projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Lock the L2CAP channel when sending
[deliverable/linux.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
6230c9b4 30#include <linux/security.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
f1cb9af5 36#include <net/bluetooth/smp.h>
bb58f747 37
cf2f90f5 38static const struct proto_ops l2cap_sock_ops;
80808e43
GP		 39static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
cf2f90f5 41
af6bcd82
GP		 42static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43{
44 struct sock *sk = sock->sk;
4343478f 45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
b62f328b 58 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
9e4425ff 84 if (la.l2_cid)
6e4aff10 85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 88
9e4425ff
GP		 89 if (err < 0)
90 goto done;
af6bcd82 91
9e4425ff
GP		 92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
b62f328b 95
9e4425ff 96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
89bc500e
GP		 97
98 chan->state = BT_BOUND;
9e4425ff 99 sk->sk_state = BT_BOUND;
af6bcd82
GP		 100
101done:
102 release_sock(sk);
103 return err;
104}
105
4e34c50b
GP		 106static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107{
108 struct sock *sk = sock->sk;
0c1bc5c6 109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
acd7d370 123 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 124 return -EINVAL;
125
6e4aff10 126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 127 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 128 if (err)
b3fb611e 129 return err;
4e34c50b 130
6be36555
AE		 131 lock_sock(sk);
132
4e34c50b
GP		 133 err = bt_sock_wait_state(sk, BT_CONNECTED,
134 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 135
136 release_sock(sk);
137
4e34c50b
GP		 138 return err;
139}
140
af6bcd82
GP		 141static int l2cap_sock_listen(struct socket *sock, int backlog)
142{
143 struct sock *sk = sock->sk;
0c1bc5c6 144 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 145 int err = 0;
146
147 BT_DBG("sk %p backlog %d", sk, backlog);
148
149 lock_sock(sk);
150
6b3af733 151 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 152 err = -EBADFD;
153 goto done;
154 }
155
6b3af733
MH		 156 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
157 err = -EINVAL;
158 goto done;
159 }
160
0c1bc5c6 161 switch (chan->mode) {
af6bcd82
GP		 162 case L2CAP_MODE_BASIC:
163 break;
164 case L2CAP_MODE_ERTM:
165 case L2CAP_MODE_STREAMING:
166 if (!disable_ertm)
167 break;
168 /* fall through */
169 default:
170 err = -ENOTSUPP;
171 goto done;
172 }
173
af6bcd82
GP		 174 sk->sk_max_ack_backlog = backlog;
175 sk->sk_ack_backlog = 0;
89bc500e
GP		 176
177 chan->state = BT_LISTEN;
af6bcd82
GP		 178 sk->sk_state = BT_LISTEN;
179
180done:
181 release_sock(sk);
182 return err;
183}
184
c47b7c72
GP		 185static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
186{
187 DECLARE_WAITQUEUE(wait, current);
188 struct sock *sk = sock->sk, *nsk;
189 long timeo;
190 int err = 0;
191
192 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
193
c47b7c72
GP		 194 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
195
196 BT_DBG("sk %p timeo %ld", sk, timeo);
197
198 /* Wait for an incoming connection. (wake-one). */
199 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 200 while (1) {
c47b7c72 201 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 202
203 if (sk->sk_state != BT_LISTEN) {
204 err = -EBADFD;
c47b7c72
GP		 205 break;
206 }
207
f9a3c20a
PH		 208 nsk = bt_accept_dequeue(sk, newsock);
