~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/l2cap_sock.c

Version: ~ [ linux-5.4-rc3 ] ~ [ linux-5.3.6 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.79 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.149 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.196 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.196 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.75 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
  5    Copyright (C) 2010 Google Inc.
  6    Copyright (C) 2011 ProFUSION Embedded Systems
  7 
  8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  9 
 10    This program is free software; you can redistribute it and/or modify
 11    it under the terms of the GNU General Public License version 2 as
 12    published by the Free Software Foundation;
 13 
 14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 22 
 23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 25    SOFTWARE IS DISCLAIMED.
 26 */
 27 
 28 /* Bluetooth L2CAP sockets. */
 29 
 30 #include <linux/export.h>
 31 
 32 #include <net/bluetooth/bluetooth.h>
 33 #include <net/bluetooth/hci_core.h>
 34 #include <net/bluetooth/l2cap.h>
 35 #include <net/bluetooth/smp.h>
 36 
 37 static struct bt_sock_list l2cap_sk_list = {
 38         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
 39 };
 40 
 41 static const struct proto_ops l2cap_sock_ops;
 42 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
 43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
 44                                      int proto, gfp_t prio);
 45 
 46 bool l2cap_is_socket(struct socket *sock)
 47 {
 48         return sock && sock->ops == &l2cap_sock_ops;
 49 }
 50 EXPORT_SYMBOL(l2cap_is_socket);
 51 
 52 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 53 {
 54         struct sock *sk = sock->sk;
 55         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 56         struct sockaddr_l2 la;
 57         int len, err = 0;
 58 
 59         BT_DBG("sk %p", sk);
 60 
 61         if (!addr || addr->sa_family != AF_BLUETOOTH)
 62                 return -EINVAL;
 63 
 64         memset(&la, 0, sizeof(la));
 65         len = min_t(unsigned int, sizeof(la), alen);
 66         memcpy(&la, addr, len);
 67 
 68         if (la.l2_cid && la.l2_psm)
 69                 return -EINVAL;
 70 
 71         lock_sock(sk);
 72 
 73         if (sk->sk_state != BT_OPEN) {
 74                 err = -EBADFD;
 75                 goto done;
 76         }
 77 
 78         if (la.l2_psm) {
 79                 __u16 psm = __le16_to_cpu(la.l2_psm);
 80 
 81                 /* PSM must be odd and lsb of upper byte must be 0 */
 82                 if ((psm & 0x0101) != 0x0001) {
 83                         err = -EINVAL;
 84                         goto done;
 85                 }
 86 
 87                 /* Restrict usage of well-known PSMs */
 88                 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
 89                         err = -EACCES;
 90                         goto done;
 91                 }
 92         }
 93 
 94         if (la.l2_cid)
 95                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
 96         else
 97                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
 98 
 99         if (err < 0)
100                 goto done;
101 
102         if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
103             __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
104                 chan->sec_level = BT_SECURITY_SDP;
105 
106         bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
107 
108         chan->state = BT_BOUND;
109         sk->sk_state = BT_BOUND;
110 
111 done:
112         release_sock(sk);
113         return err;
114 }
115 
116 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
117                               int alen, int flags)
118 {
119         struct sock *sk = sock->sk;
120         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
121         struct sockaddr_l2 la;
122         int len, err = 0;
123 
124         BT_DBG("sk %p", sk);
125 
126         if (!addr || alen < sizeof(addr->sa_family) ||
127             addr->sa_family != AF_BLUETOOTH)
128                 return -EINVAL;
129 
130         memset(&la, 0, sizeof(la));
131         len = min_t(unsigned int, sizeof(la), alen);
132         memcpy(&la, addr, len);
133 
134         if (la.l2_cid && la.l2_psm)
135                 return -EINVAL;
136 
137         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
138                                  &la.l2_bdaddr, la.l2_bdaddr_type);
139         if (err)
140                 return err;
141 
142         lock_sock(sk);
143 
144         err = bt_sock_wait_state(sk, BT_CONNECTED,
145                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
146 
147         release_sock(sk);
148 
149         return err;
150 }
151 
152 static int l2cap_sock_listen(struct socket *sock, int backlog)
153 {
154         struct sock *sk = sock->sk;
155         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
156         int err = 0;
157 
158         BT_DBG("sk %p backlog %d", sk, backlog);
159 
160         lock_sock(sk);
161 
162         if (sk->sk_state != BT_BOUND) {
163                 err = -EBADFD;
164                 goto done;
165         }
166 
167         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
168                 err = -EINVAL;
169                 goto done;
170         }
171 
172         switch (chan->mode) {
173         case L2CAP_MODE_BASIC:
174                 break;
175         case L2CAP_MODE_ERTM:
176         case L2CAP_MODE_STREAMING:
177                 if (!disable_ertm)
178                         break;
179                 /* fall through */
180         default:
181                 err = -ENOTSUPP;
182                 goto done;
183         }
184 
185         sk->sk_max_ack_backlog = backlog;
186         sk->sk_ack_backlog = 0;
187 
188         chan->state = BT_LISTEN;
189         sk->sk_state = BT_LISTEN;
190 
191 done:
192         release_sock(sk);
193         return err;
194 }
195 
196 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
197                              int flags)
198 {
199         DECLARE_WAITQUEUE(wait, current);
200         struct sock *sk = sock->sk, *nsk;
201         long timeo;
202         int err = 0;
203 
204         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
205 
206         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
207 
208         BT_DBG("sk %p timeo %ld", sk, timeo);
209 
210         /* Wait for an incoming connection. (wake-one). */
211         add_wait_queue_exclusive(sk_sleep(sk), &wait);
212         while (1) {
213                 set_current_state(TASK_INTERRUPTIBLE);
214 
215                 if (sk->sk_state != BT_LISTEN) {
216                         err = -EBADFD;
217                         break;
218                 }
219 
220                 nsk = bt_accept_dequeue(sk, newsock);
221                 if (nsk)
222                         break;
223 
224                 if (!timeo) {
225                         err = -EAGAIN;
226                         break;
227                 }
228 
229                 if (signal_pending(current)) {
230                         err = sock_intr_errno(timeo);
231                         break;
232                 }
233 
234                 release_sock(sk);
235                 timeo = schedule_timeout(timeo);
236                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
237         }
238         __set_current_state(TASK_RUNNING);
239         remove_wait_queue(sk_sleep(sk), &wait);
240 
241         if (err)
242                 goto done;
243 
244         newsock->state = SS_CONNECTED;
245 
246         BT_DBG("new socket %p", nsk);
247 
248 done:
249         release_sock(sk);
250         return err;
251 }
252 
253 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
254                               int *len, int peer)
255 {
256         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
257         struct sock *sk = sock->sk;
258         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
259 
260         BT_DBG("sock %p, sk %p", sock, sk);
261 
262         memset(la, 0, sizeof(struct sockaddr_l2));
263         addr->sa_family = AF_BLUETOOTH;
264         *len = sizeof(struct sockaddr_l2);
265 
266         if (peer) {
267                 la->l2_psm = chan->psm;
268                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
269                 la->l2_cid = cpu_to_le16(chan->dcid);
270         } else {
271                 la->l2_psm = chan->sport;
272                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
273                 la->l2_cid = cpu_to_le16(chan->scid);
274         }
275 
276         return 0;
277 }
278 
279 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
280                                      char __user *optval, int __user *optlen)
281 {
282         struct sock *sk = sock->sk;
283         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
284         struct l2cap_options opts;
285         struct l2cap_conninfo cinfo;
286         int len, err = 0;
287         u32 opt;
288 
289         BT_DBG("sk %p", sk);
290 
291         if (get_user(len, optlen))
292                 return -EFAULT;
293 
294         lock_sock(sk);
295 
296         switch (optname) {
297         case L2CAP_OPTIONS:
298                 memset(&opts, 0, sizeof(opts));
299                 opts.imtu     = chan->imtu;
300                 opts.omtu     = chan->omtu;
301                 opts.flush_to = chan->flush_to;
302                 opts.mode     = chan->mode;
303                 opts.fcs      = chan->fcs;
304                 opts.max_tx   = chan->max_tx;
305                 opts.txwin_size = chan->tx_win;
306 
307                 len = min_t(unsigned int, len, sizeof(opts));
308                 if (copy_to_user(optval, (char *) &opts, len))
309                         err = -EFAULT;
310 
311                 break;
312 
313         case L2CAP_LM:
314                 switch (chan->sec_level) {
315                 case BT_SECURITY_LOW:
316                         opt = L2CAP_LM_AUTH;
317                         break;
318                 case BT_SECURITY_MEDIUM:
319                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
320                         break;
321                 case BT_SECURITY_HIGH:
322                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
323                               L2CAP_LM_SECURE;
324                         break;
325                 default:
326                         opt = 0;
327                         break;
328                 }
329 
330                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
331                         opt |= L2CAP_LM_MASTER;
332 
333                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
334                         opt |= L2CAP_LM_RELIABLE;
335 
336                 if (put_user(opt, (u32 __user *) optval))
337                         err = -EFAULT;
338                 break;
339 
340         case L2CAP_CONNINFO:
341                 if (sk->sk_state != BT_CONNECTED &&
342                     !(sk->sk_state == BT_CONNECT2 &&
343                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
344                         err = -ENOTCONN;
345                         break;
346                 }
347 
348                 memset(&cinfo, 0, sizeof(cinfo));
