search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mm: fix off-by-one bug in print_nodes_state()
[linux/fpc-iii.git] / net / bluetooth / l2cap_sock.c
blob3bb1611b9d487c1c8406748d069af917d269b86c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26 */
27
28 /* Bluetooth L2CAP sockets. */
29
30 #include <linux/security.h>
31 #include <linux/export.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/smp.h>
37
38 static const struct proto_ops l2cap_sock_ops;
39 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
41
42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43 {
44 struct sock *sk = sock->sk;
45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
58 if (la.l2_cid && la.l2_psm)
59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
88
89 if (err < 0)
90 goto done;
91
92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
95
96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
97
98 chan->state = BT_BOUND;
99 sk->sk_state = BT_BOUND;
100
101 done:
102 release_sock(sk);
103 return err;
104 }
105
106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107 {
108 struct sock *sk = sock->sk;
109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
123 if (la.l2_cid && la.l2_psm)
124 return -EINVAL;
125
126 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
127 &la.l2_bdaddr, la.l2_bdaddr_type);
128 if (err)
129 return err;
130
131 lock_sock(sk);
132
133 err = bt_sock_wait_state(sk, BT_CONNECTED,
134 sock_sndtimeo(sk, flags & O_NONBLOCK));
135
136 release_sock(sk);
137
138 return err;
139 }
140
141 static int l2cap_sock_listen(struct socket *sock, int backlog)
142 {
143 struct sock *sk = sock->sk;
144 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
145 int err = 0;
146
147 BT_DBG("sk %p backlog %d", sk, backlog);
148
149 lock_sock(sk);
150
151 if (sk->sk_state != BT_BOUND) {
152 err = -EBADFD;
153 goto done;
154 }
155
156 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
157 err = -EINVAL;
158 goto done;
159 }
160
161 switch (chan->mode) {
162 case L2CAP_MODE_BASIC:
163 break;
164 case L2CAP_MODE_ERTM:
165 case L2CAP_MODE_STREAMING:
166 if (!disable_ertm)
167 break;
168 /* fall through */
169 default:
170 err = -ENOTSUPP;
171 goto done;
172 }
173
174 sk->sk_max_ack_backlog = backlog;
175 sk->sk_ack_backlog = 0;
176
177 chan->state = BT_LISTEN;
178 sk->sk_state = BT_LISTEN;
179
180 done:
181 release_sock(sk);
182 return err;
183 }
184
185 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
186 {
187 DECLARE_WAITQUEUE(wait, current);
188 struct sock *sk = sock->sk, *nsk;
189 long timeo;
190 int err = 0;
191
192 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
193
194 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
195
196 BT_DBG("sk %p timeo %ld", sk, timeo);
197
198 /* Wait for an incoming connection. (wake-one). */
199 add_wait_queue_exclusive(sk_sleep(sk), &wait);
200 while (1) {
201 set_current_state(TASK_INTERRUPTIBLE);
202
203 if (sk->sk_state != BT_LISTEN) {
204 err = -EBADFD;
205 break;
206 }
207
208 nsk = bt_accept_dequeue(sk, newsock);
209 if (nsk)
210 break;
211
212 if (!timeo) {
213 err = -EAGAIN;
214 break;
215 }
216
217 if (signal_pending(current)) {
218 err = sock_intr_errno(timeo);
219 break;
220 }
221
222 release_sock(sk);
223 timeo = schedule_timeout(timeo);
224 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
225 }
226 __set_current_state(TASK_RUNNING);
227 remove_wait_queue(sk_sleep(sk), &wait);
228
229 if (err)
230 goto done;
231
232 newsock->state = SS_CONNECTED;
233
234 BT_DBG("new socket %p", nsk);
235
236 done:
237 release_sock(sk);
238 return err;
239 }
240
241 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
242 {
243 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
244 struct sock *sk = sock->sk;
245 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
246
247 BT_DBG("sock %p, sk %p", sock, sk);
248
249 addr->sa_family = AF_BLUETOOTH;
250 *len = sizeof(struct sockaddr_l2);
251
252 if (peer) {
253 la->l2_psm = chan->psm;
254 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
255 la->l2_cid = cpu_to_le16(chan->dcid);
256 } else {
257 la->l2_psm = chan->sport;
258 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
259 la->l2_cid = cpu_to_le16(chan->scid);
260 }
261
262 return 0;
263 }
264
265 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
266 {
267 struct sock *sk = sock->sk;
268 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
269 struct l2cap_options opts;
270 struct l2cap_conninfo cinfo;
271 int len, err = 0;
272 u32 opt;
273
274 BT_DBG("sk %p", sk);
275
276 if (get_user(len, optlen))
277 return -EFAULT;
278
279 lock_sock(sk);
280
281 switch (optname) {
282 case L2CAP_OPTIONS:
283 memset(&opts, 0, sizeof(opts));
284 opts.imtu = chan->imtu;
285 opts.omtu = chan->omtu;
286 opts.flush_to = chan->flush_to;
287 opts.mode = chan->mode;
288 opts.fcs = chan->fcs;
289 opts.max_tx = chan->max_tx;
290 opts.txwin_size = chan->tx_win;
291
292 len = min_t(unsigned int, len, sizeof(opts));
293 if (copy_to_user(optval, (char *) &opts, len))
294 err = -EFAULT;
295
296 break;
297
298 case L2CAP_LM:
299 switch (chan->sec_level) {
300 case BT_SECURITY_LOW:
301 opt = L2CAP_LM_AUTH;
302 break;
303 case BT_SECURITY_MEDIUM:
304 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
305 break;
306 case BT_SECURITY_HIGH:
307 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
308 L2CAP_LM_SECURE;
309 break;
310 default:
311 opt = 0;
312 break;
313 }
314
315 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
316 opt |= L2CAP_LM_MASTER;
317
318 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
319 opt |= L2CAP_LM_RELIABLE;
320
321 if (put_user(opt, (u32 __user *) optval))
322 err = -EFAULT;
323 break;
324
325 case L2CAP_CONNINFO:
326 if (sk->sk_state != BT_CONNECTED &&
327 !(sk->sk_state == BT_CONNECT2 &&
328 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
329 err = -ENOTCONN;
330 break;
331 }
332
333 memset(&cinfo, 0, sizeof(cinfo));
334 cinfo.hci_handle = chan->conn->hcon->handle;
335 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
336
337 len = min_t(unsigned int, len, sizeof(cinfo));
338 if (copy_to_user(optval, (char *) &cinfo, len))
339 err = -EFAULT;
340
341 break;
342
343 default:
344 err = -ENOPROTOOPT;
345 break;
346 }
347
348 release_sock(sk);
349 return err;
350 }
351
352 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
353 {
354 struct sock *sk = sock->sk;
355 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
356 struct bt_security sec;
357 struct bt_power pwr;
358 int len, err = 0;
359
360 BT_DBG("sk %p", sk);
361
362 if (level == SOL_L2CAP)
363 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
364
365 if (level != SOL_BLUETOOTH)
366 return -ENOPROTOOPT;
367
368 if (get_user(len, optlen))
369 return -EFAULT;
370
371 lock_sock(sk);
372
373 switch (optname) {
374 case BT_SECURITY:
375 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
376 chan->chan_type != L2CAP_CHAN_RAW) {
377 err = -EINVAL;
378 break;
379 }
380
381 memset(&sec, 0, sizeof(sec));
382 if (chan->conn)
383 sec.level = chan->conn->hcon->sec_level;
384 else
385 sec.level = chan->sec_level;
386
387 if (sk->sk_state == BT_CONNECTED)
388 sec.key_size = chan->conn->hcon->enc_key_size;
389
390 len = min_t(unsigned int, len, sizeof(sec));
391 if (copy_to_user(optval, (char *) &sec, len))
392 err = -EFAULT;
393
394 break;
395
396 case BT_DEFER_SETUP:
397 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
398 err = -EINVAL;
399 break;
400 }
401
402 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
403 (u32 __user *) optval))
404 err = -EFAULT;
405
406 break;
407
408 case BT_FLUSHABLE:
409 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
410 (u32 __user *) optval))
411 err = -EFAULT;
412
413 break;
414
415 case BT_POWER:
416 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
417 && sk->sk_type != SOCK_RAW) {
418 err = -EINVAL;
419 break;
420 }
421
422 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
423
424 len = min_t(unsigned int, len, sizeof(pwr));
425 if (copy_to_user(optval, (char *) &pwr, len))
426 err = -EFAULT;
427
428 break;
429
430 case BT_CHANNEL_POLICY:
431 if (!enable_hs) {
432 err = -ENOPROTOOPT;
433 break;
434 }
435
436 if (put_user(chan->chan_policy, (u32 __user *) optval))
437 err = -EFAULT;
438 break;
439
440 default:
441 err = -ENOPROTOOPT;
442 break;
443 }
444
445 release_sock(sk);
446 return err;
447 }
448
449 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
450 {
451 struct sock *sk = sock->sk;
452 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
453 struct l2cap_options opts;
454 int len, err = 0;
455 u32 opt;
456
457 BT_DBG("sk %p", sk);
458
459 lock_sock(sk);
460
461 switch (optname) {
462 case L2CAP_OPTIONS:
463 if (sk->sk_state == BT_CONNECTED) {
464 err = -EINVAL;
465 break;
466 }
467
468 opts.imtu = chan->imtu;
469 opts.omtu = chan->omtu;
470 opts.flush_to = chan->flush_to;
471 opts.mode = chan->mode;
472 opts.fcs = chan->fcs;
473 opts.max_tx = chan->max_tx;
474 opts.txwin_size = chan->tx_win;
475
476 len = min_t(unsigned int, sizeof(opts), optlen);
477 if (copy_from_user((char *) &opts, optval, len)) {
478 err = -EFAULT;
479 break;
480 }
481
482 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
483 err = -EINVAL;
484 break;
485 }
486
487 chan->mode = opts.mode;
488 switch (chan->mode) {
489 case L2CAP_MODE_BASIC:
490 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
491 break;
492 case L2CAP_MODE_ERTM:
493 case L2CAP_MODE_STREAMING:
494 if (!disable_ertm)
495 break;
496 /* fall through */
497 default:
498 err = -EINVAL;
499 break;
500 }
501
502 chan->imtu = opts.imtu;
503 chan->omtu = opts.omtu;
504 chan->fcs = opts.fcs;
505 chan->max_tx = opts.max_tx;
506 chan->tx_win = opts.txwin_size;
507 break;
508
509 case L2CAP_LM:
510 if (get_user(opt, (u32 __user *) optval)) {
511 err = -EFAULT;
512 break;
513 }
514
515 if (opt & L2CAP_LM_AUTH)
516 chan->sec_level = BT_SECURITY_LOW;
517 if (opt & L2CAP_LM_ENCRYPT)
518 chan->sec_level = BT_SECURITY_MEDIUM;
519 if (opt & L2CAP_LM_SECURE)
520 chan->sec_level = BT_SECURITY_HIGH;
521
522 if (opt & L2CAP_LM_MASTER)
523 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
524 else
525 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
526
527 if (opt & L2CAP_LM_RELIABLE)
528 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
529 else
530 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
531 break;
532
533 default:
534 err = -ENOPROTOOPT;
535 break;
536 }
537
538 release_sock(sk);
539 return err;
540 }
541
542 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
543 {
544 struct sock *sk = sock->sk;
545 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
546 struct bt_security sec;
547 struct bt_power pwr;
548 struct l2cap_conn *conn;
549 int len, err = 0;
550 u32 opt;
551
552 BT_DBG("sk %p", sk);
553
554 if (level == SOL_L2CAP)
555 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
556
557 if (level != SOL_BLUETOOTH)
558 return -ENOPROTOOPT;
559
560 lock_sock(sk);
561
562 switch (optname) {
563 case BT_SECURITY:
564 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
565 chan->chan_type != L2CAP_CHAN_RAW) {
566 err = -EINVAL;
567 break;
568 }
569
570 sec.level = BT_SECURITY_LOW;
571
572 len = min_t(unsigned int, sizeof(sec), optlen);
573 if (copy_from_user((char *) &sec, optval, len)) {
574 err = -EFAULT;
575 break;
576 }
577
578 if (sec.level < BT_SECURITY_LOW ||
579 sec.level > BT_SECURITY_HIGH) {
580 err = -EINVAL;
581 break;
582 }
583
584 chan->sec_level = sec.level;
585
586 if (!chan->conn)
587 break;
588
589 conn = chan->conn;
590
591 /*change security for LE channels */
592 if (chan->scid == L2CAP_CID_LE_DATA) {
593 if (!conn->hcon->out) {
594 err = -EINVAL;
595 break;
596 }
597
598 if (smp_conn_security(conn, sec.level))
599 break;
600 sk->sk_state = BT_CONFIG;
601 chan->state = BT_CONFIG;
602
603 /* or for ACL link */
604 } else if ((sk->sk_state == BT_CONNECT2 &&
605 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
606 sk->sk_state == BT_CONNECTED) {
607 if (!l2cap_chan_check_security(chan))
608 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
609 else
610 sk->sk_state_change(sk);
611 } else {
612 err = -EINVAL;
613 }
614 break;
615
616 case BT_DEFER_SETUP:
617 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
618 err = -EINVAL;
619 break;
620 }
621
622 if (get_user(opt, (u32 __user *) optval)) {
623 err = -EFAULT;
624 break;
625 }
626
627 if (opt)
628 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
629 else
630 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
631 break;
632
633 case BT_FLUSHABLE:
634 if (get_user(opt, (u32 __user *) optval)) {
635 err = -EFAULT;
636 break;
637 }
638
639 if (opt > BT_FLUSHABLE_ON) {
640 err = -EINVAL;
641 break;
642 }
643
644 if (opt == BT_FLUSHABLE_OFF) {
645 struct l2cap_conn *conn = chan->conn;
646 /* proceed further only when we have l2cap_conn and
647 No Flush support in the LM */
648 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
649 err = -EINVAL;
650 break;
651 }
652 }
653
654 if (opt)
655 set_bit(FLAG_FLUSHABLE, &chan->flags);
656 else
657 clear_bit(FLAG_FLUSHABLE, &chan->flags);
658 break;
659
660 case BT_POWER:
661 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
662 chan->chan_type != L2CAP_CHAN_RAW) {
663 err = -EINVAL;
664 break;
665 }
666
667 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
668
669 len = min_t(unsigned int, sizeof(pwr), optlen);
670 if (copy_from_user((char *) &pwr, optval, len)) {
671 err = -EFAULT;
672 break;
673 }
674
675 if (pwr.force_active)
676 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
677 else
678 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
679 break;
680
681 case BT_CHANNEL_POLICY:
682 if (!enable_hs) {
683 err = -ENOPROTOOPT;
684 break;
685 }
686
687 if (get_user(opt, (u32 __user *) optval)) {
688 err = -EFAULT;
689 break;
690 }
691
692 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
693 err = -EINVAL;
694 break;
695 }
696
697 if (chan->mode != L2CAP_MODE_ERTM &&
698 chan->mode != L2CAP_MODE_STREAMING) {
699 err = -EOPNOTSUPP;
700 break;
701 }
702
703 chan->chan_policy = (u8) opt;
704 break;
705
706 default:
707 err = -ENOPROTOOPT;
708 break;
709 }
710
711 release_sock(sk);
712 return err;
713 }
714
715 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
716 {
717 struct sock *sk = sock->sk;
718 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
719 int err;
720
721 BT_DBG("sock %p, sk %p", sock, sk);
722
723 err = sock_error(sk);
724 if (err)
725 return err;
726
727 if (msg->msg_flags & MSG_OOB)
728 return -EOPNOTSUPP;
729
730 if (sk->sk_state != BT_CONNECTED)
731 return -ENOTCONN;
732
733 l2cap_chan_lock(chan);
734 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
735 l2cap_chan_unlock(chan);
736
737 return err;
738 }
739
740 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
741 {
742 struct sock *sk = sock->sk;
743 struct l2cap_pinfo *pi = l2cap_pi(sk);
744 int err;
745
746 lock_sock(sk);
747
748 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
749 &bt_sk(sk)->flags)) {
750 sk->sk_state = BT_CONFIG;
751 pi->chan->state = BT_CONFIG;
752
753 __l2cap_connect_rsp_defer(pi->chan);
754 release_sock(sk);
755 return 0;
756 }
757
758 release_sock(sk);
759
760 if (sock->type == SOCK_STREAM)
761 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
762 else
763 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
764
765 if (pi->chan->mode != L2CAP_MODE_ERTM)
766 return err;
767
768 /* Attempt to put pending rx data in the socket buffer */
769
770 lock_sock(sk);
771
772 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
773 goto done;
774
775 if (pi->rx_busy_skb) {
776 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
777 pi->rx_busy_skb = NULL;
778 else
779 goto done;
780 }
781
782 /* Restore data flow when half of the receive buffer is
783 * available. This avoids resending large numbers of
784 * frames.
785 */
786 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
787 l2cap_chan_busy(pi->chan, 0);
788
789 done:
790 release_sock(sk);
791 return err;
792 }
793
794 /* Kill socket (only if zapped and orphan)
795 * Must be called on unlocked socket.
796 */
797 static void l2cap_sock_kill(struct sock *sk)
798 {
799 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
800 return;
801
802 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
803
804 /* Kill poor orphan */
805
806 l2cap_chan_destroy(l2cap_pi(sk)->chan);
807 sock_set_flag(sk, SOCK_DEAD);
808 sock_put(sk);
809 }
810
811 static int l2cap_sock_shutdown(struct socket *sock, int how)
812 {
813 struct sock *sk = sock->sk;
814 struct l2cap_chan *chan;
815 struct l2cap_conn *conn;
816 int err = 0;
817
818 BT_DBG("sock %p, sk %p", sock, sk);
819
820 if (!sk)
821 return 0;
822
823 chan = l2cap_pi(sk)->chan;
824 conn = chan->conn;
825
826 if (conn)
827 mutex_lock(&conn->chan_lock);
828
829 l2cap_chan_lock(chan);
830 lock_sock(sk);
831
832 if (!sk->sk_shutdown) {
833 if (chan->mode == L2CAP_MODE_ERTM)
834 err = __l2cap_wait_ack(sk);
835
836 sk->sk_shutdown = SHUTDOWN_MASK;
837
838 release_sock(sk);
839 l2cap_chan_close(chan, 0);
840 lock_sock(sk);
841
842 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
843 err = bt_sock_wait_state(sk, BT_CLOSED,
844 sk->sk_lingertime);
845 }
846
847 if (!err && sk->sk_err)
848 err = -sk->sk_err;
849
850 release_sock(sk);
851 l2cap_chan_unlock(chan);
852
853 if (conn)
854 mutex_unlock(&conn->chan_lock);
855
856 return err;
857 }
858
859 static int l2cap_sock_release(struct socket *sock)
860 {
861 struct sock *sk = sock->sk;
862 int err;
863
864 BT_DBG("sock %p, sk %p", sock, sk);
865
866 if (!sk)
867 return 0;
868
869 err = l2cap_sock_shutdown(sock, 2);
870
871 sock_orphan(sk);
872 l2cap_sock_kill(sk);
873 return err;
874 }
875
876 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
877 {
878 struct sock *sk, *parent = data;
879
880 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
881 GFP_ATOMIC);
882 if (!sk)
883 return NULL;
884
885 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
886
887 l2cap_sock_init(sk, parent);
888
889 return l2cap_pi(sk)->chan;
890 }
891
892 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
893 {
894 int err;
895 struct sock *sk = data;
896 struct l2cap_pinfo *pi = l2cap_pi(sk);
897
898 lock_sock(sk);
899
900 if (pi->rx_busy_skb) {
901 err = -ENOMEM;
902 goto done;
903 }
904
905 err = sock_queue_rcv_skb(sk, skb);
906
907 /* For ERTM, handle one skb that doesn't fit into the recv
908 * buffer. This is important to do because the data frames
909 * have already been acked, so the skb cannot be discarded.
910 *
911 * Notify the l2cap core that the buffer is full, so the
912 * LOCAL_BUSY state is entered and no more frames are
913 * acked and reassembled until there is buffer space
914 * available.
915 */
916 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
917 pi->rx_busy_skb = skb;
918 l2cap_chan_busy(pi->chan, 1);
919 err = 0;
920 }
921
922 done:
923 release_sock(sk);
924
925 return err;
926 }
927
928 static void l2cap_sock_close_cb(void *data)
929 {
930 struct sock *sk = data;
931
932 l2cap_sock_kill(sk);
933 }
934
935 static void l2cap_sock_state_change_cb(void *data, int state)
936 {
937 struct sock *sk = data;
938
939 sk->sk_state = state;
940 }
941
942 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
943 unsigned long len, int nb)
944 {
945 struct sk_buff *skb;
946 int err;
947
948 l2cap_chan_unlock(chan);
949 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
950 l2cap_chan_lock(chan);
951
952 if (!skb)
953 return ERR_PTR(err);
954
955 return skb;
956 }
957
958 static struct l2cap_ops l2cap_chan_ops = {
959 .name = "L2CAP Socket Interface",
960 .new_connection = l2cap_sock_new_connection_cb,
961 .recv = l2cap_sock_recv_cb,
962 .close = l2cap_sock_close_cb,
963 .state_change = l2cap_sock_state_change_cb,
964 .alloc_skb = l2cap_sock_alloc_skb_cb,
965 };
966
967 static void l2cap_sock_destruct(struct sock *sk)
968 {
969 BT_DBG("sk %p", sk);
970
971 l2cap_chan_put(l2cap_pi(sk)->chan);
972 if (l2cap_pi(sk)->rx_busy_skb) {
973 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
974 l2cap_pi(sk)->rx_busy_skb = NULL;
975 }
976
977 skb_queue_purge(&sk->sk_receive_queue);
978 skb_queue_purge(&sk->sk_write_queue);
979 }
980
981 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
982 {
983 struct l2cap_pinfo *pi = l2cap_pi(sk);
984 struct l2cap_chan *chan = pi->chan;
985
986 BT_DBG("sk %p", sk);
987
988 if (parent) {
989 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
990
991 sk->sk_type = parent->sk_type;
992 bt_sk(sk)->flags = bt_sk(parent)->flags;
993
994 chan->chan_type = pchan->chan_type;
995 chan->imtu = pchan->imtu;
996 chan->omtu = pchan->omtu;
997 chan->conf_state = pchan->conf_state;
998 chan->mode = pchan->mode;
999 chan->fcs = pchan->fcs;
1000 chan->max_tx = pchan->max_tx;
1001 chan->tx_win = pchan->tx_win;
1002 chan->tx_win_max = pchan->tx_win_max;
1003 chan->sec_level = pchan->sec_level;
1004 chan->flags = pchan->flags;
1005
1006 security_sk_clone(parent, sk);
1007 } else {
1008
1009 switch (sk->sk_type) {
1010 case SOCK_RAW:
1011 chan->chan_type = L2CAP_CHAN_RAW;
1012 break;
1013 case SOCK_DGRAM:
1014 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1015 break;
1016 case SOCK_SEQPACKET:
1017 case SOCK_STREAM:
1018 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1019 break;
1020 }
1021
1022 chan->imtu = L2CAP_DEFAULT_MTU;
1023 chan->omtu = 0;
1024 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1025 chan->mode = L2CAP_MODE_ERTM;
1026 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1027 } else {
1028 chan->mode = L2CAP_MODE_BASIC;
1029 }
1030
1031 l2cap_chan_set_defaults(chan);
1032 }
1033
1034 /* Default config options */
1035 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1036
1037 chan->data = sk;
1038 chan->ops = &l2cap_chan_ops;
1039 }
1040
1041 static struct proto l2cap_proto = {
1042 .name = "L2CAP",
1043 .owner = THIS_MODULE,
1044 .obj_size = sizeof(struct l2cap_pinfo)
1045 };
1046
1047 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1048 {
1049 struct sock *sk;
1050 struct l2cap_chan *chan;
1051
1052 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1053 if (!sk)
1054 return NULL;
1055
1056 sock_init_data(sock, sk);
1057 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1058
1059 sk->sk_destruct = l2cap_sock_destruct;
1060 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1061
1062 sock_reset_flag(sk, SOCK_ZAPPED);
1063
1064 sk->sk_protocol = proto;
1065 sk->sk_state = BT_OPEN;
1066
1067 chan = l2cap_chan_create();
1068 if (!chan) {
1069 l2cap_sock_kill(sk);
1070 return NULL;
1071 }
1072
1073 l2cap_chan_hold(chan);
1074
1075 chan->sk = sk;
1076
1077 l2cap_pi(sk)->chan = chan;
1078
1079 return sk;
1080 }
1081
1082 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1083 int kern)
1084 {
1085 struct sock *sk;
1086
1087 BT_DBG("sock %p", sock);
1088
1089 sock->state = SS_UNCONNECTED;
1090
1091 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1092 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1093 return -ESOCKTNOSUPPORT;
1094
1095 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1096 return -EPERM;
1097
1098 sock->ops = &l2cap_sock_ops;
1099
1100 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1101 if (!sk)
1102 return -ENOMEM;
1103
1104 l2cap_sock_init(sk, NULL);
1105 return 0;
1106 }
1107
1108 static const struct proto_ops l2cap_sock_ops = {
1109 .family = PF_BLUETOOTH,
1110 .owner = THIS_MODULE,
1111 .release = l2cap_sock_release,
1112 .bind = l2cap_sock_bind,
1113 .connect = l2cap_sock_connect,
1114 .listen = l2cap_sock_listen,
1115 .accept = l2cap_sock_accept,
1116 .getname = l2cap_sock_getname,
1117 .sendmsg = l2cap_sock_sendmsg,
1118 .recvmsg = l2cap_sock_recvmsg,
1119 .poll = bt_sock_poll,
1120 .ioctl = bt_sock_ioctl,
1121 .mmap = sock_no_mmap,
1122 .socketpair = sock_no_socketpair,
1123 .shutdown = l2cap_sock_shutdown,
1124 .setsockopt = l2cap_sock_setsockopt,
1125 .getsockopt = l2cap_sock_getsockopt
1126 };
1127
1128 static const struct net_proto_family l2cap_sock_family_ops = {
1129 .family = PF_BLUETOOTH,
1130 .owner = THIS_MODULE,
1131 .create = l2cap_sock_create,
1132 };
1133
1134 int __init l2cap_init_sockets(void)
1135 {
1136 int err;
1137
1138 err = proto_register(&l2cap_proto, 0);
1139 if (err < 0)
1140 return err;
1141
1142 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1143 if (err < 0)
1144 goto error;
1145
1146 BT_INFO("L2CAP socket layer initialized");
1147
1148 return 0;
1149
1150 error:
1151 BT_ERR("L2CAP socket registration failed");
1152 proto_unregister(&l2cap_proto);
1153 return err;
1154 }
1155
1156 void l2cap_cleanup_sockets(void)
1157 {
1158 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1159 BT_ERR("L2CAP socket unregistration failed");
1160
1161 proto_unregister(&l2cap_proto);
1162 }
Linux with added FPC-III support