209 if (nsk)
210 break;
c47b7c72 211
f9a3c20a
PH		 212 if (!timeo) {
213 err = -EAGAIN;
c47b7c72
GP		 214 break;
215 }
216
217 if (signal_pending(current)) {
218 err = sock_intr_errno(timeo);
219 break;
220 }
f9a3c20a
PH		 221
222 release_sock(sk);
223 timeo = schedule_timeout(timeo);
224 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 225 }
f9a3c20a 226 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 227 remove_wait_queue(sk_sleep(sk), &wait);
228
229 if (err)
230 goto done;
231
232 newsock->state = SS_CONNECTED;
233
234 BT_DBG("new socket %p", nsk);
235
236done:
237 release_sock(sk);
238 return err;
239}
240
d7175d55
GP		 241static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
242{
243 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
244 struct sock *sk = sock->sk;
0c1bc5c6 245 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 246
247 BT_DBG("sock %p, sk %p", sock, sk);
248
249 addr->sa_family = AF_BLUETOOTH;
250 *len = sizeof(struct sockaddr_l2);
251
252 if (peer) {
fe4128e0 253 la->l2_psm = chan->psm;
d7175d55 254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 255 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 256 } else {
0c1bc5c6 257 la->l2_psm = chan->sport;
d7175d55 258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 259 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 260 }
261
262 return 0;
263}
264
99f4808d
GP		 265static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
266{
267 struct sock *sk = sock->sk;
4343478f 268 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 269 struct l2cap_options opts;
270 struct l2cap_conninfo cinfo;
271 int len, err = 0;
272 u32 opt;
273
274 BT_DBG("sk %p", sk);
275
276 if (get_user(len, optlen))
277 return -EFAULT;
278
279 lock_sock(sk);
280
281 switch (optname) {
282 case L2CAP_OPTIONS:
e3fb592b 283 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 284 opts.imtu = chan->imtu;
285 opts.omtu = chan->omtu;
286 opts.flush_to = chan->flush_to;
287 opts.mode = chan->mode;
47d1ec61
GP		 288 opts.fcs = chan->fcs;
289 opts.max_tx = chan->max_tx;
6327eb98 290 opts.txwin_size = chan->tx_win;
99f4808d
GP		 291
292 len = min_t(unsigned int, len, sizeof(opts));
293 if (copy_to_user(optval, (char *) &opts, len))
294 err = -EFAULT;
295
296 break;
297
298 case L2CAP_LM:
4343478f 299 switch (chan->sec_level) {
99f4808d
GP		 300 case BT_SECURITY_LOW:
301 opt = L2CAP_LM_AUTH;
302 break;
303 case BT_SECURITY_MEDIUM:
304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
305 break;
306 case BT_SECURITY_HIGH:
307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
308 L2CAP_LM_SECURE;
309 break;
310 default:
311 opt = 0;
312 break;
313 }
314
43bd0f32 315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 316 opt |= L2CAP_LM_MASTER;
317
ecf61bdb 318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 319 opt |= L2CAP_LM_RELIABLE;
320
321 if (put_user(opt, (u32 __user *) optval))
322 err = -EFAULT;
323 break;
324
325 case L2CAP_CONNINFO:
326 if (sk->sk_state != BT_CONNECTED &&
327 !(sk->sk_state == BT_CONNECT2 &&
328 bt_sk(sk)->defer_setup)) {
329 err = -ENOTCONN;
330 break;
331 }
332
8d03e971 333 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 334 cinfo.hci_handle = chan->conn->hcon->handle;
335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 336
337 len = min_t(unsigned int, len, sizeof(cinfo));
338 if (copy_to_user(optval, (char *) &cinfo, len))
339 err = -EFAULT;
340
341 break;
342
343 default:
344 err = -ENOPROTOOPT;
345 break;
346 }
347
348 release_sock(sk);
349 return err;
