~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/l2cap_sock.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.11 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.84 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.154 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.201 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.201 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.77 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3    Copyright (C) 2000-2001 Qualcomm Incorporated
  4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
  5    Copyright (C) 2010 Google Inc.
  6    Copyright (C) 2011 ProFUSION Embedded Systems
  7 
  8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
  9 
 10    This program is free software; you can redistribute it and/or modify
 11    it under the terms of the GNU General Public License version 2 as
 12    published by the Free Software Foundation;
 13 
 14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 22 
 23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 25    SOFTWARE IS DISCLAIMED.
 26 */
 27 
 28 /* Bluetooth L2CAP sockets. */
 29 
 30 #include <linux/export.h>
 31 
 32 #include <net/bluetooth/bluetooth.h>
 33 #include <net/bluetooth/hci_core.h>
 34 #include <net/bluetooth/l2cap.h>
 35 #include <net/bluetooth/smp.h>
 36 
 37 static struct bt_sock_list l2cap_sk_list = {
 38         .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
 39 };
 40 
 41 static const struct proto_ops l2cap_sock_ops;
 42 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
 43 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
 44                                      int proto, gfp_t prio);
 45 
 46 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 47 {
 48         struct sock *sk = sock->sk;
 49         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
 50         struct sockaddr_l2 la;
 51         int len, err = 0;
 52 
 53         BT_DBG("sk %p", sk);
 54 
 55         if (!addr || addr->sa_family != AF_BLUETOOTH)
 56                 return -EINVAL;
 57 
 58         memset(&la, 0, sizeof(la));
 59         len = min_t(unsigned int, sizeof(la), alen);
 60         memcpy(&la, addr, len);
 61 
 62         if (la.l2_cid && la.l2_psm)
 63                 return -EINVAL;
 64 
 65         lock_sock(sk);
 66 
 67         if (sk->sk_state != BT_OPEN) {
 68                 err = -EBADFD;
 69                 goto done;
 70         }
 71 
 72         if (la.l2_psm) {
 73                 __u16 psm = __le16_to_cpu(la.l2_psm);
 74 
 75                 /* PSM must be odd and lsb of upper byte must be 0 */
 76                 if ((psm & 0x0101) != 0x0001) {
 77                         err = -EINVAL;
 78                         goto done;
 79                 }
 80 
 81                 /* Restrict usage of well-known PSMs */
 82                 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
 83                         err = -EACCES;
 84                         goto done;
 85                 }
 86         }
 87 
 88         if (la.l2_cid)
 89                 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
 90         else
 91                 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
 92 
 93         if (err < 0)
 94                 goto done;
 95 
 96         if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
 97             __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
 98                 chan->sec_level = BT_SECURITY_SDP;
 99 
100         bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
101 
102         chan->state = BT_BOUND;
103         sk->sk_state = BT_BOUND;
104 
105 done:
106         release_sock(sk);
107         return err;
108 }
109 
110 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
111                               int alen, int flags)
112 {
113         struct sock *sk = sock->sk;
114         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
115         struct sockaddr_l2 la;
116         int len, err = 0;
117 
118         BT_DBG("sk %p", sk);
119 
120         if (!addr || alen < sizeof(addr->sa_family) ||
121             addr->sa_family != AF_BLUETOOTH)
122                 return -EINVAL;
123 
124         memset(&la, 0, sizeof(la));
125         len = min_t(unsigned int, sizeof(la), alen);
126         memcpy(&la, addr, len);
127 
128         if (la.l2_cid && la.l2_psm)
129                 return -EINVAL;
130 
131         err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
132                                  &la.l2_bdaddr, la.l2_bdaddr_type);
133         if (err)
134                 return err;
135 
136         lock_sock(sk);
137 
138         err = bt_sock_wait_state(sk, BT_CONNECTED,
139                                  sock_sndtimeo(sk, flags & O_NONBLOCK));
140 
141         release_sock(sk);
142 
143         return err;
144 }
145 
146 static int l2cap_sock_listen(struct socket *sock, int backlog)
147 {
148         struct sock *sk = sock->sk;
149         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
150         int err = 0;
151 
152         BT_DBG("sk %p backlog %d", sk, backlog);
153 
154         lock_sock(sk);
155 
156         if (sk->sk_state != BT_BOUND) {
157                 err = -EBADFD;
158                 goto done;
159         }
160 
161         if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
162                 err = -EINVAL;
163                 goto done;
164         }
165 
166         switch (chan->mode) {
167         case L2CAP_MODE_BASIC:
168                 break;
169         case L2CAP_MODE_ERTM:
170         case L2CAP_MODE_STREAMING:
171                 if (!disable_ertm)
172                         break;
173                 /* fall through */
174         default:
