2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
41 static struct bt_sock_list l2cap_sk_list = {
42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
45 static const struct proto_ops l2cap_sock_ops;
46 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
47 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
48 int proto, gfp_t prio);
50 bool l2cap_is_socket(struct socket *sock)
52 return sock && sock->ops == &l2cap_sock_ops;
54 EXPORT_SYMBOL(l2cap_is_socket);
56 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
58 struct sock *sk = sock->sk;
59 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
60 struct sockaddr_l2 la;
65 if (!addr || addr->sa_family != AF_BLUETOOTH)
68 memset(&la, 0, sizeof(la));
69 len = min_t(unsigned int, sizeof(la), alen);
70 memcpy(&la, addr, len);
72 if (la.l2_cid && la.l2_psm)
75 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
78 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
79 if (!enable_lecoc && la.l2_psm)
81 /* We only allow ATT user space socket */
83 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
89 if (sk->sk_state != BT_OPEN) {
95 __u16 psm = __le16_to_cpu(la.l2_psm);
97 /* PSM must be odd and lsb of upper byte must be 0 */
98 if ((psm & 0x0101) != 0x0001) {
103 /* Restrict usage of well-known PSMs */
104 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
111 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
113 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
118 switch (chan->chan_type) {
119 case L2CAP_CHAN_CONN_LESS:
120 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
121 chan->sec_level = BT_SECURITY_SDP;
123 case L2CAP_CHAN_CONN_ORIENTED:
124 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
125 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
126 chan->sec_level = BT_SECURITY_SDP;
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
133 if (chan->psm && bdaddr_type_is_le(chan->src_type))
134 l2cap_le_flowctl_init(chan);
136 chan->state = BT_BOUND;
137 sk->sk_state = BT_BOUND;
144 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
147 struct sock *sk = sock->sk;
148 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
149 struct sockaddr_l2 la;
154 if (!addr || alen < sizeof(addr->sa_family) ||
155 addr->sa_family != AF_BLUETOOTH)
158 memset(&la, 0, sizeof(la));
159 len = min_t(unsigned int, sizeof(la), alen);
160 memcpy(&la, addr, len);
162 if (la.l2_cid && la.l2_psm)
165 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
168 /* Check that the socket wasn't bound to something that
169 * conflicts with the address given to connect(). If chan->src
170 * is BDADDR_ANY it means bind() was never used, in which case
171 * chan->src_type and la.l2_bdaddr_type do not need to match.
173 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
174 bdaddr_type_is_le(la.l2_bdaddr_type)) {
175 /* Old user space versions will try to incorrectly bind
176 * the ATT socket using BDADDR_BREDR. We need to accept
177 * this and fix up the source address type only when
178 * both the source CID and destination CID indicate
179 * ATT. Anything else is an invalid combination.
181 if (chan->scid != L2CAP_CID_ATT ||
182 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
185 /* We don't have the hdev available here to make a
186 * better decision on random vs public, but since all
187 * user space versions that exhibit this issue anyway do
188 * not support random local addresses assuming public
189 * here is good enough.
