]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/bluetooth/l2cap_sock.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:


d5093b853b05306f89cd93e68a0209a114554a73
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / l2cap_sock.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26 */
27
28 /* Bluetooth L2CAP sockets. */
29
30 #include <linux/export.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 #include <net/bluetooth/smp.h>
36
37 static struct bt_sock_list l2cap_sk_list = {
38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
39 };
40
41 static const struct proto_ops l2cap_sock_ops;
42 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio);
45
46 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
47 {
48 struct sock *sk = sock->sk;
49 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
50 struct sockaddr_l2 la;
51 int len, err = 0;
52
53 BT_DBG("sk %p", sk);
54
55 if (!addr || addr->sa_family != AF_BLUETOOTH)
56 return -EINVAL;
57
58 memset(&la, 0, sizeof(la));
59 len = min_t(unsigned int, sizeof(la), alen);
60 memcpy(&la, addr, len);
61
62 if (la.l2_cid && la.l2_psm)
63 return -EINVAL;
64
65 lock_sock(sk);
66
67 if (sk->sk_state != BT_OPEN) {
68 err = -EBADFD;
69 goto done;
70 }
71
72 if (la.l2_psm) {
73 __u16 psm = __le16_to_cpu(la.l2_psm);
74
75 /* PSM must be odd and lsb of upper byte must be 0 */
76 if ((psm & 0x0101) != 0x0001) {
77 err = -EINVAL;
78 goto done;
79 }
80
81 /* Restrict usage of well-known PSMs */
82 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
83 err = -EACCES;
84 goto done;
85 }
86 }
87
88 if (la.l2_cid)
89 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
90 else
91 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
92
93 if (err < 0)
94 goto done;
95
96 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
97 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
98 chan->sec_level = BT_SECURITY_SDP;
99
100 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
101
102 chan->state = BT_BOUND;
103 sk->sk_state = BT_BOUND;
104
105 done:
106 release_sock(sk);
107 return err;
108 }
109
110 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
111 int alen, int flags)
112 {
113 struct sock *sk = sock->sk;
114 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
115 struct sockaddr_l2 la;
116 int len, err = 0;
117
118 BT_DBG("sk %p", sk);
119
120 if (!addr || alen < sizeof(addr->sa_family) ||
121 addr->sa_family != AF_BLUETOOTH)
122 return -EINVAL;
123
124 memset(&la, 0, sizeof(la));
125 len = min_t(unsigned int, sizeof(la), alen);
126 memcpy(&la, addr, len);
127
128 if (la.l2_cid && la.l2_psm)
129 return -EINVAL;
130
131 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
132 &la.l2_bdaddr, la.l2_bdaddr_type);
133 if (err)
134 return err;
135
136 lock_sock(sk);
137
138 err = bt_sock_wait_state(sk, BT_CONNECTED,
139 sock_sndtimeo(sk, flags & O_NONBLOCK));
140
141 release_sock(sk);
142
143 return err;
144 }
145
146 static int l2cap_sock_listen(struct socket *sock, int backlog)
147 {
148 struct sock *sk = sock->sk;
149 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
150 int err = 0;
151
152 BT_DBG("sk %p backlog %d", sk, backlog);
153
154 lock_sock(sk);
155
156 if (sk->sk_state != BT_BOUND) {
157 err = -EBADFD;
158 goto done;
159 }
160
161 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
162 err = -EINVAL;
163 goto done;
164 }
165
166 switch (chan->mode) {
167 case L2CAP_MODE_BASIC:
168 break;
169 case L2CAP_MODE_ERTM:
170 case L2CAP_MODE_STREAMING:
171 if (!disable_ertm)
172 break;
173 /* fall through */
174 default:
175 err = -ENOTSUPP;
176 goto done;
177 }
178
179 sk->sk_max_ack_backlog = backlog;
180 sk->sk_ack_backlog = 0;
181
182 chan->state = BT_LISTEN;
183 sk->sk_state = BT_LISTEN;
184
185 done:
186 release_sock(sk);
187 return err;
188 }
189
190 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
191 int flags)
192 {
193 DECLARE_WAITQUEUE(wait, current);
194 struct sock *sk = sock->sk, *nsk;
195 long timeo;
196 int err = 0;
197
198 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
199
200 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
201
202 BT_DBG("sk %p timeo %ld", sk, timeo);
203
204 /* Wait for an incoming connection. (wake-one). */
205 add_wait_queue_exclusive(sk_sleep(sk), &wait);
206 while (1) {
207 set_current_state(TASK_INTERRUPTIBLE);
208
209 if (sk->sk_state != BT_LISTEN) {
210 err = -EBADFD;
211 break;
212 }
213
214 nsk = bt_accept_dequeue(sk, newsock);
215 if (nsk)
216 break;
217
218 if (!timeo) {
219 err = -EAGAIN;
220 break;
221 }
222
223 if (signal_pending(current)) {
224 err = sock_intr_errno(timeo);
225 break;
226 }
227
228 release_sock(sk);
229 timeo = schedule_timeout(timeo);
230 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
231 }
232 __set_current_state(TASK_RUNNING);
233 remove_wait_queue(sk_sleep(sk), &wait);
234
235 if (err)
236 goto done;
237
238 newsock->state = SS_CONNECTED;
239
240 BT_DBG("new socket %p", nsk);
241
242 done:
243 release_sock(sk);
244 return err;
245 }
246
247 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
248 int *len, int peer)
249 {
250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
251 struct sock *sk = sock->sk;
252 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
253
254 BT_DBG("sock %p, sk %p", sock, sk);
255
256 addr->sa_family = AF_BLUETOOTH;
257 *len = sizeof(struct sockaddr_l2);
258
259 if (peer) {
260 la->l2_psm = chan->psm;
261 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
262 la->l2_cid = cpu_to_le16(chan->dcid);
263 } else {
264 la->l2_psm = chan->sport;
265 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
266 la->l2_cid = cpu_to_le16(chan->scid);
267 }
268
269 return 0;
270 }
271
272 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
273 char __user *optval, int __user *optlen)
274 {
275 struct sock *sk = sock->sk;
276 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
277 struct l2cap_options opts;
278 struct l2cap_conninfo cinfo;
279 int len, err = 0;
280 u32 opt;
281
282 BT_DBG("sk %p", sk);
283
284 if (get_user(len, optlen))
285 return -EFAULT;
286
287 lock_sock(sk);
288
289 switch (optname) {
290 case L2CAP_OPTIONS:
291 memset(&opts, 0, sizeof(opts));
292 opts.imtu = chan->imtu;
293 opts.omtu = chan->omtu;
294 opts.flush_to = chan->flush_to;
295 opts.mode = chan->mode;
296 opts.fcs = chan->fcs;
297 opts.max_tx = chan->max_tx;
298 opts.txwin_size = chan->tx_win;
299
300 len = min_t(unsigned int, len, sizeof(opts));
301 if (copy_to_user(optval, (char *) &opts, len))
302 err = -EFAULT;
303
304 break;
305
306 case L2CAP_LM:
307 switch (chan->sec_level) {
308 case BT_SECURITY_LOW:
309 opt = L2CAP_LM_AUTH;
310 break;
311 case BT_SECURITY_MEDIUM:
312 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
313 break;
314 case BT_SECURITY_HIGH:
315 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
316 L2CAP_LM_SECURE;
317 break;
318 default:
319 opt = 0;
320 break;
321 }
322
323 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
324 opt |= L2CAP_LM_MASTER;
325
326 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
327 opt |= L2CAP_LM_RELIABLE;
328
329 if (put_user(opt, (u32 __user *) optval))
330 err = -EFAULT;
331 break;
332
333 case L2CAP_CONNINFO:
334 if (sk->sk_state != BT_CONNECTED &&
335 !(sk->sk_state == BT_CONNECT2 &&
336 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
337 err = -ENOTCONN;
338 break;
339 }
340
341 memset(&cinfo, 0, sizeof(cinfo));
342 cinfo.hci_handle = chan->conn->hcon->handle;
343 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
344
345 len = min_t(unsigned int, len, sizeof(cinfo));
346 if (copy_to_user(optval, (char *) &cinfo, len))
347 err = -EFAULT;
348
349 break;
350
351 default:
352 err = -ENOPROTOOPT;
353 break;
354 }
355
356 release_sock(sk);
357 return err;
358 }
359
360 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
361 char __user *optval, int __user *optlen)
362 {
363 struct sock *sk = sock->sk;
364 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
365 struct bt_security sec;
366 struct bt_power pwr;
367 int len, err = 0;
368
369 BT_DBG("sk %p", sk);
370
371 if (level == SOL_L2CAP)
372 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
373
374 if (level != SOL_BLUETOOTH)
375 return -ENOPROTOOPT;
376
377 if (get_user(len, optlen))
378 return -EFAULT;
379
380 lock_sock(sk);
381
382 switch (optname) {
383 case BT_SECURITY:
384 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
385 chan->chan_type != L2CAP_CHAN_RAW) {
386 err = -EINVAL;
387 break;
388 }
389
390 memset(&sec, 0, sizeof(sec));
391 if (chan->conn) {
392 sec.level = chan->conn->hcon->sec_level;
393
394 if (sk->sk_state == BT_CONNECTED)
395 sec.key_size = chan->conn->hcon->enc_key_size;
396 } else {
397 sec.level = chan->sec_level;
398 }
399
400 len = min_t(unsigned int, len, sizeof(sec));
401 if (copy_to_user(optval, (char *) &sec, len))
402 err = -EFAULT;
403
404 break;
405
406 case BT_DEFER_SETUP:
407 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
408 err = -EINVAL;
409 break;
410 }
411
412 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
413 (u32 __user *) optval))
414 err = -EFAULT;
415
416 break;
417
418 case BT_FLUSHABLE:
419 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
420 (u32 __user *) optval))
421 err = -EFAULT;
422
423 break;
424
425 case BT_POWER:
426 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
427 && sk->sk_type != SOCK_RAW) {
428 err = -EINVAL;
429 break;
430 }
431
432 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
433
434 len = min_t(unsigned int, len, sizeof(pwr));
435 if (copy_to_user(optval, (char *) &pwr, len))
436 err = -EFAULT;
437
438 break;
439
440 case BT_CHANNEL_POLICY:
441 if (!enable_hs) {
442 err = -ENOPROTOOPT;
443 break;
444 }
445
446 if (put_user(chan->chan_policy, (u32 __user *) optval))
447 err = -EFAULT;
448 break;
449
450 default:
451 err = -ENOPROTOOPT;
452 break;
453 }
454
455 release_sock(sk);
456 return err;
457 }
458
459 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
460 {
461 switch (chan->scid) {
462 case L2CAP_CID_LE_DATA:
463 if (mtu < L2CAP_LE_MIN_MTU)
464 return false;
465 break;
466
467 default:
468 if (mtu < L2CAP_DEFAULT_MIN_MTU)
469 return false;
470 }
471
472 return true;
473 }
474
475 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
476 char __user *optval, unsigned int optlen)
477 {
478 struct sock *sk = sock->sk;
479 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
480 struct l2cap_options opts;
481 int len, err = 0;
482 u32 opt;
483
484 BT_DBG("sk %p", sk);
485
486 lock_sock(sk);
487
488 switch (optname) {
489 case L2CAP_OPTIONS:
490 if (sk->sk_state == BT_CONNECTED) {
491 err = -EINVAL;
492 break;
493 }
494
495 opts.imtu = chan->imtu;
496 opts.omtu = chan->omtu;
497 opts.flush_to = chan->flush_to;
498 opts.mode = chan->mode;
499 opts.fcs = chan->fcs;
500 opts.max_tx = chan->max_tx;
501 opts.txwin_size = chan->tx_win;
502
503 len = min_t(unsigned int, sizeof(opts), optlen);
504 if (copy_from_user((char *) &opts, optval, len)) {
505 err = -EFAULT;
506 break;
507 }
508
509 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
510 err = -EINVAL;
511 break;
512 }
513
514 if (!l2cap_valid_mtu(chan, opts.imtu)) {
515 err = -EINVAL;
516 break;
517 }
518
519 chan->mode = opts.mode;
520 switch (chan->mode) {
521 case L2CAP_MODE_BASIC:
522 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
523 break;
524 case L2CAP_MODE_ERTM:
525 case L2CAP_MODE_STREAMING:
526 if (!disable_ertm)
527 break;
528 /* fall through */
529 default:
530 err = -EINVAL;
531 break;
532 }
533
534 chan->imtu = opts.imtu;
535 chan->omtu = opts.omtu;
536 chan->fcs = opts.fcs;
537 chan->max_tx = opts.max_tx;
538 chan->tx_win = opts.txwin_size;
539 chan->flush_to = opts.flush_to;
540 break;
541
542 case L2CAP_LM:
543 if (get_user(opt, (u32 __user *) optval)) {
544 err = -EFAULT;
545 break;
546 }
547
548 if (opt & L2CAP_LM_AUTH)
549 chan->sec_level = BT_SECURITY_LOW;
550 if (opt & L2CAP_LM_ENCRYPT)
551 chan->sec_level = BT_SECURITY_MEDIUM;
552 if (opt & L2CAP_LM_SECURE)
553 chan->sec_level = BT_SECURITY_HIGH;
554
555 if (opt & L2CAP_LM_MASTER)
556 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
557 else
558 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
559
560 if (opt & L2CAP_LM_RELIABLE)
561 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
562 else
563 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
564 break;
565
566 default:
567 err = -ENOPROTOOPT;
568 break;
569 }
570
571 release_sock(sk);
572 return err;
573 }
574
575 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
576 char __user *optval, unsigned int optlen)
577 {
578 struct sock *sk = sock->sk;
579 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
580 struct bt_security sec;
581 struct bt_power pwr;
582 struct l2cap_conn *conn;
583 int len, err = 0;
584 u32 opt;
585
586 BT_DBG("sk %p", sk);
587
588 if (level == SOL_L2CAP)
589 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
590
591 if (level != SOL_BLUETOOTH)
592 return -ENOPROTOOPT;
593
594 lock_sock(sk);
595
596 switch (optname) {
597 case BT_SECURITY:
598 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
599 chan->chan_type != L2CAP_CHAN_RAW) {
600 err = -EINVAL;
601 break;
602 }
603
604 sec.level = BT_SECURITY_LOW;
605
606 len = min_t(unsigned int, sizeof(sec), optlen);
607 if (copy_from_user((char *) &sec, optval, len)) {
608 err = -EFAULT;
609 break;
610 }
611
612 if (sec.level < BT_SECURITY_LOW ||
613 sec.level > BT_SECURITY_HIGH) {
614 err = -EINVAL;
615 break;
616 }
617
618 chan->sec_level = sec.level;
619
620 if (!chan->conn)
621 break;
622
623 conn = chan->conn;
624
625 /*change security for LE channels */
626 if (chan->scid == L2CAP_CID_LE_DATA) {
627 if (!conn->hcon->out) {
628 err = -EINVAL;
629 break;
630 }
631
632 if (smp_conn_security(conn->hcon, sec.level))
633 break;
634 sk->sk_state = BT_CONFIG;
635 chan->state = BT_CONFIG;
636
637 /* or for ACL link */
638 } else if ((sk->sk_state == BT_CONNECT2 &&
639 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
640 sk->sk_state == BT_CONNECTED) {
641 if (!l2cap_chan_check_security(chan))
642 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
643 else
644 sk->sk_state_change(sk);
645 } else {
646 err = -EINVAL;
647 }
648 break;
649
650 case BT_DEFER_SETUP:
651 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
652 err = -EINVAL;
653 break;
654 }
655
656 if (get_user(opt, (u32 __user *) optval)) {
657 err = -EFAULT;
658 break;
659 }
660
661 if (opt)
662 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
663 else
664 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
665 break;
666
667 case BT_FLUSHABLE:
668 if (get_user(opt, (u32 __user *) optval)) {
669 err = -EFAULT;
670 break;
671 }
672
673 if (opt > BT_FLUSHABLE_ON) {
674 err = -EINVAL;
675 break;
676 }
677
678 if (opt == BT_FLUSHABLE_OFF) {
679 struct l2cap_conn *conn = chan->conn;
680 /* proceed further only when we have l2cap_conn and
681 No Flush support in the LM */
682 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
683 err = -EINVAL;
684 break;
685 }
686 }
687
688 if (opt)
689 set_bit(FLAG_FLUSHABLE, &chan->flags);
690 else
691 clear_bit(FLAG_FLUSHABLE, &chan->flags);
692 break;
693
694 case BT_POWER:
695 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
696 chan->chan_type != L2CAP_CHAN_RAW) {
697 err = -EINVAL;
698 break;
699 }
700
701 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
702
703 len = min_t(unsigned int, sizeof(pwr), optlen);
704 if (copy_from_user((char *) &pwr, optval, len)) {
705 err = -EFAULT;
706 break;
707 }
708
709 if (pwr.force_active)
710 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
711 else
712 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
713 break;
714
715 case BT_CHANNEL_POLICY:
716 if (!enable_hs) {
717 err = -ENOPROTOOPT;
718 break;
719 }
720
721 if (get_user(opt, (u32 __user *) optval)) {
722 err = -EFAULT;
723 break;
724 }
725
726 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
727 err = -EINVAL;
728 break;
729 }
730
731 if (chan->mode != L2CAP_MODE_ERTM &&
732 chan->mode != L2CAP_MODE_STREAMING) {
733 err = -EOPNOTSUPP;
734 break;
735 }
736
737 chan->chan_policy = (u8) opt;
738 break;
739
740 default:
741 err = -ENOPROTOOPT;
742 break;
743 }
744
745 release_sock(sk);
746 return err;
747 }
748
749 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
750 struct msghdr *msg, size_t len)
751 {
752 struct sock *sk = sock->sk;
753 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
754 int err;
755
756 BT_DBG("sock %p, sk %p", sock, sk);
757
758 err = sock_error(sk);
759 if (err)
760 return err;
761
762 if (msg->msg_flags & MSG_OOB)
763 return -EOPNOTSUPP;
764
765 if (sk->sk_state != BT_CONNECTED)
766 return -ENOTCONN;
767
768 l2cap_chan_lock(chan);
769 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
770 l2cap_chan_unlock(chan);
771
772 return err;
773 }
774
775 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
776 struct msghdr *msg, size_t len, int flags)
777 {
778 struct sock *sk = sock->sk;
779 struct l2cap_pinfo *pi = l2cap_pi(sk);
780 int err;
781
782 lock_sock(sk);
783
784 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
785 &bt_sk(sk)->flags)) {
786 sk->sk_state = BT_CONFIG;
787 pi->chan->state = BT_CONFIG;
788
789 __l2cap_connect_rsp_defer(pi->chan);
790 release_sock(sk);
791 return 0;
792 }
793
794 release_sock(sk);
795
796 if (sock->type == SOCK_STREAM)
797 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
798 else
799 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
800
801 if (pi->chan->mode != L2CAP_MODE_ERTM)
802 return err;
803
804 /* Attempt to put pending rx data in the socket buffer */
805
806 lock_sock(sk);
807
808 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
809 goto done;
810
811 if (pi->rx_busy_skb) {
812 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
813 pi->rx_busy_skb = NULL;
814 else
815 goto done;
816 }
817
818 /* Restore data flow when half of the receive buffer is
819 * available. This avoids resending large numbers of
820 * frames.
821 */
822 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
823 l2cap_chan_busy(pi->chan, 0);
824
825 done:
826 release_sock(sk);
827 return err;
828 }
829
830 /* Kill socket (only if zapped and orphan)
831 * Must be called on unlocked socket.
832 */
833 static void l2cap_sock_kill(struct sock *sk)
834 {
835 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
836 return;
837
838 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
839
840 /* Kill poor orphan */
841
842 l2cap_chan_put(l2cap_pi(sk)->chan);
843 sock_set_flag(sk, SOCK_DEAD);
844 sock_put(sk);
845 }
846
847 static int l2cap_sock_shutdown(struct socket *sock, int how)
848 {
849 struct sock *sk = sock->sk;
850 struct l2cap_chan *chan;
851 struct l2cap_conn *conn;
852 int err = 0;
853
854 BT_DBG("sock %p, sk %p", sock, sk);
855
856 if (!sk)
857 return 0;
858
859 chan = l2cap_pi(sk)->chan;
860 conn = chan->conn;
861
862 if (conn)
863 mutex_lock(&conn->chan_lock);
864
865 l2cap_chan_lock(chan);
866 lock_sock(sk);
867
868 if (!sk->sk_shutdown) {
869 if (chan->mode == L2CAP_MODE_ERTM)
870 err = __l2cap_wait_ack(sk);
871
872 sk->sk_shutdown = SHUTDOWN_MASK;
873
874 release_sock(sk);
875 l2cap_chan_close(chan, 0);
876 lock_sock(sk);
877
878 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
879 err = bt_sock_wait_state(sk, BT_CLOSED,
880 sk->sk_lingertime);
881 }
882
883 if (!err && sk->sk_err)
884 err = -sk->sk_err;
885
886 release_sock(sk);
887 l2cap_chan_unlock(chan);
888
889 if (conn)
890 mutex_unlock(&conn->chan_lock);
891
892 return err;
893 }
894
895 static int l2cap_sock_release(struct socket *sock)
896 {
897 struct sock *sk = sock->sk;
898 int err;
899
900 BT_DBG("sock %p, sk %p", sock, sk);
901
902 if (!sk)
903 return 0;
904
905 bt_sock_unlink(&l2cap_sk_list, sk);
906
907 err = l2cap_sock_shutdown(sock, 2);
908
909 sock_orphan(sk);
910 l2cap_sock_kill(sk);
911 return err;
912 }
913
914 static void l2cap_sock_cleanup_listen(struct sock *parent)
915 {
916 struct sock *sk;
917
918 BT_DBG("parent %p", parent);
919
920 /* Close not yet accepted channels */
921 while ((sk = bt_accept_dequeue(parent, NULL))) {
922 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
923
924 l2cap_chan_lock(chan);
925 __clear_chan_timer(chan);
926 l2cap_chan_close(chan, ECONNRESET);
927 l2cap_chan_unlock(chan);
928
929 l2cap_sock_kill(sk);
930 }
931 }
932
933 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
934 {
935 struct sock *sk, *parent = chan->data;
936
937 /* Check for backlog size */
938 if (sk_acceptq_is_full(parent)) {
939 BT_DBG("backlog full %d", parent->sk_ack_backlog);
940 return NULL;
941 }
942
943 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
944 GFP_ATOMIC);
945 if (!sk)
946 return NULL;
947
948 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
949
950 l2cap_sock_init(sk, parent);
951
952 bt_accept_enqueue(parent, sk);
953
954 return l2cap_pi(sk)->chan;
955 }
956
957 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
958 {
959 int err;
960 struct sock *sk = chan->data;
961 struct l2cap_pinfo *pi = l2cap_pi(sk);
962
963 lock_sock(sk);
964
965 if (pi->rx_busy_skb) {
966 err = -ENOMEM;
967 goto done;
968 }
969
970 err = sock_queue_rcv_skb(sk, skb);
971
972 /* For ERTM, handle one skb that doesn't fit into the recv
973 * buffer. This is important to do because the data frames
974 * have already been acked, so the skb cannot be discarded.
975 *
976 * Notify the l2cap core that the buffer is full, so the
977 * LOCAL_BUSY state is entered and no more frames are
978 * acked and reassembled until there is buffer space
979 * available.
980 */
981 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
982 pi->rx_busy_skb = skb;
983 l2cap_chan_busy(pi->chan, 1);
984 err = 0;
985 }
986
987 done:
988 release_sock(sk);
989
990 return err;
991 }
992
993 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
994 {
995 struct sock *sk = chan->data;
996
997 l2cap_sock_kill(sk);
998 }
999
1000 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1001 {
1002 struct sock *sk = chan->data;
1003 struct sock *parent;
1004
1005 lock_sock(sk);
1006
1007 parent = bt_sk(sk)->parent;
1008
1009 sock_set_flag(sk, SOCK_ZAPPED);
1010
1011 switch (chan->state) {
1012 case BT_OPEN:
1013 case BT_BOUND:
1014 case BT_CLOSED:
1015 break;
1016 case BT_LISTEN:
1017 l2cap_sock_cleanup_listen(sk);
1018 sk->sk_state = BT_CLOSED;
1019 chan->state = BT_CLOSED;
1020
1021 break;
1022 default:
1023 sk->sk_state = BT_CLOSED;
1024 chan->state = BT_CLOSED;
1025
1026 sk->sk_err = err;
1027
1028 if (parent) {
1029 bt_accept_unlink(sk);
1030 parent->sk_data_ready(parent, 0);
1031 } else {
1032 sk->sk_state_change(sk);
1033 }
1034
1035 break;
1036 }
1037
1038 release_sock(sk);
1039 }
1040
1041 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1042 {
1043 struct sock *sk = chan->data;
1044
1045 sk->sk_state = state;
1046 }
1047
1048 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1049 unsigned long len, int nb)
1050 {
1051 struct sk_buff *skb;
1052 int err;
1053
1054 l2cap_chan_unlock(chan);
1055 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1056 l2cap_chan_lock(chan);
1057
1058 if (!skb)
1059 return ERR_PTR(err);
1060
1061 return skb;
1062 }
1063
1064 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1065 {
1066 struct sock *sk = chan->data;
1067 struct sock *parent;
1068
1069 lock_sock(sk);
1070
1071 parent = bt_sk(sk)->parent;
1072
1073 BT_DBG("sk %p, parent %p", sk, parent);
1074
1075 sk->sk_state = BT_CONNECTED;
1076 sk->sk_state_change(sk);
1077
1078 if (parent)
1079 parent->sk_data_ready(parent, 0);
1080
1081 release_sock(sk);
1082 }
1083
1084 static struct l2cap_ops l2cap_chan_ops = {
1085 .name = "L2CAP Socket Interface",
1086 .new_connection = l2cap_sock_new_connection_cb,
1087 .recv = l2cap_sock_recv_cb,
1088 .close = l2cap_sock_close_cb,
1089 .teardown = l2cap_sock_teardown_cb,
1090 .state_change = l2cap_sock_state_change_cb,
1091 .ready = l2cap_sock_ready_cb,
1092 .alloc_skb = l2cap_sock_alloc_skb_cb,
1093 };
1094
1095 static void l2cap_sock_destruct(struct sock *sk)
1096 {
1097 BT_DBG("sk %p", sk);
1098
1099 if (l2cap_pi(sk)->chan)
1100 l2cap_chan_put(l2cap_pi(sk)->chan);
1101 if (l2cap_pi(sk)->rx_busy_skb) {
1102 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1103 l2cap_pi(sk)->rx_busy_skb = NULL;
1104 }
1105
1106 skb_queue_purge(&sk->sk_receive_queue);
1107 skb_queue_purge(&sk->sk_write_queue);
1108 }
1109
1110 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1111 {
1112 struct l2cap_pinfo *pi = l2cap_pi(sk);
1113 struct l2cap_chan *chan = pi->chan;
1114
1115 BT_DBG("sk %p", sk);
1116
1117 if (parent) {
1118 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1119
1120 sk->sk_type = parent->sk_type;
1121 bt_sk(sk)->flags = bt_sk(parent)->flags;
1122
1123 chan->chan_type = pchan->chan_type;
1124 chan->imtu = pchan->imtu;
1125 chan->omtu = pchan->omtu;
1126 chan->conf_state = pchan->conf_state;
1127 chan->mode = pchan->mode;
1128 chan->fcs = pchan->fcs;
1129 chan->max_tx = pchan->max_tx;
1130 chan->tx_win = pchan->tx_win;
1131 chan->tx_win_max = pchan->tx_win_max;
1132 chan->sec_level = pchan->sec_level;
1133 chan->flags = pchan->flags;
1134
1135 security_sk_clone(parent, sk);
1136 } else {
1137
1138 switch (sk->sk_type) {
1139 case SOCK_RAW:
1140 chan->chan_type = L2CAP_CHAN_RAW;
1141 break;
1142 case SOCK_DGRAM:
1143 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1144 break;
1145 case SOCK_SEQPACKET:
1146 case SOCK_STREAM:
1147 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1148 break;
1149 }
1150
1151 chan->imtu = L2CAP_DEFAULT_MTU;
1152 chan->omtu = 0;
1153 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1154 chan->mode = L2CAP_MODE_ERTM;
1155 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1156 } else {
1157 chan->mode = L2CAP_MODE_BASIC;
1158 }
1159
1160 l2cap_chan_set_defaults(chan);
1161 }
1162
1163 /* Default config options */
1164 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1165
1166 chan->data = sk;
1167 chan->ops = &l2cap_chan_ops;
1168 }
1169
1170 static struct proto l2cap_proto = {
1171 .name = "L2CAP",
1172 .owner = THIS_MODULE,
1173 .obj_size = sizeof(struct l2cap_pinfo)
1174 };
1175
1176 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1177 int proto, gfp_t prio)
1178 {
1179 struct sock *sk;
1180 struct l2cap_chan *chan;
1181
1182 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1183 if (!sk)
1184 return NULL;
1185
1186 sock_init_data(sock, sk);
1187 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1188
1189 sk->sk_destruct = l2cap_sock_destruct;
1190 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1191
1192 sock_reset_flag(sk, SOCK_ZAPPED);
1193
1194 sk->sk_protocol = proto;
1195 sk->sk_state = BT_OPEN;
1196
1197 chan = l2cap_chan_create();
1198 if (!chan) {
1199 sk_free(sk);
1200 return NULL;
1201 }
1202
1203 l2cap_chan_hold(chan);
1204
1205 chan->sk = sk;
1206
1207 l2cap_pi(sk)->chan = chan;
1208
1209 return sk;
1210 }
1211
1212 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1213 int kern)
1214 {
1215 struct sock *sk;
1216
1217 BT_DBG("sock %p", sock);
1218
1219 sock->state = SS_UNCONNECTED;
1220
1221 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1222 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1223 return -ESOCKTNOSUPPORT;
1224
1225 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1226 return -EPERM;
1227
1228 sock->ops = &l2cap_sock_ops;
1229
1230 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1231 if (!sk)
1232 return -ENOMEM;
1233
1234 l2cap_sock_init(sk, NULL);
1235 bt_sock_link(&l2cap_sk_list, sk);
1236 return 0;
1237 }
1238
1239 static const struct proto_ops l2cap_sock_ops = {
1240 .family = PF_BLUETOOTH,
1241 .owner = THIS_MODULE,
1242 .release = l2cap_sock_release,
1243 .bind = l2cap_sock_bind,
1244 .connect = l2cap_sock_connect,
1245 .listen = l2cap_sock_listen,
1246 .accept = l2cap_sock_accept,
1247 .getname = l2cap_sock_getname,
1248 .sendmsg = l2cap_sock_sendmsg,
1249 .recvmsg = l2cap_sock_recvmsg,
1250 .poll = bt_sock_poll,
1251 .ioctl = bt_sock_ioctl,
1252 .mmap = sock_no_mmap,
1253 .socketpair = sock_no_socketpair,
1254 .shutdown = l2cap_sock_shutdown,
1255 .setsockopt = l2cap_sock_setsockopt,
1256 .getsockopt = l2cap_sock_getsockopt
1257 };
1258
1259 static const struct net_proto_family l2cap_sock_family_ops = {
1260 .family = PF_BLUETOOTH,
1261 .owner = THIS_MODULE,
1262 .create = l2cap_sock_create,
1263 };
1264
1265 int __init l2cap_init_sockets(void)
1266 {
1267 int err;
1268
1269 err = proto_register(&l2cap_proto, 0);
1270 if (err < 0)
1271 return err;
1272
1273 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1274 if (err < 0) {
1275 BT_ERR("L2CAP socket registration failed");
1276 goto error;
1277 }
1278
1279 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list,
1280 NULL);
1281 if (err < 0) {
1282 BT_ERR("Failed to create L2CAP proc file");
1283 bt_sock_unregister(BTPROTO_L2CAP);
1284 goto error;
1285 }
1286
1287 BT_INFO("L2CAP socket layer initialized");
1288
1289 return 0;
1290
1291 error:
1292 proto_unregister(&l2cap_proto);
1293 return err;
1294 }
1295
1296 void l2cap_cleanup_sockets(void)
1297 {
1298 bt_procfs_cleanup(&init_net, "l2cap");
1299 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1300 BT_ERR("L2CAP socket unregistration failed");
1301
1302 proto_unregister(&l2cap_proto);
1303 }
ubuntu-bionic-kernel mirror