175                 err = -ENOTSUPP;
176                 goto done;
177         }
178 
179         sk->sk_max_ack_backlog = backlog;
180         sk->sk_ack_backlog = 0;
181 
182         chan->state = BT_LISTEN;
183         sk->sk_state = BT_LISTEN;
184 
185 done:
186         release_sock(sk);
187         return err;
188 }
189 
190 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
191                              int flags)
192 {
193         DECLARE_WAITQUEUE(wait, current);
194         struct sock *sk = sock->sk, *nsk;
195         long timeo;
196         int err = 0;
197 
198         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
199 
200         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
201 
202         BT_DBG("sk %p timeo %ld", sk, timeo);
203 
204         /* Wait for an incoming connection. (wake-one). */
205         add_wait_queue_exclusive(sk_sleep(sk), &wait);
206         while (1) {
207                 set_current_state(TASK_INTERRUPTIBLE);
208 
209                 if (sk->sk_state != BT_LISTEN) {
210                         err = -EBADFD;
211                         break;
212                 }
213 
214                 nsk = bt_accept_dequeue(sk, newsock);
215                 if (nsk)
216                         break;
217 
218                 if (!timeo) {
219                         err = -EAGAIN;
220                         break;
221                 }
222 
223                 if (signal_pending(current)) {
224                         err = sock_intr_errno(timeo);
225                         break;
226                 }
227 
228                 release_sock(sk);
229                 timeo = schedule_timeout(timeo);
230                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
231         }
232         __set_current_state(TASK_RUNNING);
233         remove_wait_queue(sk_sleep(sk), &wait);
234 
235         if (err)
236                 goto done;
237 
238         newsock->state = SS_CONNECTED;
239 
240         BT_DBG("new socket %p", nsk);
241 
242 done:
243         release_sock(sk);
244         return err;
245 }
246 
247 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
248                               int *len, int peer)
249 {
250         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
251         struct sock *sk = sock->sk;
252         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
253 
254         BT_DBG("sock %p, sk %p", sock, sk);
255 
256         memset(la, 0, sizeof(struct sockaddr_l2));
257         addr->sa_family = AF_BLUETOOTH;
258         *len = sizeof(struct sockaddr_l2);
259 
260         if (peer) {
261                 la->l2_psm = chan->psm;
262                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
263                 la->l2_cid = cpu_to_le16(chan->dcid);
264         } else {
265                 la->l2_psm = chan->sport;
266                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
267                 la->l2_cid = cpu_to_le16(chan->scid);
268         }
269 
270         return 0;
271 }
272 
273 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
274                                      char __user *optval, int __user *optlen)
275 {
276         struct sock *sk = sock->sk;
277         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
278         struct l2cap_options opts;
279         struct l2cap_conninfo cinfo;
280         int len, err = 0;
281         u32 opt;
282 
283         BT_DBG("sk %p", sk);
284 
285         if (get_user(len, optlen))
286                 return -EFAULT;
287 
288         lock_sock(sk);
289 
290         switch (optname) {
291         case L2CAP_OPTIONS:
292                 memset(&opts, 0, sizeof(opts));
293                 opts.imtu     = chan->imtu;
294                 opts.omtu     = chan->omtu;
295                 opts.flush_to = chan->flush_to;
296                 opts.mode     = chan->mode;
297                 opts.fcs      = chan->fcs;
298                 opts.max_tx   = chan->max_tx;
299                 opts.txwin_size = chan->tx_win;
300 
301                 len = min_t(unsigned int, len, sizeof(opts));
302                 if (copy_to_user(optval, (char *) &opts, len))
303                         err = -EFAULT;
304 
305                 break;
306 
307         case L2CAP_LM:
308                 switch (chan->sec_level) {
309                 case BT_SECURITY_LOW:
310                         opt = L2CAP_LM_AUTH;
311                         break;
312                 case BT_SECURITY_MEDIUM:
313                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
314                         break;
315                 case BT_SECURITY_HIGH:
316                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
317                               L2CAP_LM_SECURE;
318                         break;
319                 default:
320                         opt = 0;
321                         break;
322                 }
323 
324                 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
325                         opt |= L2CAP_LM_MASTER;
326 
327                 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
328                         opt |= L2CAP_LM_RELIABLE;
329 
330                 if (put_user(opt, (u32 __user *) optval))
331                         err = -EFAULT;
332                 break;
333 
334         case L2CAP_CONNINFO:
335                 if (sk->sk_state != BT_CONNECTED &&
336                     !(sk->sk_state == BT_CONNECT2 &&
337                       test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
338                         err = -ENOTCONN;
339                         break;
340                 }
341 
342                 memset(&cinfo, 0, sizeof(cinfo));