191 chan->src_type = BDADDR_LE_PUBLIC;
194 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
197 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
198 if (!enable_lecoc && la.l2_psm)
200 /* We only allow ATT user space socket */
202 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
206 if (chan->psm && bdaddr_type_is_le(chan->src_type))
207 l2cap_le_flowctl_init(chan);
209 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
210 &la.l2_bdaddr, la.l2_bdaddr_type);
216 err = bt_sock_wait_state(sk, BT_CONNECTED,
217 sock_sndtimeo(sk, flags & O_NONBLOCK));
224 static int l2cap_sock_listen(struct socket *sock, int backlog)
226 struct sock *sk = sock->sk;
227 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
230 BT_DBG("sk %p backlog %d", sk, backlog);
234 if (sk->sk_state != BT_BOUND) {
239 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
244 switch (chan->mode) {
245 case L2CAP_MODE_BASIC:
246 case L2CAP_MODE_LE_FLOWCTL:
248 case L2CAP_MODE_ERTM:
249 case L2CAP_MODE_STREAMING:
258 sk->sk_max_ack_backlog = backlog;
259 sk->sk_ack_backlog = 0;
261 chan->state = BT_LISTEN;
262 sk->sk_state = BT_LISTEN;
269 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
272 DECLARE_WAITQUEUE(wait, current);
273 struct sock *sk = sock->sk, *nsk;
277 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
279 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
281 BT_DBG("sk %p timeo %ld", sk, timeo);
283 /* Wait for an incoming connection. (wake-one). */
284 add_wait_queue_exclusive(sk_sleep(sk), &wait);
286 set_current_state(TASK_INTERRUPTIBLE);
288 if (sk->sk_state != BT_LISTEN) {
293 nsk = bt_accept_dequeue(sk, newsock);
302 if (signal_pending(current)) {
303 err = sock_intr_errno(timeo);
308 timeo = schedule_timeout(timeo);
309 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
311 __set_current_state(TASK_RUNNING);
312 remove_wait_queue(sk_sleep(sk), &wait);
317 newsock->state = SS_CONNECTED;
319 BT_DBG("new socket %p", nsk);
326 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
329 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
330 struct sock *sk = sock->sk;
331 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
333 BT_DBG("sock %p, sk %p", sock, sk);
335 memset(la, 0, sizeof(struct sockaddr_l2));
336 addr->sa_family = AF_BLUETOOTH;
337 *len = sizeof(struct sockaddr_l2);
340 la->l2_psm = chan->psm;
341 bacpy(&la->l2_bdaddr, &chan->dst);
342 la->l2_cid = cpu_to_le16(chan->dcid);
343 la->l2_bdaddr_type = chan->dst_type;
345 la->l2_psm = chan->sport;
346 bacpy(&la->l2_bdaddr, &chan->src);
347 la->l2_cid = cpu_to_le16(chan->scid);
348 la->l2_bdaddr_type = chan->src_type;
354 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
355 char __user *optval, int __user *optlen)
357 struct sock *sk = sock->sk;
358 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
359 struct l2cap_options opts;
360 struct l2cap_conninfo cinfo;
366 if (get_user(len, optlen))
373 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
374 * legacy ATT code depends on getsockopt for
375 * L2CAP_OPTIONS we need to let this pass.
377 if (bdaddr_type_is_le(chan->src_type) &&
378 chan->scid != L2CAP_CID_ATT) {
383 memset(&opts, 0, sizeof(opts));
384 opts.imtu = chan->imtu;
385 opts.omtu = chan->omtu;
386 opts.flush_to = chan->flush_to;
387 opts.mode = chan->mode;
388 opts.fcs = chan->fcs;
389 opts.max_tx = chan->max_tx;
390 opts.txwin_size = chan->tx_win;
392 len = min_t(unsigned int, len, sizeof(opts));
393 if (copy_to_user(optval, (char *) &opts, len))
399 switch (chan->sec_level) {
400 case BT_SECURITY_LOW:
403 case BT_SECURITY_MEDIUM:
404 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
406 case BT_SECURITY_HIGH:
407 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
415 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
416 opt |= L2CAP_LM_MASTER;
418 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
419 opt |= L2CAP_LM_RELIABLE;
421 if (put_user(opt, (u32 __user *) optval))
426 if (sk->sk_state != BT_CONNECTED &&
427 !(sk->sk_state == BT_CONNECT2 &&
428 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
433 memset(&cinfo, 0, sizeof(cinfo));
434 cinfo.hci_handle = chan->conn->hcon->handle;
435 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
437 len = min_t(unsigned int, len, sizeof(cinfo));
438 if (copy_to_user(optval, (char *) &cinfo, len))
452 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
453 char __user *optval, int __user *optlen)
455 struct sock *sk = sock->sk;
456 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
457 struct bt_security sec;
463 if (level == SOL_L2CAP)
464 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
466 if (level != SOL_BLUETOOTH)
469 if (get_user(len, optlen))
476 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
477 chan->chan_type != L2CAP_CHAN_RAW) {
482 memset(&sec, 0, sizeof(sec));
484 sec.level = chan->conn->hcon->sec_level;
486 if (sk->sk_state == BT_CONNECTED)
487 sec.key_size = chan->conn->hcon->enc_key_size;
489 sec.level = chan->sec_level;
492 len = min_t(unsigned int, len, sizeof(sec));
493 if (copy_to_user(optval, (char *) &sec, len))
499 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
504 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
505 (u32 __user *) optval))
511 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
512 (u32 __user *) optval))
518 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
519 && sk->sk_type != SOCK_RAW) {
524 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
526 len = min_t(unsigned int, len, sizeof(pwr));
527 if (copy_to_user(optval, (char *) &pwr, len))
532 case BT_CHANNEL_POLICY:
533 if (put_user(chan->chan_policy, (u32 __user *) optval))
539 err = -EPROTONOSUPPORT;
543 if (!bdaddr_type_is_le(chan->src_type)) {
548 if (sk->sk_state != BT_CONNECTED) {
553 if (put_user(chan->omtu, (u16 __user *) optval))
559 err = -EPROTONOSUPPORT;
563 if (!bdaddr_type_is_le(chan->src_type)) {
568 if (put_user(chan->imtu, (u16 __user *) optval))
581 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
583 switch (chan->scid) {
585 if (mtu < L2CAP_LE_MIN_MTU)
590 if (mtu < L2CAP_DEFAULT_MIN_MTU)
597 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
598 char __user *optval, unsigned int optlen)
600 struct sock *sk = sock->sk;
601 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
602 struct l2cap_options opts;
612 if (bdaddr_type_is_le(chan->src_type)) {
617 if (sk->sk_state == BT_CONNECTED) {
622 opts.imtu = chan->imtu;
623 opts.omtu = chan->omtu;
624 opts.flush_to = chan->flush_to;
625 opts.mode = chan->mode;
626 opts.fcs = chan->fcs;
627 opts.max_tx = chan->max_tx;
628 opts.txwin_size = chan->tx_win;
630 len = min_t(unsigned int, sizeof(opts), optlen);
631 if (copy_from_user((char *) &opts, optval, len)) {
636 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
641 if (!l2cap_valid_mtu(chan, opts.imtu)) {
646 chan->mode = opts.mode;
647 switch (chan->mode) {
648 case L2CAP_MODE_LE_FLOWCTL:
650 case L2CAP_MODE_BASIC:
651 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
653 case L2CAP_MODE_ERTM:
654 case L2CAP_MODE_STREAMING:
663 chan->imtu = opts.imtu;
664 chan->omtu = opts.omtu;
665 chan->fcs = opts.fcs;
666 chan->max_tx = opts.max_tx;
667 chan->tx_win = opts.txwin_size;
668 chan->flush_to = opts.flush_to;
672 if (get_user(opt, (u32 __user *) optval)) {
677 if (opt & L2CAP_LM_AUTH)
678 chan->sec_level = BT_SECURITY_LOW;
679 if (opt & L2CAP_LM_ENCRYPT)
680 chan->sec_level = BT_SECURITY_MEDIUM;
681 if (opt & L2CAP_LM_SECURE)
682 chan->sec_level = BT_SECURITY_HIGH;
684 if (opt & L2CAP_LM_MASTER)
685 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
687 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
689 if (opt & L2CAP_LM_RELIABLE)
690 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
692 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
704 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
705 char __user *optval, unsigned int optlen)
707 struct sock *sk = sock->sk;
708 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
709 struct bt_security sec;
711 struct l2cap_conn *conn;
717 if (level == SOL_L2CAP)
718 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
720 if (level != SOL_BLUETOOTH)
727 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
728 chan->chan_type != L2CAP_CHAN_RAW) {
733 sec.level = BT_SECURITY_LOW;
735 len = min_t(unsigned int, sizeof(sec), optlen);
