2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
39 static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43 static const struct proto_ops l2cap_sock_ops;
44 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio);
48 bool l2cap_is_socket(struct socket *sock)
50 return sock && sock->ops == &l2cap_sock_ops;
52 EXPORT_SYMBOL(l2cap_is_socket);
54 static int l2cap_validate_bredr_psm(u16 psm)
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
60 /* Restrict usage of well-known PSMs */
61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
67 static int l2cap_validate_le_psm(u16 psm)
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 struct sock *sk = sock->sk;
83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
84 struct sockaddr_l2 la;
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
96 if (la.l2_cid && la.l2_psm)
99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
103 /* We only allow ATT user space socket */
105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
111 if (sk->sk_state != BT_OPEN) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
119 if (la.l2_bdaddr_type == BDADDR_BREDR)
120 err = l2cap_validate_bredr_psm(psm);
122 err = l2cap_validate_le_psm(psm);
129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
136 switch (chan->chan_type) {
137 case L2CAP_CHAN_CONN_LESS:
138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
139 chan->sec_level = BT_SECURITY_SDP;
141 case L2CAP_CHAN_CONN_ORIENTED:
142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
144 chan->sec_level = BT_SECURITY_SDP;
147 chan->sec_level = BT_SECURITY_SDP;
149 case L2CAP_CHAN_FIXED:
150 /* Fixed channels default to the L2CAP core not holding a
151 * hci_conn reference for them. For fixed channels mapping to
152 * L2CAP sockets we do want to hold a reference so set the
153 * appropriate flag to request it.
155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
159 bacpy(&chan->src, &la.l2_bdaddr);
160 chan->src_type = la.l2_bdaddr_type;
162 if (chan->psm && bdaddr_type_is_le(chan->src_type))
163 chan->mode = L2CAP_MODE_LE_FLOWCTL;
165 chan->state = BT_BOUND;
166 sk->sk_state = BT_BOUND;
173 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 struct sock *sk = sock->sk;
177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178 struct sockaddr_l2 la;
183 if (!addr || alen < sizeof(addr->sa_family) ||
184 addr->sa_family != AF_BLUETOOTH)
187 memset(&la, 0, sizeof(la));
188 len = min_t(unsigned int, sizeof(la), alen);
189 memcpy(&la, addr, len);
191 if (la.l2_cid && la.l2_psm)
194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 /* Check that the socket wasn't bound to something that
198 * conflicts with the address given to connect(). If chan->src
199 * is BDADDR_ANY it means bind() was never used, in which case
200 * chan->src_type and la.l2_bdaddr_type do not need to match.
202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203 bdaddr_type_is_le(la.l2_bdaddr_type)) {
204 /* Old user space versions will try to incorrectly bind
205 * the ATT socket using BDADDR_BREDR. We need to accept
206 * this and fix up the source address type only when
207 * both the source CID and destination CID indicate
208 * ATT. Anything else is an invalid combination.
210 if (chan->scid != L2CAP_CID_ATT ||
211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 /* We don't have the hdev available here to make a
215 * better decision on random vs public, but since all
216 * user space versions that exhibit this issue anyway do
217 * not support random local addresses assuming public
218 * here is good enough.
220 chan->src_type = BDADDR_LE_PUBLIC;
223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
227 /* We only allow ATT user space socket */
229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
233 if (chan->psm && bdaddr_type_is_le(chan->src_type))
234 chan->mode = L2CAP_MODE_LE_FLOWCTL;
236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
237 &la.l2_bdaddr, la.l2_bdaddr_type);
243 err = bt_sock_wait_state(sk, BT_CONNECTED,
244 sock_sndtimeo(sk, flags & O_NONBLOCK));
251 static int l2cap_sock_listen(struct socket *sock, int backlog)
253 struct sock *sk = sock->sk;
254 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 BT_DBG("sk %p backlog %d", sk, backlog);
261 if (sk->sk_state != BT_BOUND) {
266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
271 switch (chan->mode) {
272 case L2CAP_MODE_BASIC:
273 case L2CAP_MODE_LE_FLOWCTL:
275 case L2CAP_MODE_ERTM:
276 case L2CAP_MODE_STREAMING:
285 sk->sk_max_ack_backlog = backlog;
286 sk->sk_ack_backlog = 0;
288 /* Listening channels need to use nested locking in order not to
289 * cause lockdep warnings when the created child channels end up
290 * being locked in the same thread as the parent channel.
292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
294 chan->state = BT_LISTEN;
295 sk->sk_state = BT_LISTEN;
302 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 DECLARE_WAITQUEUE(wait, current);
306 struct sock *sk = sock->sk, *nsk;
310 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
314 BT_DBG("sk %p timeo %ld", sk, timeo);
316 /* Wait for an incoming connection. (wake-one). */
317 add_wait_queue_exclusive(sk_sleep(sk), &wait);
319 set_current_state(TASK_INTERRUPTIBLE);
321 if (sk->sk_state != BT_LISTEN) {
326 nsk = bt_accept_dequeue(sk, newsock);
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
341 timeo = schedule_timeout(timeo);
342 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
344 __set_current_state(TASK_RUNNING);
345 remove_wait_queue(sk_sleep(sk), &wait);
350 newsock->state = SS_CONNECTED;
352 BT_DBG("new socket %p", nsk);
359 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
362 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
363 struct sock *sk = sock->sk;
364 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366 BT_DBG("sock %p, sk %p", sock, sk);
368 if (peer && sk->sk_state != BT_CONNECTED &&
369 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
370 sk->sk_state != BT_CONFIG)
373 memset(la, 0, sizeof(struct sockaddr_l2));
374 addr->sa_family = AF_BLUETOOTH;
375 *len = sizeof(struct sockaddr_l2);
377 la->l2_psm = chan->psm;
380 bacpy(&la->l2_bdaddr, &chan->dst);
381 la->l2_cid = cpu_to_le16(chan->dcid);
382 la->l2_bdaddr_type = chan->dst_type;
384 bacpy(&la->l2_bdaddr, &chan->src);
385 la->l2_cid = cpu_to_le16(chan->scid);
386 la->l2_bdaddr_type = chan->src_type;
392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
395 struct sock *sk = sock->sk;
396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
404 if (get_user(len, optlen))
411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
412 * legacy ATT code depends on getsockopt for
413 * L2CAP_OPTIONS we need to let this pass.
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
421 memset(&opts, 0, sizeof(opts));
422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
428 opts.txwin_size = chan->tx_win;
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
437 switch (chan->sec_level) {
438 case BT_SECURITY_LOW:
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
458 opt |= L2CAP_LM_MASTER;
460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
461 opt |= L2CAP_LM_RELIABLE;
463 if (put_user(opt, (u32 __user *) optval))
469 if (sk->sk_state != BT_CONNECTED &&
470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
476 memset(&cinfo, 0, sizeof(cinfo));
477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
495 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
498 struct sock *sk = sock->sk;
499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
500 struct bt_security sec;
506 if (level == SOL_L2CAP)
507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509 if (level != SOL_BLUETOOTH)
512 if (get_user(len, optlen))
519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
520 chan->chan_type != L2CAP_CHAN_FIXED &&
521 chan->chan_type != L2CAP_CHAN_RAW) {
526 memset(&sec, 0, sizeof(sec));
528 sec.level = chan->conn->hcon->sec_level;
530 if (sk->sk_state == BT_CONNECTED)
531 sec.key_size = chan->conn->hcon->enc_key_size;
533 sec.level = chan->sec_level;
536 len = min_t(unsigned int, len, sizeof(sec));
537 if (copy_to_user(optval, (char *) &sec, len))
543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549 (u32 __user *) optval))
555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
556 (u32 __user *) optval))
562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
563 && sk->sk_type != SOCK_RAW) {
568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
570 len = min_t(unsigned int, len, sizeof(pwr));
571 if (copy_to_user(optval, (char *) &pwr, len))
576 case BT_CHANNEL_POLICY:
577 if (put_user(chan->chan_policy, (u32 __user *) optval))
582 if (!bdaddr_type_is_le(chan->src_type)) {
587 if (sk->sk_state != BT_CONNECTED) {
592 if (put_user(chan->omtu, (u16 __user *) optval))
597 if (!bdaddr_type_is_le(chan->src_type)) {
602 if (put_user(chan->imtu, (u16 __user *) optval))
615 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
617 switch (chan->scid) {
619 if (mtu < L2CAP_LE_MIN_MTU)
624 if (mtu < L2CAP_DEFAULT_MIN_MTU)
631 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632 char __user *optval, unsigned int optlen)
634 struct sock *sk = sock->sk;
635 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
636 struct l2cap_options opts;
646 if (bdaddr_type_is_le(chan->src_type)) {
651 if (sk->sk_state == BT_CONNECTED) {
656 opts.imtu = chan->imtu;
657 opts.omtu = chan->omtu;
658 opts.flush_to = chan->flush_to;
659 opts.mode = chan->mode;
660 opts.fcs = chan->fcs;
661 opts.max_tx = chan->max_tx;
662 opts.txwin_size = chan->tx_win;
664 len = min_t(unsigned int, sizeof(opts), optlen);
665 if (copy_from_user((char *) &opts, optval, len)) {
670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
675 if (!l2cap_valid_mtu(chan, opts.imtu)) {
680 chan->mode = opts.mode;
681 switch (chan->mode) {
682 case L2CAP_MODE_LE_FLOWCTL:
684 case L2CAP_MODE_BASIC:
685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
687 case L2CAP_MODE_ERTM:
688 case L2CAP_MODE_STREAMING:
697 chan->imtu = opts.imtu;
698 chan->omtu = opts.omtu;
699 chan->fcs = opts.fcs;
700 chan->max_tx = opts.max_tx;
701 chan->tx_win = opts.txwin_size;
702 chan->flush_to = opts.flush_to;
706 if (get_user(opt, (u32 __user *) optval)) {
711 if (opt & L2CAP_LM_FIPS) {
716 if (opt & L2CAP_LM_AUTH)
717 chan->sec_level = BT_SECURITY_LOW;
718 if (opt & L2CAP_LM_ENCRYPT)
719 chan->sec_level = BT_SECURITY_MEDIUM;
720 if (opt & L2CAP_LM_SECURE)
721 chan->sec_level = BT_SECURITY_HIGH;
723 if (opt & L2CAP_LM_MASTER)
724 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
728 if (opt & L2CAP_LM_RELIABLE)
729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
743 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744 char __user *optval, unsigned int optlen)
746 struct sock *sk = sock->sk;
747 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
748 struct bt_security sec;
750 struct l2cap_conn *conn;
756 if (level == SOL_L2CAP)
757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
759 if (level != SOL_BLUETOOTH)
766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
767 chan->chan_type != L2CAP_CHAN_FIXED &&
768 chan->chan_type != L2CAP_CHAN_RAW) {
773 sec.level = BT_SECURITY_LOW;
775 len = min_t(unsigned int, sizeof(sec), optlen);
776 if (copy_from_user((char *) &sec, optval, len)) {
781 if (sec.level < BT_SECURITY_LOW ||
782 sec.level > BT_SECURITY_HIGH) {
787 chan->sec_level = sec.level;
794 /*change security for LE channels */
795 if (chan->scid == L2CAP_CID_ATT) {
796 if (smp_conn_security(conn->hcon, sec.level))
798 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
799 sk->sk_state = BT_CONFIG;
800 chan->state = BT_CONFIG;
802 /* or for ACL link */
803 } else if ((sk->sk_state == BT_CONNECT2 &&
804 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
805 sk->sk_state == BT_CONNECTED) {
806 if (!l2cap_chan_check_security(chan, true))
807 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
809 sk->sk_state_change(sk);
816 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
821 if (get_user(opt, (u32 __user *) optval)) {
827 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
828 set_bit(FLAG_DEFER_SETUP, &chan->flags);
830 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
831 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
836 if (get_user(opt, (u32 __user *) optval)) {
841 if (opt > BT_FLUSHABLE_ON) {
846 if (opt == BT_FLUSHABLE_OFF) {
848 /* proceed further only when we have l2cap_conn and
849 No Flush support in the LM */
850 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
857 set_bit(FLAG_FLUSHABLE, &chan->flags);
859 clear_bit(FLAG_FLUSHABLE, &chan->flags);
863 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
864 chan->chan_type != L2CAP_CHAN_RAW) {
869 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
871 len = min_t(unsigned int, sizeof(pwr), optlen);
872 if (copy_from_user((char *) &pwr, optval, len)) {
877 if (pwr.force_active)
878 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
883 case BT_CHANNEL_POLICY:
884 if (get_user(opt, (u32 __user *) optval)) {
889 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
894 if (chan->mode != L2CAP_MODE_ERTM &&
895 chan->mode != L2CAP_MODE_STREAMING) {
900 chan->chan_policy = (u8) opt;
902 if (sk->sk_state == BT_CONNECTED &&
903 chan->move_role == L2CAP_MOVE_ROLE_NONE)
904 l2cap_move_start(chan);
909 if (!bdaddr_type_is_le(chan->src_type)) {
914 /* Setting is not supported as it's the remote side that
921 if (!bdaddr_type_is_le(chan->src_type)) {
926 if (sk->sk_state == BT_CONNECTED) {
931 if (get_user(opt, (u32 __user *) optval)) {
948 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
949 struct msghdr *msg, size_t len)
951 struct sock *sk = sock->sk;
952 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
955 BT_DBG("sock %p, sk %p", sock, sk);
957 err = sock_error(sk);
961 if (msg->msg_flags & MSG_OOB)
964 if (sk->sk_state != BT_CONNECTED)
968 err = bt_sock_wait_ready(sk, msg->msg_flags);
973 l2cap_chan_lock(chan);
974 err = l2cap_chan_send(chan, msg, len);
975 l2cap_chan_unlock(chan);
980 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
981 struct msghdr *msg, size_t len, int flags)
983 struct sock *sk = sock->sk;
984 struct l2cap_pinfo *pi = l2cap_pi(sk);
989 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
990 &bt_sk(sk)->flags)) {
991 if (bdaddr_type_is_le(pi->chan->src_type)) {
992 sk->sk_state = BT_CONNECTED;
993 pi->chan->state = BT_CONNECTED;
994 __l2cap_le_connect_rsp_defer(pi->chan);
996 sk->sk_state = BT_CONFIG;
997 pi->chan->state = BT_CONFIG;
998 __l2cap_connect_rsp_defer(pi->chan);
1007 if (sock->type == SOCK_STREAM)
1008 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1010 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1012 if (pi->chan->mode != L2CAP_MODE_ERTM)
1015 /* Attempt to put pending rx data in the socket buffer */
1019 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1022 if (pi->rx_busy_skb) {
1023 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1024 pi->rx_busy_skb = NULL;
1029 /* Restore data flow when half of the receive buffer is
1030 * available. This avoids resending large numbers of
1033 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1034 l2cap_chan_busy(pi->chan, 0);
1041 /* Kill socket (only if zapped and orphan)
1042 * Must be called on unlocked socket.
1044 static void l2cap_sock_kill(struct sock *sk)
1046 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1049 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1051 /* Kill poor orphan */
1053 l2cap_chan_put(l2cap_pi(sk)->chan);
1054 sock_set_flag(sk, SOCK_DEAD);
1058 static int __l2cap_wait_ack(struct sock *sk)
1060 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1061 DECLARE_WAITQUEUE(wait, current);
1065 add_wait_queue(sk_sleep(sk), &wait);
1066 set_current_state(TASK_INTERRUPTIBLE);
1067 while (chan->unacked_frames > 0 && chan->conn) {
1071 if (signal_pending(current)) {
1072 err = sock_intr_errno(timeo);
1077 timeo = schedule_timeout(timeo);
1079 set_current_state(TASK_INTERRUPTIBLE);
1081 err = sock_error(sk);
1085 set_current_state(TASK_RUNNING);
1086 remove_wait_queue(sk_sleep(sk), &wait);
1090 static int l2cap_sock_shutdown(struct socket *sock, int how)
1092 struct sock *sk = sock->sk;
1093 struct l2cap_chan *chan;
1094 struct l2cap_conn *conn;
1097 BT_DBG("sock %p, sk %p", sock, sk);
1102 chan = l2cap_pi(sk)->chan;
1106 mutex_lock(&conn->chan_lock);
1108 l2cap_chan_lock(chan);
1111 if (!sk->sk_shutdown) {
1112 if (chan->mode == L2CAP_MODE_ERTM)
1113 err = __l2cap_wait_ack(sk);
1115 sk->sk_shutdown = SHUTDOWN_MASK;
1118 l2cap_chan_close(chan, 0);
1121 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1122 !(current->flags & PF_EXITING))
1123 err = bt_sock_wait_state(sk, BT_CLOSED,
1127 if (!err && sk->sk_err)
1131 l2cap_chan_unlock(chan);
1134 mutex_unlock(&conn->chan_lock);
1139 static int l2cap_sock_release(struct socket *sock)
1141 struct sock *sk = sock->sk;
1144 BT_DBG("sock %p, sk %p", sock, sk);
1149 bt_sock_unlink(&l2cap_sk_list, sk);
1151 err = l2cap_sock_shutdown(sock, 2);
1154 l2cap_sock_kill(sk);
1158 static void l2cap_sock_cleanup_listen(struct sock *parent)
1162 BT_DBG("parent %p", parent);
1164 /* Close not yet accepted channels */
1165 while ((sk = bt_accept_dequeue(parent, NULL))) {
1166 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1168 l2cap_chan_lock(chan);
1169 __clear_chan_timer(chan);
1170 l2cap_chan_close(chan, ECONNRESET);
1171 l2cap_chan_unlock(chan);
1173 l2cap_sock_kill(sk);
1177 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1179 struct sock *sk, *parent = chan->data;
1183 /* Check for backlog size */
1184 if (sk_acceptq_is_full(parent)) {
1185 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1186 release_sock(parent);
1190 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1193 release_sock(parent);
1197 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1199 l2cap_sock_init(sk, parent);
1201 bt_accept_enqueue(parent, sk);
1203 release_sock(parent);
1205 return l2cap_pi(sk)->chan;
1208 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1210 struct sock *sk = chan->data;
1215 if (l2cap_pi(sk)->rx_busy_skb) {
1220 err = sock_queue_rcv_skb(sk, skb);
1222 /* For ERTM, handle one skb that doesn't fit into the recv
1223 * buffer. This is important to do because the data frames
1224 * have already been acked, so the skb cannot be discarded.
1226 * Notify the l2cap core that the buffer is full, so the
1227 * LOCAL_BUSY state is entered and no more frames are
1228 * acked and reassembled until there is buffer space
1231 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1232 l2cap_pi(sk)->rx_busy_skb = skb;
1233 l2cap_chan_busy(chan, 1);
1243 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1245 struct sock *sk = chan->data;
1247 l2cap_sock_kill(sk);
1250 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1252 struct sock *sk = chan->data;
1253 struct sock *parent;
1255 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1257 parent = bt_sk(sk)->parent;
1259 sock_set_flag(sk, SOCK_ZAPPED);
1261 switch (chan->state) {
1267 l2cap_sock_cleanup_listen(sk);
1268 sk->sk_state = BT_CLOSED;
1269 chan->state = BT_CLOSED;
1273 sk->sk_state = BT_CLOSED;
1274 chan->state = BT_CLOSED;
1279 bt_accept_unlink(sk);
1280 parent->sk_data_ready(parent);
1282 sk->sk_state_change(sk);
1291 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1294 struct sock *sk = chan->data;
1296 sk->sk_state = state;
1302 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1303 unsigned long hdr_len,
1304 unsigned long len, int nb)
1306 struct sock *sk = chan->data;
1307 struct sk_buff *skb;
1310 l2cap_chan_unlock(chan);
1311 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1312 l2cap_chan_lock(chan);
1315 return ERR_PTR(err);
1317 skb->priority = sk->sk_priority;
1319 bt_cb(skb)->chan = chan;
1324 static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan,
1325 unsigned char *kdata,
1326 struct iovec *iov, int len)
1328 return memcpy_fromiovec(kdata, iov, len);
1331 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1333 struct sock *sk = chan->data;
1334 struct sock *parent;
1338 parent = bt_sk(sk)->parent;
1340 BT_DBG("sk %p, parent %p", sk, parent);
1342 sk->sk_state = BT_CONNECTED;
1343 sk->sk_state_change(sk);
1346 parent->sk_data_ready(parent);
1351 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1353 struct sock *parent, *sk = chan->data;
1357 parent = bt_sk(sk)->parent;
1359 parent->sk_data_ready(parent);
1364 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1366 struct sock *sk = chan->data;
1368 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1369 sk->sk_state = BT_CONNECTED;
1370 chan->state = BT_CONNECTED;
1373 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1374 sk->sk_state_change(sk);
1377 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1379 struct sock *sk = chan->data;
1382 sk->sk_shutdown = SHUTDOWN_MASK;
1386 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1388 struct sock *sk = chan->data;
1390 return sk->sk_sndtimeo;
1393 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1395 struct sock *sk = chan->data;
1397 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1398 sk->sk_state_change(sk);
1401 static const struct l2cap_ops l2cap_chan_ops = {
1402 .name = "L2CAP Socket Interface",
1403 .new_connection = l2cap_sock_new_connection_cb,
1404 .recv = l2cap_sock_recv_cb,
1405 .close = l2cap_sock_close_cb,
1406 .teardown = l2cap_sock_teardown_cb,
1407 .state_change = l2cap_sock_state_change_cb,
1408 .ready = l2cap_sock_ready_cb,
1409 .defer = l2cap_sock_defer_cb,
1410 .resume = l2cap_sock_resume_cb,
1411 .suspend = l2cap_sock_suspend_cb,
1412 .set_shutdown = l2cap_sock_set_shutdown_cb,
1413 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1414 .alloc_skb = l2cap_sock_alloc_skb_cb,
1415 .memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb,
1418 static void l2cap_sock_destruct(struct sock *sk)
1420 BT_DBG("sk %p", sk);
1422 if (l2cap_pi(sk)->chan)
1423 l2cap_chan_put(l2cap_pi(sk)->chan);
1425 if (l2cap_pi(sk)->rx_busy_skb) {
1426 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1427 l2cap_pi(sk)->rx_busy_skb = NULL;
1430 skb_queue_purge(&sk->sk_receive_queue);
1431 skb_queue_purge(&sk->sk_write_queue);
1434 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1437 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1439 memset(la, 0, sizeof(struct sockaddr_l2));
1440 la->l2_family = AF_BLUETOOTH;
1441 la->l2_psm = bt_cb(skb)->psm;
1442 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1444 *msg_namelen = sizeof(struct sockaddr_l2);
1447 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1449 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1451 BT_DBG("sk %p", sk);
1454 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1456 sk->sk_type = parent->sk_type;
1457 bt_sk(sk)->flags = bt_sk(parent)->flags;
1459 chan->chan_type = pchan->chan_type;
1460 chan->imtu = pchan->imtu;
1461 chan->omtu = pchan->omtu;
1462 chan->conf_state = pchan->conf_state;
1463 chan->mode = pchan->mode;
1464 chan->fcs = pchan->fcs;
1465 chan->max_tx = pchan->max_tx;
1466 chan->tx_win = pchan->tx_win;
1467 chan->tx_win_max = pchan->tx_win_max;
1468 chan->sec_level = pchan->sec_level;
1469 chan->flags = pchan->flags;
1470 chan->tx_credits = pchan->tx_credits;
1471 chan->rx_credits = pchan->rx_credits;
1473 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1474 chan->scid = pchan->scid;
1475 chan->dcid = pchan->scid;
1478 security_sk_clone(parent, sk);
1480 switch (sk->sk_type) {
1482 chan->chan_type = L2CAP_CHAN_RAW;
1485 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1486 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1488 case SOCK_SEQPACKET:
1490 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1494 chan->imtu = L2CAP_DEFAULT_MTU;
1496 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1497 chan->mode = L2CAP_MODE_ERTM;
1498 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1500 chan->mode = L2CAP_MODE_BASIC;
1503 l2cap_chan_set_defaults(chan);
1506 /* Set default lock nesting level */
1507 atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL);
1509 /* Default config options */
1510 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1513 chan->ops = &l2cap_chan_ops;
1516 static struct proto l2cap_proto = {
1518 .owner = THIS_MODULE,
1519 .obj_size = sizeof(struct l2cap_pinfo)
1522 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1523 int proto, gfp_t prio)
1526 struct l2cap_chan *chan;
1528 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1532 sock_init_data(sock, sk);
1533 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1535 sk->sk_destruct = l2cap_sock_destruct;
1536 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1538 sock_reset_flag(sk, SOCK_ZAPPED);
1540 sk->sk_protocol = proto;
1541 sk->sk_state = BT_OPEN;
1543 chan = l2cap_chan_create();
1549 l2cap_chan_hold(chan);
1551 l2cap_pi(sk)->chan = chan;
1556 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1561 BT_DBG("sock %p", sock);
1563 sock->state = SS_UNCONNECTED;
1565 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1566 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1567 return -ESOCKTNOSUPPORT;
1569 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1572 sock->ops = &l2cap_sock_ops;
1574 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1578 l2cap_sock_init(sk, NULL);
1579 bt_sock_link(&l2cap_sk_list, sk);
1583 static const struct proto_ops l2cap_sock_ops = {
1584 .family = PF_BLUETOOTH,
1585 .owner = THIS_MODULE,
1586 .release = l2cap_sock_release,
1587 .bind = l2cap_sock_bind,
1588 .connect = l2cap_sock_connect,
1589 .listen = l2cap_sock_listen,
1590 .accept = l2cap_sock_accept,
1591 .getname = l2cap_sock_getname,
1592 .sendmsg = l2cap_sock_sendmsg,
1593 .recvmsg = l2cap_sock_recvmsg,
1594 .poll = bt_sock_poll,
1595 .ioctl = bt_sock_ioctl,
1596 .mmap = sock_no_mmap,
1597 .socketpair = sock_no_socketpair,
1598 .shutdown = l2cap_sock_shutdown,
1599 .setsockopt = l2cap_sock_setsockopt,
1600 .getsockopt = l2cap_sock_getsockopt
1603 static const struct net_proto_family l2cap_sock_family_ops = {
1604 .family = PF_BLUETOOTH,
1605 .owner = THIS_MODULE,
1606 .create = l2cap_sock_create,
1609 int __init l2cap_init_sockets(void)
1613 err = proto_register(&l2cap_proto, 0);
1617 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1619 BT_ERR("L2CAP socket registration failed");
1623 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1626 BT_ERR("Failed to create L2CAP proc file");
1627 bt_sock_unregister(BTPROTO_L2CAP);
1631 BT_INFO("L2CAP socket layer initialized");
1636 proto_unregister(&l2cap_proto);
1640 void l2cap_cleanup_sockets(void)
1642 bt_procfs_cleanup(&init_net, "l2cap");
1643 bt_sock_unregister(BTPROTO_L2CAP);
1644 proto_unregister(&l2cap_proto);