2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
49 bool l2cap_is_socket(struct socket *sock)
51 return sock && sock->ops == &l2cap_sock_ops;
53 EXPORT_SYMBOL(l2cap_is_socket);
55 static int l2cap_validate_bredr_psm(u16 psm)
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
68 static int l2cap_validate_le_psm(u16 psm)
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
98 if (la.l2_cid && la.l2_psm)
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
113 if (sk->sk_state != BT_OPEN) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
124 err = l2cap_validate_le_psm(psm);
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
152 chan->sec_level = BT_SECURITY_SDP;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
193 if (la.l2_cid && la.l2_psm)
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
222 chan->src_type = BDADDR_LE_PUBLIC;
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
259 BT_DBG("sk %p backlog %d", sk, backlog);
263 if (sk->sk_state != BT_BOUND) {
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
316 BT_DBG("sk %p timeo %ld", sk, timeo);
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
321 if (sk->sk_state != BT_LISTEN) {
326 nsk = bt_accept_dequeue(sk, newsock);
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
346 remove_wait_queue(sk_sleep(sk), &wait);
351 newsock->state = SS_CONNECTED;
353 BT_DBG("new socket %p", nsk);
360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
367 BT_DBG("sock %p, sk %p", sock, sk);
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
377 la->l2_psm = chan->psm;
380 bacpy(&la->l2_bdaddr, &chan->dst);
381 la->l2_cid = cpu_to_le16(chan->dcid);
382 la->l2_bdaddr_type = chan->dst_type;
384 bacpy(&la->l2_bdaddr, &chan->src);
385 la->l2_cid = cpu_to_le16(chan->scid);
386 la->l2_bdaddr_type = chan->src_type;
389 return sizeof(struct sockaddr_l2);
392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
395 struct sock *sk = sock->sk;
396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
404 if (get_user(len, optlen))
411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
412 * legacy ATT code depends on getsockopt for
413 * L2CAP_OPTIONS we need to let this pass.
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
421 memset(&opts, 0, sizeof(opts));
422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
428 opts.txwin_size = chan->tx_win;
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
437 switch (chan->sec_level) {
438 case BT_SECURITY_LOW:
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
458 opt |= L2CAP_LM_MASTER;
460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
461 opt |= L2CAP_LM_RELIABLE;
463 if (put_user(opt, (u32 __user *) optval))
469 if (sk->sk_state != BT_CONNECTED &&
470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
476 memset(&cinfo, 0, sizeof(cinfo));
477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
498 struct sock *sk = sock->sk;
499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
500 struct bt_security sec;
506 if (level == SOL_L2CAP)
507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509 if (level != SOL_BLUETOOTH)
512 if (get_user(len, optlen))
519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
520 chan->chan_type != L2CAP_CHAN_FIXED &&
521 chan->chan_type != L2CAP_CHAN_RAW) {
526 memset(&sec, 0, sizeof(sec));
528 sec.level = chan->conn->hcon->sec_level;
530 if (sk->sk_state == BT_CONNECTED)
531 sec.key_size = chan->conn->hcon->enc_key_size;
533 sec.level = chan->sec_level;
536 len = min_t(unsigned int, len, sizeof(sec));
537 if (copy_to_user(optval, (char *) &sec, len))
543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549 (u32 __user *) optval))
555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
556 (u32 __user *) optval))
562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
563 && sk->sk_type != SOCK_RAW) {
568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
570 len = min_t(unsigned int, len, sizeof(pwr));
571 if (copy_to_user(optval, (char *) &pwr, len))
576 case BT_CHANNEL_POLICY:
577 if (put_user(chan->chan_policy, (u32 __user *) optval))
582 if (!bdaddr_type_is_le(chan->src_type)) {
587 if (sk->sk_state != BT_CONNECTED) {
592 if (put_user(chan->omtu, (u16 __user *) optval))
597 if (!bdaddr_type_is_le(chan->src_type)) {
602 if (put_user(chan->imtu, (u16 __user *) optval))
615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
617 switch (chan->scid) {
619 if (mtu < L2CAP_LE_MIN_MTU)
624 if (mtu < L2CAP_DEFAULT_MIN_MTU)
631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632 char __user *optval, unsigned int optlen)
634 struct sock *sk = sock->sk;
635 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
636 struct l2cap_options opts;
646 if (bdaddr_type_is_le(chan->src_type)) {
651 if (sk->sk_state == BT_CONNECTED) {
656 opts.imtu = chan->imtu;
657 opts.omtu = chan->omtu;
658 opts.flush_to = chan->flush_to;
659 opts.mode = chan->mode;
660 opts.fcs = chan->fcs;
661 opts.max_tx = chan->max_tx;
662 opts.txwin_size = chan->tx_win;
664 len = min_t(unsigned int, sizeof(opts), optlen);
665 if (copy_from_user((char *) &opts, optval, len)) {
670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
675 if (!l2cap_valid_mtu(chan, opts.imtu)) {
680 chan->mode = opts.mode;
681 switch (chan->mode) {
682 case L2CAP_MODE_LE_FLOWCTL:
684 case L2CAP_MODE_BASIC:
685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
687 case L2CAP_MODE_ERTM:
688 case L2CAP_MODE_STREAMING:
697 chan->imtu = opts.imtu;
698 chan->omtu = opts.omtu;
699 chan->fcs = opts.fcs;
700 chan->max_tx = opts.max_tx;
701 chan->tx_win = opts.txwin_size;
702 chan->flush_to = opts.flush_to;
706 if (get_user(opt, (u32 __user *) optval)) {
711 if (opt & L2CAP_LM_FIPS) {
716 if (opt & L2CAP_LM_AUTH)
717 chan->sec_level = BT_SECURITY_LOW;
718 if (opt & L2CAP_LM_ENCRYPT)
719 chan->sec_level = BT_SECURITY_MEDIUM;
720 if (opt & L2CAP_LM_SECURE)
721 chan->sec_level = BT_SECURITY_HIGH;
723 if (opt & L2CAP_LM_MASTER)
724 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
728 if (opt & L2CAP_LM_RELIABLE)
729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744 char __user *optval, unsigned int optlen)
746 struct sock *sk = sock->sk;
747 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
748 struct bt_security sec;
750 struct l2cap_conn *conn;
756 if (level == SOL_L2CAP)
757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
759 if (level != SOL_BLUETOOTH)
766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
767 chan->chan_type != L2CAP_CHAN_FIXED &&
768 chan->chan_type != L2CAP_CHAN_RAW) {
773 sec.level = BT_SECURITY_LOW;
775 len = min_t(unsigned int, sizeof(sec), optlen);
776 if (copy_from_user((char *) &sec, optval, len)) {
781 if (sec.level < BT_SECURITY_LOW ||
782 sec.level > BT_SECURITY_FIPS) {
787 chan->sec_level = sec.level;
794 /* change security for LE channels */
795 if (chan->scid == L2CAP_CID_ATT) {
796 if (smp_conn_security(conn->hcon, sec.level)) {
801 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
802 sk->sk_state = BT_CONFIG;
803 chan->state = BT_CONFIG;
805 /* or for ACL link */
806 } else if ((sk->sk_state == BT_CONNECT2 &&
807 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
808 sk->sk_state == BT_CONNECTED) {
809 if (!l2cap_chan_check_security(chan, true))
810 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
812 sk->sk_state_change(sk);
819 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
824 if (get_user(opt, (u32 __user *) optval)) {
830 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
831 set_bit(FLAG_DEFER_SETUP, &chan->flags);
833 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
839 if (get_user(opt, (u32 __user *) optval)) {
844 if (opt > BT_FLUSHABLE_ON) {
849 if (opt == BT_FLUSHABLE_OFF) {
851 /* proceed further only when we have l2cap_conn and
852 No Flush support in the LM */
853 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
860 set_bit(FLAG_FLUSHABLE, &chan->flags);
862 clear_bit(FLAG_FLUSHABLE, &chan->flags);
866 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
867 chan->chan_type != L2CAP_CHAN_RAW) {
872 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
874 len = min_t(unsigned int, sizeof(pwr), optlen);
875 if (copy_from_user((char *) &pwr, optval, len)) {
880 if (pwr.force_active)
881 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
883 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
886 case BT_CHANNEL_POLICY:
887 if (get_user(opt, (u32 __user *) optval)) {
892 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
897 if (chan->mode != L2CAP_MODE_ERTM &&
898 chan->mode != L2CAP_MODE_STREAMING) {
903 chan->chan_policy = (u8) opt;
905 if (sk->sk_state == BT_CONNECTED &&
906 chan->move_role == L2CAP_MOVE_ROLE_NONE)
907 l2cap_move_start(chan);
912 if (!bdaddr_type_is_le(chan->src_type)) {
917 /* Setting is not supported as it's the remote side that
924 if (!bdaddr_type_is_le(chan->src_type)) {
929 if (sk->sk_state == BT_CONNECTED) {
934 if (get_user(opt, (u16 __user *) optval)) {
951 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
954 struct sock *sk = sock->sk;
955 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
958 BT_DBG("sock %p, sk %p", sock, sk);
960 err = sock_error(sk);
964 if (msg->msg_flags & MSG_OOB)
967 if (sk->sk_state != BT_CONNECTED)
971 err = bt_sock_wait_ready(sk, msg->msg_flags);
976 l2cap_chan_lock(chan);
977 err = l2cap_chan_send(chan, msg, len);
978 l2cap_chan_unlock(chan);
983 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
984 size_t len, int flags)
986 struct sock *sk = sock->sk;
987 struct l2cap_pinfo *pi = l2cap_pi(sk);
992 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
993 &bt_sk(sk)->flags)) {
994 if (bdaddr_type_is_le(pi->chan->src_type)) {
995 sk->sk_state = BT_CONNECTED;
996 pi->chan->state = BT_CONNECTED;
997 __l2cap_le_connect_rsp_defer(pi->chan);
999 sk->sk_state = BT_CONFIG;
1000 pi->chan->state = BT_CONFIG;
1001 __l2cap_connect_rsp_defer(pi->chan);
1010 if (sock->type == SOCK_STREAM)
1011 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1013 err = bt_sock_recvmsg(sock, msg, len, flags);
1015 if (pi->chan->mode != L2CAP_MODE_ERTM)
1018 /* Attempt to put pending rx data in the socket buffer */
1022 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1025 if (pi->rx_busy_skb) {
1026 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1027 pi->rx_busy_skb = NULL;
1032 /* Restore data flow when half of the receive buffer is
1033 * available. This avoids resending large numbers of
1036 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1037 l2cap_chan_busy(pi->chan, 0);
1044 /* Kill socket (only if zapped and orphan)
1045 * Must be called on unlocked socket.
1047 static void l2cap_sock_kill(struct sock *sk)
1049 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1052 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1054 /* Kill poor orphan */
1056 l2cap_chan_put(l2cap_pi(sk)->chan);
1057 sock_set_flag(sk, SOCK_DEAD);
1061 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1063 DECLARE_WAITQUEUE(wait, current);
1065 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1066 /* Timeout to prevent infinite loop */
1067 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1069 add_wait_queue(sk_sleep(sk), &wait);
1070 set_current_state(TASK_INTERRUPTIBLE);
1072 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1073 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1074 jiffies_to_msecs(timeout - jiffies));
1077 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1079 if (signal_pending(current)) {
1080 err = sock_intr_errno(timeo);
1085 timeo = schedule_timeout(timeo);
1087 set_current_state(TASK_INTERRUPTIBLE);
1089 err = sock_error(sk);
1093 if (time_after(jiffies, timeout)) {
1098 } while (chan->unacked_frames > 0 &&
1099 chan->state == BT_CONNECTED);
1101 set_current_state(TASK_RUNNING);
1102 remove_wait_queue(sk_sleep(sk), &wait);
1106 static int l2cap_sock_shutdown(struct socket *sock, int how)
1108 struct sock *sk = sock->sk;
1109 struct l2cap_chan *chan;
1110 struct l2cap_conn *conn;
1113 BT_DBG("sock %p, sk %p", sock, sk);
1120 if (sk->sk_shutdown)
1121 goto shutdown_already;
1123 BT_DBG("Handling sock shutdown");
1125 /* prevent sk structure from being freed whilst unlocked */
1128 chan = l2cap_pi(sk)->chan;
1129 /* prevent chan structure from being freed whilst unlocked */
1130 l2cap_chan_hold(chan);
1132 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1134 if (chan->mode == L2CAP_MODE_ERTM &&
1135 chan->unacked_frames > 0 &&
1136 chan->state == BT_CONNECTED) {
1137 err = __l2cap_wait_ack(sk, chan);
1139 /* After waiting for ACKs, check whether shutdown
1140 * has already been actioned to close the L2CAP
1141 * link such as by l2cap_disconnection_req().
1143 if (sk->sk_shutdown)
1147 sk->sk_shutdown = SHUTDOWN_MASK;
1150 l2cap_chan_lock(chan);
1153 /* prevent conn structure from being freed */
1154 l2cap_conn_get(conn);
1155 l2cap_chan_unlock(chan);
1158 /* mutex lock must be taken before l2cap_chan_lock() */
1159 mutex_lock(&conn->chan_lock);
1161 l2cap_chan_lock(chan);
1162 l2cap_chan_close(chan, 0);
1163 l2cap_chan_unlock(chan);
1166 mutex_unlock(&conn->chan_lock);
1167 l2cap_conn_put(conn);
1172 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1173 !(current->flags & PF_EXITING))
1174 err = bt_sock_wait_state(sk, BT_CLOSED,
1178 l2cap_chan_put(chan);
1182 if (!err && sk->sk_err)
1187 BT_DBG("Sock shutdown complete err: %d", err);
1192 static int l2cap_sock_release(struct socket *sock)
1194 struct sock *sk = sock->sk;
1197 BT_DBG("sock %p, sk %p", sock, sk);
1202 bt_sock_unlink(&l2cap_sk_list, sk);
1204 err = l2cap_sock_shutdown(sock, 2);
1207 l2cap_sock_kill(sk);
1211 static void l2cap_sock_cleanup_listen(struct sock *parent)
1215 BT_DBG("parent %p state %s", parent,
1216 state_to_string(parent->sk_state));
1218 /* Close not yet accepted channels */
1219 while ((sk = bt_accept_dequeue(parent, NULL))) {
1220 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1222 BT_DBG("child chan %p state %s", chan,
1223 state_to_string(chan->state));
1225 l2cap_chan_lock(chan);
1226 __clear_chan_timer(chan);
1227 l2cap_chan_close(chan, ECONNRESET);
1228 l2cap_chan_unlock(chan);
1230 l2cap_sock_kill(sk);
1234 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1236 struct sock *sk, *parent = chan->data;
1240 /* Check for backlog size */
1241 if (sk_acceptq_is_full(parent)) {
1242 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1243 release_sock(parent);
1247 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1250 release_sock(parent);
1254 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1256 l2cap_sock_init(sk, parent);
1258 bt_accept_enqueue(parent, sk, false);
1260 release_sock(parent);
1262 return l2cap_pi(sk)->chan;
1265 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1267 struct sock *sk = chan->data;
1272 if (l2cap_pi(sk)->rx_busy_skb) {
1277 if (chan->mode != L2CAP_MODE_ERTM &&
1278 chan->mode != L2CAP_MODE_STREAMING) {
1279 /* Even if no filter is attached, we could potentially
1280 * get errors from security modules, etc.
1282 err = sk_filter(sk, skb);
1287 err = __sock_queue_rcv_skb(sk, skb);
1289 /* For ERTM, handle one skb that doesn't fit into the recv
1290 * buffer. This is important to do because the data frames
1291 * have already been acked, so the skb cannot be discarded.
1293 * Notify the l2cap core that the buffer is full, so the
1294 * LOCAL_BUSY state is entered and no more frames are
1295 * acked and reassembled until there is buffer space
1298 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1299 l2cap_pi(sk)->rx_busy_skb = skb;
1300 l2cap_chan_busy(chan, 1);
1310 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1312 struct sock *sk = chan->data;
1314 l2cap_sock_kill(sk);
1317 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1319 struct sock *sk = chan->data;
1320 struct sock *parent;
1322 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1324 /* This callback can be called both for server (BT_LISTEN)
1325 * sockets as well as "normal" ones. To avoid lockdep warnings
1326 * with child socket locking (through l2cap_sock_cleanup_listen)
1327 * we need separation into separate nesting levels. The simplest
1328 * way to accomplish this is to inherit the nesting level used
1331 lock_sock_nested(sk, atomic_read(&chan->nesting));
1333 parent = bt_sk(sk)->parent;
1335 sock_set_flag(sk, SOCK_ZAPPED);
1337 switch (chan->state) {
1343 l2cap_sock_cleanup_listen(sk);
1344 sk->sk_state = BT_CLOSED;
1345 chan->state = BT_CLOSED;
1349 sk->sk_state = BT_CLOSED;
1350 chan->state = BT_CLOSED;
1355 bt_accept_unlink(sk);
1356 parent->sk_data_ready(parent);
1358 sk->sk_state_change(sk);
1367 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1370 struct sock *sk = chan->data;
1372 sk->sk_state = state;
1378 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1379 unsigned long hdr_len,
1380 unsigned long len, int nb)
1382 struct sock *sk = chan->data;
1383 struct sk_buff *skb;
1386 l2cap_chan_unlock(chan);
1387 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1388 l2cap_chan_lock(chan);
1391 return ERR_PTR(err);
1393 skb->priority = sk->sk_priority;
1395 bt_cb(skb)->l2cap.chan = chan;
1400 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1402 struct sock *sk = chan->data;
1403 struct sock *parent;
1407 parent = bt_sk(sk)->parent;
1409 BT_DBG("sk %p, parent %p", sk, parent);
1411 sk->sk_state = BT_CONNECTED;
1412 sk->sk_state_change(sk);
1415 parent->sk_data_ready(parent);
1420 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1422 struct sock *parent, *sk = chan->data;
1426 parent = bt_sk(sk)->parent;
1428 parent->sk_data_ready(parent);
1433 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1435 struct sock *sk = chan->data;
1437 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1438 sk->sk_state = BT_CONNECTED;
1439 chan->state = BT_CONNECTED;
1442 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1443 sk->sk_state_change(sk);
1446 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1448 struct sock *sk = chan->data;
1451 sk->sk_shutdown = SHUTDOWN_MASK;
1455 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1457 struct sock *sk = chan->data;
1459 return sk->sk_sndtimeo;
1462 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1464 struct sock *sk = chan->data;
1466 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1467 sk->sk_state_change(sk);
1470 static const struct l2cap_ops l2cap_chan_ops = {
1471 .name = "L2CAP Socket Interface",
1472 .new_connection = l2cap_sock_new_connection_cb,
1473 .recv = l2cap_sock_recv_cb,
1474 .close = l2cap_sock_close_cb,
1475 .teardown = l2cap_sock_teardown_cb,
1476 .state_change = l2cap_sock_state_change_cb,
1477 .ready = l2cap_sock_ready_cb,
1478 .defer = l2cap_sock_defer_cb,
1479 .resume = l2cap_sock_resume_cb,
1480 .suspend = l2cap_sock_suspend_cb,
1481 .set_shutdown = l2cap_sock_set_shutdown_cb,
1482 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1483 .alloc_skb = l2cap_sock_alloc_skb_cb,
1486 static void l2cap_sock_destruct(struct sock *sk)
1488 BT_DBG("sk %p", sk);
1490 if (l2cap_pi(sk)->chan)
1491 l2cap_chan_put(l2cap_pi(sk)->chan);
1493 if (l2cap_pi(sk)->rx_busy_skb) {
1494 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1495 l2cap_pi(sk)->rx_busy_skb = NULL;
1498 skb_queue_purge(&sk->sk_receive_queue);
1499 skb_queue_purge(&sk->sk_write_queue);
1502 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1505 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1507 memset(la, 0, sizeof(struct sockaddr_l2));
1508 la->l2_family = AF_BLUETOOTH;
1509 la->l2_psm = bt_cb(skb)->l2cap.psm;
1510 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1512 *msg_namelen = sizeof(struct sockaddr_l2);
1515 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1517 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1519 BT_DBG("sk %p", sk);
1522 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1524 sk->sk_type = parent->sk_type;
1525 bt_sk(sk)->flags = bt_sk(parent)->flags;
1527 chan->chan_type = pchan->chan_type;
1528 chan->imtu = pchan->imtu;
1529 chan->omtu = pchan->omtu;
1530 chan->conf_state = pchan->conf_state;
1531 chan->mode = pchan->mode;
1532 chan->fcs = pchan->fcs;
1533 chan->max_tx = pchan->max_tx;
1534 chan->tx_win = pchan->tx_win;
1535 chan->tx_win_max = pchan->tx_win_max;
1536 chan->sec_level = pchan->sec_level;
1537 chan->flags = pchan->flags;
1538 chan->tx_credits = pchan->tx_credits;
1539 chan->rx_credits = pchan->rx_credits;
1541 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1542 chan->scid = pchan->scid;
1543 chan->dcid = pchan->scid;
1546 security_sk_clone(parent, sk);
1548 switch (sk->sk_type) {
1550 chan->chan_type = L2CAP_CHAN_RAW;
1553 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1554 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1556 case SOCK_SEQPACKET:
1558 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1562 chan->imtu = L2CAP_DEFAULT_MTU;
1564 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1565 chan->mode = L2CAP_MODE_ERTM;
1566 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1568 chan->mode = L2CAP_MODE_BASIC;
1571 l2cap_chan_set_defaults(chan);
1574 /* Default config options */
1575 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1578 chan->ops = &l2cap_chan_ops;
1581 static struct proto l2cap_proto = {
1583 .owner = THIS_MODULE,
1584 .obj_size = sizeof(struct l2cap_pinfo)
1587 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1588 int proto, gfp_t prio, int kern)
1591 struct l2cap_chan *chan;
1593 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1597 sock_init_data(sock, sk);
1598 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1600 sk->sk_destruct = l2cap_sock_destruct;
1601 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1603 sock_reset_flag(sk, SOCK_ZAPPED);
1605 sk->sk_protocol = proto;
1606 sk->sk_state = BT_OPEN;
1608 chan = l2cap_chan_create();
1614 l2cap_chan_hold(chan);
1616 l2cap_pi(sk)->chan = chan;
1621 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1626 BT_DBG("sock %p", sock);
1628 sock->state = SS_UNCONNECTED;
1630 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1631 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1632 return -ESOCKTNOSUPPORT;
1634 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1637 sock->ops = &l2cap_sock_ops;
1639 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1643 l2cap_sock_init(sk, NULL);
1644 bt_sock_link(&l2cap_sk_list, sk);
1648 static const struct proto_ops l2cap_sock_ops = {
1649 .family = PF_BLUETOOTH,
1650 .owner = THIS_MODULE,
1651 .release = l2cap_sock_release,
1652 .bind = l2cap_sock_bind,
1653 .connect = l2cap_sock_connect,
1654 .listen = l2cap_sock_listen,
1655 .accept = l2cap_sock_accept,
1656 .getname = l2cap_sock_getname,
1657 .sendmsg = l2cap_sock_sendmsg,
1658 .recvmsg = l2cap_sock_recvmsg,
1659 .poll = bt_sock_poll,
1660 .ioctl = bt_sock_ioctl,
1661 .gettstamp = sock_gettstamp,
1662 .mmap = sock_no_mmap,
1663 .socketpair = sock_no_socketpair,
1664 .shutdown = l2cap_sock_shutdown,
1665 .setsockopt = l2cap_sock_setsockopt,
1666 .getsockopt = l2cap_sock_getsockopt
1669 static const struct net_proto_family l2cap_sock_family_ops = {
1670 .family = PF_BLUETOOTH,
1671 .owner = THIS_MODULE,
1672 .create = l2cap_sock_create,
1675 int __init l2cap_init_sockets(void)
1679 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1681 err = proto_register(&l2cap_proto, 0);
1685 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1687 BT_ERR("L2CAP socket registration failed");
1691 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1694 BT_ERR("Failed to create L2CAP proc file");
1695 bt_sock_unregister(BTPROTO_L2CAP);
1699 BT_INFO("L2CAP socket layer initialized");
1704 proto_unregister(&l2cap_proto);
1708 void l2cap_cleanup_sockets(void)
1710 bt_procfs_cleanup(&init_net, "l2cap");
1711 bt_sock_unregister(BTPROTO_L2CAP);
1712 proto_unregister(&l2cap_proto);
projects / linux-2.6-microblaze.git / blob