2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
39 static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43 static const struct proto_ops l2cap_sock_ops;
44 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio);
48 bool l2cap_is_socket(struct socket *sock)
50 return sock && sock->ops == &l2cap_sock_ops;
52 EXPORT_SYMBOL(l2cap_is_socket);
54 static int l2cap_validate_bredr_psm(u16 psm)
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
60 /* Restrict usage of well-known PSMs */
61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
67 static int l2cap_validate_le_psm(u16 psm)
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 struct sock *sk = sock->sk;
83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
84 struct sockaddr_l2 la;
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
96 if (la.l2_cid && la.l2_psm)
99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
103 /* When the socket gets created it defaults to
104 * CHAN_CONN_ORIENTED, so we need to overwrite the
107 chan->chan_type = L2CAP_CHAN_FIXED;
108 chan->omtu = L2CAP_DEFAULT_MTU;
111 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
112 /* We only allow ATT user space socket */
114 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
120 if (sk->sk_state != BT_OPEN) {
126 __u16 psm = __le16_to_cpu(la.l2_psm);
128 if (la.l2_bdaddr_type == BDADDR_BREDR)
129 err = l2cap_validate_bredr_psm(psm);
131 err = l2cap_validate_le_psm(psm);
138 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
140 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
145 switch (chan->chan_type) {
146 case L2CAP_CHAN_CONN_LESS:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
148 chan->sec_level = BT_SECURITY_SDP;
150 case L2CAP_CHAN_CONN_ORIENTED:
151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
152 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
153 chan->sec_level = BT_SECURITY_SDP;
156 chan->sec_level = BT_SECURITY_SDP;
160 bacpy(&chan->src, &la.l2_bdaddr);
161 chan->src_type = la.l2_bdaddr_type;
163 if (chan->psm && bdaddr_type_is_le(chan->src_type))
164 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166 chan->state = BT_BOUND;
167 sk->sk_state = BT_BOUND;
174 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
177 struct sock *sk = sock->sk;
178 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
179 struct sockaddr_l2 la;
184 if (!addr || alen < sizeof(addr->sa_family) ||
185 addr->sa_family != AF_BLUETOOTH)
188 memset(&la, 0, sizeof(la));
189 len = min_t(unsigned int, sizeof(la), alen);
190 memcpy(&la, addr, len);
192 if (la.l2_cid && la.l2_psm)
195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
198 /* Check that the socket wasn't bound to something that
199 * conflicts with the address given to connect(). If chan->src
200 * is BDADDR_ANY it means bind() was never used, in which case
201 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
204 bdaddr_type_is_le(la.l2_bdaddr_type)) {
205 /* Old user space versions will try to incorrectly bind
206 * the ATT socket using BDADDR_BREDR. We need to accept
207 * this and fix up the source address type only when
208 * both the source CID and destination CID indicate
209 * ATT. Anything else is an invalid combination.
211 if (chan->scid != L2CAP_CID_ATT ||
212 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
215 /* We don't have the hdev available here to make a
216 * better decision on random vs public, but since all
217 * user space versions that exhibit this issue anyway do
218 * not support random local addresses assuming public
219 * here is good enough.
221 chan->src_type = BDADDR_LE_PUBLIC;
224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
228 /* We only allow ATT user space socket */
230 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
234 if (chan->psm && bdaddr_type_is_le(chan->src_type))
235 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
238 &la.l2_bdaddr, la.l2_bdaddr_type);
244 err = bt_sock_wait_state(sk, BT_CONNECTED,
245 sock_sndtimeo(sk, flags & O_NONBLOCK));
252 static int l2cap_sock_listen(struct socket *sock, int backlog)
254 struct sock *sk = sock->sk;
255 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
258 BT_DBG("sk %p backlog %d", sk, backlog);
262 if (sk->sk_state != BT_BOUND) {
267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
272 switch (chan->mode) {
273 case L2CAP_MODE_BASIC:
274 case L2CAP_MODE_LE_FLOWCTL:
276 case L2CAP_MODE_ERTM:
277 case L2CAP_MODE_STREAMING:
286 sk->sk_max_ack_backlog = backlog;
287 sk->sk_ack_backlog = 0;
289 chan->state = BT_LISTEN;
290 sk->sk_state = BT_LISTEN;
297 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
300 DECLARE_WAITQUEUE(wait, current);
301 struct sock *sk = sock->sk, *nsk;
305 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
307 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
309 BT_DBG("sk %p timeo %ld", sk, timeo);
311 /* Wait for an incoming connection. (wake-one). */
312 add_wait_queue_exclusive(sk_sleep(sk), &wait);
314 set_current_state(TASK_INTERRUPTIBLE);
316 if (sk->sk_state != BT_LISTEN) {
321 nsk = bt_accept_dequeue(sk, newsock);
330 if (signal_pending(current)) {
331 err = sock_intr_errno(timeo);
336 timeo = schedule_timeout(timeo);
337 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
339 __set_current_state(TASK_RUNNING);
340 remove_wait_queue(sk_sleep(sk), &wait);
345 newsock->state = SS_CONNECTED;
347 BT_DBG("new socket %p", nsk);
354 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
358 struct sock *sk = sock->sk;
359 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
361 BT_DBG("sock %p, sk %p", sock, sk);
363 if (peer && sk->sk_state != BT_CONNECTED)
366 memset(la, 0, sizeof(struct sockaddr_l2));
367 addr->sa_family = AF_BLUETOOTH;
368 *len = sizeof(struct sockaddr_l2);
370 la->l2_psm = chan->psm;
373 bacpy(&la->l2_bdaddr, &chan->dst);
374 la->l2_cid = cpu_to_le16(chan->dcid);
375 la->l2_bdaddr_type = chan->dst_type;
377 bacpy(&la->l2_bdaddr, &chan->src);
378 la->l2_cid = cpu_to_le16(chan->scid);
379 la->l2_bdaddr_type = chan->src_type;
385 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
386 char __user *optval, int __user *optlen)
388 struct sock *sk = sock->sk;
389 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
390 struct l2cap_options opts;
391 struct l2cap_conninfo cinfo;
397 if (get_user(len, optlen))
404 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
405 * legacy ATT code depends on getsockopt for
406 * L2CAP_OPTIONS we need to let this pass.
408 if (bdaddr_type_is_le(chan->src_type) &&
409 chan->scid != L2CAP_CID_ATT) {
414 memset(&opts, 0, sizeof(opts));
415 opts.imtu = chan->imtu;
416 opts.omtu = chan->omtu;
417 opts.flush_to = chan->flush_to;
418 opts.mode = chan->mode;
419 opts.fcs = chan->fcs;
420 opts.max_tx = chan->max_tx;
421 opts.txwin_size = chan->tx_win;
423 len = min_t(unsigned int, len, sizeof(opts));
424 if (copy_to_user(optval, (char *) &opts, len))
430 switch (chan->sec_level) {
431 case BT_SECURITY_LOW:
434 case BT_SECURITY_MEDIUM:
435 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
437 case BT_SECURITY_HIGH:
438 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
441 case BT_SECURITY_FIPS:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
443 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
450 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
451 opt |= L2CAP_LM_MASTER;
453 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
454 opt |= L2CAP_LM_RELIABLE;
456 if (put_user(opt, (u32 __user *) optval))
462 if (sk->sk_state != BT_CONNECTED &&
463 !(sk->sk_state == BT_CONNECT2 &&
464 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
469 memset(&cinfo, 0, sizeof(cinfo));
470 cinfo.hci_handle = chan->conn->hcon->handle;