736 if (copy_from_user((char *) &sec, optval, len)) {
741 if (sec.level < BT_SECURITY_LOW ||
742 sec.level > BT_SECURITY_HIGH) {
747 chan->sec_level = sec.level;
754 /*change security for LE channels */
755 if (chan->scid == L2CAP_CID_ATT) {
756 if (!conn->hcon->out) {
761 if (smp_conn_security(conn->hcon, sec.level))
763 sk->sk_state = BT_CONFIG;
764 chan->state = BT_CONFIG;
766 /* or for ACL link */
767 } else if ((sk->sk_state == BT_CONNECT2 &&
768 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
769 sk->sk_state == BT_CONNECTED) {
770 if (!l2cap_chan_check_security(chan))
771 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
773 sk->sk_state_change(sk);
780 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
785 if (get_user(opt, (u32 __user *) optval)) {
791 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
792 set_bit(FLAG_DEFER_SETUP, &chan->flags);
794 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
795 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
800 if (get_user(opt, (u32 __user *) optval)) {
805 if (opt > BT_FLUSHABLE_ON) {
810 if (opt == BT_FLUSHABLE_OFF) {
812 /* proceed further only when we have l2cap_conn and
813 No Flush support in the LM */
814 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
821 set_bit(FLAG_FLUSHABLE, &chan->flags);
823 clear_bit(FLAG_FLUSHABLE, &chan->flags);
827 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
828 chan->chan_type != L2CAP_CHAN_RAW) {
833 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
835 len = min_t(unsigned int, sizeof(pwr), optlen);
836 if (copy_from_user((char *) &pwr, optval, len)) {
841 if (pwr.force_active)
842 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
844 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
847 case BT_CHANNEL_POLICY:
848 if (get_user(opt, (u32 __user *) optval)) {
853 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
858 if (chan->mode != L2CAP_MODE_ERTM &&
859 chan->mode != L2CAP_MODE_STREAMING) {
864 chan->chan_policy = (u8) opt;
866 if (sk->sk_state == BT_CONNECTED &&
867 chan->move_role == L2CAP_MOVE_ROLE_NONE)
868 l2cap_move_start(chan);
874 err = -EPROTONOSUPPORT;
878 if (!bdaddr_type_is_le(chan->src_type)) {
883 /* Setting is not supported as it's the remote side that
891 err = -EPROTONOSUPPORT;
895 if (!bdaddr_type_is_le(chan->src_type)) {
900 if (sk->sk_state == BT_CONNECTED) {
905 if (get_user(opt, (u32 __user *) optval)) {
922 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
923 struct msghdr *msg, size_t len)
925 struct sock *sk = sock->sk;
926 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
929 BT_DBG("sock %p, sk %p", sock, sk);
931 err = sock_error(sk);
935 if (msg->msg_flags & MSG_OOB)
938 if (sk->sk_state != BT_CONNECTED)
942 err = bt_sock_wait_ready(sk, msg->msg_flags);
947 l2cap_chan_lock(chan);
948 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
949 l2cap_chan_unlock(chan);
954 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
955 struct msghdr *msg, size_t len, int flags)
957 struct sock *sk = sock->sk;
958 struct l2cap_pinfo *pi = l2cap_pi(sk);
963 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
964 &bt_sk(sk)->flags)) {
965 if (bdaddr_type_is_le(pi->chan->src_type)) {
966 sk->sk_state = BT_CONNECTED;
967 pi->chan->state = BT_CONNECTED;
968 __l2cap_le_connect_rsp_defer(pi->chan);
970 sk->sk_state = BT_CONFIG;
971 pi->chan->state = BT_CONFIG;
972 __l2cap_connect_rsp_defer(pi->chan);
981 if (sock->type == SOCK_STREAM)
982 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
984 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
986 if (pi->chan->mode != L2CAP_MODE_ERTM)
989 /* Attempt to put pending rx data in the socket buffer */
993 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
996 if (pi->rx_busy_skb) {
997 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
998 pi->rx_busy_skb = NULL;
1003 /* Restore data flow when half of the receive buffer is
1004 * available. This avoids resending large numbers of
1007 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1008 l2cap_chan_busy(pi->chan, 0);
1015 /* Kill socket (only if zapped and orphan)
1016 * Must be called on unlocked socket.
