l2cap_sock.c 28.3 KB
Newer Older
1 2 3 4 5
/*
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated
   Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
   Copyright (C) 2010 Google Inc.
6
   Copyright (C) 2011 ProFUSION Embedded Systems
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/* Bluetooth L2CAP sockets. */

30
#include <linux/export.h>
31

32
#include <net/bluetooth/bluetooth.h>
33
#include <net/bluetooth/hci_core.h>
34
#include <net/bluetooth/l2cap.h>
35 36

#include "smp.h"
37

38 39 40 41
static struct bt_sock_list l2cap_sk_list = {
	.lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
};

42
static const struct proto_ops l2cap_sock_ops;
43
static void l2cap_sock_init(struct sock *sk, struct sock *parent);
44 45
static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
				     int proto, gfp_t prio);
46

47 48 49 50 51 52
bool l2cap_is_socket(struct socket *sock)
{
	return sock && sock->ops == &l2cap_sock_ops;
}
EXPORT_SYMBOL(l2cap_is_socket);

53 54 55
static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
{
	struct sock *sk = sock->sk;
56
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
57 58 59 60 61 62 63 64 65 66 67 68
	struct sockaddr_l2 la;
	int len, err = 0;

	BT_DBG("sk %p", sk);

	if (!addr || addr->sa_family != AF_BLUETOOTH)
		return -EINVAL;

	memset(&la, 0, sizeof(la));
	len = min_t(unsigned int, sizeof(la), alen);
	memcpy(&la, addr, len);

69
	if (la.l2_cid && la.l2_psm)
70 71
		return -EINVAL;

72 73 74
	if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
		return -EINVAL;

75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
	lock_sock(sk);

	if (sk->sk_state != BT_OPEN) {
		err = -EBADFD;
		goto done;
	}

	if (la.l2_psm) {
		__u16 psm = __le16_to_cpu(la.l2_psm);

		/* PSM must be odd and lsb of upper byte must be 0 */
		if ((psm & 0x0101) != 0x0001) {
			err = -EINVAL;
			goto done;
		}

		/* Restrict usage of well-known PSMs */
		if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
			err = -EACCES;
			goto done;
		}
	}

98
	if (la.l2_cid)
S
Santosh Nayak 已提交
99
		err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
100 101
	else
		err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
102

103 104
	if (err < 0)
		goto done;
105

106
	switch (chan->chan_type) {
107 108 109 110
	case L2CAP_CHAN_CONN_LESS:
		if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
			chan->sec_level = BT_SECURITY_SDP;
		break;
111 112 113 114 115 116
	case L2CAP_CHAN_CONN_ORIENTED:
		if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
		    __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
			chan->sec_level = BT_SECURITY_SDP;
		break;
	}
117

118
	bacpy(&chan->src, &la.l2_bdaddr);
119
	chan->src_type = la.l2_bdaddr_type;
120 121

	chan->state = BT_BOUND;
122
	sk->sk_state = BT_BOUND;
123 124 125 126 127 128

done:
	release_sock(sk);
	return err;
}

129 130
static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
			      int alen, int flags)
131 132
{
	struct sock *sk = sock->sk;
133
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
134 135 136 137 138 139 140 141 142 143 144 145 146
	struct sockaddr_l2 la;
	int len, err = 0;

	BT_DBG("sk %p", sk);

	if (!addr || alen < sizeof(addr->sa_family) ||
	    addr->sa_family != AF_BLUETOOTH)
		return -EINVAL;

	memset(&la, 0, sizeof(la));
	len = min_t(unsigned int, sizeof(la), alen);
	memcpy(&la, addr, len);

147
	if (la.l2_cid && la.l2_psm)
148 149
		return -EINVAL;

150 151 152
	if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
		return -EINVAL;

153 154 155 156 157 158
	if (chan->src_type == BDADDR_BREDR && la.l2_bdaddr_type != BDADDR_BREDR)
		return -EINVAL;

	if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
		return -EINVAL;

S
Santosh Nayak 已提交
159
	err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
160
				 &la.l2_bdaddr, la.l2_bdaddr_type);
161
	if (err)
162
		return err;
163

164 165
	lock_sock(sk);

166
	err = bt_sock_wait_state(sk, BT_CONNECTED,
167
				 sock_sndtimeo(sk, flags & O_NONBLOCK));
168 169 170

	release_sock(sk);

171 172 173
	return err;
}

174 175 176
static int l2cap_sock_listen(struct socket *sock, int backlog)
{
	struct sock *sk = sock->sk;
177
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178 179 180 181 182 183
	int err = 0;

	BT_DBG("sk %p backlog %d", sk, backlog);

	lock_sock(sk);

184
	if (sk->sk_state != BT_BOUND) {
185 186 187 188
		err = -EBADFD;
		goto done;
	}

189 190 191 192 193
	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
		err = -EINVAL;
		goto done;
	}

194
	switch (chan->mode) {
195 196 197 198 199 200 201 202 203 204 205 206 207 208
	case L2CAP_MODE_BASIC:
		break;
	case L2CAP_MODE_ERTM:
	case L2CAP_MODE_STREAMING:
		if (!disable_ertm)
			break;
		/* fall through */
	default:
		err = -ENOTSUPP;
		goto done;
	}

	sk->sk_max_ack_backlog = backlog;
	sk->sk_ack_backlog = 0;
209 210

	chan->state = BT_LISTEN;
211 212 213 214 215 216 217
	sk->sk_state = BT_LISTEN;

done:
	release_sock(sk);
	return err;
}

218 219
static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
			     int flags)
220 221 222 223 224 225 226 227 228 229 230 231 232 233
{
	DECLARE_WAITQUEUE(wait, current);
	struct sock *sk = sock->sk, *nsk;
	long timeo;
	int err = 0;

	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);

	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);

	BT_DBG("sk %p timeo %ld", sk, timeo);

	/* Wait for an incoming connection. (wake-one). */
	add_wait_queue_exclusive(sk_sleep(sk), &wait);
234
	while (1) {
235
		set_current_state(TASK_INTERRUPTIBLE);
236 237 238

		if (sk->sk_state != BT_LISTEN) {
			err = -EBADFD;
239 240 241
			break;
		}

242 243 244
		nsk = bt_accept_dequeue(sk, newsock);
		if (nsk)
			break;
245

246 247
		if (!timeo) {
			err = -EAGAIN;
248 249 250 251 252 253 254
			break;
		}

		if (signal_pending(current)) {
			err = sock_intr_errno(timeo);
			break;
		}
255 256 257 258

		release_sock(sk);
		timeo = schedule_timeout(timeo);
		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
259
	}
260
	__set_current_state(TASK_RUNNING);
261 262 263 264 265 266 267 268 269 270 271 272 273 274
	remove_wait_queue(sk_sleep(sk), &wait);

	if (err)
		goto done;

	newsock->state = SS_CONNECTED;

	BT_DBG("new socket %p", nsk);

done:
	release_sock(sk);
	return err;
}

275 276
static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
			      int *len, int peer)
277 278 279
{
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
	struct sock *sk = sock->sk;
280
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
281 282 283

	BT_DBG("sock %p, sk %p", sock, sk);

284
	memset(la, 0, sizeof(struct sockaddr_l2));
285 286 287 288
	addr->sa_family = AF_BLUETOOTH;
	*len = sizeof(struct sockaddr_l2);

	if (peer) {
289
		la->l2_psm = chan->psm;
290
		bacpy(&la->l2_bdaddr, &chan->dst);
291
		la->l2_cid = cpu_to_le16(chan->dcid);
292
		la->l2_bdaddr_type = chan->dst_type;
293
	} else {
294
		la->l2_psm = chan->sport;
295
		bacpy(&la->l2_bdaddr, &chan->src);
296
		la->l2_cid = cpu_to_le16(chan->scid);
297
		la->l2_bdaddr_type = chan->src_type;
298 299 300 301 302
	}

	return 0;
}

303 304
static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
				     char __user *optval, int __user *optlen)
305 306
{
	struct sock *sk = sock->sk;
307
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
308 309 310 311 312 313 314 315 316 317 318 319 320 321
	struct l2cap_options opts;
	struct l2cap_conninfo cinfo;
	int len, err = 0;
	u32 opt;

	BT_DBG("sk %p", sk);

	if (get_user(len, optlen))
		return -EFAULT;

	lock_sock(sk);

	switch (optname) {
	case L2CAP_OPTIONS:
322
		memset(&opts, 0, sizeof(opts));
323 324 325 326
		opts.imtu     = chan->imtu;
		opts.omtu     = chan->omtu;
		opts.flush_to = chan->flush_to;
		opts.mode     = chan->mode;
327 328
		opts.fcs      = chan->fcs;
		opts.max_tx   = chan->max_tx;
329
		opts.txwin_size = chan->tx_win;
330 331 332 333 334 335 336 337

		len = min_t(unsigned int, len, sizeof(opts));
		if (copy_to_user(optval, (char *) &opts, len))
			err = -EFAULT;

		break;

	case L2CAP_LM:
338
		switch (chan->sec_level) {
339 340 341 342 343 344 345 346
		case BT_SECURITY_LOW:
			opt = L2CAP_LM_AUTH;
			break;
		case BT_SECURITY_MEDIUM:
			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
			break;
		case BT_SECURITY_HIGH:
			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
347
			      L2CAP_LM_SECURE;
348 349 350 351 352 353
			break;
		default:
			opt = 0;
			break;
		}

354
		if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
355 356
			opt |= L2CAP_LM_MASTER;

357
		if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
358 359 360 361 362 363 364 365
			opt |= L2CAP_LM_RELIABLE;

		if (put_user(opt, (u32 __user *) optval))
			err = -EFAULT;
		break;

	case L2CAP_CONNINFO:
		if (sk->sk_state != BT_CONNECTED &&
366 367
		    !(sk->sk_state == BT_CONNECT2 &&
		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
368 369 370 371
			err = -ENOTCONN;
			break;
		}

372
		memset(&cinfo, 0, sizeof(cinfo));
373 374
		cinfo.hci_handle = chan->conn->hcon->handle;
		memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390

		len = min_t(unsigned int, len, sizeof(cinfo));
		if (copy_to_user(optval, (char *) &cinfo, len))
			err = -EFAULT;

		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

391 392
static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
				 char __user *optval, int __user *optlen)
393 394
{
	struct sock *sk = sock->sk;
395
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
396
	struct bt_security sec;
397
	struct bt_power pwr;
398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414
	int len, err = 0;

	BT_DBG("sk %p", sk);

	if (level == SOL_L2CAP)
		return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);

	if (level != SOL_BLUETOOTH)
		return -ENOPROTOOPT;

	if (get_user(len, optlen))
		return -EFAULT;

	lock_sock(sk);

	switch (optname) {
	case BT_SECURITY:
415
		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
416
		    chan->chan_type != L2CAP_CHAN_RAW) {
417 418 419 420
			err = -EINVAL;
			break;
		}

421
		memset(&sec, 0, sizeof(sec));
422
		if (chan->conn) {
423
			sec.level = chan->conn->hcon->sec_level;
424

425 426 427 428 429
			if (sk->sk_state == BT_CONNECTED)
				sec.key_size = chan->conn->hcon->enc_key_size;
		} else {
			sec.level = chan->sec_level;
		}
430

431 432 433 434 435 436 437 438 439 440 441 442
		len = min_t(unsigned int, len, sizeof(sec));
		if (copy_to_user(optval, (char *) &sec, len))
			err = -EFAULT;

		break;

	case BT_DEFER_SETUP:
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
			err = -EINVAL;
			break;
		}

443 444
		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
			     (u32 __user *) optval))
445 446 447 448 449
			err = -EFAULT;

		break;

	case BT_FLUSHABLE:
450
		if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
451
			     (u32 __user *) optval))
452 453 454 455
			err = -EFAULT;

		break;

456 457
	case BT_POWER:
		if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
458
		    && sk->sk_type != SOCK_RAW) {
459 460 461 462
			err = -EINVAL;
			break;
		}

463
		pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
464 465 466 467 468 469 470

		len = min_t(unsigned int, len, sizeof(pwr));
		if (copy_to_user(optval, (char *) &pwr, len))
			err = -EFAULT;

		break;

471 472 473 474 475
	case BT_CHANNEL_POLICY:
		if (put_user(chan->chan_policy, (u32 __user *) optval))
			err = -EFAULT;
		break;

476 477 478 479 480 481 482 483 484
	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

485 486 487
static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
{
	switch (chan->scid) {
488
	case L2CAP_CID_ATT:
489
		if (mtu < L2CAP_LE_MIN_MTU)
490 491 492 493 494 495 496 497 498 499 500
			return false;
		break;

	default:
		if (mtu < L2CAP_DEFAULT_MIN_MTU)
			return false;
	}

	return true;
}

501 502
static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
				     char __user *optval, unsigned int optlen)
503 504
{
	struct sock *sk = sock->sk;
505
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
506 507 508 509 510 511 512 513 514 515 516 517 518 519 520
	struct l2cap_options opts;
	int len, err = 0;
	u32 opt;

	BT_DBG("sk %p", sk);

	lock_sock(sk);

	switch (optname) {
	case L2CAP_OPTIONS:
		if (sk->sk_state == BT_CONNECTED) {
			err = -EINVAL;
			break;
		}

521 522 523 524
		opts.imtu     = chan->imtu;
		opts.omtu     = chan->omtu;
		opts.flush_to = chan->flush_to;
		opts.mode     = chan->mode;
525 526
		opts.fcs      = chan->fcs;
		opts.max_tx   = chan->max_tx;
527
		opts.txwin_size = chan->tx_win;
528 529 530 531 532 533 534

		len = min_t(unsigned int, sizeof(opts), optlen);
		if (copy_from_user((char *) &opts, optval, len)) {
			err = -EFAULT;
			break;
		}

535
		if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
536 537 538 539
			err = -EINVAL;
			break;
		}

540 541 542 543 544
		if (!l2cap_valid_mtu(chan, opts.imtu)) {
			err = -EINVAL;
			break;
		}

545 546
		chan->mode = opts.mode;
		switch (chan->mode) {
547
		case L2CAP_MODE_BASIC:
548
			clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
549 550 551 552 553 554 555 556 557 558 559
			break;
		case L2CAP_MODE_ERTM:
		case L2CAP_MODE_STREAMING:
			if (!disable_ertm)
				break;
			/* fall through */
		default:
			err = -EINVAL;
			break;
		}

560 561
		chan->imtu = opts.imtu;
		chan->omtu = opts.omtu;
562 563
		chan->fcs  = opts.fcs;
		chan->max_tx = opts.max_tx;
564
		chan->tx_win = opts.txwin_size;
565
		chan->flush_to = opts.flush_to;
566 567 568 569 570 571 572 573 574
		break;

	case L2CAP_LM:
		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

		if (opt & L2CAP_LM_AUTH)
575
			chan->sec_level = BT_SECURITY_LOW;
576
		if (opt & L2CAP_LM_ENCRYPT)
577
			chan->sec_level = BT_SECURITY_MEDIUM;
578
		if (opt & L2CAP_LM_SECURE)
579
			chan->sec_level = BT_SECURITY_HIGH;
580

581 582 583 584
		if (opt & L2CAP_LM_MASTER)
			set_bit(FLAG_ROLE_SWITCH, &chan->flags);
		else
			clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
585 586 587 588 589

		if (opt & L2CAP_LM_RELIABLE)
			set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
		else
			clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
590 591 592 593 594 595 596 597 598 599 600
		break;

	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}

601 602
static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
				 char __user *optval, unsigned int optlen)
603 604
{
	struct sock *sk = sock->sk;
605
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
606
	struct bt_security sec;
607
	struct bt_power pwr;
608
	struct l2cap_conn *conn;
609 610 611 612 613 614 615 616 617 618 619 620 621 622 623
	int len, err = 0;
	u32 opt;

	BT_DBG("sk %p", sk);

	if (level == SOL_L2CAP)
		return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);

	if (level != SOL_BLUETOOTH)
		return -ENOPROTOOPT;

	lock_sock(sk);

	switch (optname) {
	case BT_SECURITY:
624
		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
625
		    chan->chan_type != L2CAP_CHAN_RAW) {
626 627 628 629 630 631 632 633 634 635 636 637 638
			err = -EINVAL;
			break;
		}

		sec.level = BT_SECURITY_LOW;

		len = min_t(unsigned int, sizeof(sec), optlen);
		if (copy_from_user((char *) &sec, optval, len)) {
			err = -EFAULT;
			break;
		}

		if (sec.level < BT_SECURITY_LOW ||
639
		    sec.level > BT_SECURITY_HIGH) {
640 641 642 643
			err = -EINVAL;
			break;
		}

644
		chan->sec_level = sec.level;
645

646 647 648
		if (!chan->conn)
			break;

649
		conn = chan->conn;
650 651

		/*change security for LE channels */
652
		if (chan->scid == L2CAP_CID_ATT) {
653 654 655 656 657
			if (!conn->hcon->out) {
				err = -EINVAL;
				break;
			}

658
			if (smp_conn_security(conn->hcon, sec.level))
659 660
				break;
			sk->sk_state = BT_CONFIG;
661
			chan->state = BT_CONFIG;
662

663 664
		/* or for ACL link */
		} else if ((sk->sk_state == BT_CONNECT2 &&
665
			    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
666 667
			   sk->sk_state == BT_CONNECTED) {
			if (!l2cap_chan_check_security(chan))
668
				set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
669 670
			else
				sk->sk_state_change(sk);
671 672
		} else {
			err = -EINVAL;
673
		}
674 675 676 677 678 679 680 681 682 683 684 685 686
		break;

	case BT_DEFER_SETUP:
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
			err = -EINVAL;
			break;
		}

		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

687
		if (opt) {
688
			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
689 690
			set_bit(FLAG_DEFER_SETUP, &chan->flags);
		} else {
691
			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
692 693
			clear_bit(FLAG_DEFER_SETUP, &chan->flags);
		}
694 695 696 697 698 699 700 701 702 703 704 705 706 707
		break;

	case BT_FLUSHABLE:
		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

		if (opt > BT_FLUSHABLE_ON) {
			err = -EINVAL;
			break;
		}

		if (opt == BT_FLUSHABLE_OFF) {
708
			conn = chan->conn;
L
Lucas De Marchi 已提交
709
			/* proceed further only when we have l2cap_conn and
710 711 712 713 714 715 716
			   No Flush support in the LM */
			if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
				err = -EINVAL;
				break;
			}
		}

717 718 719 720
		if (opt)
			set_bit(FLAG_FLUSHABLE, &chan->flags);
		else
			clear_bit(FLAG_FLUSHABLE, &chan->flags);
721 722
		break;

723 724
	case BT_POWER:
		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
725
		    chan->chan_type != L2CAP_CHAN_RAW) {
726 727 728 729 730 731 732 733 734 735 736
			err = -EINVAL;
			break;
		}

		pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;

		len = min_t(unsigned int, sizeof(pwr), optlen);
		if (copy_from_user((char *) &pwr, optval, len)) {
			err = -EFAULT;
			break;
		}
737 738 739 740 741

		if (pwr.force_active)
			set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
		else
			clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
742 743
		break;

744 745 746 747 748 749 750 751 752 753 754 755
	case BT_CHANNEL_POLICY:
		if (get_user(opt, (u32 __user *) optval)) {
			err = -EFAULT;
			break;
		}

		if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
			err = -EINVAL;
			break;
		}

		if (chan->mode != L2CAP_MODE_ERTM &&
756
		    chan->mode != L2CAP_MODE_STREAMING) {
757 758 759 760 761
			err = -EOPNOTSUPP;
			break;
		}

		chan->chan_policy = (u8) opt;
762 763 764 765 766

		if (sk->sk_state == BT_CONNECTED &&
		    chan->move_role == L2CAP_MOVE_ROLE_NONE)
			l2cap_move_start(chan);

767 768
		break;

769 770 771 772 773 774 775 776
	default:
		err = -ENOPROTOOPT;
		break;
	}

	release_sock(sk);
	return err;
}
777

778 779
static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
			      struct msghdr *msg, size_t len)
780 781
{
	struct sock *sk = sock->sk;
782
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
783 784 785 786 787 788 789 790 791 792 793
	int err;

	BT_DBG("sock %p, sk %p", sock, sk);

	err = sock_error(sk);
	if (err)
		return err;

	if (msg->msg_flags & MSG_OOB)
		return -EOPNOTSUPP;

794
	if (sk->sk_state != BT_CONNECTED)
795
		return -ENOTCONN;
796

797 798 799 800 801 802
	lock_sock(sk);
	err = bt_sock_wait_ready(sk, msg->msg_flags);
	release_sock(sk);
	if (err)
		return err;

803
	l2cap_chan_lock(chan);
804
	err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
805
	l2cap_chan_unlock(chan);
806 807 808

	return err;
}
809

810 811
static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
			      struct msghdr *msg, size_t len, int flags)
812 813
{
	struct sock *sk = sock->sk;
814 815
	struct l2cap_pinfo *pi = l2cap_pi(sk);
	int err;
816 817 818

	lock_sock(sk);

819 820
	if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
						    &bt_sk(sk)->flags)) {
821
		sk->sk_state = BT_CONFIG;
822
		pi->chan->state = BT_CONFIG;
823

824
		__l2cap_connect_rsp_defer(pi->chan);
825 826
		err = 0;
		goto done;
827 828 829 830 831
	}

	release_sock(sk);

	if (sock->type == SOCK_STREAM)
832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858
		err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
	else
		err = bt_sock_recvmsg(iocb, sock, msg, len, flags);

	if (pi->chan->mode != L2CAP_MODE_ERTM)
		return err;

	/* Attempt to put pending rx data in the socket buffer */

	lock_sock(sk);

	if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
		goto done;

	if (pi->rx_busy_skb) {
		if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
			pi->rx_busy_skb = NULL;
		else
			goto done;
	}

	/* Restore data flow when half of the receive buffer is
	 * available.  This avoids resending large numbers of
	 * frames.
	 */
	if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
		l2cap_chan_busy(pi->chan, 0);
859

860 861 862
done:
	release_sock(sk);
	return err;
863 864
}

865 866 867
/* Kill socket (only if zapped and orphan)
 * Must be called on unlocked socket.
 */
868
static void l2cap_sock_kill(struct sock *sk)
869 870 871 872
{
	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
		return;

873
	BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
874 875

	/* Kill poor orphan */
876

877
	l2cap_chan_put(l2cap_pi(sk)->chan);
878 879 880 881
	sock_set_flag(sk, SOCK_DEAD);
	sock_put(sk);
}

882 883 884
static int l2cap_sock_shutdown(struct socket *sock, int how)
{
	struct sock *sk = sock->sk;
885
	struct l2cap_chan *chan;
886
	struct l2cap_conn *conn;
887 888 889 890 891 892 893
	int err = 0;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (!sk)
		return 0;

894
	chan = l2cap_pi(sk)->chan;
895 896 897 898
	conn = chan->conn;

	if (conn)
		mutex_lock(&conn->chan_lock);
899

900
	l2cap_chan_lock(chan);
901
	lock_sock(sk);
902

903
	if (!sk->sk_shutdown) {
904
		if (chan->mode == L2CAP_MODE_ERTM)
905 906 907
			err = __l2cap_wait_ack(sk);

		sk->sk_shutdown = SHUTDOWN_MASK;
908

909
		release_sock(sk);
910
		l2cap_chan_close(chan, 0);
911
		lock_sock(sk);
912 913 914

		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
			err = bt_sock_wait_state(sk, BT_CLOSED,
915
						 sk->sk_lingertime);
916 917 918 919 920 921
	}

	if (!err && sk->sk_err)
		err = -sk->sk_err;

	release_sock(sk);
922
	l2cap_chan_unlock(chan);
923 924 925 926

	if (conn)
		mutex_unlock(&conn->chan_lock);

927 928 929
	return err;
}

930 931 932 933 934 935 936 937 938 939
static int l2cap_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
	int err;

	BT_DBG("sock %p, sk %p", sock, sk);

	if (!sk)
		return 0;

940 941
	bt_sock_unlink(&l2cap_sk_list, sk);

942 943 944 945 946 947 948
	err = l2cap_sock_shutdown(sock, 2);

	sock_orphan(sk);
	l2cap_sock_kill(sk);
	return err;
}

949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967
static void l2cap_sock_cleanup_listen(struct sock *parent)
{
	struct sock *sk;

	BT_DBG("parent %p", parent);

	/* Close not yet accepted channels */
	while ((sk = bt_accept_dequeue(parent, NULL))) {
		struct l2cap_chan *chan = l2cap_pi(sk)->chan;

		l2cap_chan_lock(chan);
		__clear_chan_timer(chan);
		l2cap_chan_close(chan, ECONNRESET);
		l2cap_chan_unlock(chan);

		l2cap_sock_kill(sk);
	}
}

968
static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
969
{
970
	struct sock *sk, *parent = chan->data;
971

972 973 974 975 976 977
	/* Check for backlog size */
	if (sk_acceptq_is_full(parent)) {
		BT_DBG("backlog full %d", parent->sk_ack_backlog);
		return NULL;
	}

978
	sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
979
			      GFP_ATOMIC);
980 981 982
	if (!sk)
		return NULL;

983 984
	bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);

985 986
	l2cap_sock_init(sk, parent);

987 988
	bt_accept_enqueue(parent, sk);

989 990 991
	return l2cap_pi(sk)->chan;
}

992
static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
993
{
994
	struct sock *sk = chan->data;
995
	int err;
996

997 998
	lock_sock(sk);

999
	if (l2cap_pi(sk)->rx_busy_skb) {
1000 1001 1002
		err = -ENOMEM;
		goto done;
	}
1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014

	err = sock_queue_rcv_skb(sk, skb);

	/* For ERTM, handle one skb that doesn't fit into the recv
	 * buffer.  This is important to do because the data frames
	 * have already been acked, so the skb cannot be discarded.
	 *
	 * Notify the l2cap core that the buffer is full, so the
	 * LOCAL_BUSY state is entered and no more frames are
	 * acked and reassembled until there is buffer space
	 * available.
	 */
1015 1016 1017
	if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
		l2cap_pi(sk)->rx_busy_skb = skb;
		l2cap_chan_busy(chan, 1);
1018 1019
		err = 0;
	}
1020

1021 1022 1023
done:
	release_sock(sk);

1024
	return err;
1025 1026
}

1027
static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1028
{
1029
	struct sock *sk = chan->data;
1030 1031 1032 1033

	l2cap_sock_kill(sk);
}

1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074
static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
{
	struct sock *sk = chan->data;
	struct sock *parent;

	lock_sock(sk);

	parent = bt_sk(sk)->parent;

	sock_set_flag(sk, SOCK_ZAPPED);

	switch (chan->state) {
	case BT_OPEN:
	case BT_BOUND:
	case BT_CLOSED:
		break;
	case BT_LISTEN:
		l2cap_sock_cleanup_listen(sk);
		sk->sk_state = BT_CLOSED;
		chan->state = BT_CLOSED;

		break;
	default:
		sk->sk_state = BT_CLOSED;
		chan->state = BT_CLOSED;

		sk->sk_err = err;

		if (parent) {
			bt_accept_unlink(sk);
			parent->sk_data_ready(parent, 0);
		} else {
			sk->sk_state_change(sk);
		}

		break;
	}

	release_sock(sk);
}

1075 1076
static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
				       int err)
1077
{
1078
	struct sock *sk = chan->data;
1079 1080

	sk->sk_state = state;
1081 1082 1083

	if (err)
		sk->sk_err = err;
1084 1085
}

1086
static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1087
					       unsigned long len, int nb)
1088
{
1089 1090 1091
	struct sk_buff *skb;
	int err;

1092
	l2cap_chan_unlock(chan);
1093
	skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1094 1095
	l2cap_chan_lock(chan);

1096 1097
	if (!skb)
		return ERR_PTR(err);
1098

1099
	return skb;
1100 1101
}

1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121
static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
{
	struct sock *sk = chan->data;
	struct sock *parent;

	lock_sock(sk);

	parent = bt_sk(sk)->parent;

	BT_DBG("sk %p, parent %p", sk, parent);

	sk->sk_state = BT_CONNECTED;
	sk->sk_state_change(sk);

	if (parent)
		parent->sk_data_ready(parent, 0);

	release_sock(sk);
}

1122 1123 1124 1125 1126 1127 1128 1129 1130
static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
{
	struct sock *sk = chan->data;
	struct sock *parent = bt_sk(sk)->parent;

	if (parent)
		parent->sk_data_ready(parent, 0);
}

1131 1132 1133 1134 1135 1136 1137 1138
static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
{
	struct sock *sk = chan->data;

	clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
	sk->sk_state_change(sk);
}

1139 1140 1141
static struct l2cap_ops l2cap_chan_ops = {
	.name		= "L2CAP Socket Interface",
	.new_connection	= l2cap_sock_new_connection_cb,
1142
	.recv		= l2cap_sock_recv_cb,
1143
	.close		= l2cap_sock_close_cb,
1144
	.teardown	= l2cap_sock_teardown_cb,
1145
	.state_change	= l2cap_sock_state_change_cb,
1146
	.ready		= l2cap_sock_ready_cb,
1147
	.defer		= l2cap_sock_defer_cb,
1148
	.resume		= l2cap_sock_resume_cb,
1149
	.alloc_skb	= l2cap_sock_alloc_skb_cb,
1150 1151
};

1152 1153 1154 1155
static void l2cap_sock_destruct(struct sock *sk)
{
	BT_DBG("sk %p", sk);

1156 1157
	if (l2cap_pi(sk)->chan)
		l2cap_chan_put(l2cap_pi(sk)->chan);
1158

1159 1160 1161 1162 1163
	if (l2cap_pi(sk)->rx_busy_skb) {
		kfree_skb(l2cap_pi(sk)->rx_busy_skb);
		l2cap_pi(sk)->rx_busy_skb = NULL;
	}

1164 1165 1166 1167
	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);
}

1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180
static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
			       int *msg_namelen)
{
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;

	memset(la, 0, sizeof(struct sockaddr_l2));
	la->l2_family = AF_BLUETOOTH;
	la->l2_psm = bt_cb(skb)->psm;
	bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);

	*msg_namelen = sizeof(struct sockaddr_l2);
}

1181
static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1182
{
1183
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1184 1185 1186 1187

	BT_DBG("sk %p", sk);

	if (parent) {
1188 1189
		struct l2cap_chan *pchan = l2cap_pi(parent)->chan;

1190
		sk->sk_type = parent->sk_type;
1191
		bt_sk(sk)->flags = bt_sk(parent)->flags;
1192

1193
		chan->chan_type = pchan->chan_type;
1194 1195
		chan->imtu = pchan->imtu;
		chan->omtu = pchan->omtu;
1196
		chan->conf_state = pchan->conf_state;
1197
		chan->mode = pchan->mode;
1198 1199 1200
		chan->fcs  = pchan->fcs;
		chan->max_tx = pchan->max_tx;
		chan->tx_win = pchan->tx_win;
1201
		chan->tx_win_max = pchan->tx_win_max;
1202
		chan->sec_level = pchan->sec_level;
1203
		chan->flags = pchan->flags;
1204 1205

		security_sk_clone(parent, sk);
1206
	} else {
1207 1208 1209 1210 1211 1212
		switch (sk->sk_type) {
		case SOCK_RAW:
			chan->chan_type = L2CAP_CHAN_RAW;
			break;
		case SOCK_DGRAM:
			chan->chan_type = L2CAP_CHAN_CONN_LESS;
1213
			bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1214 1215 1216 1217 1218 1219 1220
			break;
		case SOCK_SEQPACKET:
		case SOCK_STREAM:
			chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
			break;
		}

1221 1222
		chan->imtu = L2CAP_DEFAULT_MTU;
		chan->omtu = 0;
1223
		if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1224
			chan->mode = L2CAP_MODE_ERTM;
1225
			set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1226
		} else {
1227
			chan->mode = L2CAP_MODE_BASIC;
1228
		}
1229 1230

		l2cap_chan_set_defaults(chan);
1231 1232 1233
	}

	/* Default config options */
1234
	chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1235 1236 1237

	chan->data = sk;
	chan->ops = &l2cap_chan_ops;
1238 1239 1240 1241 1242 1243 1244 1245
}

static struct proto l2cap_proto = {
	.name		= "L2CAP",
	.owner		= THIS_MODULE,
	.obj_size	= sizeof(struct l2cap_pinfo)
};

1246 1247
static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
				     int proto, gfp_t prio)
1248 1249
{
	struct sock *sk;
1250
	struct l2cap_chan *chan;
1251 1252 1253 1254 1255 1256 1257 1258 1259

	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
	if (!sk)
		return NULL;

	sock_init_data(sock, sk);
	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);

	sk->sk_destruct = l2cap_sock_destruct;
1260
	sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1261 1262 1263 1264 1265 1266

	sock_reset_flag(sk, SOCK_ZAPPED);

	sk->sk_protocol = proto;
	sk->sk_state = BT_OPEN;

1267
	chan = l2cap_chan_create();
1268
	if (!chan) {
1269
		sk_free(sk);
1270 1271 1272
		return NULL;
	}

1273 1274
	l2cap_chan_hold(chan);

1275 1276
	chan->sk = sk;

1277 1278
	l2cap_pi(sk)->chan = chan;

1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291
	return sk;
}

static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
			     int kern)
{
	struct sock *sk;

	BT_DBG("sock %p", sock);

	sock->state = SS_UNCONNECTED;

	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1292
	    sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304
		return -ESOCKTNOSUPPORT;

	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
		return -EPERM;

	sock->ops = &l2cap_sock_ops;

	sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
	if (!sk)
		return -ENOMEM;

	l2cap_sock_init(sk, NULL);
1305
	bt_sock_link(&l2cap_sk_list, sk);
1306 1307 1308
	return 0;
}

1309
static const struct proto_ops l2cap_sock_ops = {
1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= l2cap_sock_release,
	.bind		= l2cap_sock_bind,
	.connect	= l2cap_sock_connect,
	.listen		= l2cap_sock_listen,
	.accept		= l2cap_sock_accept,
	.getname	= l2cap_sock_getname,
	.sendmsg	= l2cap_sock_sendmsg,
	.recvmsg	= l2cap_sock_recvmsg,
	.poll		= bt_sock_poll,
	.ioctl		= bt_sock_ioctl,
	.mmap		= sock_no_mmap,
	.socketpair	= sock_no_socketpair,
	.shutdown	= l2cap_sock_shutdown,
	.setsockopt	= l2cap_sock_setsockopt,
	.getsockopt	= l2cap_sock_getsockopt
};

1329 1330 1331 1332 1333 1334 1335 1336
static const struct net_proto_family l2cap_sock_family_ops = {
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= l2cap_sock_create,
};

int __init l2cap_init_sockets(void)
{
1337
	int err;
1338

1339 1340 1341
	err = proto_register(&l2cap_proto, 0);
	if (err < 0)
		return err;
1342

1343
	err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1344 1345
	if (err < 0) {
		BT_ERR("L2CAP socket registration failed");
1346
		goto error;
1347 1348
	}

1349
	err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1350
			     NULL);
1351 1352 1353 1354 1355
	if (err < 0) {
		BT_ERR("Failed to create L2CAP proc file");
		bt_sock_unregister(BTPROTO_L2CAP);
		goto error;
	}
1356

1357
	BT_INFO("L2CAP socket layer initialized");
1358

1359
	return 0;
1360 1361

error:
1362 1363
	proto_unregister(&l2cap_proto);
	return err;
1364 1365 1366 1367
}

void l2cap_cleanup_sockets(void)
{
1368
	bt_procfs_cleanup(&init_net, "l2cap");
1369
	bt_sock_unregister(BTPROTO_L2CAP);
1370
	proto_unregister(&l2cap_proto);
1371
}