2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/export.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
38 static struct bt_sock_list l2cap_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42 static const struct proto_ops l2cap_sock_ops;
43 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
44 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
45 int proto, gfp_t prio);
47 bool l2cap_is_socket(struct socket *sock)
49 return sock && sock->ops == &l2cap_sock_ops;
51 EXPORT_SYMBOL(l2cap_is_socket);
53 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
55 struct sock *sk = sock->sk;
56 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
57 struct sockaddr_l2 la;
62 if (!addr || addr->sa_family != AF_BLUETOOTH)
65 memset(&la, 0, sizeof(la));
66 len = min_t(unsigned int, sizeof(la), alen);
67 memcpy(&la, addr, len);
69 if (la.l2_cid && la.l2_psm)
72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
75 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
76 /* Connection oriented channels are not supported on LE */
79 /* We only allow ATT user space socket */
80 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
86 if (sk->sk_state != BT_OPEN) {
92 __u16 psm = __le16_to_cpu(la.l2_psm);
94 /* PSM must be odd and lsb of upper byte must be 0 */
95 if ((psm & 0x0101) != 0x0001) {
100 /* Restrict usage of well-known PSMs */
101 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
108 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
110 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
115 switch (chan->chan_type) {
116 case L2CAP_CHAN_CONN_LESS:
117 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
118 chan->sec_level = BT_SECURITY_SDP;
120 case L2CAP_CHAN_CONN_ORIENTED:
121 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
122 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
123 chan->sec_level = BT_SECURITY_SDP;
127 bacpy(&chan->src, &la.l2_bdaddr);
128 chan->src_type = la.l2_bdaddr_type;
130 chan->state = BT_BOUND;
131 sk->sk_state = BT_BOUND;
138 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
141 struct sock *sk = sock->sk;
142 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
143 struct sockaddr_l2 la;
148 if (!addr || alen < sizeof(addr->sa_family) ||
149 addr->sa_family != AF_BLUETOOTH)
152 memset(&la, 0, sizeof(la));
153 len = min_t(unsigned int, sizeof(la), alen);
154 memcpy(&la, addr, len);
156 if (la.l2_cid && la.l2_psm)
159 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
162 /* Check that the socket wasn't bound to something that
163 * conflicts with the address given to connect(). If chan->src
164 * is BDADDR_ANY it means bind() was never used, in which case
165 * chan->src_type and la.l2_bdaddr_type do not need to match.
167 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
168 bdaddr_type_is_le(la.l2_bdaddr_type)) {
169 /* Old user space versions will try to incorrectly bind
170 * the ATT socket using BDADDR_BREDR. We need to accept
171 * this and fix up the source address type only when
172 * both the source CID and destination CID indicate
173 * ATT. Anything else is an invalid combination.
175 if (chan->scid != L2CAP_CID_ATT ||
176 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
179 /* We don't have the hdev available here to make a
180 * better decision on random vs public, but since all
181 * user space versions that exhibit this issue anyway do
182 * not support random local addresses assuming public
183 * here is good enough.
185 chan->src_type = BDADDR_LE_PUBLIC;
188 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
191 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
192 /* Connection oriented channels are not supported on LE */
195 /* We only allow ATT user space socket */
196 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
200 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
201 &la.l2_bdaddr, la.l2_bdaddr_type);
207 err = bt_sock_wait_state(sk, BT_CONNECTED,
208 sock_sndtimeo(sk, flags & O_NONBLOCK));
215 static int l2cap_sock_listen(struct socket *sock, int backlog)
217 struct sock *sk = sock->sk;
218 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
221 BT_DBG("sk %p backlog %d", sk, backlog);
225 if (sk->sk_state != BT_BOUND) {
230 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
235 switch (chan->mode) {
236 case L2CAP_MODE_BASIC:
238 case L2CAP_MODE_ERTM:
239 case L2CAP_MODE_STREAMING:
248 sk->sk_max_ack_backlog = backlog;
249 sk->sk_ack_backlog = 0;
251 chan->state = BT_LISTEN;
252 sk->sk_state = BT_LISTEN;
259 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
262 DECLARE_WAITQUEUE(wait, current);
263 struct sock *sk = sock->sk, *nsk;
267 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
269 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
271 BT_DBG("sk %p timeo %ld", sk, timeo);
273 /* Wait for an incoming connection. (wake-one). */
274 add_wait_queue_exclusive(sk_sleep(sk), &wait);
276 set_current_state(TASK_INTERRUPTIBLE);
278 if (sk->sk_state != BT_LISTEN) {
283 nsk = bt_accept_dequeue(sk, newsock);
292 if (signal_pending(current)) {
293 err = sock_intr_errno(timeo);
298 timeo = schedule_timeout(timeo);
299 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
301 __set_current_state(TASK_RUNNING);
302 remove_wait_queue(sk_sleep(sk), &wait);
307 newsock->state = SS_CONNECTED;
309 BT_DBG("new socket %p", nsk);
316 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
319 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
320 struct sock *sk = sock->sk;
321 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
323 BT_DBG("sock %p, sk %p", sock, sk);
325 memset(la, 0, sizeof(struct sockaddr_l2));
326 addr->sa_family = AF_BLUETOOTH;
327 *len = sizeof(struct sockaddr_l2);
330 la->l2_psm = chan->psm;
331 bacpy(&la->l2_bdaddr, &chan->dst);
332 la->l2_cid = cpu_to_le16(chan->dcid);
333 la->l2_bdaddr_type = chan->dst_type;
335 la->l2_psm = chan->sport;
336 bacpy(&la->l2_bdaddr, &chan->src);
337 la->l2_cid = cpu_to_le16(chan->scid);
338 la->l2_bdaddr_type = chan->src_type;
344 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
345 char __user *optval, int __user *optlen)
347 struct sock *sk = sock->sk;
348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
349 struct l2cap_options opts;
350 struct l2cap_conninfo cinfo;
356 if (get_user(len, optlen))
363 memset(&opts, 0, sizeof(opts));
364 opts.imtu = chan->imtu;
365 opts.omtu = chan->omtu;
366 opts.flush_to = chan->flush_to;
367 opts.mode = chan->mode;
368 opts.fcs = chan->fcs;
369 opts.max_tx = chan->max_tx;
370 opts.txwin_size = chan->tx_win;
372 len = min_t(unsigned int, len, sizeof(opts));
373 if (copy_to_user(optval, (char *) &opts, len))
379 switch (chan->sec_level) {
380 case BT_SECURITY_LOW:
383 case BT_SECURITY_MEDIUM:
384 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
386 case BT_SECURITY_HIGH:
387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
395 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
396 opt |= L2CAP_LM_MASTER;
398 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
399 opt |= L2CAP_LM_RELIABLE;
401 if (put_user(opt, (u32 __user *) optval))
406 if (sk->sk_state != BT_CONNECTED &&
407 !(sk->sk_state == BT_CONNECT2 &&
408 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
413 memset(&cinfo, 0, sizeof(cinfo));
414 cinfo.hci_handle = chan->conn->hcon->handle;
415 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
417 len = min_t(unsigned int, len, sizeof(cinfo));
418 if (copy_to_user(optval, (char *) &cinfo, len))
432 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
433 char __user *optval, int __user *optlen)
435 struct sock *sk = sock->sk;
436 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
437 struct bt_security sec;
443 if (level == SOL_L2CAP)
444 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
446 if (level != SOL_BLUETOOTH)
449 if (get_user(len, optlen))
456 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
457 chan->chan_type != L2CAP_CHAN_RAW) {
462 memset(&sec, 0, sizeof(sec));
464 sec.level = chan->conn->hcon->sec_level;
466 if (sk->sk_state == BT_CONNECTED)
467 sec.key_size = chan->conn->hcon->enc_key_size;
469 sec.level = chan->sec_level;
472 len = min_t(unsigned int, len, sizeof(sec));
473 if (copy_to_user(optval, (char *) &sec, len))
479 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
484 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
485 (u32 __user *) optval))
491 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
492 (u32 __user *) optval))
498 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
499 && sk->sk_type != SOCK_RAW) {
504 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
506 len = min_t(unsigned int, len, sizeof(pwr));
507 if (copy_to_user(optval, (char *) &pwr, len))
512 case BT_CHANNEL_POLICY:
513 if (put_user(chan->chan_policy, (u32 __user *) optval))
526 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
528 switch (chan->scid) {
530 if (mtu < L2CAP_LE_MIN_MTU)
535 if (mtu < L2CAP_DEFAULT_MIN_MTU)
542 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
543 char __user *optval, unsigned int optlen)
545 struct sock *sk = sock->sk;
546 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
547 struct l2cap_options opts;
557 if (sk->sk_state == BT_CONNECTED) {
562 opts.imtu = chan->imtu;
563 opts.omtu = chan->omtu;
564 opts.flush_to = chan->flush_to;
565 opts.mode = chan->mode;
566 opts.fcs = chan->fcs;
567 opts.max_tx = chan->max_tx;
568 opts.txwin_size = chan->tx_win;
570 len = min_t(unsigned int, sizeof(opts), optlen);
571 if (copy_from_user((char *) &opts, optval, len)) {
576 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
581 if (!l2cap_valid_mtu(chan, opts.imtu)) {
586 chan->mode = opts.mode;
587 switch (chan->mode) {
588 case L2CAP_MODE_BASIC:
589 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
591 case L2CAP_MODE_ERTM:
592 case L2CAP_MODE_STREAMING:
601 chan->imtu = opts.imtu;
602 chan->omtu = opts.omtu;
603 chan->fcs = opts.fcs;
604 chan->max_tx = opts.max_tx;
605 chan->tx_win = opts.txwin_size;
606 chan->flush_to = opts.flush_to;
610 if (get_user(opt, (u32 __user *) optval)) {
615 if (opt & L2CAP_LM_AUTH)
616 chan->sec_level = BT_SECURITY_LOW;
617 if (opt & L2CAP_LM_ENCRYPT)
618 chan->sec_level = BT_SECURITY_MEDIUM;
619 if (opt & L2CAP_LM_SECURE)
620 chan->sec_level = BT_SECURITY_HIGH;
622 if (opt & L2CAP_LM_MASTER)
623 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
625 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
627 if (opt & L2CAP_LM_RELIABLE)
628 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
630 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
642 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
643 char __user *optval, unsigned int optlen)
645 struct sock *sk = sock->sk;
646 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
647 struct bt_security sec;
649 struct l2cap_conn *conn;
655 if (level == SOL_L2CAP)
656 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
658 if (level != SOL_BLUETOOTH)
665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
666 chan->chan_type != L2CAP_CHAN_RAW) {
671 sec.level = BT_SECURITY_LOW;
673 len = min_t(unsigned int, sizeof(sec), optlen);
674 if (copy_from_user((char *) &sec, optval, len)) {
679 if (sec.level < BT_SECURITY_LOW ||
680 sec.level > BT_SECURITY_HIGH) {
685 chan->sec_level = sec.level;
692 /*change security for LE channels */
693 if (chan->scid == L2CAP_CID_ATT) {
694 if (!conn->hcon->out) {
699 if (smp_conn_security(conn->hcon, sec.level))
701 sk->sk_state = BT_CONFIG;
702 chan->state = BT_CONFIG;
704 /* or for ACL link */
705 } else if ((sk->sk_state == BT_CONNECT2 &&
706 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
707 sk->sk_state == BT_CONNECTED) {
708 if (!l2cap_chan_check_security(chan))
709 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
711 sk->sk_state_change(sk);
718 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
723 if (get_user(opt, (u32 __user *) optval)) {
729 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
730 set_bit(FLAG_DEFER_SETUP, &chan->flags);
732 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
733 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
738 if (get_user(opt, (u32 __user *) optval)) {
743 if (opt > BT_FLUSHABLE_ON) {
748 if (opt == BT_FLUSHABLE_OFF) {
750 /* proceed further only when we have l2cap_conn and
751 No Flush support in the LM */
752 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
759 set_bit(FLAG_FLUSHABLE, &chan->flags);
761 clear_bit(FLAG_FLUSHABLE, &chan->flags);
765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
766 chan->chan_type != L2CAP_CHAN_RAW) {
771 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
773 len = min_t(unsigned int, sizeof(pwr), optlen);
774 if (copy_from_user((char *) &pwr, optval, len)) {
779 if (pwr.force_active)
780 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
782 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
785 case BT_CHANNEL_POLICY:
786 if (get_user(opt, (u32 __user *) optval)) {
791 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
796 if (chan->mode != L2CAP_MODE_ERTM &&
797 chan->mode != L2CAP_MODE_STREAMING) {
802 chan->chan_policy = (u8) opt;
804 if (sk->sk_state == BT_CONNECTED &&
805 chan->move_role == L2CAP_MOVE_ROLE_NONE)
806 l2cap_move_start(chan);
819 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
820 struct msghdr *msg, size_t len)
822 struct sock *sk = sock->sk;
823 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
826 BT_DBG("sock %p, sk %p", sock, sk);
828 err = sock_error(sk);
832 if (msg->msg_flags & MSG_OOB)
835 if (sk->sk_state != BT_CONNECTED)
839 err = bt_sock_wait_ready(sk, msg->msg_flags);
844 l2cap_chan_lock(chan);
845 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
846 l2cap_chan_unlock(chan);
851 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
852 struct msghdr *msg, size_t len, int flags)
854 struct sock *sk = sock->sk;
855 struct l2cap_pinfo *pi = l2cap_pi(sk);
860 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
861 &bt_sk(sk)->flags)) {
862 sk->sk_state = BT_CONFIG;
863 pi->chan->state = BT_CONFIG;
865 __l2cap_connect_rsp_defer(pi->chan);
872 if (sock->type == SOCK_STREAM)
873 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
875 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
877 if (pi->chan->mode != L2CAP_MODE_ERTM)
880 /* Attempt to put pending rx data in the socket buffer */
884 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
887 if (pi->rx_busy_skb) {
888 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
889 pi->rx_busy_skb = NULL;
894 /* Restore data flow when half of the receive buffer is
895 * available. This avoids resending large numbers of
898 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
899 l2cap_chan_busy(pi->chan, 0);
906 /* Kill socket (only if zapped and orphan)
907 * Must be called on unlocked socket.
909 static void l2cap_sock_kill(struct sock *sk)
911 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
914 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
916 /* Kill poor orphan */
918 l2cap_chan_put(l2cap_pi(sk)->chan);
919 sock_set_flag(sk, SOCK_DEAD);
923 static int __l2cap_wait_ack(struct sock *sk)
925 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
926 DECLARE_WAITQUEUE(wait, current);
930 add_wait_queue(sk_sleep(sk), &wait);
931 set_current_state(TASK_INTERRUPTIBLE);
932 while (chan->unacked_frames > 0 && chan->conn) {
936 if (signal_pending(current)) {
937 err = sock_intr_errno(timeo);
942 timeo = schedule_timeout(timeo);
944 set_current_state(TASK_INTERRUPTIBLE);
946 err = sock_error(sk);
950 set_current_state(TASK_RUNNING);
951 remove_wait_queue(sk_sleep(sk), &wait);
955 static int l2cap_sock_shutdown(struct socket *sock, int how)
957 struct sock *sk = sock->sk;
958 struct l2cap_chan *chan;
959 struct l2cap_conn *conn;
962 BT_DBG("sock %p, sk %p", sock, sk);
967 chan = l2cap_pi(sk)->chan;
971 mutex_lock(&conn->chan_lock);
973 l2cap_chan_lock(chan);
976 if (!sk->sk_shutdown) {
977 if (chan->mode == L2CAP_MODE_ERTM)
978 err = __l2cap_wait_ack(sk);
980 sk->sk_shutdown = SHUTDOWN_MASK;
983 l2cap_chan_close(chan, 0);
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
987 err = bt_sock_wait_state(sk, BT_CLOSED,
991 if (!err && sk->sk_err)
995 l2cap_chan_unlock(chan);
998 mutex_unlock(&conn->chan_lock);
1003 static int l2cap_sock_release(struct socket *sock)
1005 struct sock *sk = sock->sk;
1008 BT_DBG("sock %p, sk %p", sock, sk);
1013 bt_sock_unlink(&l2cap_sk_list, sk);
1015 err = l2cap_sock_shutdown(sock, 2);
1018 l2cap_sock_kill(sk);
1022 static void l2cap_sock_cleanup_listen(struct sock *parent)
1026 BT_DBG("parent %p", parent);
1028 /* Close not yet accepted channels */
1029 while ((sk = bt_accept_dequeue(parent, NULL))) {
1030 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1032 l2cap_chan_lock(chan);
1033 __clear_chan_timer(chan);
1034 l2cap_chan_close(chan, ECONNRESET);
1035 l2cap_chan_unlock(chan);
1037 l2cap_sock_kill(sk);
1041 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1043 struct sock *sk, *parent = chan->data;
1045 /* Check for backlog size */
1046 if (sk_acceptq_is_full(parent)) {
1047 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1051 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1056 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1058 l2cap_sock_init(sk, parent);
1060 bt_accept_enqueue(parent, sk);
1062 return l2cap_pi(sk)->chan;
1065 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1067 struct sock *sk = chan->data;
1072 if (l2cap_pi(sk)->rx_busy_skb) {
1077 err = sock_queue_rcv_skb(sk, skb);
1079 /* For ERTM, handle one skb that doesn't fit into the recv
1080 * buffer. This is important to do because the data frames
1081 * have already been acked, so the skb cannot be discarded.
1083 * Notify the l2cap core that the buffer is full, so the
1084 * LOCAL_BUSY state is entered and no more frames are
1085 * acked and reassembled until there is buffer space
1088 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1089 l2cap_pi(sk)->rx_busy_skb = skb;
1090 l2cap_chan_busy(chan, 1);
1100 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1102 struct sock *sk = chan->data;
1104 l2cap_sock_kill(sk);
1107 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1109 struct sock *sk = chan->data;
1110 struct sock *parent;
1114 parent = bt_sk(sk)->parent;
1116 sock_set_flag(sk, SOCK_ZAPPED);
1118 switch (chan->state) {
1124 l2cap_sock_cleanup_listen(sk);
1125 sk->sk_state = BT_CLOSED;
1126 chan->state = BT_CLOSED;
1130 sk->sk_state = BT_CLOSED;
1131 chan->state = BT_CLOSED;
1136 bt_accept_unlink(sk);
1137 parent->sk_data_ready(parent, 0);
1139 sk->sk_state_change(sk);
1148 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1151 struct sock *sk = chan->data;
1153 sk->sk_state = state;
1159 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1160 unsigned long len, int nb)
1162 struct sock *sk = chan->data;
1163 struct sk_buff *skb;
1166 l2cap_chan_unlock(chan);
1167 skb = bt_skb_send_alloc(sk, len, nb, &err);
1168 l2cap_chan_lock(chan);
1171 return ERR_PTR(err);
1176 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1178 struct sock *sk = chan->data;
1179 struct sock *parent;
1183 parent = bt_sk(sk)->parent;
1185 BT_DBG("sk %p, parent %p", sk, parent);
1187 sk->sk_state = BT_CONNECTED;
1188 sk->sk_state_change(sk);
1191 parent->sk_data_ready(parent, 0);
1196 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1198 struct sock *sk = chan->data;
1199 struct sock *parent = bt_sk(sk)->parent;
1202 parent->sk_data_ready(parent, 0);
1205 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1207 struct sock *sk = chan->data;
1209 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1210 sk->sk_state_change(sk);
1213 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1215 struct sock *sk = chan->data;
1218 sk->sk_shutdown = SHUTDOWN_MASK;
1222 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1224 struct sock *sk = chan->data;
1226 return sk->sk_sndtimeo;
1229 static struct l2cap_ops l2cap_chan_ops = {
1230 .name = "L2CAP Socket Interface",
1231 .new_connection = l2cap_sock_new_connection_cb,
1232 .recv = l2cap_sock_recv_cb,
1233 .close = l2cap_sock_close_cb,
1234 .teardown = l2cap_sock_teardown_cb,
1235 .state_change = l2cap_sock_state_change_cb,
1236 .ready = l2cap_sock_ready_cb,
1237 .defer = l2cap_sock_defer_cb,
1238 .resume = l2cap_sock_resume_cb,
1239 .set_shutdown = l2cap_sock_set_shutdown_cb,
1240 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1241 .alloc_skb = l2cap_sock_alloc_skb_cb,
1244 static void l2cap_sock_destruct(struct sock *sk)
1246 BT_DBG("sk %p", sk);
1248 if (l2cap_pi(sk)->chan)
1249 l2cap_chan_put(l2cap_pi(sk)->chan);
1251 if (l2cap_pi(sk)->rx_busy_skb) {
1252 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1253 l2cap_pi(sk)->rx_busy_skb = NULL;
1256 skb_queue_purge(&sk->sk_receive_queue);
1257 skb_queue_purge(&sk->sk_write_queue);
1260 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1263 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1265 memset(la, 0, sizeof(struct sockaddr_l2));
1266 la->l2_family = AF_BLUETOOTH;
1267 la->l2_psm = bt_cb(skb)->psm;
1268 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1270 *msg_namelen = sizeof(struct sockaddr_l2);
1273 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1275 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1277 BT_DBG("sk %p", sk);
1280 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1282 sk->sk_type = parent->sk_type;
1283 bt_sk(sk)->flags = bt_sk(parent)->flags;
1285 chan->chan_type = pchan->chan_type;
1286 chan->imtu = pchan->imtu;
1287 chan->omtu = pchan->omtu;
1288 chan->conf_state = pchan->conf_state;
1289 chan->mode = pchan->mode;
1290 chan->fcs = pchan->fcs;
1291 chan->max_tx = pchan->max_tx;
1292 chan->tx_win = pchan->tx_win;
1293 chan->tx_win_max = pchan->tx_win_max;
1294 chan->sec_level = pchan->sec_level;
1295 chan->flags = pchan->flags;
1297 security_sk_clone(parent, sk);
1299 switch (sk->sk_type) {
1301 chan->chan_type = L2CAP_CHAN_RAW;
1304 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1305 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1307 case SOCK_SEQPACKET:
1309 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1313 chan->imtu = L2CAP_DEFAULT_MTU;
1315 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1316 chan->mode = L2CAP_MODE_ERTM;
1317 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1319 chan->mode = L2CAP_MODE_BASIC;
1322 l2cap_chan_set_defaults(chan);
1325 /* Default config options */
1326 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1329 chan->ops = &l2cap_chan_ops;
1332 static struct proto l2cap_proto = {
1334 .owner = THIS_MODULE,
1335 .obj_size = sizeof(struct l2cap_pinfo)
1338 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1339 int proto, gfp_t prio)
1342 struct l2cap_chan *chan;
1344 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1348 sock_init_data(sock, sk);
1349 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1351 sk->sk_destruct = l2cap_sock_destruct;
1352 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1354 sock_reset_flag(sk, SOCK_ZAPPED);
1356 sk->sk_protocol = proto;
1357 sk->sk_state = BT_OPEN;
1359 chan = l2cap_chan_create();
1365 l2cap_chan_hold(chan);
1369 l2cap_pi(sk)->chan = chan;
1374 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1379 BT_DBG("sock %p", sock);
1381 sock->state = SS_UNCONNECTED;
1383 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1384 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1385 return -ESOCKTNOSUPPORT;
1387 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1390 sock->ops = &l2cap_sock_ops;
1392 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1396 l2cap_sock_init(sk, NULL);
1397 bt_sock_link(&l2cap_sk_list, sk);
1401 static const struct proto_ops l2cap_sock_ops = {
1402 .family = PF_BLUETOOTH,
1403 .owner = THIS_MODULE,
1404 .release = l2cap_sock_release,
1405 .bind = l2cap_sock_bind,
1406 .connect = l2cap_sock_connect,
1407 .listen = l2cap_sock_listen,
1408 .accept = l2cap_sock_accept,
1409 .getname = l2cap_sock_getname,
1410 .sendmsg = l2cap_sock_sendmsg,
1411 .recvmsg = l2cap_sock_recvmsg,
1412 .poll = bt_sock_poll,
1413 .ioctl = bt_sock_ioctl,
1414 .mmap = sock_no_mmap,
1415 .socketpair = sock_no_socketpair,
1416 .shutdown = l2cap_sock_shutdown,
1417 .setsockopt = l2cap_sock_setsockopt,
1418 .getsockopt = l2cap_sock_getsockopt
1421 static const struct net_proto_family l2cap_sock_family_ops = {
1422 .family = PF_BLUETOOTH,
1423 .owner = THIS_MODULE,
1424 .create = l2cap_sock_create,
1427 int __init l2cap_init_sockets(void)
1431 err = proto_register(&l2cap_proto, 0);
1435 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1437 BT_ERR("L2CAP socket registration failed");
1441 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1444 BT_ERR("Failed to create L2CAP proc file");
1445 bt_sock_unregister(BTPROTO_L2CAP);
1449 BT_INFO("L2CAP socket layer initialized");
1454 proto_unregister(&l2cap_proto);
1458 void l2cap_cleanup_sockets(void)
1460 bt_procfs_cleanup(&init_net, "l2cap");
1461 bt_sock_unregister(BTPROTO_L2CAP);
1462 proto_unregister(&l2cap_proto);