343                 cinfo.hci_handle = chan->conn->hcon->handle;
344                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
345 
346                 len = min_t(unsigned int, len, sizeof(cinfo));
347                 if (copy_to_user(optval, (char *) &cinfo, len))
348                         err = -EFAULT;
349 
350                 break;
351 
352         default:
353                 err = -ENOPROTOOPT;
354                 break;
355         }
356 
357         release_sock(sk);
358         return err;
359 }
360 
361 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
362                                  char __user *optval, int __user *optlen)
363 {
364         struct sock *sk = sock->sk;
365         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366         struct bt_security sec;
367         struct bt_power pwr;
368         int len, err = 0;
369 
370         BT_DBG("sk %p", sk);
371 
372         if (level == SOL_L2CAP)
373                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
374 
375         if (level != SOL_BLUETOOTH)
376                 return -ENOPROTOOPT;
377 
378         if (get_user(len, optlen))
379                 return -EFAULT;
380 
381         lock_sock(sk);
382 
383         switch (optname) {
384         case BT_SECURITY:
385                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
386                     chan->chan_type != L2CAP_CHAN_RAW) {
387                         err = -EINVAL;
388                         break;
389                 }
390 
391                 memset(&sec, 0, sizeof(sec));
392                 if (chan->conn) {
393                         sec.level = chan->conn->hcon->sec_level;
394 
395                         if (sk->sk_state == BT_CONNECTED)
396                                 sec.key_size = chan->conn->hcon->enc_key_size;
397                 } else {
398                         sec.level = chan->sec_level;
399                 }
400 
401                 len = min_t(unsigned int, len, sizeof(sec));
402                 if (copy_to_user(optval, (char *) &sec, len))
403                         err = -EFAULT;
404 
405                 break;
406 
407         case BT_DEFER_SETUP:
408                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
409                         err = -EINVAL;
410                         break;
411                 }
412 
413                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
414                              (u32 __user *) optval))
415                         err = -EFAULT;
416 
417                 break;
418 
419         case BT_FLUSHABLE:
420                 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
421                              (u32 __user *) optval))
422                         err = -EFAULT;
423 
424                 break;
425 
426         case BT_POWER:
427                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
428                     && sk->sk_type != SOCK_RAW) {
429                         err = -EINVAL;
430                         break;
431                 }
432 
433                 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
434 
435                 len = min_t(unsigned int, len, sizeof(pwr));
436                 if (copy_to_user(optval, (char *) &pwr, len))
437                         err = -EFAULT;
438 
439                 break;
440 
441         case BT_CHANNEL_POLICY:
442                 if (!enable_hs) {
443                         err = -ENOPROTOOPT;
444                         break;
445                 }
446 
447                 if (put_user(chan->chan_policy, (u32 __user *) optval))
448                         err = -EFAULT;
449                 break;
450 
451         default:
452                 err = -ENOPROTOOPT;
453                 break;
454         }
455 
456         release_sock(sk);
457         return err;
458 }
459 
460 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
461 {
462         switch (chan->scid) {
463         case L2CAP_CID_LE_DATA:
464                 if (mtu < L2CAP_LE_MIN_MTU)
465                         return false;
466                 break;
467 
468         default:
469                 if (mtu < L2CAP_DEFAULT_MIN_MTU)
470                         return false;
471         }
472 
473         return true;
474 }
475 
476 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
477                                      char __user *optval, unsigned int optlen)
478 {
479         struct sock *sk = sock->sk;
480         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
481         struct l2cap_options opts;
482         int len, err = 0;
483         u32 opt;
484 
485         BT_DBG("sk %p", sk);
486 
487         lock_sock(sk);
488 
489         switch (optname) {
490         case L2CAP_OPTIONS:
491                 if (sk->sk_state == BT_CONNECTED) {
492                         err = -EINVAL;
493                         break;
494                 }
495 
496                 opts.imtu     = chan->imtu;
497                 opts.omtu     = chan->omtu;
498                 opts.flush_to = chan->flush_to;
499                 opts.mode     = chan->mode;
500                 opts.fcs      = chan->fcs;
501                 opts.max_tx   = chan->max_tx;
502                 opts.txwin_size = chan->tx_win;
503 
504                 len = min_t(unsigned int, sizeof(opts), optlen);
505                 if (copy_from_user((char *) &opts, optval, len)) {
506                         err = -EFAULT;
507                         break;
508                 }
509 
510                 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
511                         err = -EINVAL;
512                         break;
513                 }
514 
515                 if (!l2cap_valid_mtu(chan, opts.imtu)) {
516                         err = -EINVAL;
517                         break;
518                 }
519 
520                 chan->mode = opts.mode;
521                 switch (chan->mode) {
522                 case L2CAP_MODE_BASIC:
523                         clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
524                         break;
525                 case L2CAP_MODE_ERTM:
526                 case L2CAP_MODE_STREAMING:
527                         if (!disable_ertm)
528                                 break;
529                         /* fall through */
530                 default:
531                         err = -EINVAL;
532                         break;
533                 }
534 
535                 chan->imtu = opts.imtu;
536                 chan->omtu = opts.omtu;
537                 chan->fcs  = opts.fcs;
538                 chan->max_tx = opts.max_tx;
539                 chan->tx_win = opts.txwin_size;
540                 chan->flush_to = opts.flush_to;
541                 break;
542 
543         case L2CAP_LM:
544                 if (get_user(opt, (u32 __user *) optval)) {
545                         err = -EFAULT;
546                         break;
547                 }
548 
549                 if (opt & L2CAP_LM_AUTH)
550                         chan->sec_level = BT_SECURITY_LOW;
551                 if (opt & L2CAP_LM_ENCRYPT)
552                         chan->sec_level = BT_SECURITY_MEDIUM;
553                 if (opt & L2CAP_LM_SECURE)
554                         chan->sec_level = BT_SECURITY_HIGH;
555 
556                 if (opt & L2CAP_LM_MASTER)
557                         set_bit(FLAG_ROLE_SWITCH, &chan->flags);
558                 else
559                         clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
560 
561                 if (opt & L2CAP_LM_RELIABLE)
562                         set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
563                 else
564                         clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
565                 break;
566 
567         default:
568                 err = -ENOPROTOOPT;
569                 break;
570         }
571 
572         release_sock(sk);
573         return err;
574 }
575 
576 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
577                                  char __user *optval, unsigned int optlen)
578 {
579         struct sock *sk = sock->sk;
580         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
581         struct bt_security sec;
582         struct bt_power pwr;
583         struct l2cap_conn *conn;
584         int len, err = 0;
585         u32 opt;
586 
587         BT_DBG("sk %p", sk);
588 
589         if (level == SOL_L2CAP)
590                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
591 
592         if (level != SOL_BLUETOOTH)
593                 return -ENOPROTOOPT;
594 
595         lock_sock(sk);
596 
597         switch (optname) {
598         case BT_SECURITY:
599                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
600                     chan->chan_type != L2CAP_CHAN_RAW) {
601                         err = -EINVAL;
602                         break;
603                 }
604 
605                 sec.level = BT_SECURITY_LOW;
606 
607                 len = min_t(unsigned int, sizeof(sec), optlen);
608                 if (copy_from_user((char *) &sec, optval, len)) {
609                         err = -EFAULT;
610                         break;
611                 }
612 
613                 if (sec.level < BT_SECURITY_LOW ||
614                     sec.level > BT_SECURITY_HIGH) {
615                         err = -EINVAL;
616                         break;
617                 }
618 
619                 chan->sec_level = sec.level;
620 
621                 if (!chan->conn)
622                         break;
623 
624                 conn = chan->conn;
625 
626                 /*change security for LE channels */
627                 if (chan->scid == L2CAP_CID_LE_DATA) {
628                         if (!conn->hcon->out) {
629                                 err = -EINVAL;
630                                 break;
631                         }
632 
633                         if (smp_conn_security(conn->hcon, sec.level))
634                                 break;
635                         sk->sk_state = BT_CONFIG;
636                         chan->state = BT_CONFIG;
637 
638                 /* or for ACL link */
639                 } else if ((sk->sk_state == BT_CONNECT2 &&
640                             test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
641                            sk->sk_state == BT_CONNECTED) {
642                         if (!l2cap_chan_check_security(chan))
643                                 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
644                         else
645                                 sk->sk_state_change(sk);
646                 } else {
647                         err = -EINVAL;
648                 }
649                 break;
650 
651         case BT_DEFER_SETUP:
652                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
653                         err = -EINVAL;
654                         break;
655                 }
656 
657                 if (get_user(opt, (u32 __user *) optval)) {
658                         err = -EFAULT;
659                         break;
660                 }
661 
662                 if (opt)
663                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
664                 else
665                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
666                 break;
667 
668         case BT_FLUSHABLE:
669                 if (get_user(opt, (u32 __user *) optval)) {
670                         err = -EFAULT;
671                         break;
672                 }
673 
674                 if (opt > BT_FLUSHABLE_ON) {
675                         err = -EINVAL;
676                         break;
677                 }
678 
679                 if (opt == BT_FLUSHABLE_OFF) {
680                         struct l2cap_conn *conn = chan->conn;
681                         /* proceed further only when we have l2cap_conn and
682                            No Flush support in the LM */
683                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
684                                 err = -EINVAL;
685                                 break;
686                         }
687                 }
688 
689                 if (opt)
690                         set_bit(FLAG_FLUSHABLE, &chan->flags);
691                 else
692                         clear_bit(FLAG_FLUSHABLE, &chan->flags);
693                 break;
694 
695         case BT_POWER:
696                 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
697                     chan->chan_type != L2CAP_CHAN_RAW) {
698                         err = -EINVAL;
699                         break;
700                 }
701 
702                 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
703 
704                 len = min_t(unsigned int, sizeof(pwr), optlen);
705                 if (copy_from_user((char *) &pwr, optval, len)) {
706                         err = -EFAULT;
707                         break;
708                 }
709 
710                 if (pwr.force_active)
711                         set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
712                 else
713                         clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
714                 break;
715 
716         case BT_CHANNEL_POLICY:
717                 if (!enable_hs) {
718                         err = -ENOPROTOOPT;
719                         break;
720                 }
721 
722                 if (get_user(opt, (u32 __user *) optval)) {
723                         err = -EFAULT;
724                         break;
725                 }
726 
727                 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
728                         err = -EINVAL;
729                         break;
730                 }
731 
732                 if (chan->mode != L2CAP_MODE_ERTM &&
733                     chan->mode != L2CAP_MODE_STREAMING) {
734                         err = -EOPNOTSUPP;
735                         break;
736                 }
737 
738                 chan->chan_policy = (u8) opt;
739 
740                 if (sk->sk_state == BT_CONNECTED &&
741                     chan->move_role == L2CAP_MOVE_ROLE_NONE)
742                         l2cap_move_start(chan);
743 
744                 break;
745 
746         default:
747                 err = -ENOPROTOOPT;
748                 break;
749         }
750 
751         release_sock(sk);
752         return err;
753 }
754 
755 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
756                               struct msghdr *msg, size_t len)
757 {
758         struct sock *sk = sock->sk;
759         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
760         int err;
761 
762         BT_DBG("sock %p, sk %p", sock, sk);
763 
764         err = sock_error(sk);
765         if (err)
766                 return err;
767 
768         if (msg->msg_flags & MSG_OOB)
769                 return -EOPNOTSUPP;
770 
771         if (sk->sk_state != BT_CONNECTED)
772                 return -ENOTCONN;
773 
774         l2cap_chan_lock(chan);
775         err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
776         l2cap_chan_unlock(chan);
777 
778         return err;
779 }
780 
781 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
782                               struct msghdr *msg, size_t len, int flags)
783 {
784         struct sock *sk = sock->sk;
785         struct l2cap_pinfo *pi = l2cap_pi(sk);
786         int err;
787 
788         lock_sock(sk);
789 
790         if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
791                                                     &bt_sk(sk)->flags)) {
792                 sk->sk_state = BT_CONFIG;
793                 pi->chan->state = BT_CONFIG;
794 
795                 __l2cap_connect_rsp_defer(pi->chan);
796                 release_sock(sk);
797                 return 0;
798         }
799 
800         release_sock(sk);
801 
802         if (sock->type == SOCK_STREAM)
803                 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
804         else
805                 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
806 
807         if (pi->chan->mode != L2CAP_MODE_ERTM)
808                 return err;
809 
810         /* Attempt to put pending rx data in the socket buffer */
811 
812         lock_sock(sk);
813 
814         if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
815                 goto done;
816 
817         if (pi->rx_busy_skb) {
818                 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
819                         pi->rx_busy_skb = NULL;
820                 else
821                         goto done;
822         }
823 
824         /* Restore data flow when half of the receive buffer is
825          * available.  This avoids resending large numbers of
826          * frames.
827          */
828         if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
829                 l2cap_chan_busy(pi->chan, 0);
830 
831 done:
832         release_sock(sk);
833         return err;
834 }
835 
836 /* Kill socket (only if zapped and orphan)
837  * Must be called on unlocked socket.