349                 cinfo.hci_handle = chan->conn->hcon->handle;
350                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
351 
352                 len = min_t(unsigned int, len, sizeof(cinfo));
353                 if (copy_to_user(optval, (char *) &cinfo, len))
354                         err = -EFAULT;
355 
356                 break;
357 
358         default:
359                 err = -ENOPROTOOPT;
360                 break;
361         }
362 
363         release_sock(sk);
364         return err;
365 }
366 
367 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
368                                  char __user *optval, int __user *optlen)
369 {
370         struct sock *sk = sock->sk;
371         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
372         struct bt_security sec;
373         struct bt_power pwr;
374         int len, err = 0;
375 
376         BT_DBG("sk %p", sk);
377 
378         if (level == SOL_L2CAP)
379                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
380 
381         if (level != SOL_BLUETOOTH)
382                 return -ENOPROTOOPT;
383 
384         if (get_user(len, optlen))
385                 return -EFAULT;
386 
387         lock_sock(sk);
388 
389         switch (optname) {
390         case BT_SECURITY:
391                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
392                     chan->chan_type != L2CAP_CHAN_RAW) {
393                         err = -EINVAL;
394                         break;
395                 }
396 
397                 memset(&sec, 0, sizeof(sec));
398                 if (chan->conn) {
399                         sec.level = chan->conn->hcon->sec_level;
400 
401                         if (sk->sk_state == BT_CONNECTED)
402                                 sec.key_size = chan->conn->hcon->enc_key_size;
403                 } else {
404                         sec.level = chan->sec_level;
405                 }
406 
407                 len = min_t(unsigned int, len, sizeof(sec));
408                 if (copy_to_user(optval, (char *) &sec, len))
409                         err = -EFAULT;
410 
411                 break;
412 
413         case BT_DEFER_SETUP:
414                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
415                         err = -EINVAL;
416                         break;
417                 }
418 
419                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
420                              (u32 __user *) optval))
421                         err = -EFAULT;
422 
423                 break;
424 
425         case BT_FLUSHABLE:
426                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
427                              (u32 __user *) optval))
428                         err = -EFAULT;
429 
430                 break;
431 
432         case BT_POWER:
433                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
434                     && sk->sk_type != SOCK_RAW) {
435                         err = -EINVAL;
436                         break;
437                 }
438 
439                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
440 
441                 len = min_t(unsigned int, len, sizeof(pwr));
442                 if (copy_to_user(optval, (char *) &pwr, len))
443                         err = -EFAULT;
444 
445                 break;
446 
447         case BT_CHANNEL_POLICY:
448                 if (!enable_hs) {
449                         err = -ENOPROTOOPT;
450                         break;
451                 }
452 
453                 if (put_user(chan->chan_policy, (u32 __user *) optval))
454                         err = -EFAULT;
455                 break;
456 
457         default:
458                 err = -ENOPROTOOPT;
459                 break;
460         }
461 
462         release_sock(sk);
463         return err;
464 }
465 
466 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
467 {
468         switch (chan->scid) {
469         case L2CAP_CID_ATT:
470                 if (mtu < L2CAP_LE_MIN_MTU)
471                         return false;
472                 break;
473 
474         default:
475                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
476                         return false;
477         }
478 
479         return true;
480 }
481 
482 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
483                                      char __user *optval, unsigned int optlen)
484 {
485         struct sock *sk = sock->sk;
486         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
487         struct l2cap_options opts;
488         int len, err = 0;
489         u32 opt;
490 
491         BT_DBG("sk %p", sk);
492 
493         lock_sock(sk);
494 
495         switch (optname) {
496         case L2CAP_OPTIONS:
497                 if (sk->sk_state == BT_CONNECTED) {
498                         err = -EINVAL;
499                         break;
500                 }
501 
502                 opts.imtu     = chan->imtu;
503                 opts.omtu     = chan->omtu;
504                 opts.flush_to = chan->flush_to;
505                 opts.mode     = chan->mode;
506                 opts.fcs      = chan->fcs;
507                 opts.max_tx   = chan->max_tx;
508                 opts.txwin_size = chan->tx_win;
509 
510                 len = min_t(unsigned int, sizeof(opts), optlen);
511                 if (copy_from_user((char *) &opts, optval, len)) {
512                         err = -EFAULT;
513                         break;
514                 }
515 
516                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
517                         err = -EINVAL;
518                         break;
519                 }
520 
521                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
522                         err = -EINVAL;
523                         break;
524                 }
525 
526                 chan->mode = opts.mode;
527                 switch (chan->mode) {
528                 case L2CAP_MODE_BASIC:
529                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
530                         break;
531                 case L2CAP_MODE_ERTM:
532                 case L2CAP_MODE_STREAMING:
533                         if (!disable_ertm)
534                                 break;
535                         /* fall through */
536                 default:
537                         err = -EINVAL;
538                         break;
539                 }
540 
541                 chan->imtu = opts.imtu;
542                 chan->omtu = opts.omtu;
543                 chan->fcs  = opts.fcs;
544                 chan->max_tx = opts.max_tx;
545                 chan->tx_win = opts.txwin_size;
546                 chan->flush_to = opts.flush_to;
547                 break;
548 
549         case L2CAP_LM:
550                 if (get_user(opt, (u32 __user *) optval)) {
551                         err = -EFAULT;
552                         break;
553                 }
554 
555                 if (opt & L2CAP_LM_AUTH)
556                         chan->sec_level = BT_SECURITY_LOW;
557                 if (opt & L2CAP_LM_ENCRYPT)
558                         chan->sec_level = BT_SECURITY_MEDIUM;
559                 if (opt & L2CAP_LM_SECURE)
560                         chan->sec_level = BT_SECURITY_HIGH;
561 
562                 if (opt & L2CAP_LM_MASTER)
563                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
564                 else
565                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
566 
567                 if (opt & L2CAP_LM_RELIABLE)
568                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
569                 else
570                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
571                 break;
572 
573         default:
574                 err = -ENOPROTOOPT;
575                 break;
576         }
577 
578         release_sock(sk);
579         return err;
580 }
581 
582 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
583                                  char __user *optval, unsigned int optlen)
584 {
585         struct sock *sk = sock->sk;
586         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
587         struct bt_security sec;
588         struct bt_power pwr;
589         struct l2cap_conn *conn;
590         int len, err = 0;
591         u32 opt;
592 
593         BT_DBG("sk %p", sk);
594 
595         if (level == SOL_L2CAP)
596                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
597 
598         if (level != SOL_BLUETOOTH)
599                 return -ENOPROTOOPT;
600 
601         lock_sock(sk);
602 
603         switch (optname) {
604         case BT_SECURITY:
605                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
606                     chan->chan_type != L2CAP_CHAN_RAW) {
607                         err = -EINVAL;
608                         break;
609                 }
610 
611                 sec.level = BT_SECURITY_LOW;
612 
613                 len = min_t(unsigned int, sizeof(sec), optlen);
614                 if (copy_from_user((char *) &sec, optval, len)) {
615                         err = -EFAULT;
616                         break;
617                 }
618 
619                 if (sec.level < BT_SECURITY_LOW ||
620                     sec.level > BT_SECURITY_HIGH) {
621                         err = -EINVAL;
622                         break;
623                 }
624 
625                 chan->sec_level = sec.level;
626 
627                 if (!chan->conn)
628                         break;
629 
630                 conn = chan->conn;
631 
632                 /*change security for LE channels */
633                 if (chan->scid == L2CAP_CID_ATT) {
634                         if (!conn->hcon->out) {
635                                 err = -EINVAL;
636                                 break;
637                         }
638 
639                         if (smp_conn_security(conn->hcon, sec.level))
640                                 break;
641                         sk->sk_state = BT_CONFIG;
642                         chan->state = BT_CONFIG;
643 
644                 /* or for ACL link */
645                 } else if ((sk->sk_state == BT_CONNECT2 &&
646                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
647                            sk->sk_state == BT_CONNECTED) {
648                         if (!l2cap_chan_check_security(chan))
649                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
650                         else
651                                 sk->sk_state_change(sk);
652                 } else {
653                         err = -EINVAL;
654                 }
655                 break;
656 
657         case BT_DEFER_SETUP:
658                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
659                         err = -EINVAL;
660                         break;
661                 }
662 
663                 if (get_user(opt, (u32 __user *) optval)) {
664                         err = -EFAULT;
665                         break;
666                 }
667 
668                 if (opt)
669                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
670                 else
671                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
672                 break;
673 
674         case BT_FLUSHABLE:
675                 if (get_user(opt, (u32 __user *) optval)) {
676                         err = -EFAULT;
677                         break;
678                 }
679 
680                 if (opt > BT_FLUSHABLE_ON) {
681                         err = -EINVAL;
682                         break;
683                 }
684 
685                 if (opt == BT_FLUSHABLE_OFF) {
686                         struct l2cap_conn *conn = chan->conn;
687                         /* proceed further only when we have l2cap_conn and
688                            No Flush support in the LM */
689                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
690                                 err = -EINVAL;
691                                 break;
692                         }
693                 }
694 
695                 if (opt)
696                         set_bit(FLAG_FLUSHABLE, &chan->flags);
697                 else
698                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
699                 break;
700 
701         case BT_POWER:
702                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
703                     chan->chan_type != L2CAP_CHAN_RAW) {
704                         err = -EINVAL;
705                         break;
706                 }
707 
708                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
709 
710                 len = min_t(unsigned int, sizeof(pwr), optlen);
711                 if (copy_from_user((char *) &pwr, optval, len)) {
712                         err = -EFAULT;
713                         break;
714                 }
715 
716                 if (pwr.force_active)
717                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
718                 else
719                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
720                 break;
721 
722         case BT_CHANNEL_POLICY:
723                 if (!enable_hs) {
724                         err = -ENOPROTOOPT;
725                         break;
726                 }
727 
728                 if (get_user(opt, (u32 __user *) optval)) {
729                         err = -EFAULT;
730                         break;
731                 }
732 
733                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
734                         err = -EINVAL;
735                         break;
736                 }
737 
738                 if (chan->mode != L2CAP_MODE_ERTM &&
739                     chan->mode != L2CAP_MODE_STREAMING) {
740                         err = -EOPNOTSUPP;
741                         break;
742                 }
743 
744                 chan->chan_policy = (u8) opt;
745 
746                 if (sk->sk_state == BT_CONNECTED &&
747                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
748                         l2cap_move_start(chan);
749 
750                 break;
751 
752         default:
753                 err = -ENOPROTOOPT;
754                 break;
755         }
756 
757         release_sock(sk);
758         return err;
759 }
760 
761 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
762                               struct msghdr *msg, size_t len)
763 {
764         struct sock *sk = sock->sk;
765         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
766         int err;
767 
768         BT_DBG("sock %p, sk %p", sock, sk);
769 
770         err = sock_error(sk);
771         if (err)
772                 return err;
773 
774         if (msg->msg_flags & MSG_OOB)
775                 return -EOPNOTSUPP;
776 
777         if (sk->sk_state != BT_CONNECTED)
778                 return -ENOTCONN;
779 
780         l2cap_chan_lock(chan);
781         err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
782         l2cap_chan_unlock(chan);
783 
784         return err;
785 }
786 
787 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
788                               struct msghdr *msg, size_t len, int flags)
789 {
790         struct sock *sk = sock->sk;
791         struct l2cap_pinfo *pi = l2cap_pi(sk);
792         int err;
793 
794         lock_sock(sk);
795 
796         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
797                                                     &bt_sk(sk)->flags)) {
798                 sk->sk_state = BT_CONFIG;
799                 pi->chan->state = BT_CONFIG;
800 
801                 __l2cap_connect_rsp_defer(pi->chan);
802                 release_sock(sk);
803                 return 0;
804         }
805 
806         release_sock(sk);
807 
808         if (sock->type == SOCK_STREAM)
809                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
810         else
811                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
812 
813         if (pi->chan->mode != L2CAP_MODE_ERTM)
814                 return err;
815 
816         /* Attempt to put pending rx data in the socket buffer */
817 
818         lock_sock(sk);
819 
820         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
821                 goto done;
822 
823         if (pi->rx_busy_skb) {
824                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
825                         pi->rx_busy_skb = NULL;
826                 else
827                         goto done;
828         }
829 
830         /* Restore data flow when half of the receive buffer is
831          * available.  This avoids resending large numbers of
832          * frames.
833          */
834         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
835                 l2cap_chan_busy(pi->chan, 0);
836 
837 done:
838         release_sock(sk);
839         return err;
840 }
841 
842 /* Kill socket (only if zapped and orphan)
843  * Must be called on unlocked socket.
844  */
845 static void l2cap_sock_kill(struct sock *sk)
846 {
847         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
848                 return;
849 
850         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
851 
852         /* Kill poor orphan */
853 
854         l2cap_chan_put(l2cap_pi(sk)->chan);
855         sock_set_flag(sk, SOCK_DEAD);
856         sock_put(sk);
857 }
858 
859 static int l2cap_sock_shutdown(struct socket *sock, int how)
860 {
861         struct sock *sk = sock->sk;
862         struct l2cap_chan *chan;
863         struct l2cap_conn *conn;
864         int err = 0;
865 
866         BT_DBG("sock %p, sk %p", sock, sk);
867 
868         if (!sk)
869                 return 0;
870 
871         chan = l2cap_pi(sk)->chan;
872         conn = chan->conn;
873 
874         if (conn)
875                 mutex_lock(&conn->chan_lock);
876 
877         l2cap_chan_lock(chan);
878         lock_sock(sk);
879 
880         if (!sk->sk_shutdown) {
881                 if (chan->mode == L2CAP_MODE_ERTM)
882                         err = __l2cap_wait_ack(sk);
883 
884                 sk->sk_shutdown = SHUTDOWN_MASK;
885 
886                 release_sock(sk);
887                 l2cap_chan_close(chan, 0);
888                 lock_sock(sk);
889 
890                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
891                         err = bt_sock_wait_state(sk, BT_CLOSED,
892                                                  sk->sk_lingertime);
893         }
894 
895         if (!err && sk->sk_err)
896                 err = -sk->sk_err;
897 
898         release_sock(sk);
899         l2cap_chan_unlock(chan);
900 
901         if (conn)
902                 mutex_unlock(&conn->chan_lock);
903 
904         return err;
905 }
906 
907 static int l2cap_sock_release(struct socket *sock)
908 {
909         struct sock *sk = sock->sk;
910         int err;
911 
912         BT_DBG("sock %p, sk %p", sock, sk);
913 
914         if (!sk)
915                 return 0;
916 
917         bt_sock_unlink(&l2cap_sk_list, sk);
918 
919         err = l2cap_sock_shutdown(sock, 2);
920 
921         sock_orphan(sk);
922         l2cap_sock_kill(sk);
923         return err;
924 }
925 
926 static void l2cap_sock_cleanup_listen(struct sock *parent)
927 {
928         struct sock *sk;
929 
930         BT_DBG("parent %p", parent);
931 
932         /* Close not yet accepted channels */
933         while ((sk = bt_accept_dequeue(parent, NULL))) {
934                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
935 
936                 l2cap_chan_lock(chan);
937                 __clear_chan_timer(chan);
938                 l2cap_chan_close(chan, ECONNRESET);
939                 l2cap_chan_unlock(chan);
940 
941                 l2cap_sock_kill(sk);
942         }
943 }
944 
945 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
946 {
947         struct sock *sk, *parent = chan->data;
948 
949         /* Check for backlog size */
950         if (sk_acceptq_is_full(parent)) {
951                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
952                 return NULL;
953         }
954 
955         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
956                               GFP_ATOMIC);
957         if (!sk)
958                 return NULL;
959 
960         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
961 
962         l2cap_sock_init(sk, parent);
963 
964         bt_accept_enqueue(parent, sk);
965 
966         return l2cap_pi(sk)->chan;
967 }
968 
969 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
970 {
971         int err;
972         struct sock *sk = chan->data;
973         struct l2cap_pinfo *pi = l2cap_pi(sk);
974 
975         lock_sock(sk);
976 
977         if (pi->rx_busy_skb) {
978                 err = -ENOMEM;
979                 goto done;
980         }
981 
982         err = sock_queue_rcv_skb(sk, skb);
983 
984         /* For ERTM, handle one skb that doesn't fit into the recv
985          * buffer.  This is important to do because the data frames
986          * have already been acked, so the skb cannot be discarded.
987          *
988          * Notify the l2cap core that the buffer is full, so the
989          * LOCAL_BUSY state is entered and no more frames are
990          * acked and reassembled until there is buffer space
991          * available.
992          */
993         if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
994                 pi->rx_busy_skb = skb;
995                 l2cap_chan_busy(pi->chan, 1);
996                 err = 0;
997         }
998 
999 done:
1000         release_sock(sk);
1001 
1002         return err;
1003 }
1004 
1005 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1006 {
1007         struct sock *sk = chan->data;
1008 
1009         l2cap_sock_kill(sk);
1010 }
1011 
1012 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1013 {
1014         struct sock *sk = chan->data;
1015         struct sock *parent;
1016 
1017         lock_sock(sk);
1018 
1019         parent = bt_sk(sk)->parent;
1020 
1021         sock_set_flag(sk, SOCK_ZAPPED);
1022 
1023         switch (chan->state) {
1024         case BT_OPEN:
1025         case BT_BOUND:
1026         case BT_CLOSED:
1027                 break;
1028         case BT_LISTEN:
1029                 l2cap_sock_cleanup_listen(sk);
1030                 sk->sk_state = BT_CLOSED;
1031                 chan->state = BT_CLOSED;
1032 
1033                 break;
1034         default:
1035                 sk->sk_state = BT_CLOSED;
1036                 chan->state = BT_CLOSED;
1037 
1038                 sk->sk_err = err;
1039 
1040                 if (parent) {
1041                         bt_accept_unlink(sk);
1042                         parent->sk_data_ready(parent, 0);
1043                 } else {
1044                         sk->sk_state_change(sk);
1045                 }
1046 
1047                 break;
1048         }
1049 
1050         release_sock(sk);
1051 }
1052 
1053 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1054 {
1055         struct sock *sk = chan->data;
1056 
1057         sk->sk_state = state;
1058 }
1059 
1060 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1061                                                unsigned long len, int nb)
1062 {
1063         struct sk_buff *skb;
1064         int err;
1065 
1066         l2cap_chan_unlock(chan);
1067         skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1068         l2cap_chan_lock(chan);
1069 
1070         if (!skb)
1071                 return ERR_PTR(err);
1072 
1073         return skb;
1074 }
1075 
1076 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1077 {
1078         struct sock *sk = chan->data;
1079         struct sock *parent;
1080 
1081         lock_sock(sk);
1082 
1083         parent = bt_sk(sk)->parent;
1084 
1085         BT_DBG("sk %p, parent %p", sk, parent);
1086 
1087         sk->sk_state = BT_CONNECTED;
1088         sk->sk_state_change(sk);
1089 
1090         if (parent)
1091                 parent->sk_data_ready(parent, 0);
1092 
1093         release_sock(sk);
1094 }
1095 
1096 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1097 {
1098         struct sock *sk = chan->data;
1099         struct sock *parent = bt_sk(sk)->parent;
1100 
1101         if (parent)
1102                 parent->sk_data_ready(parent, 0);
1103 }
1104 
1105 static struct l2cap_ops l2cap_chan_ops = {
1106         .name           = "L2CAP Socket Interface",
1107         .new_connection = l2cap_sock_new_connection_cb,
1108         .recv           = l2cap_sock_recv_cb,
1109         .close          = l2cap_sock_close_cb,
1110         .teardown       = l2cap_sock_teardown_cb,
1111         .state_change   = l2cap_sock_state_change_cb,
1112         .ready          = l2cap_sock_ready_cb,
1113         .defer          = l2cap_sock_defer_cb,
1114         .alloc_skb      = l2cap_sock_alloc_skb_cb,
1115 };
1116 
1117 static void l2cap_sock_destruct(struct sock *sk)
1118 {
1119         BT_DBG("sk %p", sk);
1120 
1121         if (l2cap_pi(sk)->chan)
1122                 l2cap_chan_put(l2cap_pi(sk)->chan);
1123         if (l2cap_pi(sk)->rx_busy_skb) {
1124                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1125                 l2cap_pi(sk)->rx_busy_skb = NULL;
1126         }
1127 
1128         skb_queue_purge(&sk->sk_receive_queue);
1129         skb_queue_purge(&sk->sk_write_queue);
1130 }
1131 
1132 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1133 {
1134         struct l2cap_pinfo *pi = l2cap_pi(sk);
1135         struct l2cap_chan *chan = pi->chan;
1136 
1137         BT_DBG("sk %p", sk);
1138 
1139         if (parent) {
1140                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1141 
1142                 sk->sk_type = parent->sk_type;
1143                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1144 
1145                 chan->chan_type = pchan->chan_type;
1146                 chan->imtu = pchan->imtu;
1147                 chan->omtu = pchan->omtu;
1148                 chan->conf_state = pchan->conf_state;
1149                 chan->mode = pchan->mode;
1150                 chan->fcs  = pchan->fcs;
1151                 chan->max_tx = pchan->max_tx;
1152                 chan->tx_win = pchan->tx_win;
1153                 chan->tx_win_max = pchan->tx_win_max;
1154                 chan->sec_level = pchan->sec_level;
1155                 chan->flags = pchan->flags;
1156 
1157                 security_sk_clone(parent, sk);
1158         } else {
1159 
1160                 switch (sk->sk_type) {
1161                 case SOCK_RAW:
1162                         chan->chan_type = L2CAP_CHAN_RAW;
1163                         break;
1164                 case SOCK_DGRAM:
1165                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1166                         break;
1167                 case SOCK_SEQPACKET:
1168                 case SOCK_STREAM:
1169                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1170                         break;
1171                 }
1172 
1173                 chan->imtu = L2CAP_DEFAULT_MTU;
1174                 chan->omtu = 0;
1175                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1176                         chan->mode = L2CAP_MODE_ERTM;
1177                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1178                 } else {
1179                         chan->mode = L2CAP_MODE_BASIC;
1180                 }
1181 
1182                 l2cap_chan_set_defaults(chan);
1183         }
1184 
1185         /* Default config options */
1186         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1187 
1188         chan->data = sk;
1189         chan->ops = &l2cap_chan_ops;
1190 }
1191 
1192 static struct proto l2cap_proto = {
1193         .name           = "L2CAP",
1194         .owner          = THIS_MODULE,
1195         .obj_size       = sizeof(struct l2cap_pinfo)
1196 };
1197 
1198 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1199                                      int proto, gfp_t prio)
1200 {
1201         struct sock *sk;
1202         struct l2cap_chan *chan;
1203 
1204         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1205         if (!sk)
1206                 return NULL;
1207 
1208         sock_init_data(sock, sk);
1209         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1210 
1211         sk->sk_destruct = l2cap_sock_destruct;
1212         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1213 
1214         sock_reset_flag(sk, SOCK_ZAPPED);
1215 
1216         sk->sk_protocol = proto;
1217         sk->sk_state = BT_OPEN;
1218 
1219         chan = l2cap_chan_create();
1220         if (!chan) {
1221                 sk_free(sk);
1222                 return NULL;
1223         }
1224 
1225         l2cap_chan_hold(chan);
1226 
1227         chan->sk = sk;
1228 
1229         l2cap_pi(sk)->chan = chan;
1230 
1231         return sk;
1232 }
1233 
1234 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1235                              int kern)
1236 {
1237         struct sock *sk;
1238 
1239         BT_DBG("sock %p", sock);
1240 
1241         sock->state = SS_UNCONNECTED;
1242 
1243         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1244             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1245                 return -ESOCKTNOSUPPORT;
1246 
1247         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1248                 return -EPERM;
1249 
1250         sock->ops = &l2cap_sock_ops;
1251 
1252         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1253         if (!sk)
1254                 return -ENOMEM;
1255 
1256         l2cap_sock_init(sk, NULL);
1257         bt_sock_link(&l2cap_sk_list, sk);
1258         return 0;
1259 }
1260 
1261 static const struct proto_ops l2cap_sock_ops = {
1262         .family         = PF_BLUETOOTH,
1263         .owner          = THIS_MODULE,
1264         .release        = l2cap_sock_release,
1265         .bind           = l2cap_sock_bind,
1266         .connect        = l2cap_sock_connect,
1267         .listen         = l2cap_sock_listen,
1268         .accept         = l2cap_sock_accept,
1269         .getname        = l2cap_sock_getname,
1270         .sendmsg        = l2cap_sock_sendmsg,
1271         .recvmsg        = l2cap_sock_recvmsg,
1272         .poll           = bt_sock_poll,
1273         .ioctl          = bt_sock_ioctl,
1274         .mmap           = sock_no_mmap,
1275         .socketpair     = sock_no_socketpair,
1276         .shutdown       = l2cap_sock_shutdown,
1277         .setsockopt     = l2cap_sock_setsockopt,
1278         .getsockopt     = l2cap_sock_getsockopt
1279 };
1280 
1281 static const struct net_proto_family l2cap_sock_family_ops = {
1282         .family = PF_BLUETOOTH,
1283         .owner  = THIS_MODULE,
1284         .create = l2cap_sock_create,
1285 };
1286 
1287 int __init l2cap_init_sockets(void)
1288 {
1289         int err;
1290 
1291         err = proto_register(&l2cap_proto, 0);
1292         if (err < 0)
1293                 return err;
1294 
1295         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1296         if (err < 0) {
1297                 BT_ERR("L2CAP socket registration failed");
1298                 goto error;
1299         }
1300 
1301         err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1302                              NULL);
1303         if (err < 0) {
1304                 BT_ERR("Failed to create L2CAP proc file");
1305                 bt_sock_unregister(BTPROTO_L2CAP);
1306                 goto error;
1307         }
1308 
1309         BT_INFO("L2CAP socket layer initialized");
1310 
1311         return 0;
1312 
1313 error:
1314         proto_unregister(&l2cap_proto);
1315         return err;
1316 }
1317 
1318 void l2cap_cleanup_sockets(void)
1319 {
1320         bt_procfs_cleanup(&init_net, "l2cap");
1321         bt_sock_unregister(BTPROTO_L2CAP);
1322         proto_unregister(&l2cap_proto);
1323 }
1324 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp