
Go to the documentation of this file.
1 /*
2  BlueZ - Bluetooth protocol stack for Linux
3  Copyright (C) 2000-2001 Qualcomm Incorporated
4  Copyright (C) 2009-2010 Gustavo F. Padovan <[email protected]>
5  Copyright (C) 2010 Google Inc.
6  Copyright (C) 2011 ProFUSION Embedded Systems
7 
8  Written 2000,2001 by Maxim Krasnyansky <[email protected]>
9 
10  This program is free software; you can redistribute it and/or modify
11  it under the terms of the GNU General Public License version 2 as
12  published by the Free Software Foundation;
13 
14  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17  IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18  CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 
23  ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24  COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25  SOFTWARE IS DISCLAIMED.
26 */
27 
28 /* Bluetooth L2CAP sockets. */
29 
30 #include <linux/export.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 #include <net/bluetooth/smp.h>
36 
37 static struct bt_sock_list l2cap_sk_list = {
38  .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
39 };
40 
41 static const struct proto_ops l2cap_sock_ops;
42 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
44 
45 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
46 {
47  struct sock *sk = sock->sk;
48  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
49  struct sockaddr_l2 la;
50  int len, err = 0;
51 
52  BT_DBG("sk %p", sk);
53 
54  if (!addr || addr->sa_family != AF_BLUETOOTH)
55  return -EINVAL;
56 
57  memset(&la, 0, sizeof(la));
58  len = min_t(unsigned int, sizeof(la), alen);
59  memcpy(&la, addr, len);
60 
61  if (la.l2_cid && la.l2_psm)
62  return -EINVAL;
63 
64  lock_sock(sk);
65 
66  if (sk->sk_state != BT_OPEN) {
67  err = -EBADFD;
68  goto done;
69  }
70 
71  if (la.l2_psm) {
72  __u16 psm = __le16_to_cpu(la.l2_psm);
73 
74  /* PSM must be odd and lsb of upper byte must be 0 */
75  if ((psm & 0x0101) != 0x0001) {
76  err = -EINVAL;
77  goto done;
78  }
79 
80  /* Restrict usage of well-known PSMs */
81  if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
82  err = -EACCES;
83  goto done;
84  }
85  }
86 
87  if (la.l2_cid)
88  err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
89  else
90  err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
91 
92  if (err < 0)
93  goto done;
94 
95  if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
96  __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
97  chan->sec_level = BT_SECURITY_SDP;
98 
99  bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
100 
101  chan->state = BT_BOUND;
102  sk->sk_state = BT_BOUND;
103 
104 done:
105  release_sock(sk);
106  return err;
107 }
108 
109 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
110 {
111  struct sock *sk = sock->sk;
112  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
113  struct sockaddr_l2 la;
114  int len, err = 0;
115 
116  BT_DBG("sk %p", sk);
117 
118  if (!addr || alen < sizeof(addr->sa_family) ||
119  addr->sa_family != AF_BLUETOOTH)
120  return -EINVAL;
121 
122  memset(&la, 0, sizeof(la));
123  len = min_t(unsigned int, sizeof(la), alen);
124  memcpy(&la, addr, len);
125 
126  if (la.l2_cid && la.l2_psm)
127  return -EINVAL;
128 
129  err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
130  &la.l2_bdaddr, la.l2_bdaddr_type);
131  if (err)
132  return err;
133 
134  lock_sock(sk);
135 
136  err = bt_sock_wait_state(sk, BT_CONNECTED,
137  sock_sndtimeo(sk, flags & O_NONBLOCK));
138 
139  release_sock(sk);
140 
141  return err;
142 }
143 
144 static int l2cap_sock_listen(struct socket *sock, int backlog)
145 {
146  struct sock *sk = sock->sk;
147  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
148  int err = 0;
149 
150  BT_DBG("sk %p backlog %d", sk, backlog);
151 
152  lock_sock(sk);
153 
154  if (sk->sk_state != BT_BOUND) {
155  err = -EBADFD;
156  goto done;
157  }
158 
159  if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
160  err = -EINVAL;
161  goto done;
162  }
163 
164  switch (chan->mode) {
165  case L2CAP_MODE_BASIC:
166  break;
167  case L2CAP_MODE_ERTM:
168  case L2CAP_MODE_STREAMING:
169  if (!disable_ertm)
170  break;
171  /* fall through */
172  default:
173  err = -ENOTSUPP;
174  goto done;
175  }
176 
177  sk->sk_max_ack_backlog = backlog;
178  sk->sk_ack_backlog = 0;
179 
180  chan->state = BT_LISTEN;
181  sk->sk_state = BT_LISTEN;
182 
183 done:
184  release_sock(sk);
185  return err;
186 }
187 
188 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
189 {
190  DECLARE_WAITQUEUE(wait, current);
191  struct sock *sk = sock->sk, *nsk;
192  long timeo;
193  int err = 0;
194 
195  lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
196 
197  timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
198 
199  BT_DBG("sk %p timeo %ld", sk, timeo);
200 
201  /* Wait for an incoming connection. (wake-one). */
202  add_wait_queue_exclusive(sk_sleep(sk), &wait);
203  while (1) {
204  set_current_state(TASK_INTERRUPTIBLE);
205 
206  if (sk->sk_state != BT_LISTEN) {
207  err = -EBADFD;
208  break;
209  }
210 
211  nsk = bt_accept_dequeue(sk, newsock);
212  if (nsk)
213  break;
214 
215  if (!timeo) {
216  err = -EAGAIN;
217  break;
218  }
219 
220  if (signal_pending(current)) {
221  err = sock_intr_errno(timeo);
222  break;
223  }
224 
225  release_sock(sk);
226  timeo = schedule_timeout(timeo);
227  lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
228  }
229  __set_current_state(TASK_RUNNING);
230  remove_wait_queue(sk_sleep(sk), &wait);
231 
232  if (err)
233  goto done;
234 
235  newsock->state = SS_CONNECTED;
236 
237  BT_DBG("new socket %p", nsk);
238 
239 done:
240  release_sock(sk);
241  return err;
242 }
243 
244 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
245 {
246  struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
247  struct sock *sk = sock->sk;
248  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
249 
250  BT_DBG("sock %p, sk %p", sock, sk);
251 
252  memset(la, 0, sizeof(struct sockaddr_l2));
253  addr->sa_family = AF_BLUETOOTH;
254  *len = sizeof(struct sockaddr_l2);
255 
256  if (peer) {
257  la->l2_psm = chan->psm;
258  bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
259  la->l2_cid = cpu_to_le16(chan->dcid);
260  } else {
261  la->l2_psm = chan->sport;
262  bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
263  la->l2_cid = cpu_to_le16(chan->scid);
264  }
265 
266  return 0;
267 }
268 
269 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
270 {
271  struct sock *sk = sock->sk;
272  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
273  struct l2cap_options opts;
274  struct l2cap_conninfo cinfo;
275  int len, err = 0;
276  u32 opt;
277 
278  BT_DBG("sk %p", sk);
279 
280  if (get_user(len, optlen))
281  return -EFAULT;
282 
283  lock_sock(sk);
284 
285  switch (optname) {
286  case L2CAP_OPTIONS:
287  memset(&opts, 0, sizeof(opts));
288  opts.imtu = chan->imtu;
289  opts.omtu = chan->omtu;
290  opts.flush_to = chan->flush_to;
291  opts.mode = chan->mode;
292  opts.fcs = chan->fcs;
293  opts.max_tx = chan->max_tx;
294  opts.txwin_size = chan->tx_win;
295 
296  len = min_t(unsigned int, len, sizeof(opts));
297  if (copy_to_user(optval, (char *) &opts, len))
298  err = -EFAULT;
299 
300  break;
301 
302  case L2CAP_LM:
303  switch (chan->sec_level) {
304  case BT_SECURITY_LOW:
305  opt = L2CAP_LM_AUTH;
306  break;
307  case BT_SECURITY_MEDIUM:
308  opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
309  break;
310  case BT_SECURITY_HIGH:
311  opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
312  L2CAP_LM_SECURE;
313  break;
314  default:
315  opt = 0;
316  break;
317  }
318 
319  if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
320  opt |= L2CAP_LM_MASTER;
321 
322  if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
323  opt |= L2CAP_LM_RELIABLE;
324 
325  if (put_user(opt, (u32 __user *) optval))
326  err = -EFAULT;
327  break;
328 
329  case L2CAP_CONNINFO:
330  if (sk->sk_state != BT_CONNECTED &&
331  !(sk->sk_state == BT_CONNECT2 &&
332  test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
333  err = -ENOTCONN;
334  break;
335  }
336 
337  memset(&cinfo, 0, sizeof(cinfo));
338  cinfo.hci_handle = chan->conn->hcon->handle;
339  memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
340 
341  len = min_t(unsigned int, len, sizeof(cinfo));
342  if (copy_to_user(optval, (char *) &cinfo, len))
343  err = -EFAULT;
344 
345  break;
346 
347  default:
348  err = -ENOPROTOOPT;
349  break;
350  }
351 
352  release_sock(sk);
353  return err;
354 }
355 
356 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
357 {
358  struct sock *sk = sock->sk;
359  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
360  struct bt_security sec;
361  struct bt_power pwr;
362  int len, err = 0;
363 
364  BT_DBG("sk %p", sk);
365 
366  if (level == SOL_L2CAP)
367  return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
368 
369  if (level != SOL_BLUETOOTH)
370  return -ENOPROTOOPT;
371 
372  if (get_user(len, optlen))
373  return -EFAULT;
374 
375  lock_sock(sk);
376 
377  switch (optname) {
378  case BT_SECURITY:
379  if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
380  chan->chan_type != L2CAP_CHAN_RAW) {
381  err = -EINVAL;
382  break;
383  }
384 
385  memset(&sec, 0, sizeof(sec));
386  if (chan->conn)
387  sec.level = chan->conn->hcon->sec_level;
388  else
389  sec.level = chan->sec_level;
390 
391  if (sk->sk_state == BT_CONNECTED)
392  sec.key_size = chan->conn->hcon->enc_key_size;
393 
394  len = min_t(unsigned int, len, sizeof(sec));
395  if (copy_to_user(optval, (char *) &sec, len))
396  err = -EFAULT;
397 
398  break;
399 
400  case BT_DEFER_SETUP:
401  if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
402  err = -EINVAL;
403  break;
404  }
405 
406  if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
407  (u32 __user *) optval))
408  err = -EFAULT;
409 
410  break;
411 
412  case BT_FLUSHABLE:
413  if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
414  (u32 __user *) optval))
415  err = -EFAULT;
416 
417  break;
418 
419  case BT_POWER:
420  if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
421  && sk->sk_type != SOCK_RAW) {
422  err = -EINVAL;
423  break;
424  }
425 
426  pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
427 
428  len = min_t(unsigned int, len, sizeof(pwr));
429  if (copy_to_user(optval, (char *) &pwr, len))
430  err = -EFAULT;
431 
432  break;
433 
434  case BT_CHANNEL_POLICY:
435  if (!enable_hs) {
436  err = -ENOPROTOOPT;
437  break;
438  }
439 
440  if (put_user(chan->chan_policy, (u32 __user *) optval))
441  err = -EFAULT;
442  break;
443 
444  default:
445  err = -ENOPROTOOPT;
446  break;
447  }
448 
449  release_sock(sk);
450  return err;
451 }
452 
453 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
454 {
455  switch (chan->scid) {
456  case L2CAP_CID_LE_DATA:
457  if (mtu < L2CAP_LE_MIN_MTU)
458  return false;
459  break;
460 
461  default:
462  if (mtu < L2CAP_DEFAULT_MIN_MTU)
463  return false;
464  }
465 
466  return true;
467 }
468 
469 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
470 {
471  struct sock *sk = sock->sk;
472  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
473  struct l2cap_options opts;
474  int len, err = 0;
475  u32 opt;
476 
477  BT_DBG("sk %p", sk);
478 
479  lock_sock(sk);
480 
481  switch (optname) {
482  case L2CAP_OPTIONS:
483  if (sk->sk_state == BT_CONNECTED) {
484  err = -EINVAL;
485  break;
486  }
487 
488  opts.imtu = chan->imtu;
489  opts.omtu = chan->omtu;
490  opts.flush_to = chan->flush_to;
491  opts.mode = chan->mode;
492  opts.fcs = chan->fcs;
493  opts.max_tx = chan->max_tx;
494  opts.txwin_size = chan->tx_win;
495 
496  len = min_t(unsigned int, sizeof(opts), optlen);
497  if (copy_from_user((char *) &opts, optval, len)) {
498  err = -EFAULT;
499  break;
500  }
501 
502  if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
503  err = -EINVAL;
504  break;
505  }
506 
507  if (!l2cap_valid_mtu(chan, opts.imtu)) {
508  err = -EINVAL;
509  break;
510  }
511 
512  chan->mode = opts.mode;
513  switch (chan->mode) {
514  case L2CAP_MODE_BASIC:
515  clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
516  break;
517  case L2CAP_MODE_ERTM:
518  case L2CAP_MODE_STREAMING:
519  if (!disable_ertm)
520  break;
521  /* fall through */
522  default:
523  err = -EINVAL;
524  break;
525  }
526 
527  chan->imtu = opts.imtu;
528  chan->omtu = opts.omtu;
529  chan->fcs = opts.fcs;
530  chan->max_tx = opts.max_tx;
531  chan->tx_win = opts.txwin_size;
532  break;
533 
534  case L2CAP_LM:
535  if (get_user(opt, (u32 __user *) optval)) {
536  err = -EFAULT;
537  break;
538  }
539 
540  if (opt & L2CAP_LM_AUTH)
541  chan->sec_level = BT_SECURITY_LOW;
542  if (opt & L2CAP_LM_ENCRYPT)
543  chan->sec_level = BT_SECURITY_MEDIUM;
544  if (opt & L2CAP_LM_SECURE)
545  chan->sec_level = BT_SECURITY_HIGH;
546 
547  if (opt & L2CAP_LM_MASTER)
548  set_bit(FLAG_ROLE_SWITCH, &chan->flags);
549  else
550  clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
551 
552  if (opt & L2CAP_LM_RELIABLE)
553  set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
554  else
555  clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
556  break;
557 
558  default:
559  err = -ENOPROTOOPT;
560  break;
561  }
562 
563  release_sock(sk);
564  return err;
565 }
566 
567 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
568 {
569  struct sock *sk = sock->sk;
570  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
571  struct bt_security sec;
572  struct bt_power pwr;
573  struct l2cap_conn *conn;
574  int len, err = 0;
575  u32 opt;
576 
577  BT_DBG("sk %p", sk);
578 
579  if (level == SOL_L2CAP)
580  return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
581 
582  if (level != SOL_BLUETOOTH)
583  return -ENOPROTOOPT;
584 
585  lock_sock(sk);
586 
587  switch (optname) {
588  case BT_SECURITY:
589  if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
590  chan->chan_type != L2CAP_CHAN_RAW) {
591  err = -EINVAL;
592  break;
593  }
594 
595  sec.level = BT_SECURITY_LOW;
596 
597  len = min_t(unsigned int, sizeof(sec), optlen);
598  if (copy_from_user((char *) &sec, optval, len)) {
599  err = -EFAULT;
600  break;
601  }
602 
603  if (sec.level < BT_SECURITY_LOW ||
604  sec.level > BT_SECURITY_HIGH) {
605  err = -EINVAL;
606  break;
607  }
608 
609  chan->sec_level = sec.level;
610 
611  if (!chan->conn)
612  break;
613 
614  conn = chan->conn;
615 
616  /*change security for LE channels */
617  if (chan->scid == L2CAP_CID_LE_DATA) {
618  if (!conn->hcon->out) {
619  err = -EINVAL;
620  break;
621  }
622 
623  if (smp_conn_security(conn->hcon, sec.level))
624  break;
625  sk->sk_state = BT_CONFIG;
626  chan->state = BT_CONFIG;
627 
628  /* or for ACL link */
629  } else if ((sk->sk_state == BT_CONNECT2 &&
630  test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
631  sk->sk_state == BT_CONNECTED) {
632  if (!l2cap_chan_check_security(chan))
633  set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
634  else
635  sk->sk_state_change(sk);
636  } else {
637  err = -EINVAL;
638  }
639  break;
640 
641  case BT_DEFER_SETUP:
642  if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
643  err = -EINVAL;
644  break;
645  }
646 
647  if (get_user(opt, (u32 __user *) optval)) {
648  err = -EFAULT;
649  break;
650  }
651 
652  if (opt)
653  set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
654  else
655  clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
656  break;
657 
658  case BT_FLUSHABLE:
659  if (get_user(opt, (u32 __user *) optval)) {
660  err = -EFAULT;
661  break;
662  }
663 
664  if (opt > BT_FLUSHABLE_ON) {
665  err = -EINVAL;
666  break;
667  }
668 
669  if (opt == BT_FLUSHABLE_OFF) {
670  struct l2cap_conn *conn = chan->conn;
671  /* proceed further only when we have l2cap_conn and
672  No Flush support in the LM */
673  if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
674  err = -EINVAL;
675  break;
676  }
677  }
678 
679  if (opt)
680  set_bit(FLAG_FLUSHABLE, &chan->flags);
681  else
682  clear_bit(FLAG_FLUSHABLE, &chan->flags);
683  break;
684 
685  case BT_POWER:
686  if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
687  chan->chan_type != L2CAP_CHAN_RAW) {
688  err = -EINVAL;
689  break;
690  }
691 
692  pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
693 
694  len = min_t(unsigned int, sizeof(pwr), optlen);
695  if (copy_from_user((char *) &pwr, optval, len)) {
696  err = -EFAULT;
697  break;
698  }
699 
700  if (pwr.force_active)
701  set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
702  else
703  clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
704  break;
705 
706  case BT_CHANNEL_POLICY:
707  if (!enable_hs) {
708  err = -ENOPROTOOPT;
709  break;
710  }
711 
712  if (get_user(opt, (u32 __user *) optval)) {
713  err = -EFAULT;
714  break;
715  }
716 
717  if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
718  err = -EINVAL;
719  break;
720  }
721 
722  if (chan->mode != L2CAP_MODE_ERTM &&
723  chan->mode != L2CAP_MODE_STREAMING) {
724  err = -EOPNOTSUPP;
725  break;
726  }
727 
728  chan->chan_policy = (u8) opt;
729  break;
730 
731  default:
732  err = -ENOPROTOOPT;
733  break;
734  }
735 
736  release_sock(sk);
737  return err;
738 }
739 
740 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
741 {
742  struct sock *sk = sock->sk;
743  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
744  int err;
745 
746  BT_DBG("sock %p, sk %p", sock, sk);
747 
748  err = sock_error(sk);
749  if (err)
750  return err;
751 
752  if (msg->msg_flags & MSG_OOB)
753  return -EOPNOTSUPP;
754 
755  if (sk->sk_state != BT_CONNECTED)
756  return -ENOTCONN;
757 
758  l2cap_chan_lock(chan);
759  err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
760  l2cap_chan_unlock(chan);
761 
762  return err;
763 }
764 
765 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
766 {
767  struct sock *sk = sock->sk;
768  struct l2cap_pinfo *pi = l2cap_pi(sk);
769  int err;
770 
771  lock_sock(sk);
772 
773  if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
774  &bt_sk(sk)->flags)) {
775  sk->sk_state = BT_CONFIG;
776  pi->chan->state = BT_CONFIG;
777 
778  __l2cap_connect_rsp_defer(pi->chan);
779  release_sock(sk);
780  return 0;
781  }
782 
783  release_sock(sk);
784 
785  if (sock->type == SOCK_STREAM)
786  err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
787  else
788  err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
789 
790  if (pi->chan->mode != L2CAP_MODE_ERTM)
791  return err;
792 
793  /* Attempt to put pending rx data in the socket buffer */
794 
795  lock_sock(sk);
796 
797  if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
798  goto done;
799 
800  if (pi->rx_busy_skb) {
801  if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
802  pi->rx_busy_skb = NULL;
803  else
804  goto done;
805  }
806 
807  /* Restore data flow when half of the receive buffer is
808  * available. This avoids resending large numbers of
809  * frames.
810  */
811  if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
812  l2cap_chan_busy(pi->chan, 0);
813 
814 done:
815  release_sock(sk);
816  return err;
817 }
818 
819 /* Kill socket (only if zapped and orphan)
820  * Must be called on unlocked socket.
821  */
822 static void l2cap_sock_kill(struct sock *sk)
823 {
824  if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
825  return;
826 
827  BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
828 
829  /* Kill poor orphan */
830 
831  l2cap_chan_put(l2cap_pi(sk)->chan);
832  sock_set_flag(sk, SOCK_DEAD);
833  sock_put(sk);
834 }
835 
836 static int l2cap_sock_shutdown(struct socket *sock, int how)
837 {
838  struct sock *sk = sock->sk;
839  struct l2cap_chan *chan;
840  struct l2cap_conn *conn;
841  int err = 0;
842 
843  BT_DBG("sock %p, sk %p", sock, sk);
844 
845  if (!sk)
846  return 0;
847 
848  chan = l2cap_pi(sk)->chan;
849  conn = chan->conn;
850 
851  if (conn)
852  mutex_lock(&conn->chan_lock);
853 
854  l2cap_chan_lock(chan);
855  lock_sock(sk);
856 
857  if (!sk->sk_shutdown) {
858  if (chan->mode == L2CAP_MODE_ERTM)
859  err = __l2cap_wait_ack(sk);
860 
861  sk->sk_shutdown = SHUTDOWN_MASK;
862 
863  release_sock(sk);
864  l2cap_chan_close(chan, 0);
865  lock_sock(sk);
866 
867  if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
868  err = bt_sock_wait_state(sk, BT_CLOSED,
869  sk->sk_lingertime);
870  }
871 
872  if (!err && sk->sk_err)
873  err = -sk->sk_err;
874 
875  release_sock(sk);
876  l2cap_chan_unlock(chan);
877 
878  if (conn)
879  mutex_unlock(&conn->chan_lock);
880 
881  return err;
882 }
883 
884 static int l2cap_sock_release(struct socket *sock)
885 {
886  struct sock *sk = sock->sk;
887  int err;
888 
889  BT_DBG("sock %p, sk %p", sock, sk);
890 
891  if (!sk)
892  return 0;
893 
894  bt_sock_unlink(&l2cap_sk_list, sk);
895 
896  err = l2cap_sock_shutdown(sock, 2);
897 
898  sock_orphan(sk);
899  l2cap_sock_kill(sk);
900  return err;
901 }
902 
903 static void l2cap_sock_cleanup_listen(struct sock *parent)
904 {
905  struct sock *sk;
906 
907  BT_DBG("parent %p", parent);
908 
909  /* Close not yet accepted channels */
910  while ((sk = bt_accept_dequeue(parent, NULL))) {
911  struct l2cap_chan *chan = l2cap_pi(sk)->chan;
912 
913  l2cap_chan_lock(chan);
914  __clear_chan_timer(chan);
915  l2cap_chan_close(chan, ECONNRESET);
916  l2cap_chan_unlock(chan);
917 
918  l2cap_sock_kill(sk);
919  }
920 }
921 
922 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
923 {
924  struct sock *sk, *parent = chan->data;
925 
926  /* Check for backlog size */
927  if (sk_acceptq_is_full(parent)) {
928  BT_DBG("backlog full %d", parent->sk_ack_backlog);
929  return NULL;
930  }
931 
932  sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
933  GFP_ATOMIC);
934  if (!sk)
935  return NULL;
936 
937  bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
938 
939  l2cap_sock_init(sk, parent);
940 
941  return l2cap_pi(sk)->chan;
942 }
943 
944 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
945 {
946  int err;
947  struct sock *sk = chan->data;
948  struct l2cap_pinfo *pi = l2cap_pi(sk);
949 
950  lock_sock(sk);
951 
952  if (pi->rx_busy_skb) {
953  err = -ENOMEM;
954  goto done;
955  }
956 
957  err = sock_queue_rcv_skb(sk, skb);
958 
959  /* For ERTM, handle one skb that doesn't fit into the recv
960  * buffer. This is important to do because the data frames
961  * have already been acked, so the skb cannot be discarded.
962  *
963  * Notify the l2cap core that the buffer is full, so the
964  * LOCAL_BUSY state is entered and no more frames are
965  * acked and reassembled until there is buffer space
966  * available.
967  */
968  if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
969  pi->rx_busy_skb = skb;
970  l2cap_chan_busy(pi->chan, 1);
971  err = 0;
972  }
973 
974 done:
975  release_sock(sk);
976 
977  return err;
978 }
979 
980 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
981 {
982  struct sock *sk = chan->data;
983 
984  l2cap_sock_kill(sk);
985 }
986 
987 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
988 {
989  struct sock *sk = chan->data;
990  struct sock *parent;
991 
992  lock_sock(sk);
993 
994  parent = bt_sk(sk)->parent;
995 
996  sock_set_flag(sk, SOCK_ZAPPED);
997 
998  switch (chan->state) {
999  case BT_OPEN:
1000  case BT_BOUND:
1001  case BT_CLOSED:
1002  break;
1003  case BT_LISTEN:
1004  l2cap_sock_cleanup_listen(sk);
1005  sk->sk_state = BT_CLOSED;
1006  chan->state = BT_CLOSED;
1007 
1008  break;
1009  default:
1010  sk->sk_state = BT_CLOSED;
1011  chan->state = BT_CLOSED;
1012 
1013  sk->sk_err = err;
1014 
1015  if (parent) {
1016  bt_accept_unlink(sk);
1017  parent->sk_data_ready(parent, 0);
1018  } else {
1019  sk->sk_state_change(sk);
1020  }
1021 
1022  break;
1023  }
1024 
1025  release_sock(sk);
1026 }
1027 
1028 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1029 {
1030  struct sock *sk = chan->data;
1031 
1032  sk->sk_state = state;
1033 }
1034 
1035 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1036  unsigned long len, int nb)
1037 {
1038  struct sk_buff *skb;
1039  int err;
1040 
1041  l2cap_chan_unlock(chan);
1042  skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1043  l2cap_chan_lock(chan);
1044 
1045  if (!skb)
1046  return ERR_PTR(err);
1047 
1048  return skb;
1049 }
1050 
1051 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1052 {
1053  struct sock *sk = chan->data;
1054  struct sock *parent;
1055 
1056  lock_sock(sk);
1057 
1058  parent = bt_sk(sk)->parent;
1059 
1060  BT_DBG("sk %p, parent %p", sk, parent);
1061 
1062  sk->sk_state = BT_CONNECTED;
1063  sk->sk_state_change(sk);
1064 
1065  if (parent)
1066  parent->sk_data_ready(parent, 0);
1067 
1068  release_sock(sk);
1069 }
1070 
1071 static struct l2cap_ops l2cap_chan_ops = {
1072  .name = "L2CAP Socket Interface",
1073  .new_connection = l2cap_sock_new_connection_cb,
1074  .recv = l2cap_sock_recv_cb,
1075  .close = l2cap_sock_close_cb,
1076  .teardown = l2cap_sock_teardown_cb,
1077  .state_change = l2cap_sock_state_change_cb,
1078  .ready = l2cap_sock_ready_cb,
1079  .alloc_skb = l2cap_sock_alloc_skb_cb,
1080 };
1081 
1082 static void l2cap_sock_destruct(struct sock *sk)
1083 {
1084  BT_DBG("sk %p", sk);
1085 
1086  l2cap_chan_put(l2cap_pi(sk)->chan);
1087  if (l2cap_pi(sk)->rx_busy_skb) {
1088  kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1089  l2cap_pi(sk)->rx_busy_skb = NULL;
1090  }
1091 
1092  skb_queue_purge(&sk->sk_receive_queue);
1093  skb_queue_purge(&sk->sk_write_queue);
1094 }
1095 
1096 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1097 {
1098  struct l2cap_pinfo *pi = l2cap_pi(sk);
1099  struct l2cap_chan *chan = pi->chan;
1100 
1101  BT_DBG("sk %p", sk);
1102 
1103  if (parent) {
1104  struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1105 
1106  sk->sk_type = parent->sk_type;
1107  bt_sk(sk)->flags = bt_sk(parent)->flags;
1108 
1109  chan->chan_type = pchan->chan_type;
1110  chan->imtu = pchan->imtu;
1111  chan->omtu = pchan->omtu;
1112  chan->conf_state = pchan->conf_state;
1113  chan->mode = pchan->mode;
1114  chan->fcs = pchan->fcs;
1115  chan->max_tx = pchan->max_tx;
1116  chan->tx_win = pchan->tx_win;
1117  chan->tx_win_max = pchan->tx_win_max;
1118  chan->sec_level = pchan->sec_level;
1119  chan->flags = pchan->flags;
1120 
1121  security_sk_clone(parent, sk);
1122  } else {
1123 
1124  switch (sk->sk_type) {
1125  case SOCK_RAW:
1126  chan->chan_type = L2CAP_CHAN_RAW;
1127  break;
1128  case SOCK_DGRAM:
1129  chan->chan_type = L2CAP_CHAN_CONN_LESS;
1130  break;
1131  case SOCK_SEQPACKET:
1132  case SOCK_STREAM:
1133  chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1134  break;
1135  }
1136 
1137  chan->imtu = L2CAP_DEFAULT_MTU;
1138  chan->omtu = 0;
1139  if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1140  chan->mode = L2CAP_MODE_ERTM;
1141  set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1142  } else {
1143  chan->mode = L2CAP_MODE_BASIC;
1144  }
1145 
1146  l2cap_chan_set_defaults(chan);
1147  }
1148 
1149  /* Default config options */
1150  chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1151 
1152  chan->data = sk;
1153  chan->ops = &l2cap_chan_ops;
1154 }
1155 
1156 static struct proto l2cap_proto = {
1157  .name = "L2CAP",
1158  .owner = THIS_MODULE,
1159  .obj_size = sizeof(struct l2cap_pinfo)
1160 };
1161 
1162 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1163 {
1164  struct sock *sk;
1165  struct l2cap_chan *chan;
1166 
1167  sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1168  if (!sk)
1169  return NULL;
1170 
1171  sock_init_data(sock, sk);
1172  INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1173 
1174  sk->sk_destruct = l2cap_sock_destruct;
1175  sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1176 
1177  sock_reset_flag(sk, SOCK_ZAPPED);
1178 
1179  sk->sk_protocol = proto;
1180  sk->sk_state = BT_OPEN;
1181 
1182  chan = l2cap_chan_create();
1183  if (!chan) {
1184  sk_free(sk);
1185  return NULL;
1186  }
1187 
1188  l2cap_chan_hold(chan);
1189 
1190  chan->sk = sk;
1191 
1192  l2cap_pi(sk)->chan = chan;
1193 
1194  return sk;
1195 }
1196 
1197 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1198  int kern)
1199 {
1200  struct sock *sk;
1201 
1202  BT_DBG("sock %p", sock);
1203 
1204  sock->state = SS_UNCONNECTED;
1205 
1206  if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1207  sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1208  return -ESOCKTNOSUPPORT;
1209 
1210  if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1211  return -EPERM;
1212 
1213  sock->ops = &l2cap_sock_ops;
1214 
1215  sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1216  if (!sk)
1217  return -ENOMEM;
1218 
1219  l2cap_sock_init(sk, NULL);
1220  bt_sock_link(&l2cap_sk_list, sk);
1221  return 0;
1222 }
1223 
1224 static const struct proto_ops l2cap_sock_ops = {
1225  .family = PF_BLUETOOTH,
1226  .owner = THIS_MODULE,
1227  .release = l2cap_sock_release,
1228  .bind = l2cap_sock_bind,
1229  .connect = l2cap_sock_connect,
1230  .listen = l2cap_sock_listen,
1231  .accept = l2cap_sock_accept,
1232  .getname = l2cap_sock_getname,
1233  .sendmsg = l2cap_sock_sendmsg,
1234  .recvmsg = l2cap_sock_recvmsg,
1235  .poll = bt_sock_poll,
1236  .ioctl = bt_sock_ioctl,
1237  .mmap = sock_no_mmap,
1238  .socketpair = sock_no_socketpair,
1239  .shutdown = l2cap_sock_shutdown,
1240  .setsockopt = l2cap_sock_setsockopt,
1241  .getsockopt = l2cap_sock_getsockopt
1242 };
1243 
1244 static const struct net_proto_family l2cap_sock_family_ops = {
1245  .family = PF_BLUETOOTH,
1246  .owner = THIS_MODULE,
1247  .create = l2cap_sock_create,
1248 };
1249 
1250 int __init l2cap_init_sockets(void)
1251 {
1252  int err;
1253 
1254  err = proto_register(&l2cap_proto, 0);
1255  if (err < 0)
1256  return err;
1257 
1258  err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1259  if (err < 0) {
1260  BT_ERR("L2CAP socket registration failed");
1261  goto error;
1262  }
1263 
1264  err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL);
1265  if (err < 0) {
1266  BT_ERR("Failed to create L2CAP proc file");
1267  bt_sock_unregister(BTPROTO_L2CAP);
1268  goto error;
1269  }
1270 
1271  BT_INFO("L2CAP socket layer initialized");
1272 
1273  return 0;
1274 
1275 error:
1276  proto_unregister(&l2cap_proto);
1277  return err;
1278 }
1279 
1280 void l2cap_cleanup_sockets(void)
1281 {
1282  bt_procfs_cleanup(&init_net, "l2cap");
1283  if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1284  BT_ERR("L2CAP socket unregistration failed");
1285 
1286  proto_unregister(&l2cap_proto);
1287 }
Generated on Thu Jan 10 2013 14:57:03 for Linux Kernel by   doxygen 1.8.2