CoCalc -- l2cap

GitHub Repository: awilliam/linux-vfio
Path: blob/master/net/bluetooth/l2cap_sock.c
¹⁵¹⁰⁹ views
1
/*
2
   BlueZ - Bluetooth protocol stack for Linux
3
   Copyright (C) 2000-2001 Qualcomm Incorporated
4
   Copyright (C) 2009-2010 Gustavo F. Padovan <[email protected]>
5
   Copyright (C) 2010 Google Inc.
6

7
   Written 2000,2001 by Maxim Krasnyansky <[email protected]>
8

9
   This program is free software; you can redistribute it and/or modify
10
   it under the terms of the GNU General Public License version 2 as
11
   published by the Free Software Foundation;
12

13
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21

22
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24
   SOFTWARE IS DISCLAIMED.
25
*/
26

27
/* Bluetooth L2CAP sockets. */
28

29
#include <net/bluetooth/bluetooth.h>
30
#include <net/bluetooth/hci_core.h>
31
#include <net/bluetooth/l2cap.h>
32

33
static const struct proto_ops l2cap_sock_ops;
34

35
/* ---- L2CAP timers ---- */
36
static void l2cap_sock_timeout(unsigned long arg)
37
{
38
	struct sock *sk = (struct sock *) arg;
39
	int reason;
40

41
	BT_DBG("sock %p state %d", sk, sk->sk_state);
42

43
	bh_lock_sock(sk);
44

45
	if (sock_owned_by_user(sk)) {
46
		/* sk is owned by user. Try again later */
47
		l2cap_sock_set_timer(sk, HZ / 5);
48
		bh_unlock_sock(sk);
49
		sock_put(sk);
50
		return;
51
	}
52

53
	if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
54
		reason = ECONNREFUSED;
55
	else if (sk->sk_state == BT_CONNECT &&
56
			l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
57
		reason = ECONNREFUSED;
58
	else
59
		reason = ETIMEDOUT;
60

61
	__l2cap_sock_close(sk, reason);
62

63
	bh_unlock_sock(sk);
64

65
	l2cap_sock_kill(sk);
66
	sock_put(sk);
67
}
68

69
void l2cap_sock_set_timer(struct sock *sk, long timeout)
70
{
71
	BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
72
	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
73
}
74

75
void l2cap_sock_clear_timer(struct sock *sk)
76
{
77
	BT_DBG("sock %p state %d", sk, sk->sk_state);
78
	sk_stop_timer(sk, &sk->sk_timer);
79
}
80

81
static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82
{
83
	struct sock *sk = sock->sk;
84
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85
	struct sockaddr_l2 la;
86
	int len, err = 0;
87

88
	BT_DBG("sk %p", sk);
89

90
	if (!addr || addr->sa_family != AF_BLUETOOTH)
91
		return -EINVAL;
92

93
	memset(&la, 0, sizeof(la));
94
	len = min_t(unsigned int, sizeof(la), alen);
95
	memcpy(&la, addr, len);
96

97
	if (la.l2_cid && la.l2_psm)
98
		return -EINVAL;
99

100
	lock_sock(sk);
101

102
	if (sk->sk_state != BT_OPEN) {
103
		err = -EBADFD;
104
		goto done;
105
	}
106

107
	if (la.l2_psm) {
108
		__u16 psm = __le16_to_cpu(la.l2_psm);
109

110
		/* PSM must be odd and lsb of upper byte must be 0 */
111
		if ((psm & 0x0101) != 0x0001) {
112
			err = -EINVAL;
113
			goto done;
114
		}
115

116
		/* Restrict usage of well-known PSMs */
117
		if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
118
			err = -EACCES;
119
			goto done;
120
		}
121
	}
122

123
	if (la.l2_cid)
124
		err = l2cap_add_scid(chan, la.l2_cid);
125
	else
126
		err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
127

128
	if (err < 0)
129
		goto done;
130

131
	if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
132
				__le16_to_cpu(la.l2_psm) == 0x0003)
133
		chan->sec_level = BT_SECURITY_SDP;
134

135
	bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
136
	sk->sk_state = BT_BOUND;
137

138
done:
139
	release_sock(sk);
140
	return err;
141
}
142

143
static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
144
{
145
	struct sock *sk = sock->sk;
146
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
147
	struct sockaddr_l2 la;
148
	int len, err = 0;
149

150
	BT_DBG("sk %p", sk);
151

152
	if (!addr || alen < sizeof(addr->sa_family) ||
153
	    addr->sa_family != AF_BLUETOOTH)
154
		return -EINVAL;
155

156
	memset(&la, 0, sizeof(la));
157
	len = min_t(unsigned int, sizeof(la), alen);
158
	memcpy(&la, addr, len);
159

160
	if (la.l2_cid && la.l2_psm)
161
		return -EINVAL;
162

163
	lock_sock(sk);
164

165
	if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
166
			&& !(la.l2_psm || la.l2_cid)) {
167
		err = -EINVAL;
168
		goto done;
169
	}
170

171
	switch (chan->mode) {
172
	case L2CAP_MODE_BASIC:
173
		break;
174
	case L2CAP_MODE_ERTM:
175
	case L2CAP_MODE_STREAMING:
176
		if (!disable_ertm)
177
			break;
178
		/* fall through */
179
	default:
180
		err = -ENOTSUPP;
181
		goto done;
182
	}
183

184
	switch (sk->sk_state) {
185
	case BT_CONNECT:
186
	case BT_CONNECT2:
187
	case BT_CONFIG:
188
		/* Already connecting */
189
		goto wait;
190

191
	case BT_CONNECTED:
192
		/* Already connected */
193
		err = -EISCONN;
194
		goto done;
195

196
	case BT_OPEN:
197
	case BT_BOUND:
198
		/* Can connect */
199
		break;
200

201
	default:
202
		err = -EBADFD;
203
		goto done;
204
	}
205

206
	/* PSM must be odd and lsb of upper byte must be 0 */
207
	if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
208
				sk->sk_type != SOCK_RAW && !la.l2_cid) {
209
		err = -EINVAL;
210
		goto done;
211
	}
212

213
	/* Set destination address and psm */
214
	bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
215
	chan->psm = la.l2_psm;
216
	chan->dcid = la.l2_cid;
217

218
	err = l2cap_chan_connect(l2cap_pi(sk)->chan);
219
	if (err)
220
		goto done;
221

222
wait:
223
	err = bt_sock_wait_state(sk, BT_CONNECTED,
224
			sock_sndtimeo(sk, flags & O_NONBLOCK));
225
done:
226
	release_sock(sk);
227
	return err;
228
}
229

230
static int l2cap_sock_listen(struct socket *sock, int backlog)
231
{
232
	struct sock *sk = sock->sk;
233
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
234
	int err = 0;
235

236
	BT_DBG("sk %p backlog %d", sk, backlog);
237

238
	lock_sock(sk);
239

240
	if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
241
			|| sk->sk_state != BT_BOUND) {
242
		err = -EBADFD;
243
		goto done;
244
	}
245

246
	switch (chan->mode) {
247
	case L2CAP_MODE_BASIC:
248
		break;
249
	case L2CAP_MODE_ERTM:
250
	case L2CAP_MODE_STREAMING:
251
		if (!disable_ertm)
252
			break;
253
		/* fall through */
254
	default:
255
		err = -ENOTSUPP;
256
		goto done;
257
	}
258

259
	sk->sk_max_ack_backlog = backlog;
260
	sk->sk_ack_backlog = 0;
261
	sk->sk_state = BT_LISTEN;
262

263
done:
264
	release_sock(sk);
265
	return err;
266
}
267

268
static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
269
{
270
	DECLARE_WAITQUEUE(wait, current);
271
	struct sock *sk = sock->sk, *nsk;
272
	long timeo;
273
	int err = 0;
274

275
	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
276

277
	if (sk->sk_state != BT_LISTEN) {
278
		err = -EBADFD;
279
		goto done;
280
	}
281

282
	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
283

284
	BT_DBG("sk %p timeo %ld", sk, timeo);
285

286
	/* Wait for an incoming connection. (wake-one). */
287
	add_wait_queue_exclusive(sk_sleep(sk), &wait);
288
	while (!(nsk = bt_accept_dequeue(sk, newsock))) {
289
		set_current_state(TASK_INTERRUPTIBLE);
290
		if (!timeo) {
291
			err = -EAGAIN;
292
			break;
293
		}
294

295
		release_sock(sk);
296
		timeo = schedule_timeout(timeo);
297
		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
298

299
		if (sk->sk_state != BT_LISTEN) {
300
			err = -EBADFD;
301
			break;
302
		}
303

304
		if (signal_pending(current)) {
305
			err = sock_intr_errno(timeo);
306
			break;
307
		}
308
	}
309
	set_current_state(TASK_RUNNING);
310
	remove_wait_queue(sk_sleep(sk), &wait);
311

312
	if (err)
313
		goto done;
314

315
	newsock->state = SS_CONNECTED;
316

317
	BT_DBG("new socket %p", nsk);
318

319
done:
320
	release_sock(sk);
321
	return err;
322
}
323

324
static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
325
{
326
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
327
	struct sock *sk = sock->sk;
328
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
329

330
	BT_DBG("sock %p, sk %p", sock, sk);
331

332
	addr->sa_family = AF_BLUETOOTH;
333
	*len = sizeof(struct sockaddr_l2);
334

335
	if (peer) {
336
		la->l2_psm = chan->psm;
337
		bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
338
		la->l2_cid = cpu_to_le16(chan->dcid);
339
	} else {
340
		la->l2_psm = chan->sport;
341
		bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
342
		la->l2_cid = cpu_to_le16(chan->scid);
343
	}
344

345
	return 0;
346
}
347

348
static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
349
{
350
	struct sock *sk = sock->sk;
351
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
352
	struct l2cap_options opts;
353
	struct l2cap_conninfo cinfo;
354
	int len, err = 0;
355
	u32 opt;
356

357
	BT_DBG("sk %p", sk);
358

359
	if (get_user(len, optlen))
360
		return -EFAULT;
361

362
	lock_sock(sk);
363

364
	switch (optname) {
365
	case L2CAP_OPTIONS:
366
		memset(&opts, 0, sizeof(opts));
367
		opts.imtu     = chan->imtu;
368
		opts.omtu     = chan->omtu;
369
		opts.flush_to = chan->flush_to;
370
		opts.mode     = chan->mode;
371
		opts.fcs      = chan->fcs;
372
		opts.max_tx   = chan->max_tx;
373
		opts.txwin_size = (__u16)chan->tx_win;
374

375
		len = min_t(unsigned int, len, sizeof(opts));
376
		if (copy_to_user(optval, (char *) &opts, len))
377
			err = -EFAULT;
378

379
		break;
380

381
	case L2CAP_LM:
382
		switch (chan->sec_level) {
383
		case BT_SECURITY_LOW:
384
			opt = L2CAP_LM_AUTH;
385
			break;
386
		case BT_SECURITY_MEDIUM:
387
			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
388
			break;
389
		case BT_SECURITY_HIGH:
390
			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
391
							L2CAP_LM_SECURE;
392
			break;
393
		default:
394
			opt = 0;
395
			break;
396
		}
397

398
		if (chan->role_switch)
399
			opt |= L2CAP_LM_MASTER;
400

401
		if (chan->force_reliable)
402
			opt |= L2CAP_LM_RELIABLE;
403

404
		if (put_user(opt, (u32 __user *) optval))
405
			err = -EFAULT;
406
		break;
407

408
	case L2CAP_CONNINFO:
409
		if (sk->sk_state != BT_CONNECTED &&
410
					!(sk->sk_state == BT_CONNECT2 &&
411
						bt_sk(sk)->defer_setup)) {
412
			err = -ENOTCONN;
413
			break;
414
		}
415

416
		memset(&cinfo, 0, sizeof(cinfo));
417
		cinfo.hci_handle = chan->conn->hcon->handle;
418
		memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
419

420
		len = min_t(unsigned int, len, sizeof(cinfo));
421
		if (copy_to_user(optval, (char *) &cinfo, len))
422
			err = -EFAULT;
423

424
		break;
425

426
	default:
427
		err = -ENOPROTOOPT;
428
		break;
429
	}
430

431
	release_sock(sk);
432
	return err;
433
}
434

435
static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
436
{
437
	struct sock *sk = sock->sk;
438
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
439
	struct bt_security sec;
440
	int len, err = 0;
441

442
	BT_DBG("sk %p", sk);
443

444
	if (level == SOL_L2CAP)
445
		return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
446

447
	if (level != SOL_BLUETOOTH)
448
		return -ENOPROTOOPT;
449

450
	if (get_user(len, optlen))
451
		return -EFAULT;
452

453
	lock_sock(sk);
454

455
	switch (optname) {
456
	case BT_SECURITY:
457
		if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
458
				&& sk->sk_type != SOCK_RAW) {
459
			err = -EINVAL;
460
			break;
461
		}
462

463
		sec.level = chan->sec_level;
464

465
		len = min_t(unsigned int, len, sizeof(sec));
466
		if (copy_to_user(optval, (char *) &sec, len))
467
			err = -EFAULT;
468

469
		break;
470

471
	case BT_DEFER_SETUP:
472
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
473
			err = -EINVAL;
474
			break;
475
		}
476

477
		if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
478
			err = -EFAULT;
479

480
		break;
481

482
	case BT_FLUSHABLE:
483
		if (put_user(chan->flushable, (u32 __user *) optval))
484
			err = -EFAULT;
485

486
		break;
487

488
	default:
489
		err = -ENOPROTOOPT;
490
		break;
491
	}
492

493
	release_sock(sk);
494
	return err;
495
}
496

497
static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
498
{
499
	struct sock *sk = sock->sk;
500
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
501
	struct l2cap_options opts;
502
	int len, err = 0;
503
	u32 opt;
504

505
	BT_DBG("sk %p", sk);
506

507
	lock_sock(sk);
508

509
	switch (optname) {
510
	case L2CAP_OPTIONS:
511
		if (sk->sk_state == BT_CONNECTED) {
512
			err = -EINVAL;
513
			break;
514
		}
515

516
		opts.imtu     = chan->imtu;
517
		opts.omtu     = chan->omtu;
518
		opts.flush_to = chan->flush_to;
519
		opts.mode     = chan->mode;
520
		opts.fcs      = chan->fcs;
521
		opts.max_tx   = chan->max_tx;
522
		opts.txwin_size = (__u16)chan->tx_win;
523

524
		len = min_t(unsigned int, sizeof(opts), optlen);
525
		if (copy_from_user((char *) &opts, optval, len)) {
526
			err = -EFAULT;
527
			break;
528
		}
529

530
		if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
531
			err = -EINVAL;
532
			break;
533
		}
534

535
		chan->mode = opts.mode;
536
		switch (chan->mode) {
537
		case L2CAP_MODE_BASIC:
538
			chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
539
			break;
540
		case L2CAP_MODE_ERTM:
541
		case L2CAP_MODE_STREAMING:
542
			if (!disable_ertm)
543
				break;
544
			/* fall through */
545
		default:
546
			err = -EINVAL;
547
			break;
548
		}
549

550
		chan->imtu = opts.imtu;
551
		chan->omtu = opts.omtu;
552
		chan->fcs  = opts.fcs;
553
		chan->max_tx = opts.max_tx;
554
		chan->tx_win = (__u8)opts.txwin_size;
555
		break;
556

557
	case L2CAP_LM:
558
		if (get_user(opt, (u32 __user *) optval)) {
559
			err = -EFAULT;
560
			break;
561
		}
562

563
		if (opt & L2CAP_LM_AUTH)
564
			chan->sec_level = BT_SECURITY_LOW;
565
		if (opt & L2CAP_LM_ENCRYPT)
566
			chan->sec_level = BT_SECURITY_MEDIUM;
567
		if (opt & L2CAP_LM_SECURE)
568
			chan->sec_level = BT_SECURITY_HIGH;
569

570
		chan->role_switch    = (opt & L2CAP_LM_MASTER);
571
		chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
572
		break;
573

574
	default:
575
		err = -ENOPROTOOPT;
576
		break;
577
	}
578

579
	release_sock(sk);
580
	return err;
581
}
582

583
static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
584
{
585
	struct sock *sk = sock->sk;
586
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
587
	struct bt_security sec;
588
	int len, err = 0;
589
	u32 opt;
590

591
	BT_DBG("sk %p", sk);
592

593
	if (level == SOL_L2CAP)
594
		return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
595

596
	if (level != SOL_BLUETOOTH)
597
		return -ENOPROTOOPT;
598

599
	lock_sock(sk);
600

601
	switch (optname) {
602
	case BT_SECURITY:
603
		if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
604
				&& sk->sk_type != SOCK_RAW) {
605
			err = -EINVAL;
606
			break;
607
		}
608

609
		sec.level = BT_SECURITY_LOW;
610

611
		len = min_t(unsigned int, sizeof(sec), optlen);
612
		if (copy_from_user((char *) &sec, optval, len)) {
613
			err = -EFAULT;
614
			break;
615
		}
616

617
		if (sec.level < BT_SECURITY_LOW ||
618
					sec.level > BT_SECURITY_HIGH) {
619
			err = -EINVAL;
620
			break;
621
		}
622

623
		chan->sec_level = sec.level;
624
		break;
625

626
	case BT_DEFER_SETUP:
627
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
628
			err = -EINVAL;
629
			break;
630
		}
631

632
		if (get_user(opt, (u32 __user *) optval)) {
633
			err = -EFAULT;
634
			break;
635
		}
636

637
		bt_sk(sk)->defer_setup = opt;
638
		break;
639

640
	case BT_FLUSHABLE:
641
		if (get_user(opt, (u32 __user *) optval)) {
642
			err = -EFAULT;
643
			break;
644
		}
645

646
		if (opt > BT_FLUSHABLE_ON) {
647
			err = -EINVAL;
648
			break;
649
		}
650

651
		if (opt == BT_FLUSHABLE_OFF) {
652
			struct l2cap_conn *conn = chan->conn;
653
			/* proceed further only when we have l2cap_conn and
654
			   No Flush support in the LM */
655
			if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
656
				err = -EINVAL;
657
				break;
658
			}
659
		}
660

661
		chan->flushable = opt;
662
		break;
663

664
	default:
665
		err = -ENOPROTOOPT;
666
		break;
667
	}
668

669
	release_sock(sk);
670
	return err;
671
}
672

673
static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
674
{
675
	struct sock *sk = sock->sk;
676
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
677
	struct sk_buff *skb;
678
	u16 control;
679
	int err;
680

681
	BT_DBG("sock %p, sk %p", sock, sk);
682

683
	err = sock_error(sk);
684
	if (err)
685
		return err;
686

687
	if (msg->msg_flags & MSG_OOB)
688
		return -EOPNOTSUPP;
689

690
	lock_sock(sk);
691

692
	if (sk->sk_state != BT_CONNECTED) {
693
		err = -ENOTCONN;
694
		goto done;
695
	}
696

697
	/* Connectionless channel */
698
	if (sk->sk_type == SOCK_DGRAM) {
699
		skb = l2cap_create_connless_pdu(chan, msg, len);
700
		if (IS_ERR(skb)) {
701
			err = PTR_ERR(skb);
702
		} else {
703
			l2cap_do_send(chan, skb);
704
			err = len;
705
		}
706
		goto done;
707
	}
708

709
	switch (chan->mode) {
710
	case L2CAP_MODE_BASIC:
711
		/* Check outgoing MTU */
712
		if (len > chan->omtu) {
713
			err = -EMSGSIZE;
714
			goto done;
715
		}
716

717
		/* Create a basic PDU */
718
		skb = l2cap_create_basic_pdu(chan, msg, len);
719
		if (IS_ERR(skb)) {
720
			err = PTR_ERR(skb);
721
			goto done;
722
		}
723

724
		l2cap_do_send(chan, skb);
725
		err = len;
726
		break;
727

728
	case L2CAP_MODE_ERTM:
729
	case L2CAP_MODE_STREAMING:
730
		/* Entire SDU fits into one PDU */
731
		if (len <= chan->remote_mps) {
732
			control = L2CAP_SDU_UNSEGMENTED;
733
			skb = l2cap_create_iframe_pdu(chan, msg, len, control,
734
									0);
735
			if (IS_ERR(skb)) {
736
				err = PTR_ERR(skb);
737
				goto done;
738
			}
739
			__skb_queue_tail(&chan->tx_q, skb);
740

741
			if (chan->tx_send_head == NULL)
742
				chan->tx_send_head = skb;
743

744
		} else {
745
		/* Segment SDU into multiples PDUs */
746
			err = l2cap_sar_segment_sdu(chan, msg, len);
747
			if (err < 0)
748
				goto done;
749
		}
750

751
		if (chan->mode == L2CAP_MODE_STREAMING) {
752
			l2cap_streaming_send(chan);
753
			err = len;
754
			break;
755
		}
756

757
		if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
758
				(chan->conn_state & L2CAP_CONN_WAIT_F)) {
759
			err = len;
760
			break;
761
		}
762
		err = l2cap_ertm_send(chan);
763

764
		if (err >= 0)
765
			err = len;
766
		break;
767

768
	default:
769
		BT_DBG("bad state %1.1x", chan->mode);
770
		err = -EBADFD;
771
	}
772

773
done:
774
	release_sock(sk);
775
	return err;
776
}
777

778
static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
779
{
780
	struct sock *sk = sock->sk;
781

782
	lock_sock(sk);
783

784
	if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
785
		sk->sk_state = BT_CONFIG;
786

787
		__l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
788
		release_sock(sk);
789
		return 0;
790
	}
791

792
	release_sock(sk);
793

794
	if (sock->type == SOCK_STREAM)
795
		return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
796

797
	return bt_sock_recvmsg(iocb, sock, msg, len, flags);
798
}
799

800
/* Kill socket (only if zapped and orphan)
801
 * Must be called on unlocked socket.
802
 */
803
void l2cap_sock_kill(struct sock *sk)
804
{
805
	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
806
		return;
807

808
	BT_DBG("sk %p state %d", sk, sk->sk_state);
809

810
	/* Kill poor orphan */
811

812
	l2cap_chan_destroy(l2cap_pi(sk)->chan);
813
	sock_set_flag(sk, SOCK_DEAD);
814
	sock_put(sk);
815
}
816

817
/* Must be called on unlocked socket. */
818
static void l2cap_sock_close(struct sock *sk)
819
{
820
	l2cap_sock_clear_timer(sk);
821
	lock_sock(sk);
822
	__l2cap_sock_close(sk, ECONNRESET);
823
	release_sock(sk);
824
	l2cap_sock_kill(sk);
825
}
826

827
static void l2cap_sock_cleanup_listen(struct sock *parent)
828
{
829
	struct sock *sk;
830

831
	BT_DBG("parent %p", parent);
832

833
	/* Close not yet accepted channels */
834
	while ((sk = bt_accept_dequeue(parent, NULL)))
835
		l2cap_sock_close(sk);
836

837
	parent->sk_state = BT_CLOSED;
838
	sock_set_flag(parent, SOCK_ZAPPED);
839
}
840

841
void __l2cap_sock_close(struct sock *sk, int reason)
842
{
843
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
844
	struct l2cap_conn *conn = chan->conn;
845

846
	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
847

848
	switch (sk->sk_state) {
849
	case BT_LISTEN:
850
		l2cap_sock_cleanup_listen(sk);
851
		break;
852

853
	case BT_CONNECTED:
854
	case BT_CONFIG:
855
		if ((sk->sk_type == SOCK_SEQPACKET ||
856
					sk->sk_type == SOCK_STREAM) &&
857
					conn->hcon->type == ACL_LINK) {
858
			l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
859
			l2cap_send_disconn_req(conn, chan, reason);
860
		} else
861
			l2cap_chan_del(chan, reason);
862
		break;
863

864
	case BT_CONNECT2:
865
		if ((sk->sk_type == SOCK_SEQPACKET ||
866
					sk->sk_type == SOCK_STREAM) &&
867
					conn->hcon->type == ACL_LINK) {
868
			struct l2cap_conn_rsp rsp;
869
			__u16 result;
870

871
			if (bt_sk(sk)->defer_setup)
872
				result = L2CAP_CR_SEC_BLOCK;
873
			else
874
				result = L2CAP_CR_BAD_PSM;
875

876
			rsp.scid   = cpu_to_le16(chan->dcid);
877
			rsp.dcid   = cpu_to_le16(chan->scid);
878
			rsp.result = cpu_to_le16(result);
879
			rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
880
			l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
881
							sizeof(rsp), &rsp);
882
		}
883

884
		l2cap_chan_del(chan, reason);
885
		break;
886

887
	case BT_CONNECT:
888
	case BT_DISCONN:
889
		l2cap_chan_del(chan, reason);
890
		break;
891

892
	default:
893
		sock_set_flag(sk, SOCK_ZAPPED);
894
		break;
895
	}
896
}
897

898
static int l2cap_sock_shutdown(struct socket *sock, int how)
899
{
900
	struct sock *sk = sock->sk;
901
	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
902
	int err = 0;
903

904
	BT_DBG("sock %p, sk %p", sock, sk);
905

906
	if (!sk)
907
		return 0;
908

909
	lock_sock(sk);
910
	if (!sk->sk_shutdown) {
911
		if (chan->mode == L2CAP_MODE_ERTM)
912
			err = __l2cap_wait_ack(sk);
913

914
		sk->sk_shutdown = SHUTDOWN_MASK;
915
		l2cap_sock_clear_timer(sk);
916
		__l2cap_sock_close(sk, 0);
917

918
		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
919
			err = bt_sock_wait_state(sk, BT_CLOSED,
920
							sk->sk_lingertime);
921
	}
922

923
	if (!err && sk->sk_err)
924
		err = -sk->sk_err;
925

926
	release_sock(sk);
927
	return err;
928
}
929

930
static int l2cap_sock_release(struct socket *sock)
931
{
932
	struct sock *sk = sock->sk;
933
	int err;
934

935
	BT_DBG("sock %p, sk %p", sock, sk);
936

937
	if (!sk)
938
		return 0;
939

940
	err = l2cap_sock_shutdown(sock, 2);
941

942
	sock_orphan(sk);
943
	l2cap_sock_kill(sk);
944
	return err;
945
}
946

947
static void l2cap_sock_destruct(struct sock *sk)
948
{
949
	BT_DBG("sk %p", sk);
950

951
	skb_queue_purge(&sk->sk_receive_queue);
952
	skb_queue_purge(&sk->sk_write_queue);
953
}
954

955
void l2cap_sock_init(struct sock *sk, struct sock *parent)
956
{
957
	struct l2cap_pinfo *pi = l2cap_pi(sk);
958
	struct l2cap_chan *chan = pi->chan;
959

960
	BT_DBG("sk %p", sk);
961

962
	if (parent) {
963
		struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
964

965
		sk->sk_type = parent->sk_type;
966
		bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
967

968
		chan->imtu = pchan->imtu;
969
		chan->omtu = pchan->omtu;
970
		chan->conf_state = pchan->conf_state;
971
		chan->mode = pchan->mode;
972
		chan->fcs  = pchan->fcs;
973
		chan->max_tx = pchan->max_tx;
974
		chan->tx_win = pchan->tx_win;
975
		chan->sec_level = pchan->sec_level;
976
		chan->role_switch = pchan->role_switch;
977
		chan->force_reliable = pchan->force_reliable;
978
		chan->flushable = pchan->flushable;
979
	} else {
980
		chan->imtu = L2CAP_DEFAULT_MTU;
981
		chan->omtu = 0;
982
		if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
983
			chan->mode = L2CAP_MODE_ERTM;
984
			chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
985
		} else {
986
			chan->mode = L2CAP_MODE_BASIC;
987
		}
988
		chan->max_tx = L2CAP_DEFAULT_MAX_TX;
989
		chan->fcs  = L2CAP_FCS_CRC16;
990
		chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
991
		chan->sec_level = BT_SECURITY_LOW;
992
		chan->role_switch = 0;
993
		chan->force_reliable = 0;
994
		chan->flushable = BT_FLUSHABLE_OFF;
995
	}
996

997
	/* Default config options */
998
	chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
999
}
1000

1001
static struct proto l2cap_proto = {
1002
	.name		= "L2CAP",
1003
	.owner		= THIS_MODULE,
1004
	.obj_size	= sizeof(struct l2cap_pinfo)
1005
};
1006

1007
struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1008
{
1009
	struct sock *sk;
1010

1011
	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1012
	if (!sk)
1013
		return NULL;
1014

1015
	sock_init_data(sock, sk);
1016
	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1017

1018
	sk->sk_destruct = l2cap_sock_destruct;
1019
	sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1020

1021
	sock_reset_flag(sk, SOCK_ZAPPED);
1022

1023
	sk->sk_protocol = proto;
1024
	sk->sk_state = BT_OPEN;
1025

1026
	setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1027

1028
	return sk;
1029
}
1030

1031
static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1032
			     int kern)
1033
{
1034
	struct sock *sk;
1035
	struct l2cap_chan *chan;
1036

1037
	BT_DBG("sock %p", sock);
1038

1039
	sock->state = SS_UNCONNECTED;
1040

1041
	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1042
			sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1043
		return -ESOCKTNOSUPPORT;
1044

1045
	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1046
		return -EPERM;
1047

1048
	sock->ops = &l2cap_sock_ops;
1049

1050
	sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1051
	if (!sk)
1052
		return -ENOMEM;
1053

1054
	chan = l2cap_chan_create(sk);
1055
	if (!chan) {
1056
		l2cap_sock_kill(sk);
1057
		return -ENOMEM;
1058
	}
1059

1060
	l2cap_pi(sk)->chan = chan;
1061

1062
	l2cap_sock_init(sk, NULL);
1063
	return 0;
1064
}
1065

1066
static const struct proto_ops l2cap_sock_ops = {
1067
	.family		= PF_BLUETOOTH,
1068
	.owner		= THIS_MODULE,
1069
	.release	= l2cap_sock_release,
1070
	.bind		= l2cap_sock_bind,
1071
	.connect	= l2cap_sock_connect,
1072
	.listen		= l2cap_sock_listen,
1073
	.accept		= l2cap_sock_accept,
1074
	.getname	= l2cap_sock_getname,
1075
	.sendmsg	= l2cap_sock_sendmsg,
1076
	.recvmsg	= l2cap_sock_recvmsg,
1077
	.poll		= bt_sock_poll,
1078
	.ioctl		= bt_sock_ioctl,
1079
	.mmap		= sock_no_mmap,
1080
	.socketpair	= sock_no_socketpair,
1081
	.shutdown	= l2cap_sock_shutdown,
1082
	.setsockopt	= l2cap_sock_setsockopt,
1083
	.getsockopt	= l2cap_sock_getsockopt
1084
};
1085

1086
static const struct net_proto_family l2cap_sock_family_ops = {
1087
	.family	= PF_BLUETOOTH,
1088
	.owner	= THIS_MODULE,
1089
	.create	= l2cap_sock_create,
1090
};
1091

1092
int __init l2cap_init_sockets(void)
1093
{
1094
	int err;
1095

1096
	err = proto_register(&l2cap_proto, 0);
1097
	if (err < 0)
1098
		return err;
1099

1100
	err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1101
	if (err < 0)
1102
		goto error;
1103

1104
	BT_INFO("L2CAP socket layer initialized");
1105

1106
	return 0;
1107

1108
error:
1109
	BT_ERR("L2CAP socket registration failed");
1110
	proto_unregister(&l2cap_proto);
1111
	return err;
1112
}
1113

1114
void l2cap_cleanup_sockets(void)
1115
{
1116
	if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1117
		BT_ERR("L2CAP socket unregistration failed");
1118

1119
	proto_unregister(&l2cap_proto);
1120
}
1121

1122
Product

Resources

Company
