projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Handle psm == 0 case inside l2cap_add_psm()
[linux-2.6-block.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25*/
26
27/* Bluetooth L2CAP sockets. */
28
29#include <net/bluetooth/bluetooth.h>
33575df7 30#include <net/bluetooth/hci_core.h>
bb58f747
GP		 31#include <net/bluetooth/l2cap.h>
32
cf2f90f5
GP		 33static const struct proto_ops l2cap_sock_ops;
34
6ddc0485 35/* ---- L2CAP timers ---- */
bb58f747
GP		 36static void l2cap_sock_timeout(unsigned long arg)
37{
38 struct sock *sk = (struct sock *) arg;
39 int reason;
40
41 BT_DBG("sock %p state %d", sk, sk->sk_state);
42
43 bh_lock_sock(sk);
44
45 if (sock_owned_by_user(sk)) {
46 /* sk is owned by user. Try again later */
47 l2cap_sock_set_timer(sk, HZ / 5);
48 bh_unlock_sock(sk);
49 sock_put(sk);
50 return;
51 }
52
53 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
54 reason = ECONNREFUSED;
55 else if (sk->sk_state == BT_CONNECT &&
4343478f 56 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
bb58f747
GP		 57 reason = ECONNREFUSED;
58 else
59 reason = ETIMEDOUT;
60
61 __l2cap_sock_close(sk, reason);
62
63 bh_unlock_sock(sk);
64
65 l2cap_sock_kill(sk);
66 sock_put(sk);
67}
68
6ddc0485
GP		 69void l2cap_sock_set_timer(struct sock *sk, long timeout)
70{
71 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
72 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
73}
74
75void l2cap_sock_clear_timer(struct sock *sk)
76{
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
78 sk_stop_timer(sk, &sk->sk_timer);
79}
80
af6bcd82
GP		 81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
4343478f 84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || addr->sa_family != AF_BLUETOOTH)
91 return -EINVAL;
92
93 memset(&la, 0, sizeof(la));
94 len = min_t(unsigned int, sizeof(la), alen);
95 memcpy(&la, addr, len);
96
b62f328b 97 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 98 return -EINVAL;
99
100 lock_sock(sk);
101
102 if (sk->sk_state != BT_OPEN) {
103 err = -EBADFD;
104 goto done;
105 }
106
107 if (la.l2_psm) {
108 __u16 psm = __le16_to_cpu(la.l2_psm);
109
110 /* PSM must be odd and lsb of upper byte must be 0 */
111 if ((psm & 0x0101) != 0x0001) {
112 err = -EINVAL;
113 goto done;
114 }
115
116 /* Restrict usage of well-known PSMs */
117 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
118 err = -EACCES;
119 goto done;
120 }
121 }
122
9e4425ff
GP		 123 if (la.l2_cid)
124 err = l2cap_add_scid(chan, la.l2_cid);
125 else
126 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 127
9e4425ff
GP		 128 if (err < 0)
129 goto done;
af6bcd82 130
9e4425ff
GP		 131 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
132 __le16_to_cpu(la.l2_psm) == 0x0003)
133 chan->sec_level = BT_SECURITY_SDP;
b62f328b 134
9e4425ff
GP		 135 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
136 sk->sk_state = BT_BOUND;
af6bcd82
GP		 137
138done:
139 release_sock(sk);
140 return err;
141}
142
4e34c50b
GP		 143static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
144{
145 struct sock *sk = sock->sk;
0c1bc5c6 146 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 147 struct sockaddr_l2 la;
148 int len, err = 0;
149
150 BT_DBG("sk %p", sk);
151
152 if (!addr || alen < sizeof(addr->sa_family) ||
153 addr->sa_family != AF_BLUETOOTH)
154 return -EINVAL;
155
156 memset(&la, 0, sizeof(la));
157 len = min_t(unsigned int, sizeof(la), alen);
158 memcpy(&la, addr, len);
159
acd7d370 160 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 161 return -EINVAL;
162
163 lock_sock(sk);
164
165 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
acd7d370 166 && !(la.l2_psm || la.l2_cid)) {
4e34c50b
GP		 167 err = -EINVAL;
168 goto done;
169 }
170
0c1bc5c6 171 switch (chan->mode) {
4e34c50b
GP		 172 case L2CAP_MODE_BASIC:
173 break;
174 case L2CAP_MODE_ERTM:
175 case L2CAP_MODE_STREAMING:
176 if (!disable_ertm)
177 break;
178 /* fall through */
179 default:
180 err = -ENOTSUPP;
181 goto done;
182 }
183
184 switch (sk->sk_state) {
185 case BT_CONNECT:
186 case BT_CONNECT2:
187 case BT_CONFIG:
188 /* Already connecting */
189 goto wait;
190
191 case BT_CONNECTED:
192 /* Already connected */
193 err = -EISCONN;
194 goto done;
195
196 case BT_OPEN:
197 case BT_BOUND:
198 /* Can connect */
199 break;
200
201 default:
202 err = -EBADFD;
203 goto done;
204 }
205
206 /* PSM must be odd and lsb of upper byte must be 0 */
207 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
acd7d370 208 sk->sk_type != SOCK_RAW && !la.l2_cid) {
4e34c50b
GP		 209 err = -EINVAL;
210 goto done;
211 }
212
213 /* Set destination address and psm */
214 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
fe4128e0
GP		 215 chan->psm = la.l2_psm;
216 chan->dcid = la.l2_cid;
4e34c50b 217
77a74c7e 218 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
4e34c50b
GP		 219 if (err)
220 goto done;
221
222wait:
223 err = bt_sock_wait_state(sk, BT_CONNECTED,
224 sock_sndtimeo(sk, flags & O_NONBLOCK));
225done:
226 release_sock(sk);
227 return err;
228}
229
af6bcd82
GP		 230static int l2cap_sock_listen(struct socket *sock, int backlog)
231{
232 struct sock *sk = sock->sk;
0c1bc5c6 233 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 234 int err = 0;
235
236 BT_DBG("sk %p backlog %d", sk, backlog);
237
238 lock_sock(sk);
239
240 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
241 || sk->sk_state != BT_BOUND) {
242 err = -EBADFD;
243 goto done;
244 }
245
0c1bc5c6 246 switch (chan->mode) {
af6bcd82
GP		 247 case L2CAP_MODE_BASIC:
248 break;
249 case L2CAP_MODE_ERTM:
250 case L2CAP_MODE_STREAMING:
251 if (!disable_ertm)
252 break;
253 /* fall through */
254 default:
255 err = -ENOTSUPP;
256 goto done;
257 }
258
af6bcd82
GP		 259 sk->sk_max_ack_backlog = backlog;
260 sk->sk_ack_backlog = 0;
261 sk->sk_state = BT_LISTEN;
262
263done:
264 release_sock(sk);
265 return err;
266}
267
c47b7c72
GP		 268static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
269{
270 DECLARE_WAITQUEUE(wait, current);
271 struct sock *sk = sock->sk, *nsk;
272 long timeo;
273 int err = 0;
274
275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
276
277 if (sk->sk_state != BT_LISTEN) {
278 err = -EBADFD;
279 goto done;
280 }
281
282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
283
284 BT_DBG("sk %p timeo %ld", sk, timeo);
285
286 /* Wait for an incoming connection. (wake-one). */
287 add_wait_queue_exclusive(sk_sleep(sk), &wait);
288 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
289 set_current_state(TASK_INTERRUPTIBLE);
290 if (!timeo) {
291 err = -EAGAIN;
292 break;
293 }
294
295 release_sock(sk);
296 timeo = schedule_timeout(timeo);
297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
298
299 if (sk->sk_state != BT_LISTEN) {
300 err = -EBADFD;
301 break;
302 }
303
304 if (signal_pending(current)) {
305 err = sock_intr_errno(timeo);
306 break;
307 }
308 }
309 set_current_state(TASK_RUNNING);
310 remove_wait_queue(sk_sleep(sk), &wait);
311
312 if (err)
313 goto done;
314
315 newsock->state = SS_CONNECTED;
316
317 BT_DBG("new socket %p", nsk);
318
319done:
320 release_sock(sk);
321 return err;
322}
323
d7175d55
GP		 324static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
325{
326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
327 struct sock *sk = sock->sk;
0c1bc5c6 328 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 329
330 BT_DBG("sock %p, sk %p", sock, sk);
331
332 addr->sa_family = AF_BLUETOOTH;
333 *len = sizeof(struct sockaddr_l2);
334
335 if (peer) {
fe4128e0 336 la->l2_psm = chan->psm;
d7175d55 337 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 338 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 339 } else {
0c1bc5c6 340 la->l2_psm = chan->sport;
d7175d55 341 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 342 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 343 }
344
345 return 0;
346}
347
99f4808d
GP		 348static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
349{
350 struct sock *sk = sock->sk;
4343478f 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 352 struct l2cap_options opts;
353 struct l2cap_conninfo cinfo;
354 int len, err = 0;
355 u32 opt;
356
357 BT_DBG("sk %p", sk);
358
359 if (get_user(len, optlen))
360 return -EFAULT;
361
362 lock_sock(sk);
363
364 switch (optname) {
365 case L2CAP_OPTIONS:
e3fb592b 366 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 367 opts.imtu = chan->imtu;
368 opts.omtu = chan->omtu;
369 opts.flush_to = chan->flush_to;
370 opts.mode = chan->mode;
47d1ec61
GP		 371 opts.fcs = chan->fcs;
372 opts.max_tx = chan->max_tx;
373 opts.txwin_size = (__u16)chan->tx_win;
99f4808d
GP		 374
375 len = min_t(unsigned int, len, sizeof(opts));
376 if (copy_to_user(optval, (char *) &opts, len))
377 err = -EFAULT;
378
379 break;
380
381 case L2CAP_LM:
4343478f 382 switch (chan->sec_level) {
99f4808d
GP		 383 case BT_SECURITY_LOW:
384 opt = L2CAP_LM_AUTH;
385 break;
386 case BT_SECURITY_MEDIUM:
387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
388 break;
389 case BT_SECURITY_HIGH:
390 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
391 L2CAP_LM_SECURE;
392 break;
393 default:
394 opt = 0;
395 break;
396 }
397
4343478f 398 if (chan->role_switch)
99f4808d
GP		 399 opt |= L2CAP_LM_MASTER;
400
4343478f 401 if (chan->force_reliable)
99f4808d
GP		 402 opt |= L2CAP_LM_RELIABLE;
403
404 if (put_user(opt, (u32 __user *) optval))
405 err = -EFAULT;
406 break;
407
408 case L2CAP_CONNINFO:
409 if (sk->sk_state != BT_CONNECTED &&
410 !(sk->sk_state == BT_CONNECT2 &&
411 bt_sk(sk)->defer_setup)) {
412 err = -ENOTCONN;
413 break;
414 }
415
8c1d787b
GP		 416 cinfo.hci_handle = chan->conn->hcon->handle;
417 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 418
419 len = min_t(unsigned int, len, sizeof(cinfo));
420 if (copy_to_user(optval, (char *) &cinfo, len))
421 err = -EFAULT;
422
423 break;
424
425 default:
426 err = -ENOPROTOOPT;
427 break;
428 }
429
430 release_sock(sk);
431 return err;
432}
433
434static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
435{
436 struct sock *sk = sock->sk;
4343478f 437 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 438 struct bt_security sec;
439 int len, err = 0;
440
441 BT_DBG("sk %p", sk);
442
443 if (level == SOL_L2CAP)
444 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
445
446 if (level != SOL_BLUETOOTH)
447 return -ENOPROTOOPT;
448
449 if (get_user(len, optlen))
450 return -EFAULT;
451
452 lock_sock(sk);
453
454 switch (optname) {
455 case BT_SECURITY:
456 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
457 && sk->sk_type != SOCK_RAW) {
458 err = -EINVAL;
459 break;
460 }
461
4343478f 462 sec.level = chan->sec_level;
99f4808d
GP		 463
464 len = min_t(unsigned int, len, sizeof(sec));
465 if (copy_to_user(optval, (char *) &sec, len))
466 err = -EFAULT;
467
468 break;
469
470 case BT_DEFER_SETUP:
471 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
472 err = -EINVAL;
473 break;
474 }
475
476 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
477 err = -EFAULT;
478
479 break;
480
481 case BT_FLUSHABLE:
4343478f 482 if (put_user(chan->flushable, (u32 __user *) optval))
99f4808d
GP		 483 err = -EFAULT;
484
485 break;
486
487 default:
488 err = -ENOPROTOOPT;
489 break;
490 }
491
492 release_sock(sk);
493 return err;
494}
495
33575df7
GP		 496static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
497{
498 struct sock *sk = sock->sk;
b4450035 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 500 struct l2cap_options opts;
501 int len, err = 0;
502 u32 opt;
503
504 BT_DBG("sk %p", sk);
505
506 lock_sock(sk);
507
508 switch (optname) {
509 case L2CAP_OPTIONS:
510 if (sk->sk_state == BT_CONNECTED) {
511 err = -EINVAL;
512 break;
513 }
514
0c1bc5c6
GP		 515 opts.imtu = chan->imtu;
516 opts.omtu = chan->omtu;
517 opts.flush_to = chan->flush_to;
518 opts.mode = chan->mode;
47d1ec61
GP		 519 opts.fcs = chan->fcs;
520 opts.max_tx = chan->max_tx;
521 opts.txwin_size = (__u16)chan->tx_win;
33575df7
GP		 522
523 len = min_t(unsigned int, sizeof(opts), optlen);
524 if (copy_from_user((char *) &opts, optval, len)) {
525 err = -EFAULT;
526 break;
527 }
528
529 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
530 err = -EINVAL;
531 break;
532 }
533
0c1bc5c6
GP		 534 chan->mode = opts.mode;
535 switch (chan->mode) {
33575df7 536 case L2CAP_MODE_BASIC:
b4450035 537 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
33575df7
GP		 538 break;
539 case L2CAP_MODE_ERTM:
540 case L2CAP_MODE_STREAMING:
541 if (!disable_ertm)
542 break;
543 /* fall through */
544 default:
545 err = -EINVAL;
546 break;
547 }
548
0c1bc5c6
GP		 549 chan->imtu = opts.imtu;
550 chan->omtu = opts.omtu;
47d1ec61
GP		 551 chan->fcs = opts.fcs;
552 chan->max_tx = opts.max_tx;
553 chan->tx_win = (__u8)opts.txwin_size;
33575df7
GP		 554 break;
555
556 case L2CAP_LM:
557 if (get_user(opt, (u32 __user *) optval)) {
558 err = -EFAULT;
559 break;
560 }
561
562 if (opt & L2CAP_LM_AUTH)
4343478f 563 chan->sec_level = BT_SECURITY_LOW;
33575df7 564 if (opt & L2CAP_LM_ENCRYPT)
4343478f 565 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 566 if (opt & L2CAP_LM_SECURE)
4343478f 567 chan->sec_level = BT_SECURITY_HIGH;
33575df7 568
4343478f
GP		 569 chan->role_switch = (opt & L2CAP_LM_MASTER);
570 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
33575df7
GP		 571 break;
572
573 default:
574 err = -ENOPROTOOPT;
575 break;
576 }
577
578 release_sock(sk);
579 return err;
580}
581
582static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
583{
584 struct sock *sk = sock->sk;
4343478f 585 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 586 struct bt_security sec;
587 int len, err = 0;
588 u32 opt;
589
590 BT_DBG("sk %p", sk);
591
592 if (level == SOL_L2CAP)
593 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
594
595 if (level != SOL_BLUETOOTH)
596 return -ENOPROTOOPT;
597
598 lock_sock(sk);
599
600 switch (optname) {
601 case BT_SECURITY:
602 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
603 && sk->sk_type != SOCK_RAW) {
604 err = -EINVAL;
605 break;
606 }
607
608 sec.level = BT_SECURITY_LOW;
609
610 len = min_t(unsigned int, sizeof(sec), optlen);
611 if (copy_from_user((char *) &sec, optval, len)) {
612 err = -EFAULT;
613 break;
614 }
615
616 if (sec.level < BT_SECURITY_LOW ||
617 sec.level > BT_SECURITY_HIGH) {
618 err = -EINVAL;
619 break;
620 }
621
4343478f 622 chan->sec_level = sec.level;
33575df7
GP		 623 break;
624
625 case BT_DEFER_SETUP:
626 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
627 err = -EINVAL;
628 break;
629 }
630
631 if (get_user(opt, (u32 __user *) optval)) {
632 err = -EFAULT;
633 break;
634 }
635
636 bt_sk(sk)->defer_setup = opt;
637 break;
638
639 case BT_FLUSHABLE:
640 if (get_user(opt, (u32 __user *) optval)) {
641 err = -EFAULT;
642 break;
643 }
644
645 if (opt > BT_FLUSHABLE_ON) {
646 err = -EINVAL;
647 break;
648 }
649
650 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 651 struct l2cap_conn *conn = chan->conn;
33575df7
GP		 652 /* proceed futher only when we have l2cap_conn and
653 No Flush support in the LM */
654 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
655 err = -EINVAL;
656 break;
657 }
658 }
659
4343478f 660 chan->flushable = opt;
33575df7
GP		 661 break;
662
663 default:
664 err = -ENOPROTOOPT;
665 break;
666 }
667
668 release_sock(sk);
669 return err;
670}
fd83ccdb
GP		 671
672static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
673{
674 struct sock *sk = sock->sk;
0c1bc5c6 675 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 676 struct sk_buff *skb;
677 u16 control;
678 int err;
679
680 BT_DBG("sock %p, sk %p", sock, sk);
681
682 err = sock_error(sk);
683 if (err)
684 return err;
685
686 if (msg->msg_flags & MSG_OOB)
687 return -EOPNOTSUPP;
688
689 lock_sock(sk);
690
691 if (sk->sk_state != BT_CONNECTED) {
692 err = -ENOTCONN;
693 goto done;
694 }
695
696 /* Connectionless channel */
697 if (sk->sk_type == SOCK_DGRAM) {
fe4128e0 698 skb = l2cap_create_connless_pdu(chan, msg, len);
fd83ccdb
GP		 699 if (IS_ERR(skb)) {
700 err = PTR_ERR(skb);
701 } else {
0c1bc5c6 702 l2cap_do_send(chan, skb);
fd83ccdb
GP		 703 err = len;
704 }
705 goto done;
706 }
707
0c1bc5c6 708 switch (chan->mode) {
fd83ccdb
GP		 709 case L2CAP_MODE_BASIC:
710 /* Check outgoing MTU */
0c1bc5c6 711 if (len > chan->omtu) {
fd83ccdb
GP		 712 err = -EMSGSIZE;
713 goto done;
714 }
715
716 /* Create a basic PDU */
fe4128e0 717 skb = l2cap_create_basic_pdu(chan, msg, len);
fd83ccdb
GP		 718 if (IS_ERR(skb)) {
719 err = PTR_ERR(skb);
720 goto done;
721 }
722
0c1bc5c6 723 l2cap_do_send(chan, skb);
fd83ccdb
GP		 724 err = len;
725 break;
726
727 case L2CAP_MODE_ERTM:
728 case L2CAP_MODE_STREAMING:
729 /* Entire SDU fits into one PDU */
0c1bc5c6 730 if (len <= chan->remote_mps) {
fd83ccdb 731 control = L2CAP_SDU_UNSEGMENTED;
0c1bc5c6
GP		 732 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
733 0);
fd83ccdb
GP		 734 if (IS_ERR(skb)) {
735 err = PTR_ERR(skb);
736 goto done;
737 }
0c1bc5c6 738 __skb_queue_tail(&chan->tx_q, skb);
fd83ccdb 739
0c1bc5c6
GP		 740 if (chan->tx_send_head == NULL)
741 chan->tx_send_head = skb;
fd83ccdb
GP		 742
743 } else {
744 /* Segment SDU into multiples PDUs */
0c1bc5c6 745 err = l2cap_sar_segment_sdu(chan, msg, len);
fd83ccdb
GP		 746 if (err < 0)
747 goto done;
748 }
749
0c1bc5c6
GP		 750 if (chan->mode == L2CAP_MODE_STREAMING) {
751 l2cap_streaming_send(chan);
525cd185
GP		 752 err = len;
753 break;
754 }
755
0c1bc5c6
GP		 756 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
757 (chan->conn_state & L2CAP_CONN_WAIT_F)) {
525cd185
GP		 758 err = len;
759 break;
fd83ccdb 760 }
0c1bc5c6 761 err = l2cap_ertm_send(chan);
fd83ccdb
GP		 762
763 if (err >= 0)
764 err = len;
765 break;
766
767 default:
0c1bc5c6 768 BT_DBG("bad state %1.1x", chan->mode);
fd83ccdb
GP		 769 err = -EBADFD;
770 }
771
772done:
773 release_sock(sk);
774 return err;
775}
33575df7 776
68983259
GP		 777static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
778{
779 struct sock *sk = sock->sk;
780
781 lock_sock(sk);
782
783 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
8c1d787b
GP		 784 sk->sk_state = BT_CONFIG;
785
786 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
68983259
GP		 787 release_sock(sk);
788 return 0;
789 }
790
791 release_sock(sk);
792
793 if (sock->type == SOCK_STREAM)
794 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
795
796 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
797}
798
05fc1576
GP		 799/* Kill socket (only if zapped and orphan)
800 * Must be called on unlocked socket.
801 */
802void l2cap_sock_kill(struct sock *sk)
803{
804 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
805 return;
806
807 BT_DBG("sk %p state %d", sk, sk->sk_state);
808
809 /* Kill poor orphan */
6ff5abbf
GP		 810
811 l2cap_chan_free(l2cap_pi(sk)->chan);
05fc1576
GP		 812 bt_sock_unlink(&l2cap_sk_list, sk);
813 sock_set_flag(sk, SOCK_DEAD);
814 sock_put(sk);
815}
816
6de0702b
GP		 817/* Must be called on unlocked socket. */
818static void l2cap_sock_close(struct sock *sk)
819{
820 l2cap_sock_clear_timer(sk);
821 lock_sock(sk);
822 __l2cap_sock_close(sk, ECONNRESET);
823 release_sock(sk);
824 l2cap_sock_kill(sk);
825}
826
827static void l2cap_sock_cleanup_listen(struct sock *parent)
828{
829 struct sock *sk;
830
831 BT_DBG("parent %p", parent);
832
833 /* Close not yet accepted channels */
834 while ((sk = bt_accept_dequeue(parent, NULL)))
835 l2cap_sock_close(sk);
836
837 parent->sk_state = BT_CLOSED;
838 sock_set_flag(parent, SOCK_ZAPPED);
839}
840
841void __l2cap_sock_close(struct sock *sk, int reason)
842{
e92c8e70 843 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
8c1d787b 844 struct l2cap_conn *conn = chan->conn;
5589fa9c 845
6de0702b
GP		 846 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
847
848 switch (sk->sk_state) {
849 case BT_LISTEN:
850 l2cap_sock_cleanup_listen(sk);
851 break;
852
853 case BT_CONNECTED:
854 case BT_CONFIG:
5589fa9c
VT		 855 if ((sk->sk_type == SOCK_SEQPACKET ||
856 sk->sk_type == SOCK_STREAM) &&
857 conn->hcon->type == ACL_LINK) {
6de0702b 858 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
e92c8e70 859 l2cap_send_disconn_req(conn, chan, reason);
6de0702b 860 } else
e92c8e70 861 l2cap_chan_del(chan, reason);
6de0702b
GP		 862 break;
863
864 case BT_CONNECT2:
5589fa9c
VT		 865 if ((sk->sk_type == SOCK_SEQPACKET ||
866 sk->sk_type == SOCK_STREAM) &&
867 conn->hcon->type == ACL_LINK) {
6de0702b
GP		 868 struct l2cap_conn_rsp rsp;
869 __u16 result;
870
871 if (bt_sk(sk)->defer_setup)
872 result = L2CAP_CR_SEC_BLOCK;
873 else
874 result = L2CAP_CR_BAD_PSM;
875
fe4128e0
GP		 876 rsp.scid = cpu_to_le16(chan->dcid);
877 rsp.dcid = cpu_to_le16(chan->scid);
6de0702b
GP		 878 rsp.result = cpu_to_le16(result);
879 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
e92c8e70
GP		 880 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
881 sizeof(rsp), &rsp);
34bd0273
AE		 882 }
883
e92c8e70 884 l2cap_chan_del(chan, reason);
6de0702b
GP		 885 break;
886
887 case BT_CONNECT:
888 case BT_DISCONN:
e92c8e70 889 l2cap_chan_del(chan, reason);
6de0702b
GP		 890 break;
891
892 default:
893 sock_set_flag(sk, SOCK_ZAPPED);
894 break;
895 }
896}
897
dcba0dba
GP		 898static int l2cap_sock_shutdown(struct socket *sock, int how)
899{
900 struct sock *sk = sock->sk;
0c1bc5c6 901 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
dcba0dba
GP		 902 int err = 0;
903
904 BT_DBG("sock %p, sk %p", sock, sk);
905
906 if (!sk)
907 return 0;
908
909 lock_sock(sk);
910 if (!sk->sk_shutdown) {
0c1bc5c6 911 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 912 err = __l2cap_wait_ack(sk);
913
914 sk->sk_shutdown = SHUTDOWN_MASK;
915 l2cap_sock_clear_timer(sk);
916 __l2cap_sock_close(sk, 0);
917
918 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
919 err = bt_sock_wait_state(sk, BT_CLOSED,
920 sk->sk_lingertime);
921 }
922
923 if (!err && sk->sk_err)
924 err = -sk->sk_err;
925
926 release_sock(sk);
927 return err;
928}
929
554f05bb
GP		 930static int l2cap_sock_release(struct socket *sock)
931{
932 struct sock *sk = sock->sk;
933 int err;
934
935 BT_DBG("sock %p, sk %p", sock, sk);
936
937 if (!sk)
938 return 0;
939
940 err = l2cap_sock_shutdown(sock, 2);
941
942 sock_orphan(sk);
943 l2cap_sock_kill(sk);
944 return err;
945}
946
bb58f747
GP		 947static void l2cap_sock_destruct(struct sock *sk)
948{
949 BT_DBG("sk %p", sk);
950
951 skb_queue_purge(&sk->sk_receive_queue);
952 skb_queue_purge(&sk->sk_write_queue);
953}
954
955void l2cap_sock_init(struct sock *sk, struct sock *parent)
956{
957 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 958 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 959
960 BT_DBG("sk %p", sk);
961
962 if (parent) {
b4450035
GP		 963 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
964
bb58f747
GP		 965 sk->sk_type = parent->sk_type;
966 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
967
0c1bc5c6
GP		 968 chan->imtu = pchan->imtu;
969 chan->omtu = pchan->omtu;
b4450035 970 chan->conf_state = pchan->conf_state;
0c1bc5c6 971 chan->mode = pchan->mode;
47d1ec61
GP		 972 chan->fcs = pchan->fcs;
973 chan->max_tx = pchan->max_tx;
974 chan->tx_win = pchan->tx_win;
4343478f
GP		 975 chan->sec_level = pchan->sec_level;
976 chan->role_switch = pchan->role_switch;
977 chan->force_reliable = pchan->force_reliable;
978 chan->flushable = pchan->flushable;
bb58f747 979 } else {
0c1bc5c6
GP		 980 chan->imtu = L2CAP_DEFAULT_MTU;
981 chan->omtu = 0;
bb58f747 982 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 983 chan->mode = L2CAP_MODE_ERTM;
b4450035 984 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
bb58f747 985 } else {
0c1bc5c6 986 chan->mode = L2CAP_MODE_BASIC;
bb58f747 987 }
47d1ec61
GP		 988 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
989 chan->fcs = L2CAP_FCS_CRC16;
990 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
4343478f
GP		 991 chan->sec_level = BT_SECURITY_LOW;
992 chan->role_switch = 0;
993 chan->force_reliable = 0;
994 chan->flushable = BT_FLUSHABLE_OFF;
bb58f747
GP		 995 }
996
997 /* Default config options */
0c1bc5c6 998 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
bb58f747
GP		 999}
1000
1001static struct proto l2cap_proto = {
1002 .name = "L2CAP",
1003 .owner = THIS_MODULE,
1004 .obj_size = sizeof(struct l2cap_pinfo)
1005};
1006
1007struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1008{
1009 struct sock *sk;
1010
1011 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1012 if (!sk)
1013 return NULL;
1014
1015 sock_init_data(sock, sk);
1016 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1017
1018 sk->sk_destruct = l2cap_sock_destruct;
1019 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1020
1021 sock_reset_flag(sk, SOCK_ZAPPED);
1022
1023 sk->sk_protocol = proto;
1024 sk->sk_state = BT_OPEN;
1025
1026 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1027
1028 bt_sock_link(&l2cap_sk_list, sk);
1029 return sk;
1030}
1031
1032static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1033 int kern)
1034{
1035 struct sock *sk;
5d41ce1d 1036 struct l2cap_chan *chan;
bb58f747
GP		 1037
1038 BT_DBG("sock %p", sock);
1039
1040 sock->state = SS_UNCONNECTED;
1041
1042 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1043 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1044 return -ESOCKTNOSUPPORT;
1045
1046 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1047 return -EPERM;
1048
1049 sock->ops = &l2cap_sock_ops;
1050
1051 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1052 if (!sk)
1053 return -ENOMEM;
1054
5d41ce1d
GP		 1055 chan = l2cap_chan_alloc(sk);
1056 if (!chan) {
1057 l2cap_sock_kill(sk);
1058 return -ENOMEM;
1059 }
1060
1061 l2cap_pi(sk)->chan = chan;
1062
bb58f747
GP		 1063 l2cap_sock_init(sk, NULL);
1064 return 0;
1065}
1066
cf2f90f5 1067static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1068 .family = PF_BLUETOOTH,
1069 .owner = THIS_MODULE,
1070 .release = l2cap_sock_release,
1071 .bind = l2cap_sock_bind,
1072 .connect = l2cap_sock_connect,
1073 .listen = l2cap_sock_listen,
1074 .accept = l2cap_sock_accept,
1075 .getname = l2cap_sock_getname,
1076 .sendmsg = l2cap_sock_sendmsg,
1077 .recvmsg = l2cap_sock_recvmsg,
1078 .poll = bt_sock_poll,
1079 .ioctl = bt_sock_ioctl,
1080 .mmap = sock_no_mmap,
1081 .socketpair = sock_no_socketpair,
1082 .shutdown = l2cap_sock_shutdown,
1083 .setsockopt = l2cap_sock_setsockopt,
1084 .getsockopt = l2cap_sock_getsockopt
1085};
1086
bb58f747
GP		 1087static const struct net_proto_family l2cap_sock_family_ops = {
1088 .family = PF_BLUETOOTH,
1089 .owner = THIS_MODULE,
1090 .create = l2cap_sock_create,
1091};
1092
1093int __init l2cap_init_sockets(void)
1094{
e2174ca4 1095 int err;
bb58f747 1096
e2174ca4
GP		 1097 err = proto_register(&l2cap_proto, 0);
1098 if (err < 0)
1099 return err;
bb58f747 1100
e2174ca4
GP		 1101 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1102 if (err < 0)
1103 goto error;
bb58f747 1104
e2174ca4 1105 BT_INFO("L2CAP socket layer initialized");
bb58f747 1106
e2174ca4 1107 return 0;
bb58f747
GP		 1108
1109error:
e2174ca4
GP		 1110 BT_ERR("L2CAP socket registration failed");
1111 proto_unregister(&l2cap_proto);
1112 return err;
bb58f747
GP		 1113}
1114
1115void l2cap_cleanup_sockets(void)
1116{
e2174ca4
GP		 1117 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1118 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1119
e2174ca4 1120 proto_unregister(&l2cap_proto);
bb58f747 1121}
Linux 6.x block layer and io_uring tree(s)