350}
351
352static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
353{
354 struct sock *sk = sock->sk;
4343478f 355 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 356 struct bt_security sec;
14b12d0b 357 struct bt_power pwr;
99f4808d
GP		 358 int len, err = 0;
359
360 BT_DBG("sk %p", sk);
361
362 if (level == SOL_L2CAP)
363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
364
365 if (level != SOL_BLUETOOTH)
366 return -ENOPROTOOPT;
367
368 if (get_user(len, optlen))
369 return -EFAULT;
370
371 lock_sock(sk);
372
373 switch (optname) {
374 case BT_SECURITY:
715ec005
GP		 375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
376 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 377 err = -EINVAL;
378 break;
379 }
380
8f360119 381 memset(&sec, 0, sizeof(sec));
4343478f 382 sec.level = chan->sec_level;
99f4808d 383
8f360119
VCG		 384 if (sk->sk_state == BT_CONNECTED)
385 sec.key_size = chan->conn->hcon->enc_key_size;
386
99f4808d
GP		 387 len = min_t(unsigned int, len, sizeof(sec));
388 if (copy_to_user(optval, (char *) &sec, len))
389 err = -EFAULT;
390
391 break;
392
393 case BT_DEFER_SETUP:
394 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
395 err = -EINVAL;
396 break;
397 }
398
399 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
400 err = -EFAULT;
401
402 break;
403
404 case BT_FLUSHABLE:
d57b0e8b
AE		 405 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
406 (u32 __user *) optval))
99f4808d
GP		 407 err = -EFAULT;
408
409 break;
410
14b12d0b
JG		 411 case BT_POWER:
412 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
413 && sk->sk_type != SOCK_RAW) {
414 err = -EINVAL;
415 break;
416 }
417
15770b1a 418 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 419
420 len = min_t(unsigned int, len, sizeof(pwr));
421 if (copy_to_user(optval, (char *) &pwr, len))
422 err = -EFAULT;
423
424 break;
425
2ea66482
MM		 426 case BT_CHANNEL_POLICY:
427 if (!enable_hs) {
428 err = -ENOPROTOOPT;
429 break;
430 }
431
432 if (put_user(chan->chan_policy, (u32 __user *) optval))
433 err = -EFAULT;
434 break;
435
99f4808d
GP		 436 default:
437 err = -ENOPROTOOPT;
438 break;
439 }
440
441 release_sock(sk);
442 return err;
443}
444
33575df7
GP		 445static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
446{
447 struct sock *sk = sock->sk;
b4450035 448 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 449 struct l2cap_options opts;
450 int len, err = 0;
451 u32 opt;
452
453 BT_DBG("sk %p", sk);
454
455 lock_sock(sk);
456
457 switch (optname) {
458 case L2CAP_OPTIONS:
459 if (sk->sk_state == BT_CONNECTED) {
460 err = -EINVAL;
461 break;
462 }
463
0c1bc5c6
GP		 464 opts.imtu = chan->imtu;
465 opts.omtu = chan->omtu;
466 opts.flush_to = chan->flush_to;
467 opts.mode = chan->mode;
47d1ec61
GP		 468 opts.fcs = chan->fcs;
469 opts.max_tx = chan->max_tx;
6327eb98 470 opts.txwin_size = chan->tx_win;
33575df7
GP		 471
472 len = min_t(unsigned int, sizeof(opts), optlen);
473 if (copy_from_user((char *) &opts, optval, len)) {
474 err = -EFAULT;
475 break;
476 }
477
6327eb98 478 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 479 err = -EINVAL;
480 break;
481 }
482
0c1bc5c6
GP		 483 chan->mode = opts.mode;
484 switch (chan->mode) {
33575df7 485 case L2CAP_MODE_BASIC:
c1360a1c 486 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 487 break;
488 case L2CAP_MODE_ERTM:
489 case L2CAP_MODE_STREAMING:
490 if (!disable_ertm)
491 break;
492 /* fall through */
493 default:
494 err = -EINVAL;
495 break;
496 }
497
0c1bc5c6
GP		 498 chan->imtu = opts.imtu;
499 chan->omtu = opts.omtu;
47d1ec61
GP		 500 chan->fcs = opts.fcs;
501 chan->max_tx = opts.max_tx;
6327eb98 502 chan->tx_win = opts.txwin_size;
33575df7
GP		 503 break;
504
505 case L2CAP_LM:
506 if (get_user(opt, (u32 __user *) optval)) {
507 err = -EFAULT;
508 break;
509 }
510
511 if (opt & L2CAP_LM_AUTH)
4343478f 512 chan->sec_level = BT_SECURITY_LOW;
33575df7 513 if (opt & L2CAP_LM_ENCRYPT)
4343478f 514 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 515 if (opt & L2CAP_LM_SECURE)
4343478f 516 chan->sec_level = BT_SECURITY_HIGH;
33575df7 517
43bd0f32
AE		 518 if (opt & L2CAP_LM_MASTER)
519 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
520 else
521 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 522
523 if (opt & L2CAP_LM_RELIABLE)
524 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
525 else
526 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 527 break;
528
529 default:
530 err = -ENOPROTOOPT;
531 break;
532 }
533
534 release_sock(sk);
535 return err;
536}
537
538static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
539{
540 struct sock *sk = sock->sk;
4343478f 541 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 542 struct bt_security sec;
14b12d0b 543 struct bt_power pwr;
f1cb9af5 544 struct l2cap_conn *conn;
33575df7
GP		 545 int len, err = 0;
546 u32 opt;
547
548 BT_DBG("sk %p", sk);
549
550 if (level == SOL_L2CAP)
551 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
552
553 if (level != SOL_BLUETOOTH)
554 return -ENOPROTOOPT;
555
556 lock_sock(sk);
557
558 switch (optname) {
559 case BT_SECURITY:
715ec005
GP		 560 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
561 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 562 err = -EINVAL;
563 break;
564 }
565
566 sec.level = BT_SECURITY_LOW;
567
568 len = min_t(unsigned int, sizeof(sec), optlen);
569 if (copy_from_user((char *) &sec, optval, len)) {
570 err = -EFAULT;
571 break;
572 }
573
574 if (sec.level < BT_SECURITY_LOW ||
575 sec.level > BT_SECURITY_HIGH) {
576 err = -EINVAL;
577 break;
578 }
579
4343478f 580 chan->sec_level = sec.level;
f1cb9af5 581
0bee1d60
GP		 582 if (!chan->conn)
583 break;
584
f1cb9af5 585 conn = chan->conn;
0bee1d60
GP		 586
587 /*change security for LE channels */
588 if (chan->scid == L2CAP_CID_LE_DATA) {
f1cb9af5
VCG		 589 if (!conn->hcon->out) {
590 err = -EINVAL;
591 break;
592 }
593
594 if (smp_conn_security(conn, sec.level))
595 break;
f1cb9af5 596 sk->sk_state = BT_CONFIG;
3542b854 597 chan->state = BT_CONFIG;
0bee1d60 598
a7d7723a
GP		 599 /* or for ACL link */
600 } else if ((sk->sk_state == BT_CONNECT2 &&
601 bt_sk(sk)->defer_setup) ||
602 sk->sk_state == BT_CONNECTED) {
603 if (!l2cap_chan_check_security(chan))
604 bt_sk(sk)->suspended = true;
605 else
606 sk->sk_state_change(sk);
0bee1d60
GP		 607 } else {
608 err = -EINVAL;
f1cb9af5 609 }
33575df7
GP		 610 break;
611
612 case BT_DEFER_SETUP:
613 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
614 err = -EINVAL;
615 break;
616 }
617
618 if (get_user(opt, (u32 __user *) optval)) {
619 err = -EFAULT;
620 break;
621 }
622
623 bt_sk(sk)->defer_setup = opt;
624 break;
625
626 case BT_FLUSHABLE:
627 if (get_user(opt, (u32 __user *) optval)) {
628 err = -EFAULT;
629 break;
630 }
631
632 if (opt > BT_FLUSHABLE_ON) {
633 err = -EINVAL;
634 break;
635 }
636
637 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 638 struct l2cap_conn *conn = chan->conn;
25985edc 639 /* proceed further only when we have l2cap_conn and
33575df7
GP		 640 No Flush support in the LM */
641 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
642 err = -EINVAL;
643 break;
644 }
645 }
646
d57b0e8b
AE		 647 if (opt)
648 set_bit(FLAG_FLUSHABLE, &chan->flags);
649 else
650 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 651 break;
652
14b12d0b
JG		 653 case BT_POWER:
654 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
655 chan->chan_type != L2CAP_CHAN_RAW) {
656 err = -EINVAL;
657 break;
658 }
659
660 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
661
662 len = min_t(unsigned int, sizeof(pwr), optlen);
663 if (copy_from_user((char *) &pwr, optval, len)) {
664 err = -EFAULT;
665 break;
666 }
15770b1a
AE		 667
668 if (pwr.force_active)
669 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
670 else
671 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 672 break;
673
2ea66482
MM		 674 case BT_CHANNEL_POLICY:
675 if (!enable_hs) {
676 err = -ENOPROTOOPT;
677 break;
678 }
679
680 if (get_user(opt, (u32 __user *) optval)) {
681 err = -EFAULT;
682 break;
683 }
684
685 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
686 err = -EINVAL;
687 break;
688 }
689
690 if (chan->mode != L2CAP_MODE_ERTM &&
691 chan->mode != L2CAP_MODE_STREAMING) {
692 err = -EOPNOTSUPP;
693 break;
694 }
695
696 chan->chan_policy = (u8) opt;
14b12d0b
JG		 697 break;
698
33575df7
GP		 699 default:
700 err = -ENOPROTOOPT;
701 break;
702 }
703
704 release_sock(sk);
705 return err;
706}
fd83ccdb
GP		 707
708static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
709{
710 struct sock *sk = sock->sk;
0c1bc5c6 711 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 712 int err;
713
714 BT_DBG("sock %p, sk %p", sock, sk);
715
716 err = sock_error(sk);
717 if (err)
718 return err;
719
720 if (msg->msg_flags & MSG_OOB)
721 return -EOPNOTSUPP;
722
a6a5568c 723 if (sk->sk_state != BT_CONNECTED)
9a91a04a 724 return -ENOTCONN;
fd83ccdb 725
a6a5568c 726 l2cap_chan_lock(chan);
5e59b791 727 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 728 l2cap_chan_unlock(chan);
fd83ccdb 729
fd83ccdb
GP		 730 return err;
731}
33575df7 732
68983259
GP		 733static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
734{
735 struct sock *sk = sock->sk;
e328140f
MM		 736 struct l2cap_pinfo *pi = l2cap_pi(sk);
737 int err;
68983259
GP		 738
739 lock_sock(sk);
740
741 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
8c1d787b 742 sk->sk_state = BT_CONFIG;
3542b854 743 pi->chan->state = BT_CONFIG;
8c1d787b 744
e328140f 745 __l2cap_connect_rsp_defer(pi->chan);
68983259
GP		 746 release_sock(sk);
747 return 0;
748 }
749
750 release_sock(sk);
751
752 if (sock->type == SOCK_STREAM)
e328140f
MM		 753 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
754 else
755 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
756
757 if (pi->chan->mode != L2CAP_MODE_ERTM)
758 return err;
759
760 /* Attempt to put pending rx data in the socket buffer */
761
762 lock_sock(sk);
763
764 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
765 goto done;
766
767 if (pi->rx_busy_skb) {
768 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
769 pi->rx_busy_skb = NULL;
770 else
771 goto done;
772 }
773
774 /* Restore data flow when half of the receive buffer is
775 * available. This avoids resending large numbers of
776 * frames.
777 */
778 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
779 l2cap_chan_busy(pi->chan, 0);
68983259 780
e328140f
MM		 781done:
782 release_sock(sk);
783 return err;
68983259
GP		 784}
785
05fc1576
GP		 786/* Kill socket (only if zapped and orphan)
787 * Must be called on unlocked socket.
788 */
ba3bd0ee 789static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 790{
791 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
792 return;
793
e05dcc32 794 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 795
796 /* Kill poor orphan */
6ff5abbf 797
23691d75 798 l2cap_chan_destroy(l2cap_pi(sk)->chan);
05fc1576
GP		 799 sock_set_flag(sk, SOCK_DEAD);
800 sock_put(sk);
801}
802
dcba0dba
GP		 803static int l2cap_sock_shutdown(struct socket *sock, int how)
804{
805 struct sock *sk = sock->sk;
7ddb6e0f 806 struct l2cap_chan *chan;
3df91ea2 807 struct l2cap_conn *conn;
dcba0dba
GP		 808 int err = 0;
809
810 BT_DBG("sock %p, sk %p", sock, sk);
811
812 if (!sk)
813 return 0;
814
7ddb6e0f 815 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 816 conn = chan->conn;
817
818 if (conn)
819 mutex_lock(&conn->chan_lock);
7ddb6e0f 820
6be36555 821 l2cap_chan_lock(chan);
dcba0dba 822 lock_sock(sk);
6be36555 823
dcba0dba 824 if (!sk->sk_shutdown) {
0c1bc5c6 825 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 826 err = __l2cap_wait_ack(sk);
827
828 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 829
6be36555 830 release_sock(sk);
0f852724 831 l2cap_chan_close(chan, 0);
6be36555 832 lock_sock(sk);
dcba0dba
GP		 833
834 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
835 err = bt_sock_wait_state(sk, BT_CLOSED,
836 sk->sk_lingertime);
837 }
838
839 if (!err && sk->sk_err)
840 err = -sk->sk_err;
841
842 release_sock(sk);
6be36555 843 l2cap_chan_unlock(chan);
3df91ea2
AE		 844
845 if (conn)
846 mutex_unlock(&conn->chan_lock);
847
dcba0dba
GP		 848 return err;
849}
850
554f05bb
GP		 851static int l2cap_sock_release(struct socket *sock)
852{
853 struct sock *sk = sock->sk;
854 int err;
855
856 BT_DBG("sock %p, sk %p", sock, sk);
857
858 if (!sk)
859 return 0;
860
861 err = l2cap_sock_shutdown(sock, 2);
862
863 sock_orphan(sk);
864 l2cap_sock_kill(sk);
865 return err;
866}
867
80808e43
GP		 868static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
869{
870 struct sock *sk, *parent = data;
871
872 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
873 GFP_ATOMIC);
874 if (!sk)
875 return NULL;
876
d22015aa
OP		 877 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
878
80808e43
GP		 879 l2cap_sock_init(sk, parent);
880
881 return l2cap_pi(sk)->chan;
882}
883
23070494
GP		 884static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
885{
e328140f 886 int err;
23070494 887 struct sock *sk = data;
e328140f
MM		 888 struct l2cap_pinfo *pi = l2cap_pi(sk);
889
6be36555
AE		 890 lock_sock(sk);
891
892 if (pi->rx_busy_skb) {
893 err = -ENOMEM;
894 goto done;
895 }
e328140f
MM		 896
897 err = sock_queue_rcv_skb(sk, skb);
898
899 /* For ERTM, handle one skb that doesn't fit into the recv
900 * buffer. This is important to do because the data frames
901 * have already been acked, so the skb cannot be discarded.
902 *
903 * Notify the l2cap core that the buffer is full, so the
904 * LOCAL_BUSY state is entered and no more frames are
905 * acked and reassembled until there is buffer space
906 * available.
907 */
908 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
909 pi->rx_busy_skb = skb;
910 l2cap_chan_busy(pi->chan, 1);
911 err = 0;
912 }
23070494 913
6be36555
AE		 914done:
915 release_sock(sk);
916
e328140f 917 return err;
23070494
GP		 918}
919
ba3bd0ee
GP		 920static void l2cap_sock_close_cb(void *data)
921{
922 struct sock *sk = data;
923
924 l2cap_sock_kill(sk);
925}
926
89bc500e
GP		 927static void l2cap_sock_state_change_cb(void *data, int state)
928{
929 struct sock *sk = data;
930
931 sk->sk_state = state;
932}
933
2f7719ce 934static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 935 unsigned long len, int nb)
2f7719ce 936{
90338947
GP		 937 struct sk_buff *skb;
938 int err;
939
a6a5568c 940 l2cap_chan_unlock(chan);
90338947 941 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
a6a5568c
MM		 942 l2cap_chan_lock(chan);
943
90338947
GP		 944 if (!skb)
945 return ERR_PTR(err);
2f7719ce 946
90338947 947 return skb;
2f7719ce
AE		 948}
949
80808e43
GP		 950static struct l2cap_ops l2cap_chan_ops = {
951 .name = "L2CAP Socket Interface",
952 .new_connection = l2cap_sock_new_connection_cb,
23070494 953 .recv = l2cap_sock_recv_cb,
ba3bd0ee 954 .close = l2cap_sock_close_cb,
89bc500e 955 .state_change = l2cap_sock_state_change_cb,
2f7719ce 956 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 957};
958
bb58f747
GP		 959static void l2cap_sock_destruct(struct sock *sk)
960{
961 BT_DBG("sk %p", sk);
962
61d6ef3e 963 l2cap_chan_put(l2cap_pi(sk)->chan);
e328140f
MM		 964 if (l2cap_pi(sk)->rx_busy_skb) {
965 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
966 l2cap_pi(sk)->rx_busy_skb = NULL;
967 }
968
bb58f747
GP		 969 skb_queue_purge(&sk->sk_receive_queue);
970 skb_queue_purge(&sk->sk_write_queue);
971}
972
80808e43 973static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747
GP		 974{
975 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 976 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 977
978 BT_DBG("sk %p", sk);
979
980 if (parent) {
b4450035
GP		 981 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
982
bb58f747
GP		 983 sk->sk_type = parent->sk_type;
984 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
985
715ec005 986 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 987 chan->imtu = pchan->imtu;
988 chan->omtu = pchan->omtu;
b4450035 989 chan->conf_state = pchan->conf_state;
0c1bc5c6 990 chan->mode = pchan->mode;
47d1ec61
GP		 991 chan->fcs = pchan->fcs;
992 chan->max_tx = pchan->max_tx;
993 chan->tx_win = pchan->tx_win;
6b3c7104 994 chan->tx_win_max = pchan->tx_win_max;
4343478f 995 chan->sec_level = pchan->sec_level;
d57b0e8b 996 chan->flags = pchan->flags;
6230c9b4
PM		 997
998 security_sk_clone(parent, sk);
bb58f747 999 } else {
715ec005
GP		 1000
1001 switch (sk->sk_type) {
1002 case SOCK_RAW:
1003 chan->chan_type = L2CAP_CHAN_RAW;
1004 break;
1005 case SOCK_DGRAM:
1006 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1007 break;
1008 case SOCK_SEQPACKET:
1009 case SOCK_STREAM:
1010 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1011 break;
1012 }
1013
0c1bc5c6
GP		 1014 chan->imtu = L2CAP_DEFAULT_MTU;
1015 chan->omtu = 0;
bb58f747 1016 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1017 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1018 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1019 } else {
0c1bc5c6 1020 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1021 }
bd4b1653
AE		 1022
1023 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1024 }
1025
1026 /* Default config options */
