2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
39 static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43 static const struct proto_ops l2cap_sock_ops;
44 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio);
48 bool l2cap_is_socket(struct socket *sock)
50 return sock && sock->ops == &l2cap_sock_ops;
52 EXPORT_SYMBOL(l2cap_is_socket);
54 static int l2cap_validate_bredr_psm(u16 psm)
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
60 /* Restrict usage of well-known PSMs */
61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
67 static int l2cap_validate_le_psm(u16 psm)
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 struct sock *sk = sock->sk;
83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
84 struct sockaddr_l2 la;
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
96 if (la.l2_cid && la.l2_psm)
99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
103 /* We only allow ATT user space socket */
105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
111 if (sk->sk_state != BT_OPEN) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
119 if (la.l2_bdaddr_type == BDADDR_BREDR)
120 err = l2cap_validate_bredr_psm(psm);
122 err = l2cap_validate_le_psm(psm);
129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
136 switch (chan->chan_type) {
137 case L2CAP_CHAN_CONN_LESS:
138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
139 chan->sec_level = BT_SECURITY_SDP;
141 case L2CAP_CHAN_CONN_ORIENTED:
142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
144 chan->sec_level = BT_SECURITY_SDP;
147 chan->sec_level = BT_SECURITY_SDP;
149 case L2CAP_CHAN_FIXED:
150 /* Fixed channels default to the L2CAP core not holding a
151 * hci_conn reference for them. For fixed channels mapping to
152 * L2CAP sockets we do want to hold a reference so set the
153 * appropriate flag to request it.
155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
159 bacpy(&chan->src, &la.l2_bdaddr);
160 chan->src_type = la.l2_bdaddr_type;
162 if (chan->psm && bdaddr_type_is_le(chan->src_type))
163 chan->mode = L2CAP_MODE_LE_FLOWCTL;
165 chan->state = BT_BOUND;
166 sk->sk_state = BT_BOUND;
173 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 struct sock *sk = sock->sk;
177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178 struct sockaddr_l2 la;
183 if (!addr || alen < sizeof(addr->sa_family) ||
184 addr->sa_family != AF_BLUETOOTH)
187 memset(&la, 0, sizeof(la));
188 len = min_t(unsigned int, sizeof(la), alen);
189 memcpy(&la, addr, len);
191 if (la.l2_cid && la.l2_psm)
194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 /* Check that the socket wasn't bound to something that
198 * conflicts with the address given to connect(). If chan->src
199 * is BDADDR_ANY it means bind() was never used, in which case
200 * chan->src_type and la.l2_bdaddr_type do not need to match.
202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203 bdaddr_type_is_le(la.l2_bdaddr_type)) {
204 /* Old user space versions will try to incorrectly bind
205 * the ATT socket using BDADDR_BREDR. We need to accept
206 * this and fix up the source address type only when
207 * both the source CID and destination CID indicate
208 * ATT. Anything else is an invalid combination.
210 if (chan->scid != L2CAP_CID_ATT ||
211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 /* We don't have the hdev available here to make a
215 * better decision on random vs public, but since all
216 * user space versions that exhibit this issue anyway do
217 * not support random local addresses assuming public
218 * here is good enough.
220 chan->src_type = BDADDR_LE_PUBLIC;
223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
227 /* We only allow ATT user space socket */
229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
233 if (chan->psm && bdaddr_type_is_le(chan->src_type))
234 chan->mode = L2CAP_MODE_LE_FLOWCTL;
236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
237 &la.l2_bdaddr, la.l2_bdaddr_type);
243 err = bt_sock_wait_state(sk, BT_CONNECTED,
244 sock_sndtimeo(sk, flags & O_NONBLOCK));
251 static int l2cap_sock_listen(struct socket *sock, int backlog)
253 struct sock *sk = sock->sk;
254 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 BT_DBG("sk %p backlog %d", sk, backlog);
261 if (sk->sk_state != BT_BOUND) {
266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
271 switch (chan->mode) {
272 case L2CAP_MODE_BASIC:
273 case L2CAP_MODE_LE_FLOWCTL:
275 case L2CAP_MODE_ERTM:
276 case L2CAP_MODE_STREAMING:
285 sk->sk_max_ack_backlog = backlog;
286 sk->sk_ack_backlog = 0;
288 chan->state = BT_LISTEN;
289 sk->sk_state = BT_LISTEN;
296 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
299 DECLARE_WAITQUEUE(wait, current);
300 struct sock *sk = sock->sk, *nsk;
304 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
306 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
308 BT_DBG("sk %p timeo %ld", sk, timeo);
310 /* Wait for an incoming connection. (wake-one). */
311 add_wait_queue_exclusive(sk_sleep(sk), &wait);
313 set_current_state(TASK_INTERRUPTIBLE);
315 if (sk->sk_state != BT_LISTEN) {
320 nsk = bt_accept_dequeue(sk, newsock);
329 if (signal_pending(current)) {
330 err = sock_intr_errno(timeo);
335 timeo = schedule_timeout(timeo);
336 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
338 __set_current_state(TASK_RUNNING);
339 remove_wait_queue(sk_sleep(sk), &wait);
344 newsock->state = SS_CONNECTED;
346 BT_DBG("new socket %p", nsk);
353 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
356 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
357 struct sock *sk = sock->sk;
358 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
360 BT_DBG("sock %p, sk %p", sock, sk);
362 if (peer && sk->sk_state != BT_CONNECTED &&
363 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
364 sk->sk_state != BT_CONFIG)
367 memset(la, 0, sizeof(struct sockaddr_l2));
368 addr->sa_family = AF_BLUETOOTH;
369 *len = sizeof(struct sockaddr_l2);
371 la->l2_psm = chan->psm;
374 bacpy(&la->l2_bdaddr, &chan->dst);
375 la->l2_cid = cpu_to_le16(chan->dcid);
376 la->l2_bdaddr_type = chan->dst_type;
378 bacpy(&la->l2_bdaddr, &chan->src);
379 la->l2_cid = cpu_to_le16(chan->scid);
380 la->l2_bdaddr_type = chan->src_type;
386 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
387 char __user *optval, int __user *optlen)
389 struct sock *sk = sock->sk;
390 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
391 struct l2cap_options opts;
392 struct l2cap_conninfo cinfo;
398 if (get_user(len, optlen))
405 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
406 * legacy ATT code depends on getsockopt for
407 * L2CAP_OPTIONS we need to let this pass.
409 if (bdaddr_type_is_le(chan->src_type) &&
410 chan->scid != L2CAP_CID_ATT) {
415 memset(&opts, 0, sizeof(opts));
416 opts.imtu = chan->imtu;
417 opts.omtu = chan->omtu;
418 opts.flush_to = chan->flush_to;
419 opts.mode = chan->mode;
420 opts.fcs = chan->fcs;
421 opts.max_tx = chan->max_tx;
422 opts.txwin_size = chan->tx_win;
424 len = min_t(unsigned int, len, sizeof(opts));
425 if (copy_to_user(optval, (char *) &opts, len))
431 switch (chan->sec_level) {
432 case BT_SECURITY_LOW:
435 case BT_SECURITY_MEDIUM:
436 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
438 case BT_SECURITY_HIGH:
439 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
442 case BT_SECURITY_FIPS:
443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
444 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
452 opt |= L2CAP_LM_MASTER;
454 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
455 opt |= L2CAP_LM_RELIABLE;
457 if (put_user(opt, (u32 __user *) optval))
463 if (sk->sk_state != BT_CONNECTED &&
464 !(sk->sk_state == BT_CONNECT2 &&
465 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
470 memset(&cinfo, 0, sizeof(cinfo));
471 cinfo.hci_handle = chan->conn->hcon->handle;
472 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
474 len = min_t(unsigned int, len, sizeof(cinfo));
475 if (copy_to_user(optval, (char *) &cinfo, len))
489 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
490 char __user *optval, int __user *optlen)
492 struct sock *sk = sock->sk;
493 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
494 struct bt_security sec;
500 if (level == SOL_L2CAP)
501 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
503 if (level != SOL_BLUETOOTH)
506 if (get_user(len, optlen))
513 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
514 chan->chan_type != L2CAP_CHAN_FIXED &&
515 chan->chan_type != L2CAP_CHAN_RAW) {
520 memset(&sec, 0, sizeof(sec));
522 sec.level = chan->conn->hcon->sec_level;
524 if (sk->sk_state == BT_CONNECTED)
525 sec.key_size = chan->conn->hcon->enc_key_size;
527 sec.level = chan->sec_level;
530 len = min_t(unsigned int, len, sizeof(sec));
531 if (copy_to_user(optval, (char *) &sec, len))
537 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
542 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
543 (u32 __user *) optval))
549 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
550 (u32 __user *) optval))
556 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
557 && sk->sk_type != SOCK_RAW) {
562 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
564 len = min_t(unsigned int, len, sizeof(pwr));
565 if (copy_to_user(optval, (char *) &pwr, len))
570 case BT_CHANNEL_POLICY:
571 if (put_user(chan->chan_policy, (u32 __user *) optval))
576 if (!bdaddr_type_is_le(chan->src_type)) {
581 if (sk->sk_state != BT_CONNECTED) {
586 if (put_user(chan->omtu, (u16 __user *) optval))
591 if (!bdaddr_type_is_le(chan->src_type)) {
596 if (put_user(chan->imtu, (u16 __user *) optval))
609 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
611 switch (chan->scid) {
613 if (mtu < L2CAP_LE_MIN_MTU)
618 if (mtu < L2CAP_DEFAULT_MIN_MTU)
625 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
626 char __user *optval, unsigned int optlen)
628 struct sock *sk = sock->sk;
629 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
630 struct l2cap_options opts;
640 if (bdaddr_type_is_le(chan->src_type)) {
645 if (sk->sk_state == BT_CONNECTED) {
650 opts.imtu = chan->imtu;
651 opts.omtu = chan->omtu;
652 opts.flush_to = chan->flush_to;
653 opts.mode = chan->mode;
654 opts.fcs = chan->fcs;
655 opts.max_tx = chan->max_tx;
656 opts.txwin_size = chan->tx_win;
658 len = min_t(unsigned int, sizeof(opts), optlen);
659 if (copy_from_user((char *) &opts, optval, len)) {
664 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
669 if (!l2cap_valid_mtu(chan, opts.imtu)) {
674 chan->mode = opts.mode;
675 switch (chan->mode) {
676 case L2CAP_MODE_LE_FLOWCTL:
678 case L2CAP_MODE_BASIC:
679 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
681 case L2CAP_MODE_ERTM:
682 case L2CAP_MODE_STREAMING:
691 chan->imtu = opts.imtu;
692 chan->omtu = opts.omtu;
693 chan->fcs = opts.fcs;
694 chan->max_tx = opts.max_tx;
695 chan->tx_win = opts.txwin_size;
696 chan->flush_to = opts.flush_to;
700 if (get_user(opt, (u32 __user *) optval)) {
705 if (opt & L2CAP_LM_FIPS) {
710 if (opt & L2CAP_LM_AUTH)
711 chan->sec_level = BT_SECURITY_LOW;
712 if (opt & L2CAP_LM_ENCRYPT)
713 chan->sec_level = BT_SECURITY_MEDIUM;
714 if (opt & L2CAP_LM_SECURE)
715 chan->sec_level = BT_SECURITY_HIGH;
717 if (opt & L2CAP_LM_MASTER)
718 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
720 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
722 if (opt & L2CAP_LM_RELIABLE)
723 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
725 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
737 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
738 char __user *optval, unsigned int optlen)
740 struct sock *sk = sock->sk;
741 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
742 struct bt_security sec;
744 struct l2cap_conn *conn;
750 if (level == SOL_L2CAP)
751 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
753 if (level != SOL_BLUETOOTH)
760 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
761 chan->chan_type != L2CAP_CHAN_FIXED &&
762 chan->chan_type != L2CAP_CHAN_RAW) {
767 sec.level = BT_SECURITY_LOW;
769 len = min_t(unsigned int, sizeof(sec), optlen);
770 if (copy_from_user((char *) &sec, optval, len)) {
775 if (sec.level < BT_SECURITY_LOW ||
776 sec.level > BT_SECURITY_HIGH) {
781 chan->sec_level = sec.level;
788 /*change security for LE channels */
789 if (chan->scid == L2CAP_CID_ATT) {
790 if (smp_conn_security(conn->hcon, sec.level))
792 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
793 sk->sk_state = BT_CONFIG;
794 chan->state = BT_CONFIG;
796 /* or for ACL link */
797 } else if ((sk->sk_state == BT_CONNECT2 &&
798 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
799 sk->sk_state == BT_CONNECTED) {
800 if (!l2cap_chan_check_security(chan, true))
801 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
803 sk->sk_state_change(sk);
810 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
815 if (get_user(opt, (u32 __user *) optval)) {
821 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 set_bit(FLAG_DEFER_SETUP, &chan->flags);
824 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
825 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
830 if (get_user(opt, (u32 __user *) optval)) {
835 if (opt > BT_FLUSHABLE_ON) {
840 if (opt == BT_FLUSHABLE_OFF) {
842 /* proceed further only when we have l2cap_conn and
843 No Flush support in the LM */
844 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
851 set_bit(FLAG_FLUSHABLE, &chan->flags);
853 clear_bit(FLAG_FLUSHABLE, &chan->flags);
857 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
858 chan->chan_type != L2CAP_CHAN_RAW) {
863 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
865 len = min_t(unsigned int, sizeof(pwr), optlen);
866 if (copy_from_user((char *) &pwr, optval, len)) {
871 if (pwr.force_active)
872 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
874 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
877 case BT_CHANNEL_POLICY:
878 if (get_user(opt, (u32 __user *) optval)) {
883 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
888 if (chan->mode != L2CAP_MODE_ERTM &&
889 chan->mode != L2CAP_MODE_STREAMING) {
894 chan->chan_policy = (u8) opt;
896 if (sk->sk_state == BT_CONNECTED &&
897 chan->move_role == L2CAP_MOVE_ROLE_NONE)
898 l2cap_move_start(chan);
903 if (!bdaddr_type_is_le(chan->src_type)) {
908 /* Setting is not supported as it's the remote side that
915 if (!bdaddr_type_is_le(chan->src_type)) {
920 if (sk->sk_state == BT_CONNECTED) {
925 if (get_user(opt, (u32 __user *) optval)) {
942 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
943 struct msghdr *msg, size_t len)
945 struct sock *sk = sock->sk;
946 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
949 BT_DBG("sock %p, sk %p", sock, sk);
951 err = sock_error(sk);
955 if (msg->msg_flags & MSG_OOB)
958 if (sk->sk_state != BT_CONNECTED)
962 err = bt_sock_wait_ready(sk, msg->msg_flags);
967 l2cap_chan_lock(chan);
968 err = l2cap_chan_send(chan, msg, len);
969 l2cap_chan_unlock(chan);
974 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
975 struct msghdr *msg, size_t len, int flags)
977 struct sock *sk = sock->sk;
978 struct l2cap_pinfo *pi = l2cap_pi(sk);
983 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
984 &bt_sk(sk)->flags)) {
985 if (bdaddr_type_is_le(pi->chan->src_type)) {
986 sk->sk_state = BT_CONNECTED;
987 pi->chan->state = BT_CONNECTED;
988 __l2cap_le_connect_rsp_defer(pi->chan);
990 sk->sk_state = BT_CONFIG;
991 pi->chan->state = BT_CONFIG;
992 __l2cap_connect_rsp_defer(pi->chan);
1001 if (sock->type == SOCK_STREAM)
1002 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1004 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1006 if (pi->chan->mode != L2CAP_MODE_ERTM)
1009 /* Attempt to put pending rx data in the socket buffer */
1013 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1016 if (pi->rx_busy_skb) {
1017 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1018 pi->rx_busy_skb = NULL;
1023 /* Restore data flow when half of the receive buffer is
1024 * available. This avoids resending large numbers of
1027 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1028 l2cap_chan_busy(pi->chan, 0);
1035 /* Kill socket (only if zapped and orphan)
1036 * Must be called on unlocked socket.
1038 static void l2cap_sock_kill(struct sock *sk)
1040 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1043 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1045 /* Kill poor orphan */
1047 l2cap_chan_put(l2cap_pi(sk)->chan);
1048 sock_set_flag(sk, SOCK_DEAD);
1052 static int __l2cap_wait_ack(struct sock *sk)
1054 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1055 DECLARE_WAITQUEUE(wait, current);
1059 add_wait_queue(sk_sleep(sk), &wait);
1060 set_current_state(TASK_INTERRUPTIBLE);
1061 while (chan->unacked_frames > 0 && chan->conn) {
1065 if (signal_pending(current)) {
1066 err = sock_intr_errno(timeo);
1071 timeo = schedule_timeout(timeo);
1073 set_current_state(TASK_INTERRUPTIBLE);
1075 err = sock_error(sk);
1079 set_current_state(TASK_RUNNING);
1080 remove_wait_queue(sk_sleep(sk), &wait);
1084 static int l2cap_sock_shutdown(struct socket *sock, int how)
1086 struct sock *sk = sock->sk;
1087 struct l2cap_chan *chan;
1088 struct l2cap_conn *conn;
1091 BT_DBG("sock %p, sk %p", sock, sk);
1096 chan = l2cap_pi(sk)->chan;
1100 mutex_lock(&conn->chan_lock);
1102 l2cap_chan_lock(chan);
1105 if (!sk->sk_shutdown) {
1106 if (chan->mode == L2CAP_MODE_ERTM)
1107 err = __l2cap_wait_ack(sk);
1109 sk->sk_shutdown = SHUTDOWN_MASK;
1112 l2cap_chan_close(chan, 0);
1115 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1116 !(current->flags & PF_EXITING))
1117 err = bt_sock_wait_state(sk, BT_CLOSED,
1121 if (!err && sk->sk_err)
1125 l2cap_chan_unlock(chan);
1128 mutex_unlock(&conn->chan_lock);
1133 static int l2cap_sock_release(struct socket *sock)
1135 struct sock *sk = sock->sk;
1138 BT_DBG("sock %p, sk %p", sock, sk);
1143 bt_sock_unlink(&l2cap_sk_list, sk);
1145 err = l2cap_sock_shutdown(sock, 2);
1148 l2cap_sock_kill(sk);
1152 static void l2cap_sock_cleanup_listen(struct sock *parent)
1156 BT_DBG("parent %p", parent);
1158 /* Close not yet accepted channels */
1159 while ((sk = bt_accept_dequeue(parent, NULL))) {
1160 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1162 l2cap_chan_lock(chan);
1163 __clear_chan_timer(chan);
1164 l2cap_chan_close(chan, ECONNRESET);
1165 l2cap_chan_unlock(chan);
1167 l2cap_sock_kill(sk);
1171 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1173 struct sock *sk, *parent = chan->data;
1177 /* Check for backlog size */
1178 if (sk_acceptq_is_full(parent)) {
1179 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1180 release_sock(parent);
1184 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1187 release_sock(parent);
1191 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1193 l2cap_sock_init(sk, parent);
1195 bt_accept_enqueue(parent, sk);
1197 release_sock(parent);
1199 return l2cap_pi(sk)->chan;
1202 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1204 struct sock *sk = chan->data;
1209 if (l2cap_pi(sk)->rx_busy_skb) {
1214 err = sock_queue_rcv_skb(sk, skb);
1216 /* For ERTM, handle one skb that doesn't fit into the recv
1217 * buffer. This is important to do because the data frames
1218 * have already been acked, so the skb cannot be discarded.
1220 * Notify the l2cap core that the buffer is full, so the
1221 * LOCAL_BUSY state is entered and no more frames are
1222 * acked and reassembled until there is buffer space
1225 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1226 l2cap_pi(sk)->rx_busy_skb = skb;
1227 l2cap_chan_busy(chan, 1);
1237 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1239 struct sock *sk = chan->data;
1241 l2cap_sock_kill(sk);
1244 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1246 struct sock *sk = chan->data;
1247 struct sock *parent;
1251 parent = bt_sk(sk)->parent;
1253 sock_set_flag(sk, SOCK_ZAPPED);
1255 switch (chan->state) {
1261 l2cap_sock_cleanup_listen(sk);
1262 sk->sk_state = BT_CLOSED;
1263 chan->state = BT_CLOSED;
1267 sk->sk_state = BT_CLOSED;
1268 chan->state = BT_CLOSED;
1273 bt_accept_unlink(sk);
1274 parent->sk_data_ready(parent);
1276 sk->sk_state_change(sk);
1285 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1288 struct sock *sk = chan->data;
1290 sk->sk_state = state;
1296 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1297 unsigned long hdr_len,
1298 unsigned long len, int nb)
1300 struct sock *sk = chan->data;
1301 struct sk_buff *skb;
1304 l2cap_chan_unlock(chan);
1305 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1306 l2cap_chan_lock(chan);
1309 return ERR_PTR(err);
1311 skb->priority = sk->sk_priority;
1313 bt_cb(skb)->chan = chan;
1318 static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan,
1319 unsigned char *kdata,
1320 struct iovec *iov, int len)
1322 return memcpy_fromiovec(kdata, iov, len);
1325 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1327 struct sock *sk = chan->data;
1328 struct sock *parent;
1332 parent = bt_sk(sk)->parent;
1334 BT_DBG("sk %p, parent %p", sk, parent);
1336 sk->sk_state = BT_CONNECTED;
1337 sk->sk_state_change(sk);
1340 parent->sk_data_ready(parent);
1345 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1347 struct sock *parent, *sk = chan->data;
1351 parent = bt_sk(sk)->parent;
1353 parent->sk_data_ready(parent);
1358 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1360 struct sock *sk = chan->data;
1362 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1363 sk->sk_state = BT_CONNECTED;
1364 chan->state = BT_CONNECTED;
1367 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1368 sk->sk_state_change(sk);
1371 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1373 struct sock *sk = chan->data;
1376 sk->sk_shutdown = SHUTDOWN_MASK;
1380 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1382 struct sock *sk = chan->data;
1384 return sk->sk_sndtimeo;
1387 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1389 struct sock *sk = chan->data;
1391 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1392 sk->sk_state_change(sk);
1395 static const struct l2cap_ops l2cap_chan_ops = {
1396 .name = "L2CAP Socket Interface",
1397 .new_connection = l2cap_sock_new_connection_cb,
1398 .recv = l2cap_sock_recv_cb,
1399 .close = l2cap_sock_close_cb,
1400 .teardown = l2cap_sock_teardown_cb,
1401 .state_change = l2cap_sock_state_change_cb,
1402 .ready = l2cap_sock_ready_cb,
1403 .defer = l2cap_sock_defer_cb,
1404 .resume = l2cap_sock_resume_cb,
1405 .suspend = l2cap_sock_suspend_cb,
1406 .set_shutdown = l2cap_sock_set_shutdown_cb,
1407 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1408 .alloc_skb = l2cap_sock_alloc_skb_cb,
1409 .memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb,
1412 static void l2cap_sock_destruct(struct sock *sk)
1414 BT_DBG("sk %p", sk);
1416 if (l2cap_pi(sk)->chan)
1417 l2cap_chan_put(l2cap_pi(sk)->chan);
1419 if (l2cap_pi(sk)->rx_busy_skb) {
1420 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1421 l2cap_pi(sk)->rx_busy_skb = NULL;
1424 skb_queue_purge(&sk->sk_receive_queue);
1425 skb_queue_purge(&sk->sk_write_queue);
1428 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1431 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1433 memset(la, 0, sizeof(struct sockaddr_l2));
1434 la->l2_family = AF_BLUETOOTH;
1435 la->l2_psm = bt_cb(skb)->psm;
1436 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1438 *msg_namelen = sizeof(struct sockaddr_l2);
1441 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1443 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1445 BT_DBG("sk %p", sk);
1448 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1450 sk->sk_type = parent->sk_type;
1451 bt_sk(sk)->flags = bt_sk(parent)->flags;
1453 chan->chan_type = pchan->chan_type;
1454 chan->imtu = pchan->imtu;
1455 chan->omtu = pchan->omtu;
1456 chan->conf_state = pchan->conf_state;
1457 chan->mode = pchan->mode;
1458 chan->fcs = pchan->fcs;
1459 chan->max_tx = pchan->max_tx;
1460 chan->tx_win = pchan->tx_win;
1461 chan->tx_win_max = pchan->tx_win_max;
1462 chan->sec_level = pchan->sec_level;
1463 chan->flags = pchan->flags;
1464 chan->tx_credits = pchan->tx_credits;
1465 chan->rx_credits = pchan->rx_credits;
1467 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1468 chan->scid = pchan->scid;
1469 chan->dcid = pchan->scid;
1472 security_sk_clone(parent, sk);
1474 switch (sk->sk_type) {
1476 chan->chan_type = L2CAP_CHAN_RAW;
1479 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1480 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1482 case SOCK_SEQPACKET:
1484 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1488 chan->imtu = L2CAP_DEFAULT_MTU;
1490 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1491 chan->mode = L2CAP_MODE_ERTM;
1492 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1494 chan->mode = L2CAP_MODE_BASIC;
1497 l2cap_chan_set_defaults(chan);
1500 /* Default config options */
1501 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1504 chan->ops = &l2cap_chan_ops;
1507 static struct proto l2cap_proto = {
1509 .owner = THIS_MODULE,
1510 .obj_size = sizeof(struct l2cap_pinfo)
1513 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1514 int proto, gfp_t prio)
1517 struct l2cap_chan *chan;
1519 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1523 sock_init_data(sock, sk);
1524 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1526 sk->sk_destruct = l2cap_sock_destruct;
1527 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1529 sock_reset_flag(sk, SOCK_ZAPPED);
1531 sk->sk_protocol = proto;
1532 sk->sk_state = BT_OPEN;
1534 chan = l2cap_chan_create();
1540 l2cap_chan_hold(chan);
1542 l2cap_pi(sk)->chan = chan;
1547 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1552 BT_DBG("sock %p", sock);
1554 sock->state = SS_UNCONNECTED;
1556 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1557 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1558 return -ESOCKTNOSUPPORT;
1560 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1563 sock->ops = &l2cap_sock_ops;
1565 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1569 l2cap_sock_init(sk, NULL);
1570 bt_sock_link(&l2cap_sk_list, sk);
1574 static const struct proto_ops l2cap_sock_ops = {
1575 .family = PF_BLUETOOTH,
1576 .owner = THIS_MODULE,
1577 .release = l2cap_sock_release,
1578 .bind = l2cap_sock_bind,
1579 .connect = l2cap_sock_connect,
1580 .listen = l2cap_sock_listen,
1581 .accept = l2cap_sock_accept,
1582 .getname = l2cap_sock_getname,
1583 .sendmsg = l2cap_sock_sendmsg,
1584 .recvmsg = l2cap_sock_recvmsg,
1585 .poll = bt_sock_poll,
1586 .ioctl = bt_sock_ioctl,
1587 .mmap = sock_no_mmap,
1588 .socketpair = sock_no_socketpair,
1589 .shutdown = l2cap_sock_shutdown,
1590 .setsockopt = l2cap_sock_setsockopt,
1591 .getsockopt = l2cap_sock_getsockopt
1594 static const struct net_proto_family l2cap_sock_family_ops = {
1595 .family = PF_BLUETOOTH,
1596 .owner = THIS_MODULE,
1597 .create = l2cap_sock_create,
1600 int __init l2cap_init_sockets(void)
1604 err = proto_register(&l2cap_proto, 0);
1608 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1610 BT_ERR("L2CAP socket registration failed");
1614 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1617 BT_ERR("Failed to create L2CAP proc file");
1618 bt_sock_unregister(BTPROTO_L2CAP);
1622 BT_INFO("L2CAP socket layer initialized");
1627 proto_unregister(&l2cap_proto);
1631 void l2cap_cleanup_sockets(void)
1633 bt_procfs_cleanup(&init_net, "l2cap");
1634 bt_sock_unregister(BTPROTO_L2CAP);
1635 proto_unregister(&l2cap_proto);
projects / cascardo / linux.git / blob