1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25 */
26
27 /* Bluetooth L2CAP sockets. */
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
32
33 /* ---- L2CAP timers ---- */
l2cap_sock_timeout(unsigned long arg)34 static void l2cap_sock_timeout(unsigned long arg)
35 {
36 struct sock *sk = (struct sock *) arg;
37 int reason;
38
39 BT_DBG("sock %p state %d", sk, sk->sk_state);
40
41 bh_lock_sock(sk);
42
43 if (sock_owned_by_user(sk)) {
44 /* sk is owned by user. Try again later */
45 l2cap_sock_set_timer(sk, HZ / 5);
46 bh_unlock_sock(sk);
47 sock_put(sk);
48 return;
49 }
50
51 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
52 reason = ECONNREFUSED;
53 else if (sk->sk_state == BT_CONNECT &&
54 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
55 reason = ECONNREFUSED;
56 else
57 reason = ETIMEDOUT;
58
59 __l2cap_sock_close(sk, reason);
60
61 bh_unlock_sock(sk);
62
63 l2cap_sock_kill(sk);
64 sock_put(sk);
65 }
66
l2cap_sock_set_timer(struct sock * sk,long timeout)67 void l2cap_sock_set_timer(struct sock *sk, long timeout)
68 {
69 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
70 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
71 }
72
l2cap_sock_clear_timer(struct sock * sk)73 void l2cap_sock_clear_timer(struct sock *sk)
74 {
75 BT_DBG("sock %p state %d", sk, sk->sk_state);
76 sk_stop_timer(sk, &sk->sk_timer);
77 }
78
__l2cap_get_sock_by_addr(__le16 psm,bdaddr_t * src)79 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
80 {
81 struct sock *sk;
82 struct hlist_node *node;
83 sk_for_each(sk, node, &l2cap_sk_list.head)
84 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
85 goto found;
86 sk = NULL;
87 found:
88 return sk;
89 }
90
l2cap_sock_bind(struct socket * sock,struct sockaddr * addr,int alen)91 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
92 {
93 struct sock *sk = sock->sk;
94 struct sockaddr_l2 la;
95 int len, err = 0;
96
97 BT_DBG("sk %p", sk);
98
99 if (!addr || addr->sa_family != AF_BLUETOOTH)
100 return -EINVAL;
101
102 memset(&la, 0, sizeof(la));
103 len = min_t(unsigned int, sizeof(la), alen);
104 memcpy(&la, addr, len);
105
106 if (la.l2_cid && la.l2_psm)
107 return -EINVAL;
108
109 lock_sock(sk);
110
111 if (sk->sk_state != BT_OPEN) {
112 err = -EBADFD;
113 goto done;
114 }
115
116 if (la.l2_psm) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
118
119 /* PSM must be odd and lsb of upper byte must be 0 */
120 if ((psm & 0x0101) != 0x0001) {
121 err = -EINVAL;
122 goto done;
123 }
124
125 /* Restrict usage of well-known PSMs */
126 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
127 err = -EACCES;
128 goto done;
129 }
130 }
131
132 write_lock_bh(&l2cap_sk_list.lock);
133
134 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
135 err = -EADDRINUSE;
136 } else {
137 /* Save source address */
138 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
139 l2cap_pi(sk)->psm = la.l2_psm;
140 l2cap_pi(sk)->sport = la.l2_psm;
141 sk->sk_state = BT_BOUND;
142
143 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
144 __le16_to_cpu(la.l2_psm) == 0x0003)
145 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
146 }
147
148 if (la.l2_cid)
149 l2cap_pi(sk)->scid = la.l2_cid;
150
151 write_unlock_bh(&l2cap_sk_list.lock);
152
153 done:
154 release_sock(sk);
155 return err;
156 }
157
l2cap_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)158 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
159 {
160 struct sock *sk = sock->sk;
161 struct sockaddr_l2 la;
162 int len, err = 0;
163
164 BT_DBG("sk %p", sk);
165
166 if (!addr || alen < sizeof(addr->sa_family) ||
167 addr->sa_family != AF_BLUETOOTH)
168 return -EINVAL;
169
170 memset(&la, 0, sizeof(la));
171 len = min_t(unsigned int, sizeof(la), alen);
172 memcpy(&la, addr, len);
173
174 if (la.l2_cid && la.l2_psm)
175 return -EINVAL;
176
177 lock_sock(sk);
178
179 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
180 && !(la.l2_psm || la.l2_cid)) {
181 err = -EINVAL;
182 goto done;
183 }
184
185 switch (l2cap_pi(sk)->mode) {
186 case L2CAP_MODE_BASIC:
187 break;
188 case L2CAP_MODE_ERTM:
189 case L2CAP_MODE_STREAMING:
190 if (!disable_ertm)
191 break;
192 /* fall through */
193 default:
194 err = -ENOTSUPP;
195 goto done;
196 }
197
198 switch (sk->sk_state) {
199 case BT_CONNECT:
200 case BT_CONNECT2:
201 case BT_CONFIG:
202 /* Already connecting */
203 goto wait;
204
205 case BT_CONNECTED:
206 /* Already connected */
207 err = -EISCONN;
208 goto done;
209
210 case BT_OPEN:
211 case BT_BOUND:
212 /* Can connect */
213 break;
214
215 default:
216 err = -EBADFD;
217 goto done;
218 }
219
220 /* PSM must be odd and lsb of upper byte must be 0 */
221 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
222 sk->sk_type != SOCK_RAW && !la.l2_cid) {
223 err = -EINVAL;
224 goto done;
225 }
226
227 /* Set destination address and psm */
228 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
229 l2cap_pi(sk)->psm = la.l2_psm;
230 l2cap_pi(sk)->dcid = la.l2_cid;
231
232 err = l2cap_do_connect(sk);
233 if (err)
234 goto done;
235
236 wait:
237 err = bt_sock_wait_state(sk, BT_CONNECTED,
238 sock_sndtimeo(sk, flags & O_NONBLOCK));
239 done:
240 release_sock(sk);
241 return err;
242 }
243
l2cap_sock_listen(struct socket * sock,int backlog)244 static int l2cap_sock_listen(struct socket *sock, int backlog)
245 {
246 struct sock *sk = sock->sk;
247 int err = 0;
248
249 BT_DBG("sk %p backlog %d", sk, backlog);
250
251 lock_sock(sk);
252
253 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
254 || sk->sk_state != BT_BOUND) {
255 err = -EBADFD;
256 goto done;
257 }
258
259 switch (l2cap_pi(sk)->mode) {
260 case L2CAP_MODE_BASIC:
261 break;
262 case L2CAP_MODE_ERTM:
263 case L2CAP_MODE_STREAMING:
264 if (!disable_ertm)
265 break;
266 /* fall through */
267 default:
268 err = -ENOTSUPP;
269 goto done;
270 }
271
272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->dcid) {
273 bdaddr_t *src = &bt_sk(sk)->src;
274 u16 psm;
275
276 err = -EINVAL;
277
278 write_lock_bh(&l2cap_sk_list.lock);
279
280 for (psm = 0x1001; psm < 0x1100; psm += 2)
281 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
282 l2cap_pi(sk)->psm = cpu_to_le16(psm);
283 l2cap_pi(sk)->sport = cpu_to_le16(psm);
284 err = 0;
285 break;
286 }
287
288 write_unlock_bh(&l2cap_sk_list.lock);
289
290 if (err < 0)
291 goto done;
292 }
293
294 sk->sk_max_ack_backlog = backlog;
295 sk->sk_ack_backlog = 0;
296 sk->sk_state = BT_LISTEN;
297
298 done:
299 release_sock(sk);
300 return err;
301 }
302
l2cap_sock_accept(struct socket * sock,struct socket * newsock,int flags)303 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
304 {
305 DECLARE_WAITQUEUE(wait, current);
306 struct sock *sk = sock->sk, *nsk;
307 long timeo;
308 int err = 0;
309
310 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
311
312 if (sk->sk_state != BT_LISTEN) {
313 err = -EBADFD;
314 goto done;
315 }
316
317 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
318
319 BT_DBG("sk %p timeo %ld", sk, timeo);
320
321 /* Wait for an incoming connection. (wake-one). */
322 add_wait_queue_exclusive(sk_sleep(sk), &wait);
323 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
324 set_current_state(TASK_INTERRUPTIBLE);
325 if (!timeo) {
326 err = -EAGAIN;
327 break;
328 }
329
330 release_sock(sk);
331 timeo = schedule_timeout(timeo);
332 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
333
334 if (sk->sk_state != BT_LISTEN) {
335 err = -EBADFD;
336 break;
337 }
338
339 if (signal_pending(current)) {
340 err = sock_intr_errno(timeo);
341 break;
342 }
343 }
344 set_current_state(TASK_RUNNING);
345 remove_wait_queue(sk_sleep(sk), &wait);
346
347 if (err)
348 goto done;
349
350 newsock->state = SS_CONNECTED;
351
352 BT_DBG("new socket %p", nsk);
353
354 done:
355 release_sock(sk);
356 return err;
357 }
358
l2cap_sock_getname(struct socket * sock,struct sockaddr * addr,int * len,int peer)359 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
360 {
361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
362 struct sock *sk = sock->sk;
363
364 BT_DBG("sock %p, sk %p", sock, sk);
365
366 addr->sa_family = AF_BLUETOOTH;
367 *len = sizeof(struct sockaddr_l2);
368
369 if (peer) {
370 la->l2_psm = l2cap_pi(sk)->psm;
371 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
372 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
373 } else {
374 la->l2_psm = l2cap_pi(sk)->sport;
375 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
376 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
377 }
378
379 return 0;
380 }
381
l2cap_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)382 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
383 {
384 struct sock *sk = sock->sk;
385 struct l2cap_options opts;
386 struct l2cap_conninfo cinfo;
387 int len, err = 0;
388 u32 opt;
389
390 BT_DBG("sk %p", sk);
391
392 if (get_user(len, optlen))
393 return -EFAULT;
394
395 lock_sock(sk);
396
397 switch (optname) {
398 case L2CAP_OPTIONS:
399 memset(&opts, 0, sizeof(opts));
400 opts.imtu = l2cap_pi(sk)->imtu;
401 opts.omtu = l2cap_pi(sk)->omtu;
402 opts.flush_to = l2cap_pi(sk)->flush_to;
403 opts.mode = l2cap_pi(sk)->mode;
404 opts.fcs = l2cap_pi(sk)->fcs;
405 opts.max_tx = l2cap_pi(sk)->max_tx;
406 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
407
408 len = min_t(unsigned int, len, sizeof(opts));
409 if (copy_to_user(optval, (char *) &opts, len))
410 err = -EFAULT;
411
412 break;
413
414 case L2CAP_LM:
415 switch (l2cap_pi(sk)->sec_level) {
416 case BT_SECURITY_LOW:
417 opt = L2CAP_LM_AUTH;
418 break;
419 case BT_SECURITY_MEDIUM:
420 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
421 break;
422 case BT_SECURITY_HIGH:
423 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
424 L2CAP_LM_SECURE;
425 break;
426 default:
427 opt = 0;
428 break;
429 }
430
431 if (l2cap_pi(sk)->role_switch)
432 opt |= L2CAP_LM_MASTER;
433
434 if (l2cap_pi(sk)->force_reliable)
435 opt |= L2CAP_LM_RELIABLE;
436
437 if (put_user(opt, (u32 __user *) optval))
438 err = -EFAULT;
439 break;
440
441 case L2CAP_CONNINFO:
442 if (sk->sk_state != BT_CONNECTED &&
443 !(sk->sk_state == BT_CONNECT2 &&
444 bt_sk(sk)->defer_setup)) {
445 err = -ENOTCONN;
446 break;
447 }
448
449 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
450 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
451
452 len = min_t(unsigned int, len, sizeof(cinfo));
453 if (copy_to_user(optval, (char *) &cinfo, len))
454 err = -EFAULT;
455
456 break;
457
458 default:
459 err = -ENOPROTOOPT;
460 break;
461 }
462
463 release_sock(sk);
464 return err;
465 }
466
l2cap_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)467 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
468 {
469 struct sock *sk = sock->sk;
470 struct bt_security sec;
471 int len, err = 0;
472
473 BT_DBG("sk %p", sk);
474
475 if (level == SOL_L2CAP)
476 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
477
478 if (level != SOL_BLUETOOTH)
479 return -ENOPROTOOPT;
480
481 if (get_user(len, optlen))
482 return -EFAULT;
483
484 lock_sock(sk);
485
486 switch (optname) {
487 case BT_SECURITY:
488 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
489 && sk->sk_type != SOCK_RAW) {
490 err = -EINVAL;
491 break;
492 }
493
494 sec.level = l2cap_pi(sk)->sec_level;
495
496 len = min_t(unsigned int, len, sizeof(sec));
497 if (copy_to_user(optval, (char *) &sec, len))
498 err = -EFAULT;
499
500 break;
501
502 case BT_DEFER_SETUP:
503 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
504 err = -EINVAL;
505 break;
506 }
507
508 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
509 err = -EFAULT;
510
511 break;
512
513 case BT_FLUSHABLE:
514 if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval))
515 err = -EFAULT;
516
517 break;
518
519 default:
520 err = -ENOPROTOOPT;
521 break;
522 }
523
524 release_sock(sk);
525 return err;
526 }
527
l2cap_sock_setsockopt_old(struct socket * sock,int optname,char __user * optval,unsigned int optlen)528 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
529 {
530 struct sock *sk = sock->sk;
531 struct l2cap_options opts;
532 int len, err = 0;
533 u32 opt;
534
535 BT_DBG("sk %p", sk);
536
537 lock_sock(sk);
538
539 switch (optname) {
540 case L2CAP_OPTIONS:
541 if (sk->sk_state == BT_CONNECTED) {
542 err = -EINVAL;
543 break;
544 }
545
546 opts.imtu = l2cap_pi(sk)->imtu;
547 opts.omtu = l2cap_pi(sk)->omtu;
548 opts.flush_to = l2cap_pi(sk)->flush_to;
549 opts.mode = l2cap_pi(sk)->mode;
550 opts.fcs = l2cap_pi(sk)->fcs;
551 opts.max_tx = l2cap_pi(sk)->max_tx;
552 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
553
554 len = min_t(unsigned int, sizeof(opts), optlen);
555 if (copy_from_user((char *) &opts, optval, len)) {
556 err = -EFAULT;
557 break;
558 }
559
560 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
561 err = -EINVAL;
562 break;
563 }
564
565 l2cap_pi(sk)->mode = opts.mode;
566 switch (l2cap_pi(sk)->mode) {
567 case L2CAP_MODE_BASIC:
568 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
569 break;
570 case L2CAP_MODE_ERTM:
571 case L2CAP_MODE_STREAMING:
572 if (!disable_ertm)
573 break;
574 /* fall through */
575 default:
576 err = -EINVAL;
577 break;
578 }
579
580 l2cap_pi(sk)->imtu = opts.imtu;
581 l2cap_pi(sk)->omtu = opts.omtu;
582 l2cap_pi(sk)->fcs = opts.fcs;
583 l2cap_pi(sk)->max_tx = opts.max_tx;
584 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
585 break;
586
587 case L2CAP_LM:
588 if (get_user(opt, (u32 __user *) optval)) {
589 err = -EFAULT;
590 break;
591 }
592
593 if (opt & L2CAP_LM_AUTH)
594 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
595 if (opt & L2CAP_LM_ENCRYPT)
596 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
597 if (opt & L2CAP_LM_SECURE)
598 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
599
600 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
601 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
602 break;
603
604 default:
605 err = -ENOPROTOOPT;
606 break;
607 }
608
609 release_sock(sk);
610 return err;
611 }
612
l2cap_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)613 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
614 {
615 struct sock *sk = sock->sk;
616 struct bt_security sec;
617 int len, err = 0;
618 u32 opt;
619
620 BT_DBG("sk %p", sk);
621
622 if (level == SOL_L2CAP)
623 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
624
625 if (level != SOL_BLUETOOTH)
626 return -ENOPROTOOPT;
627
628 lock_sock(sk);
629
630 switch (optname) {
631 case BT_SECURITY:
632 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
633 && sk->sk_type != SOCK_RAW) {
634 err = -EINVAL;
635 break;
636 }
637
638 sec.level = BT_SECURITY_LOW;
639
640 len = min_t(unsigned int, sizeof(sec), optlen);
641 if (copy_from_user((char *) &sec, optval, len)) {
642 err = -EFAULT;
643 break;
644 }
645
646 if (sec.level < BT_SECURITY_LOW ||
647 sec.level > BT_SECURITY_HIGH) {
648 err = -EINVAL;
649 break;
650 }
651
652 l2cap_pi(sk)->sec_level = sec.level;
653 break;
654
655 case BT_DEFER_SETUP:
656 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
657 err = -EINVAL;
658 break;
659 }
660
661 if (get_user(opt, (u32 __user *) optval)) {
662 err = -EFAULT;
663 break;
664 }
665
666 bt_sk(sk)->defer_setup = opt;
667 break;
668
669 case BT_FLUSHABLE:
670 if (get_user(opt, (u32 __user *) optval)) {
671 err = -EFAULT;
672 break;
673 }
674
675 if (opt > BT_FLUSHABLE_ON) {
676 err = -EINVAL;
677 break;
678 }
679
680 if (opt == BT_FLUSHABLE_OFF) {
681 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
682 /* proceed further only when we have l2cap_conn and
683 No Flush support in the LM */
684 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
685 err = -EINVAL;
686 break;
687 }
688 }
689
690 l2cap_pi(sk)->flushable = opt;
691 break;
692
693 default:
694 err = -ENOPROTOOPT;
695 break;
696 }
697
698 release_sock(sk);
699 return err;
700 }
701
l2cap_sock_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len)702 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
703 {
704 struct sock *sk = sock->sk;
705 struct l2cap_pinfo *pi = l2cap_pi(sk);
706 struct sk_buff *skb;
707 u16 control;
708 int err;
709
710 BT_DBG("sock %p, sk %p", sock, sk);
711
712 err = sock_error(sk);
713 if (err)
714 return err;
715
716 if (msg->msg_flags & MSG_OOB)
717 return -EOPNOTSUPP;
718
719 lock_sock(sk);
720
721 if (sk->sk_state != BT_CONNECTED) {
722 err = -ENOTCONN;
723 goto done;
724 }
725
726 /* Connectionless channel */
727 if (sk->sk_type == SOCK_DGRAM) {
728 skb = l2cap_create_connless_pdu(sk, msg, len);
729 if (IS_ERR(skb)) {
730 err = PTR_ERR(skb);
731 } else {
732 l2cap_do_send(sk, skb);
733 err = len;
734 }
735 goto done;
736 }
737
738 switch (pi->mode) {
739 case L2CAP_MODE_BASIC:
740 /* Check outgoing MTU */
741 if (len > pi->omtu) {
742 err = -EMSGSIZE;
743 goto done;
744 }
745
746 /* Create a basic PDU */
747 skb = l2cap_create_basic_pdu(sk, msg, len);
748 if (IS_ERR(skb)) {
749 err = PTR_ERR(skb);
750 goto done;
751 }
752
753 l2cap_do_send(sk, skb);
754 err = len;
755 break;
756
757 case L2CAP_MODE_ERTM:
758 case L2CAP_MODE_STREAMING:
759 /* Entire SDU fits into one PDU */
760 if (len <= pi->remote_mps) {
761 control = L2CAP_SDU_UNSEGMENTED;
762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
763 if (IS_ERR(skb)) {
764 err = PTR_ERR(skb);
765 goto done;
766 }
767 __skb_queue_tail(TX_QUEUE(sk), skb);
768
769 if (sk->sk_send_head == NULL)
770 sk->sk_send_head = skb;
771
772 } else {
773 /* Segment SDU into multiples PDUs */
774 err = l2cap_sar_segment_sdu(sk, msg, len);
775 if (err < 0)
776 goto done;
777 }
778
779 if (pi->mode == L2CAP_MODE_STREAMING) {
780 l2cap_streaming_send(sk);
781 } else {
782 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
783 (pi->conn_state & L2CAP_CONN_WAIT_F)) {
784 err = len;
785 break;
786 }
787 err = l2cap_ertm_send(sk);
788 }
789
790 if (err >= 0)
791 err = len;
792 break;
793
794 default:
795 BT_DBG("bad state %1.1x", pi->mode);
796 err = -EBADFD;
797 }
798
799 done:
800 release_sock(sk);
801 return err;
802 }
803
l2cap_sock_recvmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len,int flags)804 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
805 {
806 struct sock *sk = sock->sk;
807
808 lock_sock(sk);
809
810 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
811 struct l2cap_conn_rsp rsp;
812 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
813 u8 buf[128];
814
815 sk->sk_state = BT_CONFIG;
816
817 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
818 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
819 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
820 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
821 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
822 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
823
824 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
825 release_sock(sk);
826 return 0;
827 }
828
829 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
830 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
831 l2cap_build_conf_req(sk, buf), buf);
832 l2cap_pi(sk)->num_conf_req++;
833
834 release_sock(sk);
835 return 0;
836 }
837
838 release_sock(sk);
839
840 if (sock->type == SOCK_STREAM)
841 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
842
843 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
844 }
845
846 /* Kill socket (only if zapped and orphan)
847 * Must be called on unlocked socket.
848 */
l2cap_sock_kill(struct sock * sk)849 void l2cap_sock_kill(struct sock *sk)
850 {
851 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
852 return;
853
854 BT_DBG("sk %p state %d", sk, sk->sk_state);
855
856 /* Kill poor orphan */
857 bt_sock_unlink(&l2cap_sk_list, sk);
858 sock_set_flag(sk, SOCK_DEAD);
859 sock_put(sk);
860 }
861
862 /* Must be called on unlocked socket. */
l2cap_sock_close(struct sock * sk)863 static void l2cap_sock_close(struct sock *sk)
864 {
865 l2cap_sock_clear_timer(sk);
866 lock_sock(sk);
867 __l2cap_sock_close(sk, ECONNRESET);
868 release_sock(sk);
869 l2cap_sock_kill(sk);
870 }
871
l2cap_sock_cleanup_listen(struct sock * parent)872 static void l2cap_sock_cleanup_listen(struct sock *parent)
873 {
874 struct sock *sk;
875
876 BT_DBG("parent %p", parent);
877
878 /* Close not yet accepted channels */
879 while ((sk = bt_accept_dequeue(parent, NULL)))
880 l2cap_sock_close(sk);
881
882 parent->sk_state = BT_CLOSED;
883 sock_set_flag(parent, SOCK_ZAPPED);
884 }
885
__l2cap_sock_close(struct sock * sk,int reason)886 void __l2cap_sock_close(struct sock *sk, int reason)
887 {
888 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
889
890 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
891
892 switch (sk->sk_state) {
893 case BT_LISTEN:
894 l2cap_sock_cleanup_listen(sk);
895 break;
896
897 case BT_CONNECTED:
898 case BT_CONFIG:
899 if ((sk->sk_type == SOCK_SEQPACKET ||
900 sk->sk_type == SOCK_STREAM) &&
901 conn->hcon->type == ACL_LINK) {
902 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
903 l2cap_send_disconn_req(conn, sk, reason);
904 } else
905 l2cap_chan_del(sk, reason);
906 break;
907
908 case BT_CONNECT2:
909 if ((sk->sk_type == SOCK_SEQPACKET ||
910 sk->sk_type == SOCK_STREAM) &&
911 conn->hcon->type == ACL_LINK) {
912 struct l2cap_conn_rsp rsp;
913 __u16 result;
914
915 if (bt_sk(sk)->defer_setup)
916 result = L2CAP_CR_SEC_BLOCK;
917 else
918 result = L2CAP_CR_BAD_PSM;
919
920 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
921 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
922 rsp.result = cpu_to_le16(result);
923 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
924 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
925 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
926 }
927
928 l2cap_chan_del(sk, reason);
929 break;
930
931 case BT_CONNECT:
932 case BT_DISCONN:
933 l2cap_chan_del(sk, reason);
934 break;
935
936 default:
937 sock_set_flag(sk, SOCK_ZAPPED);
938 break;
939 }
940 }
941
l2cap_sock_shutdown(struct socket * sock,int how)942 static int l2cap_sock_shutdown(struct socket *sock, int how)
943 {
944 struct sock *sk = sock->sk;
945 int err = 0;
946
947 BT_DBG("sock %p, sk %p", sock, sk);
948
949 if (!sk)
950 return 0;
951
952 lock_sock(sk);
953 if (!sk->sk_shutdown) {
954 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
955 err = __l2cap_wait_ack(sk);
956
957 sk->sk_shutdown = SHUTDOWN_MASK;
958 l2cap_sock_clear_timer(sk);
959 __l2cap_sock_close(sk, 0);
960
961 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
962 err = bt_sock_wait_state(sk, BT_CLOSED,
963 sk->sk_lingertime);
964 }
965
966 if (!err && sk->sk_err)
967 err = -sk->sk_err;
968
969 release_sock(sk);
970 return err;
971 }
972
l2cap_sock_release(struct socket * sock)973 static int l2cap_sock_release(struct socket *sock)
974 {
975 struct sock *sk = sock->sk;
976 int err;
977
978 BT_DBG("sock %p, sk %p", sock, sk);
979
980 if (!sk)
981 return 0;
982
983 err = l2cap_sock_shutdown(sock, 2);
984
985 sock_orphan(sk);
986 l2cap_sock_kill(sk);
987 return err;
988 }
989
l2cap_sock_destruct(struct sock * sk)990 static void l2cap_sock_destruct(struct sock *sk)
991 {
992 BT_DBG("sk %p", sk);
993
994 skb_queue_purge(&sk->sk_receive_queue);
995 skb_queue_purge(&sk->sk_write_queue);
996 }
997
l2cap_sock_init(struct sock * sk,struct sock * parent)998 void l2cap_sock_init(struct sock *sk, struct sock *parent)
999 {
1000 struct l2cap_pinfo *pi = l2cap_pi(sk);
1001
1002 BT_DBG("sk %p", sk);
1003
1004 if (parent) {
1005 sk->sk_type = parent->sk_type;
1006 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
1007
1008 pi->imtu = l2cap_pi(parent)->imtu;
1009 pi->omtu = l2cap_pi(parent)->omtu;
1010 pi->conf_state = l2cap_pi(parent)->conf_state;
1011 pi->mode = l2cap_pi(parent)->mode;
1012 pi->fcs = l2cap_pi(parent)->fcs;
1013 pi->max_tx = l2cap_pi(parent)->max_tx;
1014 pi->tx_win = l2cap_pi(parent)->tx_win;
1015 pi->sec_level = l2cap_pi(parent)->sec_level;
1016 pi->role_switch = l2cap_pi(parent)->role_switch;
1017 pi->force_reliable = l2cap_pi(parent)->force_reliable;
1018 pi->flushable = l2cap_pi(parent)->flushable;
1019 } else {
1020 pi->imtu = L2CAP_DEFAULT_MTU;
1021 pi->omtu = 0;
1022 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1023 pi->mode = L2CAP_MODE_ERTM;
1024 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1025 } else {
1026 pi->mode = L2CAP_MODE_BASIC;
1027 }
1028 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
1029 pi->fcs = L2CAP_FCS_CRC16;
1030 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
1031 pi->sec_level = BT_SECURITY_LOW;
1032 pi->role_switch = 0;
1033 pi->force_reliable = 0;
1034 pi->flushable = BT_FLUSHABLE_OFF;
1035 }
1036
1037 /* Default config options */
1038 pi->conf_len = 0;
1039 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1040 skb_queue_head_init(TX_QUEUE(sk));
1041 skb_queue_head_init(SREJ_QUEUE(sk));
1042 skb_queue_head_init(BUSY_QUEUE(sk));
1043 INIT_LIST_HEAD(SREJ_LIST(sk));
1044 }
1045
1046 static struct proto l2cap_proto = {
1047 .name = "L2CAP",
1048 .owner = THIS_MODULE,
1049 .obj_size = sizeof(struct l2cap_pinfo)
1050 };
1051
l2cap_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio)1052 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1053 {
1054 struct sock *sk;
1055
1056 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1057 if (!sk)
1058 return NULL;
1059
1060 sock_init_data(sock, sk);
1061 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1062
1063 sk->sk_destruct = l2cap_sock_destruct;
1064 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1065
1066 sock_reset_flag(sk, SOCK_ZAPPED);
1067
1068 sk->sk_protocol = proto;
1069 sk->sk_state = BT_OPEN;
1070
1071 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1072
1073 bt_sock_link(&l2cap_sk_list, sk);
1074 return sk;
1075 }
1076
l2cap_sock_create(struct net * net,struct socket * sock,int protocol,int kern)1077 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1078 int kern)
1079 {
1080 struct sock *sk;
1081
1082 BT_DBG("sock %p", sock);
1083
1084 sock->state = SS_UNCONNECTED;
1085
1086 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1087 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1088 return -ESOCKTNOSUPPORT;
1089
1090 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1091 return -EPERM;
1092
1093 sock->ops = &l2cap_sock_ops;
1094
1095 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1096 if (!sk)
1097 return -ENOMEM;
1098
1099 l2cap_sock_init(sk, NULL);
1100 return 0;
1101 }
1102
1103 const struct proto_ops l2cap_sock_ops = {
1104 .family = PF_BLUETOOTH,
1105 .owner = THIS_MODULE,
1106 .release = l2cap_sock_release,
1107 .bind = l2cap_sock_bind,
1108 .connect = l2cap_sock_connect,
1109 .listen = l2cap_sock_listen,
1110 .accept = l2cap_sock_accept,
1111 .getname = l2cap_sock_getname,
1112 .sendmsg = l2cap_sock_sendmsg,
1113 .recvmsg = l2cap_sock_recvmsg,
1114 .poll = bt_sock_poll,
1115 .ioctl = bt_sock_ioctl,
1116 .mmap = sock_no_mmap,
1117 .socketpair = sock_no_socketpair,
1118 .shutdown = l2cap_sock_shutdown,
1119 .setsockopt = l2cap_sock_setsockopt,
1120 .getsockopt = l2cap_sock_getsockopt
1121 };
1122
1123 static const struct net_proto_family l2cap_sock_family_ops = {
1124 .family = PF_BLUETOOTH,
1125 .owner = THIS_MODULE,
1126 .create = l2cap_sock_create,
1127 };
1128
l2cap_init_sockets(void)1129 int __init l2cap_init_sockets(void)
1130 {
1131 int err;
1132
1133 err = proto_register(&l2cap_proto, 0);
1134 if (err < 0)
1135 return err;
1136
1137 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1138 if (err < 0)
1139 goto error;
1140
1141 BT_INFO("L2CAP socket layer initialized");
1142
1143 return 0;
1144
1145 error:
1146 BT_ERR("L2CAP socket registration failed");
1147 proto_unregister(&l2cap_proto);
1148 return err;
1149 }
1150
l2cap_cleanup_sockets(void)1151 void l2cap_cleanup_sockets(void)
1152 {
1153 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1154 BT_ERR("L2CAP socket unregistration failed");
1155
1156 proto_unregister(&l2cap_proto);
1157 }
1158