0c1bc5c6 1027 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1028
1029 chan->data = sk;
1030 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1031}
1032
1033static struct proto l2cap_proto = {
1034 .name = "L2CAP",
1035 .owner = THIS_MODULE,
1036 .obj_size = sizeof(struct l2cap_pinfo)
1037};
1038
80808e43 1039static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
bb58f747
GP		 1040{
1041 struct sock *sk;
dc50a06d 1042 struct l2cap_chan *chan;
bb58f747
GP		 1043
1044 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1045 if (!sk)
1046 return NULL;
1047
1048 sock_init_data(sock, sk);
1049 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1050
1051 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1052 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1053
1054 sock_reset_flag(sk, SOCK_ZAPPED);
1055
1056 sk->sk_protocol = proto;
1057 sk->sk_state = BT_OPEN;
1058
eef1d9b6 1059 chan = l2cap_chan_create();
dc50a06d
GP		 1060 if (!chan) {
1061 l2cap_sock_kill(sk);
1062 return NULL;
1063 }
1064
61d6ef3e
MM		 1065 l2cap_chan_hold(chan);
1066
eef1d9b6
GP		 1067 chan->sk = sk;
1068
dc50a06d
GP		 1069 l2cap_pi(sk)->chan = chan;
1070
bb58f747
GP		 1071 return sk;
1072}
1073
1074static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1075 int kern)
1076{
1077 struct sock *sk;
1078
1079 BT_DBG("sock %p", sock);
1080
1081 sock->state = SS_UNCONNECTED;
1082
1083 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1084 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1085 return -ESOCKTNOSUPPORT;
1086
1087 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1088 return -EPERM;
1089
1090 sock->ops = &l2cap_sock_ops;
1091
1092 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1093 if (!sk)
1094 return -ENOMEM;
1095
1096 l2cap_sock_init(sk, NULL);
1097 return 0;
1098}
1099
cf2f90f5 1100static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1101 .family = PF_BLUETOOTH,
1102 .owner = THIS_MODULE,
1103 .release = l2cap_sock_release,
1104 .bind = l2cap_sock_bind,
1105 .connect = l2cap_sock_connect,
1106 .listen = l2cap_sock_listen,
1107 .accept = l2cap_sock_accept,
1108 .getname = l2cap_sock_getname,
1109 .sendmsg = l2cap_sock_sendmsg,
1110 .recvmsg = l2cap_sock_recvmsg,
1111 .poll = bt_sock_poll,
1112 .ioctl = bt_sock_ioctl,
1113 .mmap = sock_no_mmap,
1114 .socketpair = sock_no_socketpair,
1115 .shutdown = l2cap_sock_shutdown,
1116 .setsockopt = l2cap_sock_setsockopt,
1117 .getsockopt = l2cap_sock_getsockopt
1118};
1119
bb58f747
GP		 1120static const struct net_proto_family l2cap_sock_family_ops = {
1121 .family = PF_BLUETOOTH,
1122 .owner = THIS_MODULE,
1123 .create = l2cap_sock_create,
1124};
1125
1126int __init l2cap_init_sockets(void)
1127{
e2174ca4 1128 int err;
bb58f747 1129
e2174ca4
GP		 1130 err = proto_register(&l2cap_proto, 0);
1131 if (err < 0)
1132 return err;
bb58f747 1133
e2174ca4
GP		 1134 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1135 if (err < 0)
1136 goto error;
bb58f747 1137
e2174ca4 1138 BT_INFO("L2CAP socket layer initialized");
bb58f747 1139
e2174ca4 1140 return 0;
bb58f747
GP		 1141
1142error:
e2174ca4
GP		 1143 BT_ERR("L2CAP socket registration failed");
1144 proto_unregister(&l2cap_proto);
1145 return err;
bb58f747
GP		 1146}
1147
1148void l2cap_cleanup_sockets(void)
1149{
e2174ca4
GP		 1150 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1151 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1152
e2174ca4 1153 proto_unregister(&l2cap_proto);
bb58f747 1154}
Linux kernel - Deliverables
This page took 0.173682 seconds and 5 git commands to generate.