471 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
473 len = min_t(unsigned int, len, sizeof(cinfo));
474 if (copy_to_user(optval, (char *) &cinfo, len))
488 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
489 char __user *optval, int __user *optlen)
491 struct sock *sk = sock->sk;
492 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
493 struct bt_security sec;
499 if (level == SOL_L2CAP)
500 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
502 if (level != SOL_BLUETOOTH)
505 if (get_user(len, optlen))
512 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
513 chan->chan_type != L2CAP_CHAN_FIXED &&
514 chan->chan_type != L2CAP_CHAN_RAW) {
519 memset(&sec, 0, sizeof(sec));
521 sec.level = chan->conn->hcon->sec_level;
523 if (sk->sk_state == BT_CONNECTED)
524 sec.key_size = chan->conn->hcon->enc_key_size;
526 sec.level = chan->sec_level;
529 len = min_t(unsigned int, len, sizeof(sec));
530 if (copy_to_user(optval, (char *) &sec, len))
536 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
541 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
542 (u32 __user *) optval))
548 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
549 (u32 __user *) optval))
555 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
556 && sk->sk_type != SOCK_RAW) {
561 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
563 len = min_t(unsigned int, len, sizeof(pwr));
564 if (copy_to_user(optval, (char *) &pwr, len))
569 case BT_CHANNEL_POLICY:
570 if (put_user(chan->chan_policy, (u32 __user *) optval))
575 if (!bdaddr_type_is_le(chan->src_type)) {
580 if (sk->sk_state != BT_CONNECTED) {
585 if (put_user(chan->omtu, (u16 __user *) optval))
590 if (!bdaddr_type_is_le(chan->src_type)) {
595 if (put_user(chan->imtu, (u16 __user *) optval))
608 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
610 switch (chan->scid) {
612 if (mtu < L2CAP_LE_MIN_MTU)
617 if (mtu < L2CAP_DEFAULT_MIN_MTU)
624 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
625 char __user *optval, unsigned int optlen)
627 struct sock *sk = sock->sk;
628 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
629 struct l2cap_options opts;
639 if (bdaddr_type_is_le(chan->src_type)) {
644 if (sk->sk_state == BT_CONNECTED) {
649 opts.imtu = chan->imtu;
650 opts.omtu = chan->omtu;
651 opts.flush_to = chan->flush_to;
652 opts.mode = chan->mode;
653 opts.fcs = chan->fcs;
654 opts.max_tx = chan->max_tx;
655 opts.txwin_size = chan->tx_win;
657 len = min_t(unsigned int, sizeof(opts), optlen);
658 if (copy_from_user((char *) &opts, optval, len)) {
663 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
668 if (!l2cap_valid_mtu(chan, opts.imtu)) {
673 chan->mode = opts.mode;
674 switch (chan->mode) {
675 case L2CAP_MODE_LE_FLOWCTL:
677 case L2CAP_MODE_BASIC:
678 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
680 case L2CAP_MODE_ERTM:
681 case L2CAP_MODE_STREAMING:
690 chan->imtu = opts.imtu;
691 chan->omtu = opts.omtu;
692 chan->fcs = opts.fcs;
693 chan->max_tx = opts.max_tx;
694 chan->tx_win = opts.txwin_size;
695 chan->flush_to = opts.flush_to;
699 if (get_user(opt, (u32 __user *) optval)) {
704 if (opt & L2CAP_LM_FIPS) {
709 if (opt & L2CAP_LM_AUTH)
710 chan->sec_level = BT_SECURITY_LOW;
711 if (opt & L2CAP_LM_ENCRYPT)
712 chan->sec_level = BT_SECURITY_MEDIUM;
713 if (opt & L2CAP_LM_SECURE)
714 chan->sec_level = BT_SECURITY_HIGH;
716 if (opt & L2CAP_LM_MASTER)
717 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
719 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
721 if (opt & L2CAP_LM_RELIABLE)
722 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
724 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
736 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
737 char __user *optval, unsigned int optlen)
739 struct sock *sk = sock->sk;
740 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
741 struct bt_security sec;
743 struct l2cap_conn *conn;
749 if (level == SOL_L2CAP)
750 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
752 if (level != SOL_BLUETOOTH)
759 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
760 chan->chan_type != L2CAP_CHAN_FIXED &&
761 chan->chan_type != L2CAP_CHAN_RAW) {
766 sec.level = BT_SECURITY_LOW;
768 len = min_t(unsigned int, sizeof(sec), optlen);
769 if (copy_from_user((char *) &sec, optval, len)) {
774 if (sec.level < BT_SECURITY_LOW ||
775 sec.level > BT_SECURITY_HIGH) {
780 chan->sec_level = sec.level;
787 /*change security for LE channels */
788 if (chan->scid == L2CAP_CID_ATT) {
789 if (!conn->hcon->out) {
794 if (smp_conn_security(conn->hcon, sec.level))
796 sk->sk_state = BT_CONFIG;
797 chan->state = BT_CONFIG;
799 /* or for ACL link */
800 } else if ((sk->sk_state == BT_CONNECT2 &&
801 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
802 sk->sk_state == BT_CONNECTED) {
803 if (!l2cap_chan_check_security(chan))
804 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
806 sk->sk_state_change(sk);
813 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
818 if (get_user(opt, (u32 __user *) optval)) {
824 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
825 set_bit(FLAG_DEFER_SETUP, &chan->flags);
827 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
828 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
833 if (get_user(opt, (u32 __user *) optval)) {
838 if (opt > BT_FLUSHABLE_ON) {
843 if (opt == BT_FLUSHABLE_OFF) {
845 /* proceed further only when we have l2cap_conn and
846 No Flush support in the LM */
847 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
854 set_bit(FLAG_FLUSHABLE, &chan->flags);
856 clear_bit(FLAG_FLUSHABLE, &chan->flags);
860 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
861 chan->chan_type != L2CAP_CHAN_RAW) {
866 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
868 len = min_t(unsigned int, sizeof(pwr), optlen);
869 if (copy_from_user((char *) &pwr, optval, len)) {
874 if (pwr.force_active)
875 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
877 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 case BT_CHANNEL_POLICY:
881 if (get_user(opt, (u32 __user *) optval)) {
886 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
891 if (chan->mode != L2CAP_MODE_ERTM &&
892 chan->mode != L2CAP_MODE_STREAMING) {
897 chan->chan_policy = (u8) opt;
899 if (sk->sk_state == BT_CONNECTED &&
900 chan->move_role == L2CAP_MOVE_ROLE_NONE)
901 l2cap_move_start(chan);
906 if (!bdaddr_type_is_le(chan->src_type)) {
911 /* Setting is not supported as it's the remote side that
918 if (!bdaddr_type_is_le(chan->src_type)) {
923 if (sk->sk_state == BT_CONNECTED) {
928 if (get_user(opt, (u32 __user *) optval)) {
945 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
946 struct msghdr *msg, size_t len)
948 struct sock *sk = sock->sk;
949 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
952 BT_DBG("sock %p, sk %p", sock, sk);
954 err = sock_error(sk);
958 if (msg->msg_flags & MSG_OOB)
961 if (sk->sk_state != BT_CONNECTED)
965 err = bt_sock_wait_ready(sk, msg->msg_flags);
970 l2cap_chan_lock(chan);
971 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
972 l2cap_chan_unlock(chan);
977 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
978 struct msghdr *msg, size_t len, int flags)
980 struct sock *sk = sock->sk;
981 struct l2cap_pinfo *pi = l2cap_pi(sk);
986 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
987 &bt_sk(sk)->flags)) {
988 if (bdaddr_type_is_le(pi->chan->src_type)) {
989 sk->sk_state = BT_CONNECTED;
990 pi->chan->state = BT_CONNECTED;
991 __l2cap_le_connect_rsp_defer(pi->chan);
993 sk->sk_state = BT_CONFIG;
994 pi->chan->state = BT_CONFIG;
995 __l2cap_connect_rsp_defer(pi->chan);
1004 if (sock->type == SOCK_STREAM)
1005 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1007 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1009 if (pi->chan->mode != L2CAP_MODE_ERTM)
1012 /* Attempt to put pending rx data in the socket buffer */
1016 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1019 if (pi->rx_busy_skb) {
1020 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1021 pi->rx_busy_skb = NULL;
1026 /* Restore data flow when half of the receive buffer is
1027 * available. This avoids resending large numbers of
1030 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1031 l2cap_chan_busy(pi->chan, 0);
1038 /* Kill socket (only if zapped and orphan)
1039 * Must be called on unlocked socket.
1041 static void l2cap_sock_kill(struct sock *sk)
1043 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1046 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1048 /* Kill poor orphan */
1050 l2cap_chan_put(l2cap_pi(sk)->chan);
1051 sock_set_flag(sk, SOCK_DEAD);
1055 static int __l2cap_wait_ack(struct sock *sk)
1057 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1058 DECLARE_WAITQUEUE(wait, current);
1062 add_wait_queue(sk_sleep(sk), &wait);
1063 set_current_state(TASK_INTERRUPTIBLE);
1064 while (chan->unacked_frames > 0 && chan->conn) {
1068 if (signal_pending(current)) {
1069 err = sock_intr_errno(timeo);
1074 timeo = schedule_timeout(timeo);
1076 set_current_state(TASK_INTERRUPTIBLE);
1078 err = sock_error(sk);
1082 set_current_state(TASK_RUNNING);
1083 remove_wait_queue(sk_sleep(sk), &wait);
1087 static int l2cap_sock_shutdown(struct socket *sock, int how)
1089 struct sock *sk = sock->sk;
1090 struct l2cap_chan *chan;
1091 struct l2cap_conn *conn;
1094 BT_DBG("sock %p, sk %p", sock, sk);
1099 chan = l2cap_pi(sk)->chan;
1103 mutex_lock(&conn->chan_lock);
1105 l2cap_chan_lock(chan);
1108 if (!sk->sk_shutdown) {
1109 if (chan->mode == L2CAP_MODE_ERTM)
1110 err = __l2cap_wait_ack(sk);
1112 sk->sk_shutdown = SHUTDOWN_MASK;
1115 l2cap_chan_close(chan, 0);
1118 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1119 err = bt_sock_wait_state(sk, BT_CLOSED,
1123 if (!err && sk->sk_err)
1127 l2cap_chan_unlock(chan);
1130 mutex_unlock(&conn->chan_lock);
1135 static int l2cap_sock_release(struct socket *sock)
1137 struct sock *sk = sock->sk;
1140 BT_DBG("sock %p, sk %p", sock, sk);
1145 bt_sock_unlink(&l2cap_sk_list, sk);
1147 err = l2cap_sock_shutdown(sock, 2);
1150 l2cap_sock_kill(sk);
1154 static void l2cap_sock_cleanup_listen(struct sock *parent)
1158 BT_DBG("parent %p", parent);
1160 /* Close not yet accepted channels */
1161 while ((sk = bt_accept_dequeue(parent, NULL))) {
1162 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1164 l2cap_chan_lock(chan);
1165 __clear_chan_timer(chan);
1166 l2cap_chan_close(chan, ECONNRESET);
1167 l2cap_chan_unlock(chan);
1169 l2cap_sock_kill(sk);
1173 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1175 struct sock *sk, *parent = chan->data;
1179 /* Check for backlog size */
1180 if (sk_acceptq_is_full(parent)) {
1181 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1185 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1190 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1192 l2cap_sock_init(sk, parent);
1194 bt_accept_enqueue(parent, sk);
1196 release_sock(parent);
1198 return l2cap_pi(sk)->chan;
1201 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1203 struct sock *sk = chan->data;
1208 if (l2cap_pi(sk)->rx_busy_skb) {
1213 err = sock_queue_rcv_skb(sk, skb);
1215 /* For ERTM, handle one skb that doesn't fit into the recv
1216 * buffer. This is important to do because the data frames
1217 * have already been acked, so the skb cannot be discarded.
1219 * Notify the l2cap core that the buffer is full, so the
1220 * LOCAL_BUSY state is entered and no more frames are
1221 * acked and reassembled until there is buffer space
1224 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1225 l2cap_pi(sk)->rx_busy_skb = skb;
1226 l2cap_chan_busy(chan, 1);
1236 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1238 struct sock *sk = chan->data;
1240 l2cap_sock_kill(sk);
1243 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1245 struct sock *sk = chan->data;
1246 struct sock *parent;
1250 parent = bt_sk(sk)->parent;
1252 sock_set_flag(sk, SOCK_ZAPPED);
1254 switch (chan->state) {
1260 l2cap_sock_cleanup_listen(sk);
1261 sk->sk_state = BT_CLOSED;
1262 chan->state = BT_CLOSED;
1266 sk->sk_state = BT_CLOSED;
1267 chan->state = BT_CLOSED;
1272 bt_accept_unlink(sk);
1273 parent->sk_data_ready(parent, 0);
1275 sk->sk_state_change(sk);
1284 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1287 struct sock *sk = chan->data;
1289 sk->sk_state = state;
1295 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1296 unsigned long len, int nb)
1298 struct sock *sk = chan->data;
1299 struct sk_buff *skb;
1302 l2cap_chan_unlock(chan);
1303 skb = bt_skb_send_alloc(sk, len, nb, &err);
1304 l2cap_chan_lock(chan);
1307 return ERR_PTR(err);
1309 bt_cb(skb)->chan = chan;
1314 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1316 struct sock *sk = chan->data;
1317 struct sock *parent;
1321 parent = bt_sk(sk)->parent;
1323 BT_DBG("sk %p, parent %p", sk, parent);
1325 sk->sk_state = BT_CONNECTED;
1326 sk->sk_state_change(sk);
1329 parent->sk_data_ready(parent, 0);
1334 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1336 struct sock *parent, *sk = chan->data;
1340 parent = bt_sk(sk)->parent;
1342 parent->sk_data_ready(parent, 0);
1347 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1349 struct sock *sk = chan->data;
1351 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1352 sk->sk_state_change(sk);
1355 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1357 struct sock *sk = chan->data;
1360 sk->sk_shutdown = SHUTDOWN_MASK;
1364 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1366 struct sock *sk = chan->data;
1368 return sk->sk_sndtimeo;
1371 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1373 struct sock *sk = chan->data;
1375 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1376 sk->sk_state_change(sk);
1379 static struct l2cap_ops l2cap_chan_ops = {
1380 .name = "L2CAP Socket Interface",
1381 .new_connection = l2cap_sock_new_connection_cb,
1382 .recv = l2cap_sock_recv_cb,
1383 .close = l2cap_sock_close_cb,
1384 .teardown = l2cap_sock_teardown_cb,
1385 .state_change = l2cap_sock_state_change_cb,
1386 .ready = l2cap_sock_ready_cb,
1387 .defer = l2cap_sock_defer_cb,
1388 .resume = l2cap_sock_resume_cb,
1389 .suspend = l2cap_sock_suspend_cb,
1390 .set_shutdown = l2cap_sock_set_shutdown_cb,
1391 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1392 .alloc_skb = l2cap_sock_alloc_skb_cb,
1395 static void l2cap_sock_destruct(struct sock *sk)
1397 BT_DBG("sk %p", sk);
1399 if (l2cap_pi(sk)->chan)
1400 l2cap_chan_put(l2cap_pi(sk)->chan);
1402 if (l2cap_pi(sk)->rx_busy_skb) {
1403 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1404 l2cap_pi(sk)->rx_busy_skb = NULL;
1407 skb_queue_purge(&sk->sk_receive_queue);
1408 skb_queue_purge(&sk->sk_write_queue);
1411 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1414 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1416 memset(la, 0, sizeof(struct sockaddr_l2));
1417 la->l2_family = AF_BLUETOOTH;
1418 la->l2_psm = bt_cb(skb)->psm;
1419 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1421 *msg_namelen = sizeof(struct sockaddr_l2);
1424 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1426 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1428 BT_DBG("sk %p", sk);
1431 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1433 sk->sk_type = parent->sk_type;
1434 bt_sk(sk)->flags = bt_sk(parent)->flags;
1436 chan->chan_type = pchan->chan_type;
1437 chan->imtu = pchan->imtu;
1438 chan->omtu = pchan->omtu;
1439 chan->conf_state = pchan->conf_state;
1440 chan->mode = pchan->mode;
1441 chan->fcs = pchan->fcs;
1442 chan->max_tx = pchan->max_tx;
1443 chan->tx_win = pchan->tx_win;
1444 chan->tx_win_max = pchan->tx_win_max;
1445 chan->sec_level = pchan->sec_level;
1446 chan->flags = pchan->flags;
1447 chan->tx_credits = pchan->tx_credits;
1448 chan->rx_credits = pchan->rx_credits;
1450 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1451 chan->scid = pchan->scid;
1452 chan->dcid = pchan->scid;
1455 security_sk_clone(parent, sk);
1457 switch (sk->sk_type) {
1459 chan->chan_type = L2CAP_CHAN_RAW;
1462 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1463 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1465 case SOCK_SEQPACKET:
1467 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1471 chan->imtu = L2CAP_DEFAULT_MTU;
1473 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1474 chan->mode = L2CAP_MODE_ERTM;
1475 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1477 chan->mode = L2CAP_MODE_BASIC;
1480 l2cap_chan_set_defaults(chan);
1483 /* Default config options */
1484 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1487 chan->ops = &l2cap_chan_ops;
1490 static struct proto l2cap_proto = {
1492 .owner = THIS_MODULE,
1493 .obj_size = sizeof(struct l2cap_pinfo)
1496 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1497 int proto, gfp_t prio)
1500 struct l2cap_chan *chan;
1502 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1506 sock_init_data(sock, sk);
1507 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1509 sk->sk_destruct = l2cap_sock_destruct;
1510 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1512 sock_reset_flag(sk, SOCK_ZAPPED);
1514 sk->sk_protocol = proto;
1515 sk->sk_state = BT_OPEN;
1517 chan = l2cap_chan_create();
1523 l2cap_chan_hold(chan);
1525 l2cap_pi(sk)->chan = chan;
1530 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1535 BT_DBG("sock %p", sock);
1537 sock->state = SS_UNCONNECTED;
1539 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1540 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1541 return -ESOCKTNOSUPPORT;
1543 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1546 sock->ops = &l2cap_sock_ops;
1548 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1552 l2cap_sock_init(sk, NULL);
1553 bt_sock_link(&l2cap_sk_list, sk);
1557 static const struct proto_ops l2cap_sock_ops = {
1558 .family = PF_BLUETOOTH,
1559 .owner = THIS_MODULE,
1560 .release = l2cap_sock_release,
1561 .bind = l2cap_sock_bind,
1562 .connect = l2cap_sock_connect,
1563 .listen = l2cap_sock_listen,
1564 .accept = l2cap_sock_accept,
1565 .getname = l2cap_sock_getname,
1566 .sendmsg = l2cap_sock_sendmsg,
1567 .recvmsg = l2cap_sock_recvmsg,
1568 .poll = bt_sock_poll,
1569 .ioctl = bt_sock_ioctl,
1570 .mmap = sock_no_mmap,
1571 .socketpair = sock_no_socketpair,
1572 .shutdown = l2cap_sock_shutdown,
1573 .setsockopt = l2cap_sock_setsockopt,
1574 .getsockopt = l2cap_sock_getsockopt
1577 static const struct net_proto_family l2cap_sock_family_ops = {
1578 .family = PF_BLUETOOTH,
1579 .owner = THIS_MODULE,
1580 .create = l2cap_sock_create,
1583 int __init l2cap_init_sockets(void)
1587 err = proto_register(&l2cap_proto, 0);
1591 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1593 BT_ERR("L2CAP socket registration failed");
1597 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1600 BT_ERR("Failed to create L2CAP proc file");
1601 bt_sock_unregister(BTPROTO_L2CAP);
1605 BT_INFO("L2CAP socket layer initialized");
1610 proto_unregister(&l2cap_proto);
1614 void l2cap_cleanup_sockets(void)
1616 bt_procfs_cleanup(&init_net, "l2cap");
1617 bt_sock_unregister(BTPROTO_L2CAP);
1618 proto_unregister(&l2cap_proto);