~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/l2cap_sock.c

Version: ~ [ linux-5.4-rc3 ] ~ [ linux-5.3.6 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.79 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.149 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.196 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.196 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.75 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
  5    Copyright (C) 2010 Google Inc.
  6    Copyright (C) 2011 ProFUSION Embedded Systems
  7 
  8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  9 
 10    This program is free software; you can redistribute it and/or modify
 11    it under the terms of the GNU General Public License version 2 as
 12    published by the Free Software Foundation;
 13 
 14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 22 
 23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 25    SOFTWARE IS DISCLAIMED.
 26 */
 27 
 28 /* Bluetooth L2CAP sockets. */
 29 
 30 #include <linux/security.h>
 31 #include <linux/export.h>
 32 
 33 #include <net/bluetooth/bluetooth.h>
 34 #include <net/bluetooth/hci_core.h>
 35 #include <net/bluetooth/l2cap.h>
 36 #include <net/bluetooth/smp.h>
 37 
 38 static const struct proto_ops l2cap_sock_ops;
 39 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
 40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
 41 
 42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 43 {
 44         struct sock *sk = sock->sk;
 45         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 46         struct sockaddr_l2 la;
 47         int len, err = 0;
 48 
 49         BT_DBG("sk %p", sk);
 50 
 51         if (!addr || addr->sa_family != AF_BLUETOOTH)
 52                 return -EINVAL;
 53 
 54         memset(&la, 0, sizeof(la));
 55         len = min_t(unsigned int, sizeof(la), alen);
 56         memcpy(&la, addr, len);
 57 
 58         if (la.l2_cid && la.l2_psm)
 59                 return -EINVAL;
 60 
 61         lock_sock(sk);
 62 
 63         if (sk->sk_state != BT_OPEN) {
 64                 err = -EBADFD;
 65                 goto done;
 66         }
 67 
 68         if (la.l2_psm) {
 69                 __u16 psm = __le16_to_cpu(la.l2_psm);
 70 
 71                 /* PSM must be odd and lsb of upper byte must be 0 */
 72                 if ((psm & 0x0101) != 0x0001) {
 73                         err = -EINVAL;
 74                         goto done;
 75                 }
 76 
 77                 /* Restrict usage of well-known PSMs */
 78                 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
 79                         err = -EACCES;
 80                         goto done;
 81                 }
 82         }
 83 
 84         if (la.l2_cid)
 85                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
 86         else
 87                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
 88 
 89         if (err < 0)
 90                 goto done;
 91 
 92         if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
 93                                 __le16_to_cpu(la.l2_psm) == 0x0003)
 94                 chan->sec_level = BT_SECURITY_SDP;
 95 
 96         bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
 97 
 98         chan->state = BT_BOUND;
 99         sk->sk_state = BT_BOUND;
100 
101 done:
102         release_sock(sk);
103         return err;
104 }
105 
106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107 {
108         struct sock *sk = sock->sk;
109         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110         struct sockaddr_l2 la;
111         int len, err = 0;
112 
113         BT_DBG("sk %p", sk);
114 
115         if (!addr || alen < sizeof(addr->sa_family) ||
116             addr->sa_family != AF_BLUETOOTH)
117                 return -EINVAL;
118 
119         memset(&la, 0, sizeof(la));
120         len = min_t(unsigned int, sizeof(la), alen);
121         memcpy(&la, addr, len);
122 
123         if (la.l2_cid && la.l2_psm)
124                 return -EINVAL;
125 
126         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
127                                  &la.l2_bdaddr, la.l2_bdaddr_type);
128         if (err)
129                 return err;
130 
131         lock_sock(sk);
132 
133         err = bt_sock_wait_state(sk, BT_CONNECTED,
134                         sock_sndtimeo(sk, flags & O_NONBLOCK));
135 
136         release_sock(sk);
137 
138         return err;
139 }
140 
141 static int l2cap_sock_listen(struct socket *sock, int backlog)
142 {
143         struct sock *sk = sock->sk;
144         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
145         int err = 0;
146 
147         BT_DBG("sk %p backlog %d", sk, backlog);
148 
149         lock_sock(sk);
150 
151         if (sk->sk_state != BT_BOUND) {
152                 err = -EBADFD;
153                 goto done;
154         }
155 
156         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
157                 err = -EINVAL;
158                 goto done;
159         }
160 
161         switch (chan->mode) {
162         case L2CAP_MODE_BASIC:
163                 break;
164         case L2CAP_MODE_ERTM:
165         case L2CAP_MODE_STREAMING:
166                 if (!disable_ertm)
167                         break;
168                 /* fall through */
169         default:
170                 err = -ENOTSUPP;
171                 goto done;
172         }
173 
174         sk->sk_max_ack_backlog = backlog;
175         sk->sk_ack_backlog = 0;
176 
177         chan->state = BT_LISTEN;
178         sk->sk_state = BT_LISTEN;
179 
180 done:
181         release_sock(sk);
182         return err;
183 }
184 
185 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
186 {
187         DECLARE_WAITQUEUE(wait, current);
188         struct sock *sk = sock->sk, *nsk;
189         long timeo;
190         int err = 0;
191 
192         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
193 
194         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
195 
196         BT_DBG("sk %p timeo %ld", sk, timeo);
197 
198         /* Wait for an incoming connection. (wake-one). */
199         add_wait_queue_exclusive(sk_sleep(sk), &wait);
200         while (1) {
201                 set_current_state(TASK_INTERRUPTIBLE);
202 
203                 if (sk->sk_state != BT_LISTEN) {
204                         err = -EBADFD;
205                         break;
206                 }
207 
208                 nsk = bt_accept_dequeue(sk, newsock);
209                 if (nsk)
210                         break;
211 
212                 if (!timeo) {
213                         err = -EAGAIN;
214                         break;
215                 }
216 
217                 if (signal_pending(current)) {
218                         err = sock_intr_errno(timeo);
219                         break;
220                 }
221 
222                 release_sock(sk);
223                 timeo = schedule_timeout(timeo);
224                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
225         }
226         __set_current_state(TASK_RUNNING);
227         remove_wait_queue(sk_sleep(sk), &wait);
228 
229         if (err)
230                 goto done;
231 
232         newsock->state = SS_CONNECTED;
233 
234         BT_DBG("new socket %p", nsk);
235 
236 done:
237         release_sock(sk);
238         return err;
239 }
240 
241 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
242 {
243         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
244         struct sock *sk = sock->sk;
245         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
246 
247         BT_DBG("sock %p, sk %p", sock, sk);
248 
249         memset(la, 0, sizeof(struct sockaddr_l2));
250         addr->sa_family = AF_BLUETOOTH;
251         *len = sizeof(struct sockaddr_l2);
252 
253         if (peer) {
254                 la->l2_psm = chan->psm;
255                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
256                 la->l2_cid = cpu_to_le16(chan->dcid);
257         } else {
258                 la->l2_psm = chan->sport;
259                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
260                 la->l2_cid = cpu_to_le16(chan->scid);
261         }
262 
263         return 0;
264 }
265 
266 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
267 {
268         struct sock *sk = sock->sk;
269         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
270         struct l2cap_options opts;
271         struct l2cap_conninfo cinfo;
272         int len, err = 0;
273         u32 opt;
274 
275         BT_DBG("sk %p", sk);
276 
277         if (get_user(len, optlen))
278                 return -EFAULT;
279 
280         lock_sock(sk);
281 
282         switch (optname) {
283         case L2CAP_OPTIONS:
284                 memset(&opts, 0, sizeof(opts));
285                 opts.imtu     = chan->imtu;
286                 opts.omtu     = chan->omtu;
287                 opts.flush_to = chan->flush_to;
288                 opts.mode     = chan->mode;
289                 opts.fcs      = chan->fcs;
290                 opts.max_tx   = chan->max_tx;
291                 opts.txwin_size = chan->tx_win;
292 
293                 len = min_t(unsigned int, len, sizeof(opts));
294                 if (copy_to_user(optval, (char *) &opts, len))
295                         err = -EFAULT;
296 
297                 break;
298 
299         case L2CAP_LM:
300                 switch (chan->sec_level) {
301                 case BT_SECURITY_LOW:
302                         opt = L2CAP_LM_AUTH;
303                         break;
304                 case BT_SECURITY_MEDIUM:
305                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
306                         break;
307                 case BT_SECURITY_HIGH:
308                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
309                                                         L2CAP_LM_SECURE;
310                         break;
311                 default:
312                         opt = 0;
313                         break;
314                 }
315 
316                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
317                         opt |= L2CAP_LM_MASTER;
318 
319                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
320                         opt |= L2CAP_LM_RELIABLE;
321 
322                 if (put_user(opt, (u32 __user *) optval))
323                         err = -EFAULT;
324                 break;
325 
326         case L2CAP_CONNINFO:
327                 if (sk->sk_state != BT_CONNECTED &&
328                     !(sk->sk_state == BT_CONNECT2 &&
329                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
330                         err = -ENOTCONN;
331                         break;
332                 }
333 
334                 memset(&cinfo, 0, sizeof(cinfo));
335                 cinfo.hci_handle = chan->conn->hcon->handle;
336                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
337 
338                 len = min_t(unsigned int, len, sizeof(cinfo));
339                 if (copy_to_user(optval, (char *) &cinfo, len))
340                         err = -EFAULT;
341 
342                 break;
343 
344         default:
345                 err = -ENOPROTOOPT;
346                 break;
347         }
348 
349         release_sock(sk);
350         return err;
351 }
352 
353 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
354 {
355         struct sock *sk = sock->sk;
356         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
357         struct bt_security sec;
358         struct bt_power pwr;
359         int len, err = 0;
360 
361         BT_DBG("sk %p", sk);
362 
363         if (level == SOL_L2CAP)
364                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
365 
366         if (level != SOL_BLUETOOTH)
367                 return -ENOPROTOOPT;
368 
369         if (get_user(len, optlen))
370                 return -EFAULT;
371 
372         lock_sock(sk);
373 
374         switch (optname) {
375         case BT_SECURITY:
376                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
377                                         chan->chan_type != L2CAP_CHAN_RAW) {
378                         err = -EINVAL;
379                         break;
380                 }
381 
382                 memset(&sec, 0, sizeof(sec));
383                 if (chan->conn)
384                         sec.level = chan->conn->hcon->sec_level;
385                 else
386                         sec.level = chan->sec_level;
387 
388                 if (sk->sk_state == BT_CONNECTED)
389                         sec.key_size = chan->conn->hcon->enc_key_size;
390 
391                 len = min_t(unsigned int, len, sizeof(sec));
392                 if (copy_to_user(optval, (char *) &sec, len))
393                         err = -EFAULT;
394 
395                 break;
396 
397         case BT_DEFER_SETUP:
398                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
399                         err = -EINVAL;
400                         break;
401                 }
402 
403                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
404                              (u32 __user *) optval))
405                         err = -EFAULT;
406 
407                 break;
408 
409         case BT_FLUSHABLE:
410                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
411                                                 (u32 __user *) optval))
412                         err = -EFAULT;
413 
414                 break;
415 
416         case BT_POWER:
417                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
418                                 && sk->sk_type != SOCK_RAW) {
419                         err = -EINVAL;
420                         break;
421                 }
422 
423                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
424 
425                 len = min_t(unsigned int, len, sizeof(pwr));
426                 if (copy_to_user(optval, (char *) &pwr, len))
427                         err = -EFAULT;
428 
429                 break;
430 
431         case BT_CHANNEL_POLICY:
432                 if (!enable_hs) {
433                         err = -ENOPROTOOPT;
434                         break;
435                 }
436 
437                 if (put_user(chan->chan_policy, (u32 __user *) optval))
438                         err = -EFAULT;
439                 break;
440 
441         default:
442                 err = -ENOPROTOOPT;
443                 break;
444         }
445 
446         release_sock(sk);
447         return err;
448 }
449 
450 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
451 {
452         struct sock *sk = sock->sk;
453         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
454         struct l2cap_options opts;
455         int len, err = 0;
456         u32 opt;
457 
458         BT_DBG("sk %p", sk);
459 
460         lock_sock(sk);
461 
462         switch (optname) {
463         case L2CAP_OPTIONS:
464                 if (sk->sk_state == BT_CONNECTED) {
465                         err = -EINVAL;
466                         break;
467                 }
468 
469                 opts.imtu     = chan->imtu;
470                 opts.omtu     = chan->omtu;
471                 opts.flush_to = chan->flush_to;
472                 opts.mode     = chan->mode;
473                 opts.fcs      = chan->fcs;
474                 opts.max_tx   = chan->max_tx;
475                 opts.txwin_size = chan->tx_win;
476 
477                 len = min_t(unsigned int, sizeof(opts), optlen);
478                 if (copy_from_user((char *) &opts, optval, len)) {
479                         err = -EFAULT;
480                         break;
481                 }
482 
483                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
484                         err = -EINVAL;
485                         break;
486                 }
487 
488                 chan->mode = opts.mode;
489                 switch (chan->mode) {
490                 case L2CAP_MODE_BASIC:
491                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
492                         break;
493                 case L2CAP_MODE_ERTM:
494                 case L2CAP_MODE_STREAMING:
495                         if (!disable_ertm)
496                                 break;
497                         /* fall through */
498                 default:
499                         err = -EINVAL;
500                         break;
501                 }
502 
503                 chan->imtu = opts.imtu;
504                 chan->omtu = opts.omtu;
505                 chan->fcs  = opts.fcs;
506                 chan->max_tx = opts.max_tx;
507                 chan->tx_win = opts.txwin_size;
508                 break;
509 
510         case L2CAP_LM:
511                 if (get_user(opt, (u32 __user *) optval)) {
512                         err = -EFAULT;
513                         break;
514                 }
515 
516                 if (opt & L2CAP_LM_AUTH)
517                         chan->sec_level = BT_SECURITY_LOW;
518                 if (opt & L2CAP_LM_ENCRYPT)
519                         chan->sec_level = BT_SECURITY_MEDIUM;
520                 if (opt & L2CAP_LM_SECURE)
521                         chan->sec_level = BT_SECURITY_HIGH;
522 
523                 if (opt & L2CAP_LM_MASTER)
524                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
525                 else
526                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
527 
528                 if (opt & L2CAP_LM_RELIABLE)
529                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
530                 else
531                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
532                 break;
533 
534         default:
535                 err = -ENOPROTOOPT;
536                 break;
537         }
538 
539         release_sock(sk);
540         return err;
541 }
542 
543 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
544 {
545         struct sock *sk = sock->sk;
546         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
547         struct bt_security sec;
548         struct bt_power pwr;
549         struct l2cap_conn *conn;
550         int len, err = 0;
551         u32 opt;
552 
553         BT_DBG("sk %p", sk);
554 
555         if (level == SOL_L2CAP)
556                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
557 
558         if (level != SOL_BLUETOOTH)
559                 return -ENOPROTOOPT;
560 
561         lock_sock(sk);
562 
563         switch (optname) {
564         case BT_SECURITY:
565                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
566                                         chan->chan_type != L2CAP_CHAN_RAW) {
567                         err = -EINVAL;
568                         break;
569                 }
570 
571                 sec.level = BT_SECURITY_LOW;
572 
573                 len = min_t(unsigned int, sizeof(sec), optlen);
574                 if (copy_from_user((char *) &sec, optval, len)) {
575                         err = -EFAULT;
576                         break;
577                 }
578 
579                 if (sec.level < BT_SECURITY_LOW ||
580                                         sec.level > BT_SECURITY_HIGH) {
581                         err = -EINVAL;
582                         break;
583                 }
584 
585                 chan->sec_level = sec.level;
586 
587                 if (!chan->conn)
588                         break;
589 
590                 conn = chan->conn;
591 
592                 /*change security for LE channels */
593                 if (chan->scid == L2CAP_CID_LE_DATA) {
594                         if (!conn->hcon->out) {
595                                 err = -EINVAL;
596                                 break;
597                         }
598 
599                         if (smp_conn_security(conn->hcon, sec.level))
600                                 break;
601                         sk->sk_state = BT_CONFIG;
602                         chan->state = BT_CONFIG;
603 
604                 /* or for ACL link */
605                 } else if ((sk->sk_state == BT_CONNECT2 &&
606                            test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
607                            sk->sk_state == BT_CONNECTED) {
608                         if (!l2cap_chan_check_security(chan))
609                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
610                         else
611                                 sk->sk_state_change(sk);
612                 } else {
613                         err = -EINVAL;
614                 }
615                 break;
616 
617         case BT_DEFER_SETUP:
618                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
619                         err = -EINVAL;
620                         break;
621                 }
622 
623                 if (get_user(opt, (u32 __user *) optval)) {
624                         err = -EFAULT;
625                         break;
626                 }
627 
628                 if (opt)
629                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
