2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/export.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
38 static struct bt_sock_list l2cap_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42 static const struct proto_ops l2cap_sock_ops;
43 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
44 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
45 int proto, gfp_t prio);
47 bool l2cap_is_socket(struct socket *sock)
49 return sock && sock->ops == &l2cap_sock_ops;
51 EXPORT_SYMBOL(l2cap_is_socket);
53 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
55 struct sock *sk = sock->sk;
56 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
57 struct sockaddr_l2 la;
62 if (!addr || addr->sa_family != AF_BLUETOOTH)
65 memset(&la, 0, sizeof(la));
66 len = min_t(unsigned int, sizeof(la), alen);
67 memcpy(&la, addr, len);
69 if (la.l2_cid && la.l2_psm)
72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
77 if (sk->sk_state != BT_OPEN) {
83 __u16 psm = __le16_to_cpu(la.l2_psm);
85 /* PSM must be odd and lsb of upper byte must be 0 */
86 if ((psm & 0x0101) != 0x0001) {
91 /* Restrict usage of well-known PSMs */
92 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
99 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
101 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
106 switch (chan->chan_type) {
107 case L2CAP_CHAN_CONN_LESS:
108 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
109 chan->sec_level = BT_SECURITY_SDP;
111 case L2CAP_CHAN_CONN_ORIENTED:
112 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
113 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
114 chan->sec_level = BT_SECURITY_SDP;
118 bacpy(&chan->src, &la.l2_bdaddr);
119 chan->src_type = la.l2_bdaddr_type;
121 chan->state = BT_BOUND;
122 sk->sk_state = BT_BOUND;
129 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
132 struct sock *sk = sock->sk;
133 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
134 struct sockaddr_l2 la;
139 if (!addr || alen < sizeof(addr->sa_family) ||
140 addr->sa_family != AF_BLUETOOTH)
143 memset(&la, 0, sizeof(la));
144 len = min_t(unsigned int, sizeof(la), alen);
145 memcpy(&la, addr, len);
147 if (la.l2_cid && la.l2_psm)
150 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
153 if (chan->src_type == BDADDR_BREDR && la.l2_bdaddr_type != BDADDR_BREDR)
156 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
159 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
160 &la.l2_bdaddr, la.l2_bdaddr_type);
166 err = bt_sock_wait_state(sk, BT_CONNECTED,
167 sock_sndtimeo(sk, flags & O_NONBLOCK));
174 static int l2cap_sock_listen(struct socket *sock, int backlog)
176 struct sock *sk = sock->sk;
177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 BT_DBG("sk %p backlog %d", sk, backlog);
184 if (sk->sk_state != BT_BOUND) {
189 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
194 switch (chan->mode) {
195 case L2CAP_MODE_BASIC:
197 case L2CAP_MODE_ERTM:
198 case L2CAP_MODE_STREAMING:
207 sk->sk_max_ack_backlog = backlog;
208 sk->sk_ack_backlog = 0;
210 chan->state = BT_LISTEN;
211 sk->sk_state = BT_LISTEN;
218 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
221 DECLARE_WAITQUEUE(wait, current);
222 struct sock *sk = sock->sk, *nsk;
226 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
228 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
230 BT_DBG("sk %p timeo %ld", sk, timeo);
232 /* Wait for an incoming connection. (wake-one). */
233 add_wait_queue_exclusive(sk_sleep(sk), &wait);
235 set_current_state(TASK_INTERRUPTIBLE);
237 if (sk->sk_state != BT_LISTEN) {
242 nsk = bt_accept_dequeue(sk, newsock);
251 if (signal_pending(current)) {
252 err = sock_intr_errno(timeo);
257 timeo = schedule_timeout(timeo);
258 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
260 __set_current_state(TASK_RUNNING);
261 remove_wait_queue(sk_sleep(sk), &wait);
266 newsock->state = SS_CONNECTED;
268 BT_DBG("new socket %p", nsk);
275 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
278 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
279 struct sock *sk = sock->sk;
280 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
282 BT_DBG("sock %p, sk %p", sock, sk);
284 memset(la, 0, sizeof(struct sockaddr_l2));
285 addr->sa_family = AF_BLUETOOTH;
286 *len = sizeof(struct sockaddr_l2);
289 la->l2_psm = chan->psm;
290 bacpy(&la->l2_bdaddr, &chan->dst);
291 la->l2_cid = cpu_to_le16(chan->dcid);
292 la->l2_bdaddr_type = chan->dst_type;
294 la->l2_psm = chan->sport;
295 bacpy(&la->l2_bdaddr, &chan->src);
296 la->l2_cid = cpu_to_le16(chan->scid);
297 la->l2_bdaddr_type = chan->src_type;
303 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
304 char __user *optval, int __user *optlen)
306 struct sock *sk = sock->sk;
307 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
308 struct l2cap_options opts;
309 struct l2cap_conninfo cinfo;
315 if (get_user(len, optlen))
322 memset(&opts, 0, sizeof(opts));
323 opts.imtu = chan->imtu;
324 opts.omtu = chan->omtu;
325 opts.flush_to = chan->flush_to;
326 opts.mode = chan->mode;
327 opts.fcs = chan->fcs;
328 opts.max_tx = chan->max_tx;
329 opts.txwin_size = chan->tx_win;
331 len = min_t(unsigned int, len, sizeof(opts));
332 if (copy_to_user(optval, (char *) &opts, len))
338 switch (chan->sec_level) {
339 case BT_SECURITY_LOW:
342 case BT_SECURITY_MEDIUM:
343 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
345 case BT_SECURITY_HIGH:
346 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
354 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
355 opt |= L2CAP_LM_MASTER;
357 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
358 opt |= L2CAP_LM_RELIABLE;
360 if (put_user(opt, (u32 __user *) optval))
365 if (sk->sk_state != BT_CONNECTED &&
366 !(sk->sk_state == BT_CONNECT2 &&
367 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
372 memset(&cinfo, 0, sizeof(cinfo));
373 cinfo.hci_handle = chan->conn->hcon->handle;
374 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
376 len = min_t(unsigned int, len, sizeof(cinfo));
377 if (copy_to_user(optval, (char *) &cinfo, len))
391 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
392 char __user *optval, int __user *optlen)
394 struct sock *sk = sock->sk;
395 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
396 struct bt_security sec;
402 if (level == SOL_L2CAP)
403 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
405 if (level != SOL_BLUETOOTH)
408 if (get_user(len, optlen))
415 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
416 chan->chan_type != L2CAP_CHAN_RAW) {
421 memset(&sec, 0, sizeof(sec));
423 sec.level = chan->conn->hcon->sec_level;
425 if (sk->sk_state == BT_CONNECTED)
426 sec.key_size = chan->conn->hcon->enc_key_size;
428 sec.level = chan->sec_level;
431 len = min_t(unsigned int, len, sizeof(sec));
432 if (copy_to_user(optval, (char *) &sec, len))
438 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
443 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
444 (u32 __user *) optval))
450 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
451 (u32 __user *) optval))
457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
458 && sk->sk_type != SOCK_RAW) {
463 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
465 len = min_t(unsigned int, len, sizeof(pwr));
466 if (copy_to_user(optval, (char *) &pwr, len))
471 case BT_CHANNEL_POLICY:
472 if (put_user(chan->chan_policy, (u32 __user *) optval))
485 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
487 switch (chan->scid) {
489 if (mtu < L2CAP_LE_MIN_MTU)
494 if (mtu < L2CAP_DEFAULT_MIN_MTU)
501 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
502 char __user *optval, unsigned int optlen)
504 struct sock *sk = sock->sk;
505 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
506 struct l2cap_options opts;
516 if (sk->sk_state == BT_CONNECTED) {
521 opts.imtu = chan->imtu;
522 opts.omtu = chan->omtu;
523 opts.flush_to = chan->flush_to;
524 opts.mode = chan->mode;
525 opts.fcs = chan->fcs;
526 opts.max_tx = chan->max_tx;
527 opts.txwin_size = chan->tx_win;
529 len = min_t(unsigned int, sizeof(opts), optlen);
530 if (copy_from_user((char *) &opts, optval, len)) {
535 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
540 if (!l2cap_valid_mtu(chan, opts.imtu)) {
545 chan->mode = opts.mode;
546 switch (chan->mode) {
547 case L2CAP_MODE_BASIC:
548 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
550 case L2CAP_MODE_ERTM:
551 case L2CAP_MODE_STREAMING:
560 chan->imtu = opts.imtu;
561 chan->omtu = opts.omtu;
562 chan->fcs = opts.fcs;
563 chan->max_tx = opts.max_tx;
564 chan->tx_win = opts.txwin_size;
565 chan->flush_to = opts.flush_to;
569 if (get_user(opt, (u32 __user *) optval)) {
574 if (opt & L2CAP_LM_AUTH)
575 chan->sec_level = BT_SECURITY_LOW;
576 if (opt & L2CAP_LM_ENCRYPT)
577 chan->sec_level = BT_SECURITY_MEDIUM;
578 if (opt & L2CAP_LM_SECURE)
579 chan->sec_level = BT_SECURITY_HIGH;
581 if (opt & L2CAP_LM_MASTER)
582 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
584 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
586 if (opt & L2CAP_LM_RELIABLE)
587 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
589 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
601 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
602 char __user *optval, unsigned int optlen)
604 struct sock *sk = sock->sk;
605 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
606 struct bt_security sec;
608 struct l2cap_conn *conn;
614 if (level == SOL_L2CAP)
615 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
617 if (level != SOL_BLUETOOTH)
624 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
625 chan->chan_type != L2CAP_CHAN_RAW) {
630 sec.level = BT_SECURITY_LOW;
632 len = min_t(unsigned int, sizeof(sec), optlen);
633 if (copy_from_user((char *) &sec, optval, len)) {
638 if (sec.level < BT_SECURITY_LOW ||
639 sec.level > BT_SECURITY_HIGH) {
644 chan->sec_level = sec.level;
651 /*change security for LE channels */
652 if (chan->scid == L2CAP_CID_ATT) {
653 if (!conn->hcon->out) {
658 if (smp_conn_security(conn->hcon, sec.level))
660 sk->sk_state = BT_CONFIG;
661 chan->state = BT_CONFIG;
663 /* or for ACL link */
664 } else if ((sk->sk_state == BT_CONNECT2 &&
665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
666 sk->sk_state == BT_CONNECTED) {
667 if (!l2cap_chan_check_security(chan))
668 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
670 sk->sk_state_change(sk);
677 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
682 if (get_user(opt, (u32 __user *) optval)) {
688 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
689 set_bit(FLAG_DEFER_SETUP, &chan->flags);
691 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
692 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
697 if (get_user(opt, (u32 __user *) optval)) {
702 if (opt > BT_FLUSHABLE_ON) {
707 if (opt == BT_FLUSHABLE_OFF) {
709 /* proceed further only when we have l2cap_conn and
710 No Flush support in the LM */
711 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
718 set_bit(FLAG_FLUSHABLE, &chan->flags);
720 clear_bit(FLAG_FLUSHABLE, &chan->flags);
724 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
725 chan->chan_type != L2CAP_CHAN_RAW) {
730 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
732 len = min_t(unsigned int, sizeof(pwr), optlen);
733 if (copy_from_user((char *) &pwr, optval, len)) {
738 if (pwr.force_active)
739 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
741 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
744 case BT_CHANNEL_POLICY:
745 if (get_user(opt, (u32 __user *) optval)) {
750 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
755 if (chan->mode != L2CAP_MODE_ERTM &&
756 chan->mode != L2CAP_MODE_STREAMING) {
761 chan->chan_policy = (u8) opt;
763 if (sk->sk_state == BT_CONNECTED &&
764 chan->move_role == L2CAP_MOVE_ROLE_NONE)
765 l2cap_move_start(chan);
778 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
779 struct msghdr *msg, size_t len)
781 struct sock *sk = sock->sk;
782 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
785 BT_DBG("sock %p, sk %p", sock, sk);
787 err = sock_error(sk);
791 if (msg->msg_flags & MSG_OOB)
794 if (sk->sk_state != BT_CONNECTED)
798 err = bt_sock_wait_ready(sk, msg->msg_flags);
803 l2cap_chan_lock(chan);
804 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
805 l2cap_chan_unlock(chan);
810 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
811 struct msghdr *msg, size_t len, int flags)
813 struct sock *sk = sock->sk;
814 struct l2cap_pinfo *pi = l2cap_pi(sk);
819 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
820 &bt_sk(sk)->flags)) {
821 sk->sk_state = BT_CONFIG;
822 pi->chan->state = BT_CONFIG;
824 __l2cap_connect_rsp_defer(pi->chan);
831 if (sock->type == SOCK_STREAM)
832 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
834 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
836 if (pi->chan->mode != L2CAP_MODE_ERTM)
839 /* Attempt to put pending rx data in the socket buffer */
843 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
846 if (pi->rx_busy_skb) {
847 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
848 pi->rx_busy_skb = NULL;
853 /* Restore data flow when half of the receive buffer is
854 * available. This avoids resending large numbers of
857 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
858 l2cap_chan_busy(pi->chan, 0);
865 /* Kill socket (only if zapped and orphan)
866 * Must be called on unlocked socket.
868 static void l2cap_sock_kill(struct sock *sk)
870 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
873 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
875 /* Kill poor orphan */
877 l2cap_chan_put(l2cap_pi(sk)->chan);
878 sock_set_flag(sk, SOCK_DEAD);
882 static int l2cap_sock_shutdown(struct socket *sock, int how)
884 struct sock *sk = sock->sk;
885 struct l2cap_chan *chan;
886 struct l2cap_conn *conn;
889 BT_DBG("sock %p, sk %p", sock, sk);
894 chan = l2cap_pi(sk)->chan;
898 mutex_lock(&conn->chan_lock);
900 l2cap_chan_lock(chan);
903 if (!sk->sk_shutdown) {
904 if (chan->mode == L2CAP_MODE_ERTM)
905 err = __l2cap_wait_ack(sk);
907 sk->sk_shutdown = SHUTDOWN_MASK;
910 l2cap_chan_close(chan, 0);
913 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
914 err = bt_sock_wait_state(sk, BT_CLOSED,
918 if (!err && sk->sk_err)
922 l2cap_chan_unlock(chan);
925 mutex_unlock(&conn->chan_lock);
930 static int l2cap_sock_release(struct socket *sock)
932 struct sock *sk = sock->sk;
935 BT_DBG("sock %p, sk %p", sock, sk);
940 bt_sock_unlink(&l2cap_sk_list, sk);
942 err = l2cap_sock_shutdown(sock, 2);
949 static void l2cap_sock_cleanup_listen(struct sock *parent)
953 BT_DBG("parent %p", parent);
955 /* Close not yet accepted channels */
956 while ((sk = bt_accept_dequeue(parent, NULL))) {
957 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
959 l2cap_chan_lock(chan);
960 __clear_chan_timer(chan);
961 l2cap_chan_close(chan, ECONNRESET);
962 l2cap_chan_unlock(chan);
968 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
970 struct sock *sk, *parent = chan->data;
972 /* Check for backlog size */
973 if (sk_acceptq_is_full(parent)) {
974 BT_DBG("backlog full %d", parent->sk_ack_backlog);
978 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
983 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
985 l2cap_sock_init(sk, parent);
987 bt_accept_enqueue(parent, sk);
989 return l2cap_pi(sk)->chan;
992 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
994 struct sock *sk = chan->data;
999 if (l2cap_pi(sk)->rx_busy_skb) {
1004 err = sock_queue_rcv_skb(sk, skb);
1006 /* For ERTM, handle one skb that doesn't fit into the recv
1007 * buffer. This is important to do because the data frames
1008 * have already been acked, so the skb cannot be discarded.
1010 * Notify the l2cap core that the buffer is full, so the
1011 * LOCAL_BUSY state is entered and no more frames are
1012 * acked and reassembled until there is buffer space
1015 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1016 l2cap_pi(sk)->rx_busy_skb = skb;
1017 l2cap_chan_busy(chan, 1);
1027 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1029 struct sock *sk = chan->data;
1031 l2cap_sock_kill(sk);
1034 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1036 struct sock *sk = chan->data;
1037 struct sock *parent;
1041 parent = bt_sk(sk)->parent;
1043 sock_set_flag(sk, SOCK_ZAPPED);
1045 switch (chan->state) {
1051 l2cap_sock_cleanup_listen(sk);
1052 sk->sk_state = BT_CLOSED;
1053 chan->state = BT_CLOSED;
1057 sk->sk_state = BT_CLOSED;
1058 chan->state = BT_CLOSED;
1063 bt_accept_unlink(sk);
1064 parent->sk_data_ready(parent, 0);
1066 sk->sk_state_change(sk);
1075 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1078 struct sock *sk = chan->data;
1080 sk->sk_state = state;
1086 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1087 unsigned long len, int nb)
1089 struct sk_buff *skb;
1092 l2cap_chan_unlock(chan);
1093 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1094 l2cap_chan_lock(chan);
1097 return ERR_PTR(err);
1102 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1104 struct sock *sk = chan->data;
1105 struct sock *parent;
1109 parent = bt_sk(sk)->parent;
1111 BT_DBG("sk %p, parent %p", sk, parent);
1113 sk->sk_state = BT_CONNECTED;
1114 sk->sk_state_change(sk);
1117 parent->sk_data_ready(parent, 0);
1122 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1124 struct sock *sk = chan->data;
1125 struct sock *parent = bt_sk(sk)->parent;
1128 parent->sk_data_ready(parent, 0);
1131 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1133 struct sock *sk = chan->data;
1135 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1136 sk->sk_state_change(sk);
1139 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1141 struct sock *sk = chan->data;
1144 sk->sk_shutdown = SHUTDOWN_MASK;
1148 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1150 struct sock *sk = chan->data;
1152 return sk->sk_sndtimeo;
1155 static struct l2cap_ops l2cap_chan_ops = {
1156 .name = "L2CAP Socket Interface",
1157 .new_connection = l2cap_sock_new_connection_cb,
1158 .recv = l2cap_sock_recv_cb,
1159 .close = l2cap_sock_close_cb,
1160 .teardown = l2cap_sock_teardown_cb,
1161 .state_change = l2cap_sock_state_change_cb,
1162 .ready = l2cap_sock_ready_cb,
1163 .defer = l2cap_sock_defer_cb,
1164 .resume = l2cap_sock_resume_cb,
1165 .set_shutdown = l2cap_sock_set_shutdown_cb,
1166 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1167 .alloc_skb = l2cap_sock_alloc_skb_cb,
1170 static void l2cap_sock_destruct(struct sock *sk)
1172 BT_DBG("sk %p", sk);
1174 if (l2cap_pi(sk)->chan)
1175 l2cap_chan_put(l2cap_pi(sk)->chan);
1177 if (l2cap_pi(sk)->rx_busy_skb) {
1178 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1179 l2cap_pi(sk)->rx_busy_skb = NULL;
1182 skb_queue_purge(&sk->sk_receive_queue);
1183 skb_queue_purge(&sk->sk_write_queue);
1186 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1189 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1191 memset(la, 0, sizeof(struct sockaddr_l2));
1192 la->l2_family = AF_BLUETOOTH;
1193 la->l2_psm = bt_cb(skb)->psm;
1194 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1196 *msg_namelen = sizeof(struct sockaddr_l2);
1199 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1201 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1203 BT_DBG("sk %p", sk);
1206 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1208 sk->sk_type = parent->sk_type;
1209 bt_sk(sk)->flags = bt_sk(parent)->flags;
1211 chan->chan_type = pchan->chan_type;
1212 chan->imtu = pchan->imtu;
1213 chan->omtu = pchan->omtu;
1214 chan->conf_state = pchan->conf_state;
1215 chan->mode = pchan->mode;
1216 chan->fcs = pchan->fcs;
1217 chan->max_tx = pchan->max_tx;
1218 chan->tx_win = pchan->tx_win;
1219 chan->tx_win_max = pchan->tx_win_max;
1220 chan->sec_level = pchan->sec_level;
1221 chan->flags = pchan->flags;
1223 security_sk_clone(parent, sk);
1225 switch (sk->sk_type) {
1227 chan->chan_type = L2CAP_CHAN_RAW;
1230 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1231 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1233 case SOCK_SEQPACKET:
1235 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1239 chan->imtu = L2CAP_DEFAULT_MTU;
1241 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1242 chan->mode = L2CAP_MODE_ERTM;
1243 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1245 chan->mode = L2CAP_MODE_BASIC;
1248 l2cap_chan_set_defaults(chan);
1251 /* Default config options */
1252 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1255 chan->ops = &l2cap_chan_ops;
1258 static struct proto l2cap_proto = {
1260 .owner = THIS_MODULE,
1261 .obj_size = sizeof(struct l2cap_pinfo)
1264 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1265 int proto, gfp_t prio)
1268 struct l2cap_chan *chan;
1270 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1274 sock_init_data(sock, sk);
1275 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1277 sk->sk_destruct = l2cap_sock_destruct;
1278 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1280 sock_reset_flag(sk, SOCK_ZAPPED);
1282 sk->sk_protocol = proto;
1283 sk->sk_state = BT_OPEN;
1285 chan = l2cap_chan_create();
1291 l2cap_chan_hold(chan);
1295 l2cap_pi(sk)->chan = chan;
1300 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1305 BT_DBG("sock %p", sock);
1307 sock->state = SS_UNCONNECTED;
1309 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1310 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1311 return -ESOCKTNOSUPPORT;
1313 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1316 sock->ops = &l2cap_sock_ops;
1318 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1322 l2cap_sock_init(sk, NULL);
1323 bt_sock_link(&l2cap_sk_list, sk);
1327 static const struct proto_ops l2cap_sock_ops = {
1328 .family = PF_BLUETOOTH,
1329 .owner = THIS_MODULE,
1330 .release = l2cap_sock_release,
1331 .bind = l2cap_sock_bind,
1332 .connect = l2cap_sock_connect,
1333 .listen = l2cap_sock_listen,
1334 .accept = l2cap_sock_accept,
1335 .getname = l2cap_sock_getname,
1336 .sendmsg = l2cap_sock_sendmsg,
1337 .recvmsg = l2cap_sock_recvmsg,
1338 .poll = bt_sock_poll,
1339 .ioctl = bt_sock_ioctl,
1340 .mmap = sock_no_mmap,
1341 .socketpair = sock_no_socketpair,
1342 .shutdown = l2cap_sock_shutdown,
1343 .setsockopt = l2cap_sock_setsockopt,
1344 .getsockopt = l2cap_sock_getsockopt
1347 static const struct net_proto_family l2cap_sock_family_ops = {
1348 .family = PF_BLUETOOTH,
1349 .owner = THIS_MODULE,
1350 .create = l2cap_sock_create,
1353 int __init l2cap_init_sockets(void)
1357 err = proto_register(&l2cap_proto, 0);
1361 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1363 BT_ERR("L2CAP socket registration failed");
1367 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1370 BT_ERR("Failed to create L2CAP proc file");
1371 bt_sock_unregister(BTPROTO_L2CAP);
1375 BT_INFO("L2CAP socket layer initialized");
1380 proto_unregister(&l2cap_proto);
1384 void l2cap_cleanup_sockets(void)
1386 bt_procfs_cleanup(&init_net, "l2cap");
1387 bt_sock_unregister(BTPROTO_L2CAP);
1388 proto_unregister(&l2cap_proto);