838  */
839 static void l2cap_sock_kill(struct sock *sk)
840 {
841         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
842                 return;
843 
844         BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
845 
846         /* Kill poor orphan */
847 
848         l2cap_chan_put(l2cap_pi(sk)->chan);
849         sock_set_flag(sk, SOCK_DEAD);
850         sock_put(sk);
851 }
852 
853 static int l2cap_sock_shutdown(struct socket *sock, int how)
854 {
855         struct sock *sk = sock->sk;
856         struct l2cap_chan *chan;
857         struct l2cap_conn *conn;
858         int err = 0;
859 
860         BT_DBG("sock %p, sk %p", sock, sk);
861 
862         if (!sk)
863                 return 0;
864 
865         chan = l2cap_pi(sk)->chan;
866         conn = chan->conn;
867 
868         if (conn)
869                 mutex_lock(&conn->chan_lock);
870 
871         l2cap_chan_lock(chan);
872         lock_sock(sk);
873 
874         if (!sk->sk_shutdown) {
875                 if (chan->mode == L2CAP_MODE_ERTM)
876                         err = __l2cap_wait_ack(sk);
877 
878                 sk->sk_shutdown = SHUTDOWN_MASK;
879 
880                 release_sock(sk);
881                 l2cap_chan_close(chan, 0);
882                 lock_sock(sk);
883 
884                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
885                         err = bt_sock_wait_state(sk, BT_CLOSED,
886                                                  sk->sk_lingertime);
887         }
888 
889         if (!err && sk->sk_err)
890                 err = -sk->sk_err;
891 
892         release_sock(sk);
893         l2cap_chan_unlock(chan);
894 
895         if (conn)
896                 mutex_unlock(&conn->chan_lock);
897 
898         return err;
899 }
900 
901 static int l2cap_sock_release(struct socket *sock)
902 {
903         struct sock *sk = sock->sk;
904         int err;
905 
906         BT_DBG("sock %p, sk %p", sock, sk);
907 
908         if (!sk)
909                 return 0;
910 
911         bt_sock_unlink(&l2cap_sk_list, sk);
912 
913         err = l2cap_sock_shutdown(sock, 2);
914 
915         sock_orphan(sk);
916         l2cap_sock_kill(sk);
917         return err;
918 }
919 
920 static void l2cap_sock_cleanup_listen(struct sock *parent)
921 {
922         struct sock *sk;
923 
924         BT_DBG("parent %p", parent);
925 
926         /* Close not yet accepted channels */
927         while ((sk = bt_accept_dequeue(parent, NULL))) {
928                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
929 
930                 l2cap_chan_lock(chan);
931                 __clear_chan_timer(chan);
932                 l2cap_chan_close(chan, ECONNRESET);
933                 l2cap_chan_unlock(chan);
934 
935                 l2cap_sock_kill(sk);
936         }
937 }
938 
939 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
940 {
941         struct sock *sk, *parent = chan->data;
942 
943         /* Check for backlog size */
944         if (sk_acceptq_is_full(parent)) {
945                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
946                 return NULL;
947         }
948 
949         sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
950                               GFP_ATOMIC);
951         if (!sk)
952                 return NULL;
953 
954         bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
955 
956         l2cap_sock_init(sk, parent);
957 
958         bt_accept_enqueue(parent, sk);
959 
960         return l2cap_pi(sk)->chan;
961 }
962 
963 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
964 {
965         int err;
966         struct sock *sk = chan->data;
967         struct l2cap_pinfo *pi = l2cap_pi(sk);
968 
969         lock_sock(sk);
970 
971         if (pi->rx_busy_skb) {
972                 err = -ENOMEM;
973                 goto done;
974         }
975 
976         err = sock_queue_rcv_skb(sk, skb);
977 
978         /* For ERTM, handle one skb that doesn't fit into the recv
979          * buffer.  This is important to do because the data frames
980          * have already been acked, so the skb cannot be discarded.
981          *
982          * Notify the l2cap core that the buffer is full, so the
983          * LOCAL_BUSY state is entered and no more frames are
984          * acked and reassembled until there is buffer space
985          * available.
986          */
987         if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
988                 pi->rx_busy_skb = skb;
989                 l2cap_chan_busy(pi->chan, 1);
990                 err = 0;
991         }
992 
993 done:
994         release_sock(sk);
995 
996         return err;
997 }
998 
999 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1000 {
1001         struct sock *sk = chan->data;
1002 
1003         l2cap_sock_kill(sk);
1004 }
1005 
1006 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1007 {
1008         struct sock *sk = chan->data;
1009         struct sock *parent;
1010 
1011         lock_sock(sk);
1012 
1013         parent = bt_sk(sk)->parent;
1014 
1015         sock_set_flag(sk, SOCK_ZAPPED);
1016 
1017         switch (chan->state) {
1018         case BT_OPEN:
1019         case BT_BOUND:
1020         case BT_CLOSED:
1021                 break;
1022         case BT_LISTEN:
1023                 l2cap_sock_cleanup_listen(sk);
1024                 sk->sk_state = BT_CLOSED;
1025                 chan->state = BT_CLOSED;
1026 
1027                 break;
1028         default:
1029                 sk->sk_state = BT_CLOSED;
1030                 chan->state = BT_CLOSED;
1031 
1032                 sk->sk_err = err;
1033 
1034                 if (parent) {
1035                         bt_accept_unlink(sk);
1036                         parent->sk_data_ready(parent, 0);
1037                 } else {
1038                         sk->sk_state_change(sk);
1039                 }
1040 
1041                 break;
1042         }
1043 
1044         release_sock(sk);
1045 }
1046 
1047 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
1048 {
1049         struct sock *sk = chan->data;
1050 
1051         sk->sk_state = state;
1052 }
1053 
1054 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1055                                                unsigned long len, int nb)
1056 {
1057         struct sk_buff *skb;
1058         int err;
1059 
1060         l2cap_chan_unlock(chan);
1061         skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
1062         l2cap_chan_lock(chan);
1063 
1064         if (!skb)
1065                 return ERR_PTR(err);
1066 
1067         return skb;
1068 }
1069 
1070 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1071 {
1072         struct sock *sk = chan->data;
1073         struct sock *parent;
1074 
1075         lock_sock(sk);
1076 
1077         parent = bt_sk(sk)->parent;
1078 
1079         BT_DBG("sk %p, parent %p", sk, parent);
1080 
1081         sk->sk_state = BT_CONNECTED;
1082         sk->sk_state_change(sk);
1083 
1084         if (parent)
1085                 parent->sk_data_ready(parent, 0);
1086 
1087         release_sock(sk);
1088 }
1089 
1090 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1091 {
1092         struct sock *sk = chan->data;
1093         struct sock *parent = bt_sk(sk)->parent;
1094 
1095         if (parent)
1096                 parent->sk_data_ready(parent, 0);
1097 }
1098 
1099 static struct l2cap_ops l2cap_chan_ops = {
1100         .name           = "L2CAP Socket Interface",
1101         .new_connection = l2cap_sock_new_connection_cb,
1102         .recv           = l2cap_sock_recv_cb,
1103         .close          = l2cap_sock_close_cb,
1104         .teardown       = l2cap_sock_teardown_cb,
1105         .state_change   = l2cap_sock_state_change_cb,
1106         .ready          = l2cap_sock_ready_cb,
1107         .defer          = l2cap_sock_defer_cb,
1108         .alloc_skb      = l2cap_sock_alloc_skb_cb,
1109 };
1110 
1111 static void l2cap_sock_destruct(struct sock *sk)
1112 {
1113         BT_DBG("sk %p", sk);
1114 
1115         if (l2cap_pi(sk)->chan)
1116                 l2cap_chan_put(l2cap_pi(sk)->chan);
1117         if (l2cap_pi(sk)->rx_busy_skb) {
1118                 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1119                 l2cap_pi(sk)->rx_busy_skb = NULL;
1120         }
1121 
1122         skb_queue_purge(&sk->sk_receive_queue);
1123         skb_queue_purge(&sk->sk_write_queue);
1124 }
1125 
1126 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1127 {
1128         struct l2cap_pinfo *pi = l2cap_pi(sk);
1129         struct l2cap_chan *chan = pi->chan;
1130 
1131         BT_DBG("sk %p", sk);
1132 
1133         if (parent) {
1134                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1135 
1136                 sk->sk_type = parent->sk_type;
1137                 bt_sk(sk)->flags = bt_sk(parent)->flags;
1138 
1139                 chan->chan_type = pchan->chan_type;
1140                 chan->imtu = pchan->imtu;
1141                 chan->omtu = pchan->omtu;
1142                 chan->conf_state = pchan->conf_state;
1143                 chan->mode = pchan->mode;
1144                 chan->fcs  = pchan->fcs;
1145                 chan->max_tx = pchan->max_tx;
1146                 chan->tx_win = pchan->tx_win;
1147                 chan->tx_win_max = pchan->tx_win_max;
1148                 chan->sec_level = pchan->sec_level;
1149                 chan->flags = pchan->flags;
1150 
1151                 security_sk_clone(parent, sk);
1152         } else {
1153 
1154                 switch (sk->sk_type) {
1155                 case SOCK_RAW:
1156                         chan->chan_type = L2CAP_CHAN_RAW;
1157                         break;
1158                 case SOCK_DGRAM:
1159                         chan->chan_type = L2CAP_CHAN_CONN_LESS;
1160                         break;
1161                 case SOCK_SEQPACKET:
1162                 case SOCK_STREAM:
1163                         chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1164                         break;
1165                 }
1166 
1167                 chan->imtu = L2CAP_DEFAULT_MTU;
1168                 chan->omtu = 0;
1169                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1170                         chan->mode = L2CAP_MODE_ERTM;
1171                         set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1172                 } else {
1173                         chan->mode = L2CAP_MODE_BASIC;
1174                 }
1175 
1176                 l2cap_chan_set_defaults(chan);
1177         }
1178 
1179         /* Default config options */
1180         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1181 
1182         chan->data = sk;
1183         chan->ops = &l2cap_chan_ops;
1184 }
1185 
1186 static struct proto l2cap_proto = {
1187         .name           = "L2CAP",
1188         .owner          = THIS_MODULE,
1189         .obj_size       = sizeof(struct l2cap_pinfo)
1190 };
1191 
1192 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1193                                      int proto, gfp_t prio)
1194 {
1195         struct sock *sk;
1196         struct l2cap_chan *chan;
1197 
1198         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1199         if (!sk)
1200                 return NULL;
1201 
1202         sock_init_data(sock, sk);
1203         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1204 
1205         sk->sk_destruct = l2cap_sock_destruct;
1206         sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1207 
1208         sock_reset_flag(sk, SOCK_ZAPPED);
1209 
1210         sk->sk_protocol = proto;
1211         sk->sk_state = BT_OPEN;
1212 
1213         chan = l2cap_chan_create();
1214         if (!chan) {
1215                 sk_free(sk);
1216                 return NULL;
1217         }
1218 
1219         l2cap_chan_hold(chan);
1220 
1221         chan->sk = sk;
1222 
1223         l2cap_pi(sk)->chan = chan;
1224 
1225         return sk;
1226 }
1227 
1228 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1229                              int kern)
1230 {
1231         struct sock *sk;
1232 
1233         BT_DBG("sock %p", sock);
1234 
1235         sock->state = SS_UNCONNECTED;
1236 
1237         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1238             sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1239                 return -ESOCKTNOSUPPORT;
1240 
1241         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1242                 return -EPERM;
1243 
1244         sock->ops = &l2cap_sock_ops;
1245 
1246         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1247         if (!sk)
1248                 return -ENOMEM;
1249 
1250         l2cap_sock_init(sk, NULL);
1251         bt_sock_link(&l2cap_sk_list, sk);
1252         return 0;
1253 }
1254 
1255 static const struct proto_ops l2cap_sock_ops = {
1256         .family         = PF_BLUETOOTH,
1257         .owner          = THIS_MODULE,
1258         .release        = l2cap_sock_release,
1259         .bind           = l2cap_sock_bind,
1260         .connect        = l2cap_sock_connect,
1261         .listen         = l2cap_sock_listen,
1262         .accept         = l2cap_sock_accept,
1263         .getname        = l2cap_sock_getname,
1264         .sendmsg        = l2cap_sock_sendmsg,
1265         .recvmsg        = l2cap_sock_recvmsg,
1266         .poll           = bt_sock_poll,
1267         .ioctl          = bt_sock_ioctl,
1268         .mmap           = sock_no_mmap,
1269         .socketpair     = sock_no_socketpair,
1270         .shutdown       = l2cap_sock_shutdown,
1271         .setsockopt     = l2cap_sock_setsockopt,
1272         .getsockopt     = l2cap_sock_getsockopt
1273 };
1274 
1275 static const struct net_proto_family l2cap_sock_family_ops = {
1276         .family = PF_BLUETOOTH,
1277         .owner  = THIS_MODULE,
1278         .create = l2cap_sock_create,
1279 };
1280 
1281 int __init l2cap_init_sockets(void)
1282 {
1283         int err;
1284 
1285         err = proto_register(&l2cap_proto, 0);
1286         if (err < 0)
1287                 return err;
1288 
1289         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1290         if (err < 0) {
1291                 BT_ERR("L2CAP socket registration failed");
1292                 goto error;
1293         }
1294 
1295         err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list,
1296                              NULL);
1297         if (err < 0) {
1298                 BT_ERR("Failed to create L2CAP proc file");
1299                 bt_sock_unregister(BTPROTO_L2CAP);
1300                 goto error;
1301         }
1302 
1303         BT_INFO("L2CAP socket layer initialized");
1304 
1305         return 0;
1306 
1307 error:
1308         proto_unregister(&l2cap_proto);
1309         return err;
1310 }
1311 
1312 void l2cap_cleanup_sockets(void)
1313 {
1314         bt_procfs_cleanup(&init_net, "l2cap");
1315         if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1316                 BT_ERR("L2CAP socket unregistration failed");
1317 
1318         proto_unregister(&l2cap_proto);
1319 }
1320 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp