2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
49 bool l2cap_is_socket(struct socket *sock)
51 return sock && sock->ops == &l2cap_sock_ops;
53 EXPORT_SYMBOL(l2cap_is_socket);
55 static int l2cap_validate_bredr_psm(u16 psm)
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
68 static int l2cap_validate_le_psm(u16 psm)
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
98 if (la.l2_cid && la.l2_psm)
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
113 if (sk->sk_state != BT_OPEN) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
124 err = l2cap_validate_le_psm(psm);
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
152 chan->sec_level = BT_SECURITY_SDP;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
193 if (la.l2_cid && la.l2_psm)
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
222 chan->src_type = BDADDR_LE_PUBLIC;
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
235 if (chan->psm && bdaddr_type_is_le(chan->src_type) && !chan->mode)
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
259 BT_DBG("sk %p backlog %d", sk, backlog);
263 if (sk->sk_state != BT_BOUND) {
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
277 case L2CAP_MODE_EXT_FLOWCTL:
283 case L2CAP_MODE_ERTM:
284 case L2CAP_MODE_STREAMING:
293 sk->sk_max_ack_backlog = backlog;
294 sk->sk_ack_backlog = 0;
296 /* Listening channels need to use nested locking in order not to
297 * cause lockdep warnings when the created child channels end up
298 * being locked in the same thread as the parent channel.
300 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
302 chan->state = BT_LISTEN;
303 sk->sk_state = BT_LISTEN;
310 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
311 int flags, bool kern)
313 DEFINE_WAIT_FUNC(wait, woken_wake_function);
314 struct sock *sk = sock->sk, *nsk;
318 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
320 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
322 BT_DBG("sk %p timeo %ld", sk, timeo);
324 /* Wait for an incoming connection. (wake-one). */
325 add_wait_queue_exclusive(sk_sleep(sk), &wait);
327 if (sk->sk_state != BT_LISTEN) {
332 nsk = bt_accept_dequeue(sk, newsock);
341 if (signal_pending(current)) {
342 err = sock_intr_errno(timeo);
348 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
350 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
352 remove_wait_queue(sk_sleep(sk), &wait);
357 newsock->state = SS_CONNECTED;
359 BT_DBG("new socket %p", nsk);
366 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
369 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
370 struct sock *sk = sock->sk;
371 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
373 BT_DBG("sock %p, sk %p", sock, sk);
375 if (peer && sk->sk_state != BT_CONNECTED &&
376 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
377 sk->sk_state != BT_CONFIG)
380 memset(la, 0, sizeof(struct sockaddr_l2));
381 addr->sa_family = AF_BLUETOOTH;
383 la->l2_psm = chan->psm;
386 bacpy(&la->l2_bdaddr, &chan->dst);
387 la->l2_cid = cpu_to_le16(chan->dcid);
388 la->l2_bdaddr_type = chan->dst_type;
390 bacpy(&la->l2_bdaddr, &chan->src);
391 la->l2_cid = cpu_to_le16(chan->scid);
392 la->l2_bdaddr_type = chan->src_type;
395 return sizeof(struct sockaddr_l2);
398 static int l2cap_get_mode(struct l2cap_chan *chan)
400 switch (chan->mode) {
401 case L2CAP_MODE_BASIC:
402 return BT_MODE_BASIC;
403 case L2CAP_MODE_ERTM:
405 case L2CAP_MODE_STREAMING:
406 return BT_MODE_STREAMING;
407 case L2CAP_MODE_LE_FLOWCTL:
408 return BT_MODE_LE_FLOWCTL;
409 case L2CAP_MODE_EXT_FLOWCTL:
410 return BT_MODE_EXT_FLOWCTL;
416 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
417 char __user *optval, int __user *optlen)
419 struct sock *sk = sock->sk;
420 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
421 struct l2cap_options opts;
422 struct l2cap_conninfo cinfo;
428 if (get_user(len, optlen))
435 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
436 * legacy ATT code depends on getsockopt for
437 * L2CAP_OPTIONS we need to let this pass.
439 if (bdaddr_type_is_le(chan->src_type) &&
440 chan->scid != L2CAP_CID_ATT) {
445 /* Only BR/EDR modes are supported here */
446 switch (chan->mode) {
447 case L2CAP_MODE_BASIC:
448 case L2CAP_MODE_ERTM:
449 case L2CAP_MODE_STREAMING:
459 memset(&opts, 0, sizeof(opts));
460 opts.imtu = chan->imtu;
461 opts.omtu = chan->omtu;
462 opts.flush_to = chan->flush_to;
463 opts.mode = chan->mode;
464 opts.fcs = chan->fcs;
465 opts.max_tx = chan->max_tx;
466 opts.txwin_size = chan->tx_win;
468 BT_DBG("mode 0x%2.2x", chan->mode);
470 len = min_t(unsigned int, len, sizeof(opts));
471 if (copy_to_user(optval, (char *) &opts, len))
477 switch (chan->sec_level) {
478 case BT_SECURITY_LOW:
481 case BT_SECURITY_MEDIUM:
482 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
484 case BT_SECURITY_HIGH:
485 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
488 case BT_SECURITY_FIPS:
489 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
490 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
497 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
498 opt |= L2CAP_LM_MASTER;
500 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
501 opt |= L2CAP_LM_RELIABLE;
503 if (put_user(opt, (u32 __user *) optval))
509 if (sk->sk_state != BT_CONNECTED &&
510 !(sk->sk_state == BT_CONNECT2 &&
511 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
516 memset(&cinfo, 0, sizeof(cinfo));
517 cinfo.hci_handle = chan->conn->hcon->handle;
518 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
520 len = min_t(unsigned int, len, sizeof(cinfo));
521 if (copy_to_user(optval, (char *) &cinfo, len))
535 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
536 char __user *optval, int __user *optlen)
538 struct sock *sk = sock->sk;
539 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
540 struct bt_security sec;
543 int len, mode, err = 0;
547 if (level == SOL_L2CAP)
548 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
550 if (level != SOL_BLUETOOTH)
553 if (get_user(len, optlen))
560 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
561 chan->chan_type != L2CAP_CHAN_FIXED &&
562 chan->chan_type != L2CAP_CHAN_RAW) {
567 memset(&sec, 0, sizeof(sec));
569 sec.level = chan->conn->hcon->sec_level;
571 if (sk->sk_state == BT_CONNECTED)
572 sec.key_size = chan->conn->hcon->enc_key_size;
574 sec.level = chan->sec_level;
577 len = min_t(unsigned int, len, sizeof(sec));
578 if (copy_to_user(optval, (char *) &sec, len))
584 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
589 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
590 (u32 __user *) optval))
596 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
597 (u32 __user *) optval))
603 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
604 && sk->sk_type != SOCK_RAW) {
609 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
611 len = min_t(unsigned int, len, sizeof(pwr));
612 if (copy_to_user(optval, (char *) &pwr, len))
617 case BT_CHANNEL_POLICY:
618 if (put_user(chan->chan_policy, (u32 __user *) optval))
623 if (!bdaddr_type_is_le(chan->src_type)) {
628 if (sk->sk_state != BT_CONNECTED) {
633 if (put_user(chan->omtu, (u16 __user *) optval))
638 if (!bdaddr_type_is_le(chan->src_type)) {
643 if (put_user(chan->imtu, (u16 __user *) optval))
648 if (sk->sk_state != BT_CONNECTED) {
653 phys = hci_conn_get_phy(chan->conn->hcon);
655 if (put_user(phys, (u32 __user *) optval))
665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
670 mode = l2cap_get_mode(chan);
676 if (put_user(mode, (u8 __user *) optval))
689 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
691 switch (chan->scid) {
693 if (mtu < L2CAP_LE_MIN_MTU)
698 if (mtu < L2CAP_DEFAULT_MIN_MTU)
705 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
706 sockptr_t optval, unsigned int optlen)
708 struct sock *sk = sock->sk;
709 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
710 struct l2cap_options opts;
720 if (bdaddr_type_is_le(chan->src_type)) {
725 if (sk->sk_state == BT_CONNECTED) {
730 opts.imtu = chan->imtu;
731 opts.omtu = chan->omtu;
732 opts.flush_to = chan->flush_to;
733 opts.mode = chan->mode;
734 opts.fcs = chan->fcs;
735 opts.max_tx = chan->max_tx;
736 opts.txwin_size = chan->tx_win;
738 len = min_t(unsigned int, sizeof(opts), optlen);
739 if (copy_from_sockptr(&opts, optval, len)) {
744 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
749 if (!l2cap_valid_mtu(chan, opts.imtu)) {
754 /* Only BR/EDR modes are supported here */
756 case L2CAP_MODE_BASIC:
757 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
759 case L2CAP_MODE_ERTM:
760 case L2CAP_MODE_STREAMING:
772 chan->mode = opts.mode;
774 BT_DBG("mode 0x%2.2x", chan->mode);
776 chan->imtu = opts.imtu;
777 chan->omtu = opts.omtu;
778 chan->fcs = opts.fcs;
779 chan->max_tx = opts.max_tx;
780 chan->tx_win = opts.txwin_size;
781 chan->flush_to = opts.flush_to;
785 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
790 if (opt & L2CAP_LM_FIPS) {
795 if (opt & L2CAP_LM_AUTH)
796 chan->sec_level = BT_SECURITY_LOW;
797 if (opt & L2CAP_LM_ENCRYPT)
798 chan->sec_level = BT_SECURITY_MEDIUM;
799 if (opt & L2CAP_LM_SECURE)
800 chan->sec_level = BT_SECURITY_HIGH;
802 if (opt & L2CAP_LM_MASTER)
803 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
805 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
807 if (opt & L2CAP_LM_RELIABLE)
808 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
810 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
822 static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
826 if (bdaddr_type_is_le(chan->src_type))
828 mode = L2CAP_MODE_BASIC;
829 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
832 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
834 mode = L2CAP_MODE_ERTM;
836 case BT_MODE_STREAMING:
837 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
839 mode = L2CAP_MODE_STREAMING;
841 case BT_MODE_LE_FLOWCTL:
842 if (!bdaddr_type_is_le(chan->src_type))
844 mode = L2CAP_MODE_LE_FLOWCTL;
846 case BT_MODE_EXT_FLOWCTL:
847 /* TODO: Add support for ECRED PDUs to BR/EDR */
848 if (!bdaddr_type_is_le(chan->src_type))
850 mode = L2CAP_MODE_EXT_FLOWCTL;
861 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
862 sockptr_t optval, unsigned int optlen)
864 struct sock *sk = sock->sk;
865 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
866 struct bt_security sec;
868 struct l2cap_conn *conn;
874 if (level == SOL_L2CAP)
875 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
877 if (level != SOL_BLUETOOTH)
884 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
885 chan->chan_type != L2CAP_CHAN_FIXED &&
886 chan->chan_type != L2CAP_CHAN_RAW) {
891 sec.level = BT_SECURITY_LOW;
893 len = min_t(unsigned int, sizeof(sec), optlen);
894 if (copy_from_sockptr(&sec, optval, len)) {
899 if (sec.level < BT_SECURITY_LOW ||
900 sec.level > BT_SECURITY_FIPS) {
905 chan->sec_level = sec.level;
912 /* change security for LE channels */
913 if (chan->scid == L2CAP_CID_ATT) {
914 if (smp_conn_security(conn->hcon, sec.level)) {
919 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
920 sk->sk_state = BT_CONFIG;
921 chan->state = BT_CONFIG;
923 /* or for ACL link */
924 } else if ((sk->sk_state == BT_CONNECT2 &&
925 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
926 sk->sk_state == BT_CONNECTED) {
927 if (!l2cap_chan_check_security(chan, true))
928 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
930 sk->sk_state_change(sk);
937 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
942 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
948 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
949 set_bit(FLAG_DEFER_SETUP, &chan->flags);
951 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
952 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
957 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
962 if (opt > BT_FLUSHABLE_ON) {
967 if (opt == BT_FLUSHABLE_OFF) {
969 /* proceed further only when we have l2cap_conn and
970 No Flush support in the LM */
971 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
978 set_bit(FLAG_FLUSHABLE, &chan->flags);
980 clear_bit(FLAG_FLUSHABLE, &chan->flags);
984 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
985 chan->chan_type != L2CAP_CHAN_RAW) {
990 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
992 len = min_t(unsigned int, sizeof(pwr), optlen);
993 if (copy_from_sockptr(&pwr, optval, len)) {
998 if (pwr.force_active)
999 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1001 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1004 case BT_CHANNEL_POLICY:
1005 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1010 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1015 if (chan->mode != L2CAP_MODE_ERTM &&
1016 chan->mode != L2CAP_MODE_STREAMING) {
1021 chan->chan_policy = (u8) opt;
1023 if (sk->sk_state == BT_CONNECTED &&
1024 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1025 l2cap_move_start(chan);
1030 if (!bdaddr_type_is_le(chan->src_type)) {
1035 /* Setting is not supported as it's the remote side that
1042 if (!bdaddr_type_is_le(chan->src_type)) {
1047 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1048 sk->sk_state == BT_CONNECTED) {
1053 if (copy_from_sockptr(&opt, optval, sizeof(u16))) {
1058 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1059 sk->sk_state == BT_CONNECTED)
1060 err = l2cap_chan_reconfigure(chan, opt);
1067 if (!enable_ecred) {
1072 BT_DBG("sk->sk_state %u", sk->sk_state);
1074 if (sk->sk_state != BT_BOUND) {
1079 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1084 if (copy_from_sockptr(&opt, optval, sizeof(u8))) {
1089 BT_DBG("opt %u", opt);
1091 err = l2cap_set_mode(chan, opt);
1095 BT_DBG("mode 0x%2.2x", chan->mode);
1108 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1111 struct sock *sk = sock->sk;
1112 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1115 BT_DBG("sock %p, sk %p", sock, sk);
1117 err = sock_error(sk);
1121 if (msg->msg_flags & MSG_OOB)
1124 if (sk->sk_state != BT_CONNECTED)
1128 err = bt_sock_wait_ready(sk, msg->msg_flags);
1133 l2cap_chan_lock(chan);
1134 err = l2cap_chan_send(chan, msg, len);
1135 l2cap_chan_unlock(chan);
1140 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1141 size_t len, int flags)
1143 struct sock *sk = sock->sk;
1144 struct l2cap_pinfo *pi = l2cap_pi(sk);
1149 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1150 &bt_sk(sk)->flags)) {
1151 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1152 sk->sk_state = BT_CONNECTED;
1153 pi->chan->state = BT_CONNECTED;
1154 __l2cap_ecred_conn_rsp_defer(pi->chan);
1155 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1156 sk->sk_state = BT_CONNECTED;
1157 pi->chan->state = BT_CONNECTED;
1158 __l2cap_le_connect_rsp_defer(pi->chan);
1160 sk->sk_state = BT_CONFIG;
1161 pi->chan->state = BT_CONFIG;
1162 __l2cap_connect_rsp_defer(pi->chan);
1171 if (sock->type == SOCK_STREAM)
1172 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1174 err = bt_sock_recvmsg(sock, msg, len, flags);
1176 if (pi->chan->mode != L2CAP_MODE_ERTM)
1179 /* Attempt to put pending rx data in the socket buffer */
1183 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1186 if (pi->rx_busy_skb) {
1187 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1188 pi->rx_busy_skb = NULL;
1193 /* Restore data flow when half of the receive buffer is
1194 * available. This avoids resending large numbers of
1197 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1198 l2cap_chan_busy(pi->chan, 0);
1205 /* Kill socket (only if zapped and orphan)
1206 * Must be called on unlocked socket, with l2cap channel lock.
1208 static void l2cap_sock_kill(struct sock *sk)
1210 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1213 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1215 /* Kill poor orphan */
1217 l2cap_chan_put(l2cap_pi(sk)->chan);
1218 sock_set_flag(sk, SOCK_DEAD);
1222 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1224 DECLARE_WAITQUEUE(wait, current);
1226 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1227 /* Timeout to prevent infinite loop */
1228 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1230 add_wait_queue(sk_sleep(sk), &wait);
1231 set_current_state(TASK_INTERRUPTIBLE);
1233 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1234 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1235 jiffies_to_msecs(timeout - jiffies));
1238 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1240 if (signal_pending(current)) {
1241 err = sock_intr_errno(timeo);
1246 timeo = schedule_timeout(timeo);
1248 set_current_state(TASK_INTERRUPTIBLE);
1250 err = sock_error(sk);
1254 if (time_after(jiffies, timeout)) {
1259 } while (chan->unacked_frames > 0 &&
1260 chan->state == BT_CONNECTED);
1262 set_current_state(TASK_RUNNING);
1263 remove_wait_queue(sk_sleep(sk), &wait);
1267 static int l2cap_sock_shutdown(struct socket *sock, int how)
1269 struct sock *sk = sock->sk;
1270 struct l2cap_chan *chan;
1271 struct l2cap_conn *conn;
1274 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1276 /* 'how' parameter is mapped to sk_shutdown as follows:
1277 * SHUT_RD (0) --> RCV_SHUTDOWN (1)
1278 * SHUT_WR (1) --> SEND_SHUTDOWN (2)
1279 * SHUT_RDWR (2) --> SHUTDOWN_MASK (3)
1288 if ((sk->sk_shutdown & how) == how)
1289 goto shutdown_already;
1291 BT_DBG("Handling sock shutdown");
1293 /* prevent sk structure from being freed whilst unlocked */
1296 chan = l2cap_pi(sk)->chan;
1297 /* prevent chan structure from being freed whilst unlocked */
1298 l2cap_chan_hold(chan);
1300 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1302 if (chan->mode == L2CAP_MODE_ERTM &&
1303 chan->unacked_frames > 0 &&
1304 chan->state == BT_CONNECTED) {
1305 err = __l2cap_wait_ack(sk, chan);
1307 /* After waiting for ACKs, check whether shutdown
1308 * has already been actioned to close the L2CAP
1309 * link such as by l2cap_disconnection_req().
1311 if ((sk->sk_shutdown & how) == how)
1312 goto shutdown_matched;
1315 /* Try setting the RCV_SHUTDOWN bit, return early if SEND_SHUTDOWN
1318 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1319 sk->sk_shutdown |= RCV_SHUTDOWN;
1320 if ((sk->sk_shutdown & how) == how)
1321 goto shutdown_matched;
1324 sk->sk_shutdown |= SEND_SHUTDOWN;
1327 l2cap_chan_lock(chan);
1330 /* prevent conn structure from being freed */
1331 l2cap_conn_get(conn);
1332 l2cap_chan_unlock(chan);
1335 /* mutex lock must be taken before l2cap_chan_lock() */
1336 mutex_lock(&conn->chan_lock);
1338 l2cap_chan_lock(chan);
1339 l2cap_chan_close(chan, 0);
1340 l2cap_chan_unlock(chan);
1343 mutex_unlock(&conn->chan_lock);
1344 l2cap_conn_put(conn);
1349 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1350 !(current->flags & PF_EXITING))
1351 err = bt_sock_wait_state(sk, BT_CLOSED,
1355 l2cap_chan_put(chan);
1359 if (!err && sk->sk_err)
1364 BT_DBG("Sock shutdown complete err: %d", err);
1369 static int l2cap_sock_release(struct socket *sock)
1371 struct sock *sk = sock->sk;
1373 struct l2cap_chan *chan;
1375 BT_DBG("sock %p, sk %p", sock, sk);
1380 bt_sock_unlink(&l2cap_sk_list, sk);
1382 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
1383 chan = l2cap_pi(sk)->chan;
1385 l2cap_chan_hold(chan);
1386 l2cap_chan_lock(chan);
1389 l2cap_sock_kill(sk);
1391 l2cap_chan_unlock(chan);
1392 l2cap_chan_put(chan);
1397 static void l2cap_sock_cleanup_listen(struct sock *parent)
1401 BT_DBG("parent %p state %s", parent,
1402 state_to_string(parent->sk_state));
1404 /* Close not yet accepted channels */
1405 while ((sk = bt_accept_dequeue(parent, NULL))) {
1406 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1408 BT_DBG("child chan %p state %s", chan,
1409 state_to_string(chan->state));
1411 l2cap_chan_hold(chan);
1412 l2cap_chan_lock(chan);
1414 __clear_chan_timer(chan);
1415 l2cap_chan_close(chan, ECONNRESET);
1416 l2cap_sock_kill(sk);
1418 l2cap_chan_unlock(chan);
1419 l2cap_chan_put(chan);
1423 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1425 struct sock *sk, *parent = chan->data;
1429 /* Check for backlog size */
1430 if (sk_acceptq_is_full(parent)) {
1431 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1432 release_sock(parent);
1436 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1439 release_sock(parent);
1443 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1445 l2cap_sock_init(sk, parent);
1447 bt_accept_enqueue(parent, sk, false);
1449 release_sock(parent);
1451 return l2cap_pi(sk)->chan;
1454 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1456 struct sock *sk = chan->data;
1461 if (l2cap_pi(sk)->rx_busy_skb) {
1466 if (chan->mode != L2CAP_MODE_ERTM &&
1467 chan->mode != L2CAP_MODE_STREAMING) {
1468 /* Even if no filter is attached, we could potentially
1469 * get errors from security modules, etc.
1471 err = sk_filter(sk, skb);
1476 err = __sock_queue_rcv_skb(sk, skb);
1478 /* For ERTM, handle one skb that doesn't fit into the recv
1479 * buffer. This is important to do because the data frames
1480 * have already been acked, so the skb cannot be discarded.
1482 * Notify the l2cap core that the buffer is full, so the
1483 * LOCAL_BUSY state is entered and no more frames are
1484 * acked and reassembled until there is buffer space
1487 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1488 l2cap_pi(sk)->rx_busy_skb = skb;
1489 l2cap_chan_busy(chan, 1);
1499 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1501 struct sock *sk = chan->data;
1503 l2cap_sock_kill(sk);
1506 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1508 struct sock *sk = chan->data;
1509 struct sock *parent;
1511 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1513 /* This callback can be called both for server (BT_LISTEN)
1514 * sockets as well as "normal" ones. To avoid lockdep warnings
1515 * with child socket locking (through l2cap_sock_cleanup_listen)
1516 * we need separation into separate nesting levels. The simplest
1517 * way to accomplish this is to inherit the nesting level used
1520 lock_sock_nested(sk, atomic_read(&chan->nesting));
1522 parent = bt_sk(sk)->parent;
1524 sock_set_flag(sk, SOCK_ZAPPED);
1526 switch (chan->state) {
1532 l2cap_sock_cleanup_listen(sk);
1533 sk->sk_state = BT_CLOSED;
1534 chan->state = BT_CLOSED;
1538 sk->sk_state = BT_CLOSED;
1539 chan->state = BT_CLOSED;
1544 bt_accept_unlink(sk);
1545 parent->sk_data_ready(parent);
1547 sk->sk_state_change(sk);
1556 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1559 struct sock *sk = chan->data;
1561 sk->sk_state = state;
1567 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1568 unsigned long hdr_len,
1569 unsigned long len, int nb)
1571 struct sock *sk = chan->data;
1572 struct sk_buff *skb;
1575 l2cap_chan_unlock(chan);
1576 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1577 l2cap_chan_lock(chan);
1580 return ERR_PTR(err);
1582 skb->priority = sk->sk_priority;
1584 bt_cb(skb)->l2cap.chan = chan;
1589 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1591 struct sock *sk = chan->data;
1592 struct sock *parent;
1596 parent = bt_sk(sk)->parent;
1598 BT_DBG("sk %p, parent %p", sk, parent);
1600 sk->sk_state = BT_CONNECTED;
1601 sk->sk_state_change(sk);
1604 parent->sk_data_ready(parent);
1609 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1611 struct sock *parent, *sk = chan->data;
1615 parent = bt_sk(sk)->parent;
1617 parent->sk_data_ready(parent);
1622 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1624 struct sock *sk = chan->data;
1626 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1627 sk->sk_state = BT_CONNECTED;
1628 chan->state = BT_CONNECTED;
1631 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1632 sk->sk_state_change(sk);
1635 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1637 struct sock *sk = chan->data;
1640 sk->sk_shutdown = SHUTDOWN_MASK;
1644 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1646 struct sock *sk = chan->data;
1648 return sk->sk_sndtimeo;
1651 static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1653 struct sock *sk = chan->data;
1655 return sk->sk_peer_pid;
1658 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1660 struct sock *sk = chan->data;
1662 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1663 sk->sk_state_change(sk);
1666 static const struct l2cap_ops l2cap_chan_ops = {
1667 .name = "L2CAP Socket Interface",
1668 .new_connection = l2cap_sock_new_connection_cb,
1669 .recv = l2cap_sock_recv_cb,
1670 .close = l2cap_sock_close_cb,
1671 .teardown = l2cap_sock_teardown_cb,
1672 .state_change = l2cap_sock_state_change_cb,
1673 .ready = l2cap_sock_ready_cb,
1674 .defer = l2cap_sock_defer_cb,
1675 .resume = l2cap_sock_resume_cb,
1676 .suspend = l2cap_sock_suspend_cb,
1677 .set_shutdown = l2cap_sock_set_shutdown_cb,
1678 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1679 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1680 .alloc_skb = l2cap_sock_alloc_skb_cb,
1683 static void l2cap_sock_destruct(struct sock *sk)
1685 BT_DBG("sk %p", sk);
1687 if (l2cap_pi(sk)->chan)
1688 l2cap_chan_put(l2cap_pi(sk)->chan);
1690 if (l2cap_pi(sk)->rx_busy_skb) {
1691 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1692 l2cap_pi(sk)->rx_busy_skb = NULL;
1695 skb_queue_purge(&sk->sk_receive_queue);
1696 skb_queue_purge(&sk->sk_write_queue);
1699 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1702 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1704 memset(la, 0, sizeof(struct sockaddr_l2));
1705 la->l2_family = AF_BLUETOOTH;
1706 la->l2_psm = bt_cb(skb)->l2cap.psm;
1707 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1709 *msg_namelen = sizeof(struct sockaddr_l2);
1712 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1714 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1716 BT_DBG("sk %p", sk);
1719 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1721 sk->sk_type = parent->sk_type;
1722 bt_sk(sk)->flags = bt_sk(parent)->flags;
1724 chan->chan_type = pchan->chan_type;
1725 chan->imtu = pchan->imtu;
1726 chan->omtu = pchan->omtu;
1727 chan->conf_state = pchan->conf_state;
1728 chan->mode = pchan->mode;
1729 chan->fcs = pchan->fcs;
1730 chan->max_tx = pchan->max_tx;
1731 chan->tx_win = pchan->tx_win;
1732 chan->tx_win_max = pchan->tx_win_max;
1733 chan->sec_level = pchan->sec_level;
1734 chan->flags = pchan->flags;
1735 chan->tx_credits = pchan->tx_credits;
1736 chan->rx_credits = pchan->rx_credits;
1738 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1739 chan->scid = pchan->scid;
1740 chan->dcid = pchan->scid;
1743 security_sk_clone(parent, sk);
1745 switch (sk->sk_type) {
1747 chan->chan_type = L2CAP_CHAN_RAW;
1750 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1751 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1753 case SOCK_SEQPACKET:
1755 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1759 chan->imtu = L2CAP_DEFAULT_MTU;
1761 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1762 chan->mode = L2CAP_MODE_ERTM;
1763 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1765 chan->mode = L2CAP_MODE_BASIC;
1768 l2cap_chan_set_defaults(chan);
1771 /* Default config options */
1772 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1775 chan->ops = &l2cap_chan_ops;
1778 static struct proto l2cap_proto = {
1780 .owner = THIS_MODULE,
1781 .obj_size = sizeof(struct l2cap_pinfo)
1784 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1785 int proto, gfp_t prio, int kern)
1788 struct l2cap_chan *chan;
1790 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1794 sock_init_data(sock, sk);
1795 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1797 sk->sk_destruct = l2cap_sock_destruct;
1798 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1800 sock_reset_flag(sk, SOCK_ZAPPED);
1802 sk->sk_protocol = proto;
1803 sk->sk_state = BT_OPEN;
1805 chan = l2cap_chan_create();
1811 l2cap_chan_hold(chan);
1813 l2cap_pi(sk)->chan = chan;
1818 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1823 BT_DBG("sock %p", sock);
1825 sock->state = SS_UNCONNECTED;
1827 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1828 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1829 return -ESOCKTNOSUPPORT;
1831 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1834 sock->ops = &l2cap_sock_ops;
1836 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1840 l2cap_sock_init(sk, NULL);
1841 bt_sock_link(&l2cap_sk_list, sk);
1845 static const struct proto_ops l2cap_sock_ops = {
1846 .family = PF_BLUETOOTH,
1847 .owner = THIS_MODULE,
1848 .release = l2cap_sock_release,
1849 .bind = l2cap_sock_bind,
1850 .connect = l2cap_sock_connect,
1851 .listen = l2cap_sock_listen,
1852 .accept = l2cap_sock_accept,
1853 .getname = l2cap_sock_getname,
1854 .sendmsg = l2cap_sock_sendmsg,
1855 .recvmsg = l2cap_sock_recvmsg,
1856 .poll = bt_sock_poll,
1857 .ioctl = bt_sock_ioctl,
1858 .gettstamp = sock_gettstamp,
1859 .mmap = sock_no_mmap,
1860 .socketpair = sock_no_socketpair,
1861 .shutdown = l2cap_sock_shutdown,
1862 .setsockopt = l2cap_sock_setsockopt,
1863 .getsockopt = l2cap_sock_getsockopt
1866 static const struct net_proto_family l2cap_sock_family_ops = {
1867 .family = PF_BLUETOOTH,
1868 .owner = THIS_MODULE,
1869 .create = l2cap_sock_create,
1872 int __init l2cap_init_sockets(void)
1876 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1878 err = proto_register(&l2cap_proto, 0);
1882 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1884 BT_ERR("L2CAP socket registration failed");
1888 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1891 BT_ERR("Failed to create L2CAP proc file");
1892 bt_sock_unregister(BTPROTO_L2CAP);
1896 BT_INFO("L2CAP socket layer initialized");
1901 proto_unregister(&l2cap_proto);
1905 void l2cap_cleanup_sockets(void)
1907 bt_procfs_cleanup(&init_net, "l2cap");
1908 bt_sock_unregister(BTPROTO_L2CAP);
1909 proto_unregister(&l2cap_proto);
projects / linux-2.6-microblaze.git / blob