630                 else
631                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
632                 break;
633 
634         case BT_FLUSHABLE:
635                 if (get_user(opt, (u32 __user *) optval)) {
636                         err = -EFAULT;
637                         break;
638                 }
639 
640                 if (opt > BT_FLUSHABLE_ON) {
641                         err = -EINVAL;
642                         break;
643                 }
644 
645                 if (opt == BT_FLUSHABLE_OFF) {
646                         struct l2cap_conn *conn = chan->conn;
647                         /* proceed further only when we have l2cap_conn and
648                            No Flush support in the LM */
649                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
650                                 err = -EINVAL;
651                                 break;
652                         }
653                 }
654 
655                 if (opt)
656                         set_bit(FLAG_FLUSHABLE, &chan->flags);
657                 else
658                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
659                 break;
660 
661         case BT_POWER:
662                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
663                                         chan->chan_type != L2CAP_CHAN_RAW) {
664                         err = -EINVAL;
665                         break;
666                 }
667 
668                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
669 
670                 len = min_t(unsigned int, sizeof(pwr), optlen);
671                 if (copy_from_user((char *) &pwr, optval, len)) {
672                         err = -EFAULT;
673                         break;
674                 }
675 
676                 if (pwr.force_active)
677                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
678                 else
679                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
680                 break;
681 
682         case BT_CHANNEL_POLICY:
683                 if (!enable_hs) {
684                         err = -ENOPROTOOPT;
685                         break;
686                 }
687 
688                 if (get_user(opt, (u32 __user *) optval)) {
689                         err = -EFAULT;
690                         break;
691                 }
692 
693                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
694                         err = -EINVAL;
695                         break;
696                 }
697 
698                 if (chan->mode != L2CAP_MODE_ERTM &&
699                                 chan->mode != L2CAP_MODE_STREAMING) {
700                         err = -EOPNOTSUPP;
701                         break;
702                 }
703 
704                 chan->chan_policy = (u8) opt;
705                 break;
706 
707         default:
708                 err = -ENOPROTOOPT;
709                 break;
710         }
711 
712         release_sock(sk);
713         return err;
714 }
715 
716 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
717 {
718         struct sock *sk = sock->sk;
719         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
720         int err;
721 
722         BT_DBG("sock %p, sk %p", sock, sk);
723 
724         err = sock_error(sk);
725         if (err)
726                 return err;
727 
728         if (msg->msg_flags & MSG_OOB)
729                 return -EOPNOTSUPP;
730 
731         if (sk->sk_state != BT_CONNECTED)
732                 return -ENOTCONN;
733 
734         l2cap_chan_lock(chan);
735         err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
736         l2cap_chan_unlock(chan);
737 
738         return err;
739 }
740 
741 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
742 {
743         struct sock *sk = sock->sk;
744         struct l2cap_pinfo *pi = l2cap_pi(sk);
745         int err;
746 
747         lock_sock(sk);
748 
749         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
750                                                     &bt_sk(sk)->flags)) {
751                 sk->sk_state = BT_CONFIG;
752                 pi->chan->state = BT_CONFIG;
753 
754                 __l2cap_connect_rsp_defer(pi->chan);
755                 release_sock(sk);
756                 return 0;
757         }
758 
759         release_sock(sk);
760 
761         if (sock->type == SOCK_STREAM)
762                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
763         else
764                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
765 
766         if (pi->chan->mode != L2CAP_MODE_ERTM)
767                 return err;
768 
769         /* Attempt to put pending rx data in the socket buffer */
770 
771         lock_sock(sk);
772 
773         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
774                 goto done;
775 
776         if (pi->rx_busy_skb) {
777                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
778                         pi->rx_busy_skb = NULL;
779                 else
780                         goto done;
781         }
782 
783         /* Restore data flow when half of the receive buffer is
784          * available.  This avoids resending large numbers of
785          * frames.
786          */
787         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
788                 l2cap_chan_busy(pi->chan, 0);
789 
790 done:
791         release_sock(sk);
792         return err;
793 }
794 
795 /* Kill socket (only if zapped and orphan)
796  * Must be called on unlocked socket.
797  */
798 static void l2cap_sock_kill(struct sock *sk)
799 {
800         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
801                 return;
802 
803         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
804 
805         /* Kill poor orphan */
806 
807         l2cap_chan_destroy(l2cap_pi(sk)->chan);
808         sock_set_flag(sk, SOCK_DEAD);
809         sock_put(sk);
810 }
811 
812 static int l2cap_sock_shutdown(struct socket *sock, int how)
813 {
814         struct sock *sk = sock->sk;
815         struct l2cap_chan *chan;
816         struct l2cap_conn *conn;
817         int err = 0;
818 
819         BT_DBG("sock %p, sk %p", sock, sk);
820 
821         if (!sk)
822                 return 0;
823 
824         chan = l2cap_pi(sk)->chan;
825         conn = chan->conn;
826 
827         if (conn)
828                 mutex_lock(&conn->chan_lock);
829 
830         l2cap_chan_lock(chan);
831         lock_sock(sk);
832 
833         if (!sk->sk_shutdown) {
834                 if (chan->mode == L2CAP_MODE_ERTM)
835                         err = __l2cap_wait_ack(sk);
836 
837                 sk->sk_shutdown = SHUTDOWN_MASK;
838 
839                 release_sock(sk);
840                 l2cap_chan_close(chan, 0);
841                 lock_sock(sk);
842 
843                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
844                         err = bt_sock_wait_state(sk, BT_CLOSED,
845                                                         sk->sk_lingertime);
846         }
847 
848         if (!err && sk->sk_err)
849                 err = -sk->sk_err;
850 
851         release_sock(sk);
852         l2cap_chan_unlock(chan);
853 
854         if (conn)
855                 mutex_unlock(&conn->chan_lock);
856 
857         return err;
858 }
859 
860 static int l2cap_sock_release(struct socket *sock)
861 {
862         struct sock *sk = sock->sk;
863         int err;
864 
865         BT_DBG("sock %p, sk %p", sock, sk);
866 
867         if (!sk)
868                 return 0;
869 
870         err = l2cap_sock_shutdown(sock, 2);
871 
872         sock_orphan(sk);
873         l2cap_sock_kill(sk);
874         return err;
875 }
876 
877 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
878 {
879         struct sock *sk, *parent = data;
880 
881         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
882                                                                 GFP_ATOMIC);
883         if (!sk)
884                 return NULL;
885 
886         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
887 
888         l2cap_sock_init(sk, parent);
889 
890         return l2cap_pi(sk)->chan;
891 }
892 
893 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
894 {
895         int err;
896         struct sock *sk = data;
897         struct l2cap_pinfo *pi = l2cap_pi(sk);
898 
899         lock_sock(sk);
900 
901         if (pi->rx_busy_skb) {
902                 err = -ENOMEM;
903                 goto done;
904         }
905 
906         err = sock_queue_rcv_skb(sk, skb);
907 
908         /* For ERTM, handle one skb that doesn't fit into the recv
909          * buffer.  This is important to do because the data frames
910          * have already been acked, so the skb cannot be discarded.
911          *
912          * Notify the l2cap core that the buffer is full, so the
913          * LOCAL_BUSY state is entered and no more frames are
914          * acked and reassembled until there is buffer space
915          * available.
916          */
917         if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
918                 pi->rx_busy_skb = skb;
919                 l2cap_chan_busy(pi->chan, 1);
920                 err = 0;
921         }
922 
923 done:
924         release_sock(sk);
925 
926         return err;
927 }
928 
929 static void l2cap_sock_close_cb(void *data)
930 {
931         struct sock *sk = data;
932 
933         l2cap_sock_kill(sk);
934 }
935 
936 static void l2cap_sock_state_change_cb(void *data, int state)
937 {
938         struct sock *sk = data;
939 
940         sk->sk_state = state;
941 }
942 
943 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
944                                                unsigned long len, int nb)
945 {
946         struct sk_buff *skb;
947         int err;
948 
949         l2cap_chan_unlock(chan);
950         skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
951         l2cap_chan_lock(chan);
952 
953         if (!skb)
954                 return ERR_PTR(err);
955 
956         return skb;
957 }
958 
959 static struct l2cap_ops l2cap_chan_ops = {
960         .name           = "L2CAP Socket Interface",
961         .new_connection = l2cap_sock_new_connection_cb,
962         .recv           = l2cap_sock_recv_cb,
963         .close          = l2cap_sock_close_cb,
964         .state_change   = l2cap_sock_state_change_cb,
965         .alloc_skb      = l2cap_sock_alloc_skb_cb,
966 };
967 
968 static void l2cap_sock_destruct(struct sock *sk)
969 {
970         BT_DBG("sk %p", sk);
971 
972         l2cap_chan_put(l2cap_pi(sk)->chan);
973         if (l2cap_pi(sk)->rx_busy_skb) {
974                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
975                 l2cap_pi(sk)->rx_busy_skb = NULL;
976         }
977 
978         skb_queue_purge(&sk->sk_receive_queue);
979         skb_queue_purge(&sk->sk_write_queue);
980 }
981 
982 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
983 {
984         struct l2cap_pinfo *pi = l2cap_pi(sk);
985         struct l2cap_chan *chan = pi->chan;
986 
987         BT_DBG("sk %p", sk);
988 
989         if (parent) {
990                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
991 
992                 sk->sk_type = parent->sk_type;
993                 bt_sk(sk)->flags = bt_sk(parent)->flags;
994 
995                 chan->chan_type = pchan->chan_type;
996                 chan->imtu = pchan->imtu;
997                 chan->omtu = pchan->omtu;
998                 chan->conf_state = pchan->conf_state;
999                 chan->mode = pchan->mode;
1000                 chan->fcs  = pchan->fcs;
1001                 chan->max_tx = pchan->max_tx;
1002                 chan->tx_win = pchan->tx_win;
1003                 chan->tx_win_max = pchan->tx_win_max;
1004                 chan->sec_level = pchan->sec_level;
1005                 chan->flags = pchan->flags;
1006 
1007                 security_sk_clone(parent, sk);
1008         } else {
1009 
1010                 switch (sk->sk_type) {
1011                 case SOCK_RAW:
1012                         chan->chan_type = L2CAP_CHAN_RAW;
1013                         break;
1014                 case SOCK_DGRAM:
1015                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1016                         break;
1017                 case SOCK_SEQPACKET:
1018                 case SOCK_STREAM:
1019                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1020                         break;
1021                 }
1022 
1023                 chan->imtu = L2CAP_DEFAULT_MTU;
1024                 chan->omtu = 0;
1025                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1026                         chan->mode = L2CAP_MODE_ERTM;
1027                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1028                 } else {
1029                         chan->mode = L2CAP_MODE_BASIC;
1030                 }
1031 
1032                 l2cap_chan_set_defaults(chan);
1033         }
1034 
1035         /* Default config options */
1036         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1037 
1038         chan->data = sk;
1039         chan->ops = &l2cap_chan_ops;
1040 }
1041 
1042 static struct proto l2cap_proto = {
1043         .name           = "L2CAP",
1044         .owner          = THIS_MODULE,
1045         .obj_size       = sizeof(struct l2cap_pinfo)
1046 };
1047 
1048 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1049 {
1050         struct sock *sk;
1051         struct l2cap_chan *chan;
1052 
1053         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1054         if (!sk)
1055                 return NULL;
1056 
1057         sock_init_data(sock, sk);
1058         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1059 
1060         sk->sk_destruct = l2cap_sock_destruct;
1061         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1062 
1063         sock_reset_flag(sk, SOCK_ZAPPED);
1064 
1065         sk->sk_protocol = proto;
1066         sk->sk_state = BT_OPEN;
1067 
1068         chan = l2cap_chan_create();
1069         if (!chan) {
1070                 l2cap_sock_kill(sk);
1071                 return NULL;
1072         }
1073 
1074         l2cap_chan_hold(chan);
1075 
1076         chan->sk = sk;
1077 
1078         l2cap_pi(sk)->chan = chan;
1079 
1080         return sk;
1081 }
1082 
1083 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1084                              int kern)
1085 {
1086         struct sock *sk;
1087 
1088         BT_DBG("sock %p", sock);
1089 
1090         sock->state = SS_UNCONNECTED;
1091 
1092         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1093                         sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1094                 return -ESOCKTNOSUPPORT;
1095 
1096         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1097                 return -EPERM;
1098 
1099         sock->ops = &l2cap_sock_ops;
1100 
1101         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1102         if (!sk)
1103                 return -ENOMEM;
1104 
1105         l2cap_sock_init(sk, NULL);
1106         return 0;
1107 }
1108 
1109 static const struct proto_ops l2cap_sock_ops = {
1110         .family         = PF_BLUETOOTH,
1111         .owner          = THIS_MODULE,
1112         .release        = l2cap_sock_release,
1113         .bind           = l2cap_sock_bind,
1114         .connect        = l2cap_sock_connect,
1115         .listen         = l2cap_sock_listen,
1116         .accept         = l2cap_sock_accept,
1117         .getname        = l2cap_sock_getname,
1118         .sendmsg        = l2cap_sock_sendmsg,
1119         .recvmsg        = l2cap_sock_recvmsg,
1120         .poll           = bt_sock_poll,
1121         .ioctl          = bt_sock_ioctl,
1122         .mmap           = sock_no_mmap,
1123         .socketpair     = sock_no_socketpair,
1124         .shutdown       = l2cap_sock_shutdown,
1125         .setsockopt     = l2cap_sock_setsockopt,
1126         .getsockopt     = l2cap_sock_getsockopt
1127 };
1128 
1129 static const struct net_proto_family l2cap_sock_family_ops = {
1130         .family = PF_BLUETOOTH,
1131         .owner  = THIS_MODULE,
1132         .create = l2cap_sock_create,
1133 };
1134 
1135 int __init l2cap_init_sockets(void)
1136 {
1137         int err;
1138 
1139         err = proto_register(&l2cap_proto, 0);
1140         if (err < 0)
1141                 return err;
1142 
1143         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1144         if (err < 0)
1145                 goto error;
1146 
1147         BT_INFO("L2CAP socket layer initialized");
1148 
1149         return 0;
1150 
1151 error:
1152         BT_ERR("L2CAP socket registration failed");
1153         proto_unregister(&l2cap_proto);
1154         return err;
1155 }
1156 
1157 void l2cap_cleanup_sockets(void)
1158 {
1159         if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1160                 BT_ERR("L2CAP socket unregistration failed");
1161 
1162         proto_unregister(&l2cap_proto);
1163 }
1164 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp