2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
49 bool l2cap_is_socket(struct socket *sock)
51 return sock && sock->ops == &l2cap_sock_ops;
53 EXPORT_SYMBOL(l2cap_is_socket);
55 static int l2cap_validate_bredr_psm(u16 psm)
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
68 static int l2cap_validate_le_psm(u16 psm)
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
98 if (la.l2_cid && la.l2_psm)
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
113 if (sk->sk_state != BT_OPEN) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
124 err = l2cap_validate_le_psm(psm);
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
152 chan->sec_level = BT_SECURITY_SDP;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
193 if (la.l2_cid && la.l2_psm)
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
222 chan->src_type = BDADDR_LE_PUBLIC;
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
259 BT_DBG("sk %p backlog %d", sk, backlog);
263 if (sk->sk_state != BT_BOUND) {
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
316 BT_DBG("sk %p timeo %ld", sk, timeo);
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
321 if (sk->sk_state != BT_LISTEN) {
326 nsk = bt_accept_dequeue(sk, newsock);
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
346 remove_wait_queue(sk_sleep(sk), &wait);
351 newsock->state = SS_CONNECTED;
353 BT_DBG("new socket %p", nsk);
360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
367 BT_DBG("sock %p, sk %p", sock, sk);
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
376 *len = sizeof(struct sockaddr_l2);
378 la->l2_psm = chan->psm;
381 bacpy(&la->l2_bdaddr, &chan->dst);
382 la->l2_cid = cpu_to_le16(chan->dcid);
383 la->l2_bdaddr_type = chan->dst_type;
385 bacpy(&la->l2_bdaddr, &chan->src);
386 la->l2_cid = cpu_to_le16(chan->scid);
387 la->l2_bdaddr_type = chan->src_type;
393 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
394 char __user *optval, int __user *optlen)
396 struct sock *sk = sock->sk;
397 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
398 struct l2cap_options opts;
399 struct l2cap_conninfo cinfo;
405 if (get_user(len, optlen))
412 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
413 * legacy ATT code depends on getsockopt for
414 * L2CAP_OPTIONS we need to let this pass.
416 if (bdaddr_type_is_le(chan->src_type) &&
417 chan->scid != L2CAP_CID_ATT) {
422 memset(&opts, 0, sizeof(opts));
423 opts.imtu = chan->imtu;
424 opts.omtu = chan->omtu;
425 opts.flush_to = chan->flush_to;
426 opts.mode = chan->mode;
427 opts.fcs = chan->fcs;
428 opts.max_tx = chan->max_tx;
429 opts.txwin_size = chan->tx_win;
431 len = min_t(unsigned int, len, sizeof(opts));
432 if (copy_to_user(optval, (char *) &opts, len))
438 switch (chan->sec_level) {
439 case BT_SECURITY_LOW:
442 case BT_SECURITY_MEDIUM:
443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
445 case BT_SECURITY_HIGH:
446 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
449 case BT_SECURITY_FIPS:
450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
451 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
458 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
459 opt |= L2CAP_LM_MASTER;
461 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
462 opt |= L2CAP_LM_RELIABLE;
464 if (put_user(opt, (u32 __user *) optval))
470 if (sk->sk_state != BT_CONNECTED &&
471 !(sk->sk_state == BT_CONNECT2 &&
472 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
477 memset(&cinfo, 0, sizeof(cinfo));
478 cinfo.hci_handle = chan->conn->hcon->handle;
479 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
481 len = min_t(unsigned int, len, sizeof(cinfo));
482 if (copy_to_user(optval, (char *) &cinfo, len))
496 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
497 char __user *optval, int __user *optlen)
499 struct sock *sk = sock->sk;
500 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
501 struct bt_security sec;
507 if (level == SOL_L2CAP)
508 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
510 if (level != SOL_BLUETOOTH)
513 if (get_user(len, optlen))
520 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
521 chan->chan_type != L2CAP_CHAN_FIXED &&
522 chan->chan_type != L2CAP_CHAN_RAW) {
527 memset(&sec, 0, sizeof(sec));
529 sec.level = chan->conn->hcon->sec_level;
531 if (sk->sk_state == BT_CONNECTED)
532 sec.key_size = chan->conn->hcon->enc_key_size;
534 sec.level = chan->sec_level;
537 len = min_t(unsigned int, len, sizeof(sec));
538 if (copy_to_user(optval, (char *) &sec, len))
544 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
549 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
550 (u32 __user *) optval))
556 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
557 (u32 __user *) optval))
563 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
564 && sk->sk_type != SOCK_RAW) {
569 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
571 len = min_t(unsigned int, len, sizeof(pwr));
572 if (copy_to_user(optval, (char *) &pwr, len))
577 case BT_CHANNEL_POLICY:
578 if (put_user(chan->chan_policy, (u32 __user *) optval))
583 if (!bdaddr_type_is_le(chan->src_type)) {
588 if (sk->sk_state != BT_CONNECTED) {
593 if (put_user(chan->omtu, (u16 __user *) optval))
598 if (!bdaddr_type_is_le(chan->src_type)) {
603 if (put_user(chan->imtu, (u16 __user *) optval))
616 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
618 switch (chan->scid) {
620 if (mtu < L2CAP_LE_MIN_MTU)
625 if (mtu < L2CAP_DEFAULT_MIN_MTU)
632 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
633 char __user *optval, unsigned int optlen)
635 struct sock *sk = sock->sk;
636 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
637 struct l2cap_options opts;
647 if (bdaddr_type_is_le(chan->src_type)) {
652 if (sk->sk_state == BT_CONNECTED) {
657 opts.imtu = chan->imtu;
658 opts.omtu = chan->omtu;
659 opts.flush_to = chan->flush_to;
660 opts.mode = chan->mode;
661 opts.fcs = chan->fcs;
662 opts.max_tx = chan->max_tx;
663 opts.txwin_size = chan->tx_win;
665 len = min_t(unsigned int, sizeof(opts), optlen);
666 if (copy_from_user((char *) &opts, optval, len)) {
671 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
676 if (!l2cap_valid_mtu(chan, opts.imtu)) {
681 chan->mode = opts.mode;
682 switch (chan->mode) {
683 case L2CAP_MODE_LE_FLOWCTL:
685 case L2CAP_MODE_BASIC:
686 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
688 case L2CAP_MODE_ERTM:
689 case L2CAP_MODE_STREAMING:
698 chan->imtu = opts.imtu;
699 chan->omtu = opts.omtu;
700 chan->fcs = opts.fcs;
701 chan->max_tx = opts.max_tx;
702 chan->tx_win = opts.txwin_size;
703 chan->flush_to = opts.flush_to;
707 if (get_user(opt, (u32 __user *) optval)) {
712 if (opt & L2CAP_LM_FIPS) {
717 if (opt & L2CAP_LM_AUTH)
718 chan->sec_level = BT_SECURITY_LOW;
719 if (opt & L2CAP_LM_ENCRYPT)
720 chan->sec_level = BT_SECURITY_MEDIUM;
721 if (opt & L2CAP_LM_SECURE)
722 chan->sec_level = BT_SECURITY_HIGH;
724 if (opt & L2CAP_LM_MASTER)
725 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
727 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
729 if (opt & L2CAP_LM_RELIABLE)
730 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
732 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
744 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
745 char __user *optval, unsigned int optlen)
747 struct sock *sk = sock->sk;
748 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
749 struct bt_security sec;
751 struct l2cap_conn *conn;
757 if (level == SOL_L2CAP)
758 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
760 if (level != SOL_BLUETOOTH)
767 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
768 chan->chan_type != L2CAP_CHAN_FIXED &&
769 chan->chan_type != L2CAP_CHAN_RAW) {
774 sec.level = BT_SECURITY_LOW;
776 len = min_t(unsigned int, sizeof(sec), optlen);
777 if (copy_from_user((char *) &sec, optval, len)) {
782 if (sec.level < BT_SECURITY_LOW ||
783 sec.level > BT_SECURITY_FIPS) {
788 chan->sec_level = sec.level;
795 /*change security for LE channels */
796 if (chan->scid == L2CAP_CID_ATT) {
797 if (smp_conn_security(conn->hcon, sec.level))
799 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
800 sk->sk_state = BT_CONFIG;
801 chan->state = BT_CONFIG;
803 /* or for ACL link */
804 } else if ((sk->sk_state == BT_CONNECT2 &&
805 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
806 sk->sk_state == BT_CONNECTED) {
807 if (!l2cap_chan_check_security(chan, true))
808 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
810 sk->sk_state_change(sk);
817 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
822 if (get_user(opt, (u32 __user *) optval)) {
828 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
829 set_bit(FLAG_DEFER_SETUP, &chan->flags);
831 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
837 if (get_user(opt, (u32 __user *) optval)) {
842 if (opt > BT_FLUSHABLE_ON) {
847 if (opt == BT_FLUSHABLE_OFF) {
849 /* proceed further only when we have l2cap_conn and
850 No Flush support in the LM */
851 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
858 set_bit(FLAG_FLUSHABLE, &chan->flags);
860 clear_bit(FLAG_FLUSHABLE, &chan->flags);
864 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
865 chan->chan_type != L2CAP_CHAN_RAW) {
870 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
872 len = min_t(unsigned int, sizeof(pwr), optlen);
873 if (copy_from_user((char *) &pwr, optval, len)) {
878 if (pwr.force_active)
879 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
881 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
884 case BT_CHANNEL_POLICY:
885 if (get_user(opt, (u32 __user *) optval)) {
890 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
895 if (chan->mode != L2CAP_MODE_ERTM &&
896 chan->mode != L2CAP_MODE_STREAMING) {
901 chan->chan_policy = (u8) opt;
903 if (sk->sk_state == BT_CONNECTED &&
904 chan->move_role == L2CAP_MOVE_ROLE_NONE)
905 l2cap_move_start(chan);
910 if (!bdaddr_type_is_le(chan->src_type)) {
915 /* Setting is not supported as it's the remote side that
922 if (!bdaddr_type_is_le(chan->src_type)) {
927 if (sk->sk_state == BT_CONNECTED) {
932 if (get_user(opt, (u16 __user *) optval)) {
949 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
952 struct sock *sk = sock->sk;
953 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
956 BT_DBG("sock %p, sk %p", sock, sk);
958 err = sock_error(sk);
962 if (msg->msg_flags & MSG_OOB)
965 if (sk->sk_state != BT_CONNECTED)
969 err = bt_sock_wait_ready(sk, msg->msg_flags);
974 l2cap_chan_lock(chan);
975 err = l2cap_chan_send(chan, msg, len);
976 l2cap_chan_unlock(chan);
981 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
982 size_t len, int flags)
984 struct sock *sk = sock->sk;
985 struct l2cap_pinfo *pi = l2cap_pi(sk);
990 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
991 &bt_sk(sk)->flags)) {
992 if (bdaddr_type_is_le(pi->chan->src_type)) {
993 sk->sk_state = BT_CONNECTED;
994 pi->chan->state = BT_CONNECTED;
995 __l2cap_le_connect_rsp_defer(pi->chan);
997 sk->sk_state = BT_CONFIG;
998 pi->chan->state = BT_CONFIG;
999 __l2cap_connect_rsp_defer(pi->chan);
1008 if (sock->type == SOCK_STREAM)
1009 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1011 err = bt_sock_recvmsg(sock, msg, len, flags);
1013 if (pi->chan->mode != L2CAP_MODE_ERTM)
1016 /* Attempt to put pending rx data in the socket buffer */
1020 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1023 if (pi->rx_busy_skb) {
1024 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1025 pi->rx_busy_skb = NULL;
1030 /* Restore data flow when half of the receive buffer is
1031 * available. This avoids resending large numbers of
1034 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1035 l2cap_chan_busy(pi->chan, 0);
1042 /* Kill socket (only if zapped and orphan)
1043 * Must be called on unlocked socket.
1045 static void l2cap_sock_kill(struct sock *sk)
1047 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1050 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1052 /* Kill poor orphan */
1054 l2cap_chan_put(l2cap_pi(sk)->chan);
1055 sock_set_flag(sk, SOCK_DEAD);
1059 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1061 DECLARE_WAITQUEUE(wait, current);
1063 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1064 /* Timeout to prevent infinite loop */
1065 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1067 add_wait_queue(sk_sleep(sk), &wait);
1068 set_current_state(TASK_INTERRUPTIBLE);
1070 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1071 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1072 jiffies_to_msecs(timeout - jiffies));
1075 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1077 if (signal_pending(current)) {
1078 err = sock_intr_errno(timeo);
1083 timeo = schedule_timeout(timeo);
1085 set_current_state(TASK_INTERRUPTIBLE);
1087 err = sock_error(sk);
1091 if (time_after(jiffies, timeout)) {
1096 } while (chan->unacked_frames > 0 &&
1097 chan->state == BT_CONNECTED);
1099 set_current_state(TASK_RUNNING);
1100 remove_wait_queue(sk_sleep(sk), &wait);
1104 static int l2cap_sock_shutdown(struct socket *sock, int how)
1106 struct sock *sk = sock->sk;
1107 struct l2cap_chan *chan;
1108 struct l2cap_conn *conn;
1111 BT_DBG("sock %p, sk %p", sock, sk);
1118 if (sk->sk_shutdown)
1119 goto shutdown_already;
1121 BT_DBG("Handling sock shutdown");
1123 /* prevent sk structure from being freed whilst unlocked */
1126 chan = l2cap_pi(sk)->chan;
1127 /* prevent chan structure from being freed whilst unlocked */
1128 l2cap_chan_hold(chan);
1130 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1132 if (chan->mode == L2CAP_MODE_ERTM &&
1133 chan->unacked_frames > 0 &&
1134 chan->state == BT_CONNECTED) {
1135 err = __l2cap_wait_ack(sk, chan);
1137 /* After waiting for ACKs, check whether shutdown
1138 * has already been actioned to close the L2CAP
1139 * link such as by l2cap_disconnection_req().
1141 if (sk->sk_shutdown)
1145 sk->sk_shutdown = SHUTDOWN_MASK;
1148 l2cap_chan_lock(chan);
1151 /* prevent conn structure from being freed */
1152 l2cap_conn_get(conn);
1153 l2cap_chan_unlock(chan);
1156 /* mutex lock must be taken before l2cap_chan_lock() */
1157 mutex_lock(&conn->chan_lock);
1159 l2cap_chan_lock(chan);
1160 l2cap_chan_close(chan, 0);
1161 l2cap_chan_unlock(chan);
1164 mutex_unlock(&conn->chan_lock);
1165 l2cap_conn_put(conn);
1170 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1171 !(current->flags & PF_EXITING))
1172 err = bt_sock_wait_state(sk, BT_CLOSED,
1176 l2cap_chan_put(chan);
1180 if (!err && sk->sk_err)
1185 BT_DBG("Sock shutdown complete err: %d", err);
1190 static int l2cap_sock_release(struct socket *sock)
1192 struct sock *sk = sock->sk;
1195 BT_DBG("sock %p, sk %p", sock, sk);
1200 bt_sock_unlink(&l2cap_sk_list, sk);
1202 err = l2cap_sock_shutdown(sock, 2);
1205 l2cap_sock_kill(sk);
1209 static void l2cap_sock_cleanup_listen(struct sock *parent)
1213 BT_DBG("parent %p state %s", parent,
1214 state_to_string(parent->sk_state));
1216 /* Close not yet accepted channels */
1217 while ((sk = bt_accept_dequeue(parent, NULL))) {
1218 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1220 BT_DBG("child chan %p state %s", chan,
1221 state_to_string(chan->state));
1223 l2cap_chan_lock(chan);
1224 __clear_chan_timer(chan);
1225 l2cap_chan_close(chan, ECONNRESET);
1226 l2cap_chan_unlock(chan);
1228 l2cap_sock_kill(sk);
1232 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1234 struct sock *sk, *parent = chan->data;
1238 /* Check for backlog size */
1239 if (sk_acceptq_is_full(parent)) {
1240 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1241 release_sock(parent);
1245 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1248 release_sock(parent);
1252 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1254 l2cap_sock_init(sk, parent);
1256 bt_accept_enqueue(parent, sk);
1258 release_sock(parent);
1260 return l2cap_pi(sk)->chan;
1263 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1265 struct sock *sk = chan->data;
1270 if (l2cap_pi(sk)->rx_busy_skb) {
1275 if (chan->mode != L2CAP_MODE_ERTM &&
1276 chan->mode != L2CAP_MODE_STREAMING) {
1277 /* Even if no filter is attached, we could potentially
1278 * get errors from security modules, etc.
1280 err = sk_filter(sk, skb);
1285 err = __sock_queue_rcv_skb(sk, skb);
1287 /* For ERTM, handle one skb that doesn't fit into the recv
1288 * buffer. This is important to do because the data frames
1289 * have already been acked, so the skb cannot be discarded.
1291 * Notify the l2cap core that the buffer is full, so the
1292 * LOCAL_BUSY state is entered and no more frames are
1293 * acked and reassembled until there is buffer space
1296 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1297 l2cap_pi(sk)->rx_busy_skb = skb;
1298 l2cap_chan_busy(chan, 1);
1308 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1310 struct sock *sk = chan->data;
1312 l2cap_sock_kill(sk);
1315 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1317 struct sock *sk = chan->data;
1318 struct sock *parent;
1320 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1322 /* This callback can be called both for server (BT_LISTEN)
1323 * sockets as well as "normal" ones. To avoid lockdep warnings
1324 * with child socket locking (through l2cap_sock_cleanup_listen)
1325 * we need separation into separate nesting levels. The simplest
1326 * way to accomplish this is to inherit the nesting level used
1329 lock_sock_nested(sk, atomic_read(&chan->nesting));
1331 parent = bt_sk(sk)->parent;
1333 sock_set_flag(sk, SOCK_ZAPPED);
1335 switch (chan->state) {
1341 l2cap_sock_cleanup_listen(sk);
1342 sk->sk_state = BT_CLOSED;
1343 chan->state = BT_CLOSED;
1347 sk->sk_state = BT_CLOSED;
1348 chan->state = BT_CLOSED;
1353 bt_accept_unlink(sk);
1354 parent->sk_data_ready(parent);
1356 sk->sk_state_change(sk);
1365 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1368 struct sock *sk = chan->data;
1370 sk->sk_state = state;
1376 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1377 unsigned long hdr_len,
1378 unsigned long len, int nb)
1380 struct sock *sk = chan->data;
1381 struct sk_buff *skb;
1384 l2cap_chan_unlock(chan);
1385 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1386 l2cap_chan_lock(chan);
1389 return ERR_PTR(err);
1391 skb->priority = sk->sk_priority;
1393 bt_cb(skb)->l2cap.chan = chan;
1398 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1400 struct sock *sk = chan->data;
1401 struct sock *parent;
1405 parent = bt_sk(sk)->parent;
1407 BT_DBG("sk %p, parent %p", sk, parent);
1409 sk->sk_state = BT_CONNECTED;
1410 sk->sk_state_change(sk);
1413 parent->sk_data_ready(parent);
1418 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1420 struct sock *parent, *sk = chan->data;
1424 parent = bt_sk(sk)->parent;
1426 parent->sk_data_ready(parent);
1431 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1433 struct sock *sk = chan->data;
1435 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1436 sk->sk_state = BT_CONNECTED;
1437 chan->state = BT_CONNECTED;
1440 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1441 sk->sk_state_change(sk);
1444 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1446 struct sock *sk = chan->data;
1449 sk->sk_shutdown = SHUTDOWN_MASK;
1453 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1455 struct sock *sk = chan->data;
1457 return sk->sk_sndtimeo;
1460 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1462 struct sock *sk = chan->data;
1464 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1465 sk->sk_state_change(sk);
1468 static const struct l2cap_ops l2cap_chan_ops = {
1469 .name = "L2CAP Socket Interface",
1470 .new_connection = l2cap_sock_new_connection_cb,
1471 .recv = l2cap_sock_recv_cb,
1472 .close = l2cap_sock_close_cb,
1473 .teardown = l2cap_sock_teardown_cb,
1474 .state_change = l2cap_sock_state_change_cb,
1475 .ready = l2cap_sock_ready_cb,
1476 .defer = l2cap_sock_defer_cb,
1477 .resume = l2cap_sock_resume_cb,
1478 .suspend = l2cap_sock_suspend_cb,
1479 .set_shutdown = l2cap_sock_set_shutdown_cb,
1480 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1481 .alloc_skb = l2cap_sock_alloc_skb_cb,
1484 static void l2cap_sock_destruct(struct sock *sk)
1486 BT_DBG("sk %p", sk);
1488 if (l2cap_pi(sk)->chan)
1489 l2cap_chan_put(l2cap_pi(sk)->chan);
1491 if (l2cap_pi(sk)->rx_busy_skb) {
1492 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1493 l2cap_pi(sk)->rx_busy_skb = NULL;
1496 skb_queue_purge(&sk->sk_receive_queue);
1497 skb_queue_purge(&sk->sk_write_queue);
1500 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1503 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1505 memset(la, 0, sizeof(struct sockaddr_l2));
1506 la->l2_family = AF_BLUETOOTH;
1507 la->l2_psm = bt_cb(skb)->l2cap.psm;
1508 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1510 *msg_namelen = sizeof(struct sockaddr_l2);
1513 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1515 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1517 BT_DBG("sk %p", sk);
1520 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1522 sk->sk_type = parent->sk_type;
1523 bt_sk(sk)->flags = bt_sk(parent)->flags;
1525 chan->chan_type = pchan->chan_type;
1526 chan->imtu = pchan->imtu;
1527 chan->omtu = pchan->omtu;
1528 chan->conf_state = pchan->conf_state;
1529 chan->mode = pchan->mode;
1530 chan->fcs = pchan->fcs;
1531 chan->max_tx = pchan->max_tx;
1532 chan->tx_win = pchan->tx_win;
1533 chan->tx_win_max = pchan->tx_win_max;
1534 chan->sec_level = pchan->sec_level;
1535 chan->flags = pchan->flags;
1536 chan->tx_credits = pchan->tx_credits;
1537 chan->rx_credits = pchan->rx_credits;
1539 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1540 chan->scid = pchan->scid;
1541 chan->dcid = pchan->scid;
1544 security_sk_clone(parent, sk);
1546 switch (sk->sk_type) {
1548 chan->chan_type = L2CAP_CHAN_RAW;
1551 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1552 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1554 case SOCK_SEQPACKET:
1556 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1560 chan->imtu = L2CAP_DEFAULT_MTU;
1562 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1563 chan->mode = L2CAP_MODE_ERTM;
1564 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1566 chan->mode = L2CAP_MODE_BASIC;
1569 l2cap_chan_set_defaults(chan);
1572 /* Default config options */
1573 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1576 chan->ops = &l2cap_chan_ops;
1579 static struct proto l2cap_proto = {
1581 .owner = THIS_MODULE,
1582 .obj_size = sizeof(struct l2cap_pinfo)
1585 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1586 int proto, gfp_t prio, int kern)
1589 struct l2cap_chan *chan;
1591 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1595 sock_init_data(sock, sk);
1596 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1598 sk->sk_destruct = l2cap_sock_destruct;
1599 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1601 sock_reset_flag(sk, SOCK_ZAPPED);
1603 sk->sk_protocol = proto;
1604 sk->sk_state = BT_OPEN;
1606 chan = l2cap_chan_create();
1612 l2cap_chan_hold(chan);
1614 l2cap_pi(sk)->chan = chan;
1619 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1624 BT_DBG("sock %p", sock);
1626 sock->state = SS_UNCONNECTED;
1628 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1629 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1630 return -ESOCKTNOSUPPORT;
1632 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1635 sock->ops = &l2cap_sock_ops;
1637 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1641 l2cap_sock_init(sk, NULL);
1642 bt_sock_link(&l2cap_sk_list, sk);
1646 static const struct proto_ops l2cap_sock_ops = {
1647 .family = PF_BLUETOOTH,
1648 .owner = THIS_MODULE,
1649 .release = l2cap_sock_release,
1650 .bind = l2cap_sock_bind,
1651 .connect = l2cap_sock_connect,
1652 .listen = l2cap_sock_listen,
1653 .accept = l2cap_sock_accept,
1654 .getname = l2cap_sock_getname,
1655 .sendmsg = l2cap_sock_sendmsg,
1656 .recvmsg = l2cap_sock_recvmsg,
1657 .poll = bt_sock_poll,
1658 .ioctl = bt_sock_ioctl,
1659 .mmap = sock_no_mmap,
1660 .socketpair = sock_no_socketpair,
1661 .shutdown = l2cap_sock_shutdown,
1662 .setsockopt = l2cap_sock_setsockopt,
1663 .getsockopt = l2cap_sock_getsockopt
1666 static const struct net_proto_family l2cap_sock_family_ops = {
1667 .family = PF_BLUETOOTH,
1668 .owner = THIS_MODULE,
1669 .create = l2cap_sock_create,
1672 int __init l2cap_init_sockets(void)
1676 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1678 err = proto_register(&l2cap_proto, 0);
1682 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1684 BT_ERR("L2CAP socket registration failed");
1688 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1691 BT_ERR("Failed to create L2CAP proc file");
1692 bt_sock_unregister(BTPROTO_L2CAP);
1696 BT_INFO("L2CAP socket layer initialized");
1701 proto_unregister(&l2cap_proto);
1705 void l2cap_cleanup_sockets(void)
1707 bt_procfs_cleanup(&init_net, "l2cap");
1708 bt_sock_unregister(BTPROTO_L2CAP);
1709 proto_unregister(&l2cap_proto);
projects / linux-2.6-block.git / blob