1018 static void l2cap_sock_kill(struct sock *sk)
1020 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1023 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1025 /* Kill poor orphan */
1027 l2cap_chan_put(l2cap_pi(sk)->chan);
1028 sock_set_flag(sk, SOCK_DEAD);
1032 static int __l2cap_wait_ack(struct sock *sk)
1034 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1035 DECLARE_WAITQUEUE(wait, current);
1039 add_wait_queue(sk_sleep(sk), &wait);
1040 set_current_state(TASK_INTERRUPTIBLE);
1041 while (chan->unacked_frames > 0 && chan->conn) {
1045 if (signal_pending(current)) {
1046 err = sock_intr_errno(timeo);
1051 timeo = schedule_timeout(timeo);
1053 set_current_state(TASK_INTERRUPTIBLE);
1055 err = sock_error(sk);
1059 set_current_state(TASK_RUNNING);
1060 remove_wait_queue(sk_sleep(sk), &wait);
1064 static int l2cap_sock_shutdown(struct socket *sock, int how)
1066 struct sock *sk = sock->sk;
1067 struct l2cap_chan *chan;
1068 struct l2cap_conn *conn;
1071 BT_DBG("sock %p, sk %p", sock, sk);
1076 chan = l2cap_pi(sk)->chan;
1080 mutex_lock(&conn->chan_lock);
1082 l2cap_chan_lock(chan);
1085 if (!sk->sk_shutdown) {
1086 if (chan->mode == L2CAP_MODE_ERTM)
1087 err = __l2cap_wait_ack(sk);
1089 sk->sk_shutdown = SHUTDOWN_MASK;
1092 l2cap_chan_close(chan, 0);
1095 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1096 err = bt_sock_wait_state(sk, BT_CLOSED,
1100 if (!err && sk->sk_err)
1104 l2cap_chan_unlock(chan);
1107 mutex_unlock(&conn->chan_lock);
1112 static int l2cap_sock_release(struct socket *sock)
1114 struct sock *sk = sock->sk;
1117 BT_DBG("sock %p, sk %p", sock, sk);
1122 bt_sock_unlink(&l2cap_sk_list, sk);
1124 err = l2cap_sock_shutdown(sock, 2);
1127 l2cap_sock_kill(sk);
1131 static void l2cap_sock_cleanup_listen(struct sock *parent)
1135 BT_DBG("parent %p", parent);
1137 /* Close not yet accepted channels */
1138 while ((sk = bt_accept_dequeue(parent, NULL))) {
1139 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1141 l2cap_chan_lock(chan);
1142 __clear_chan_timer(chan);
1143 l2cap_chan_close(chan, ECONNRESET);
1144 l2cap_chan_unlock(chan);
1146 l2cap_sock_kill(sk);
1150 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1152 struct sock *sk, *parent = chan->data;
1156 /* Check for backlog size */
1157 if (sk_acceptq_is_full(parent)) {
1158 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1162 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1167 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1169 l2cap_sock_init(sk, parent);
1171 bt_accept_enqueue(parent, sk);
1173 release_sock(parent);
1175 return l2cap_pi(sk)->chan;
1178 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1180 struct sock *sk = chan->data;
1185 if (l2cap_pi(sk)->rx_busy_skb) {
1190 err = sock_queue_rcv_skb(sk, skb);
1192 /* For ERTM, handle one skb that doesn't fit into the recv
1193 * buffer. This is important to do because the data frames
1194 * have already been acked, so the skb cannot be discarded.
1196 * Notify the l2cap core that the buffer is full, so the
1197 * LOCAL_BUSY state is entered and no more frames are
1198 * acked and reassembled until there is buffer space
1201 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1202 l2cap_pi(sk)->rx_busy_skb = skb;
1203 l2cap_chan_busy(chan, 1);
1213 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1215 struct sock *sk = chan->data;
1217 l2cap_sock_kill(sk);
1220 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1222 struct sock *sk = chan->data;
1223 struct sock *parent;
1227 parent = bt_sk(sk)->parent;
1229 sock_set_flag(sk, SOCK_ZAPPED);
1231 switch (chan->state) {
1237 l2cap_sock_cleanup_listen(sk);
1238 sk->sk_state = BT_CLOSED;
1239 chan->state = BT_CLOSED;
1243 sk->sk_state = BT_CLOSED;
1244 chan->state = BT_CLOSED;
1249 bt_accept_unlink(sk);
1250 parent->sk_data_ready(parent, 0);
1252 sk->sk_state_change(sk);
1261 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1264 struct sock *sk = chan->data;
1266 sk->sk_state = state;
1272 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1273 unsigned long len, int nb)
1275 struct sock *sk = chan->data;
1276 struct sk_buff *skb;
1279 l2cap_chan_unlock(chan);
1280 skb = bt_skb_send_alloc(sk, len, nb, &err);
1281 l2cap_chan_lock(chan);
1284 return ERR_PTR(err);
1286 bt_cb(skb)->chan = chan;
1291 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1293 struct sock *sk = chan->data;
1294 struct sock *parent;
1298 parent = bt_sk(sk)->parent;
1300 BT_DBG("sk %p, parent %p", sk, parent);
1302 sk->sk_state = BT_CONNECTED;
1303 sk->sk_state_change(sk);
1306 parent->sk_data_ready(parent, 0);
1311 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1313 struct sock *parent, *sk = chan->data;
1317 parent = bt_sk(sk)->parent;
1319 parent->sk_data_ready(parent, 0);
1324 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1326 struct sock *sk = chan->data;
1328 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1329 sk->sk_state_change(sk);
1332 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1334 struct sock *sk = chan->data;
1337 sk->sk_shutdown = SHUTDOWN_MASK;
1341 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1343 struct sock *sk = chan->data;
1345 return sk->sk_sndtimeo;
1348 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1350 struct sock *sk = chan->data;
1352 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1353 sk->sk_state_change(sk);
1356 static struct l2cap_ops l2cap_chan_ops = {
1357 .name = "L2CAP Socket Interface",
1358 .new_connection = l2cap_sock_new_connection_cb,
1359 .recv = l2cap_sock_recv_cb,
1360 .close = l2cap_sock_close_cb,
1361 .teardown = l2cap_sock_teardown_cb,
1362 .state_change = l2cap_sock_state_change_cb,
1363 .ready = l2cap_sock_ready_cb,
1364 .defer = l2cap_sock_defer_cb,
1365 .resume = l2cap_sock_resume_cb,
1366 .suspend = l2cap_sock_suspend_cb,
1367 .set_shutdown = l2cap_sock_set_shutdown_cb,
1368 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1369 .alloc_skb = l2cap_sock_alloc_skb_cb,
1372 static void l2cap_sock_destruct(struct sock *sk)
1374 BT_DBG("sk %p", sk);
1376 if (l2cap_pi(sk)->chan)
1377 l2cap_chan_put(l2cap_pi(sk)->chan);
1379 if (l2cap_pi(sk)->rx_busy_skb) {
1380 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1381 l2cap_pi(sk)->rx_busy_skb = NULL;
1384 skb_queue_purge(&sk->sk_receive_queue);
1385 skb_queue_purge(&sk->sk_write_queue);
1388 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1391 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1393 memset(la, 0, sizeof(struct sockaddr_l2));
1394 la->l2_family = AF_BLUETOOTH;
1395 la->l2_psm = bt_cb(skb)->psm;
1396 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1398 *msg_namelen = sizeof(struct sockaddr_l2);
1401 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1403 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1405 BT_DBG("sk %p", sk);
1408 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1410 sk->sk_type = parent->sk_type;
1411 bt_sk(sk)->flags = bt_sk(parent)->flags;
1413 chan->chan_type = pchan->chan_type;
1414 chan->imtu = pchan->imtu;
1415 chan->omtu = pchan->omtu;
1416 chan->conf_state = pchan->conf_state;
1417 chan->mode = pchan->mode;
1418 chan->fcs = pchan->fcs;
1419 chan->max_tx = pchan->max_tx;
1420 chan->tx_win = pchan->tx_win;
1421 chan->tx_win_max = pchan->tx_win_max;
1422 chan->sec_level = pchan->sec_level;
1423 chan->flags = pchan->flags;
1424 chan->tx_credits = pchan->tx_credits;
1425 chan->rx_credits = pchan->rx_credits;
1427 security_sk_clone(parent, sk);
1429 switch (sk->sk_type) {
1431 chan->chan_type = L2CAP_CHAN_RAW;
1434 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1435 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1437 case SOCK_SEQPACKET:
1439 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1443 chan->imtu = L2CAP_DEFAULT_MTU;
1445 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1446 chan->mode = L2CAP_MODE_ERTM;
1447 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1449 chan->mode = L2CAP_MODE_BASIC;
1452 l2cap_chan_set_defaults(chan);
1455 /* Default config options */
1456 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1459 chan->ops = &l2cap_chan_ops;
1462 static struct proto l2cap_proto = {
1464 .owner = THIS_MODULE,
1465 .obj_size = sizeof(struct l2cap_pinfo)
1468 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1469 int proto, gfp_t prio)
1472 struct l2cap_chan *chan;
1474 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1478 sock_init_data(sock, sk);
1479 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1481 sk->sk_destruct = l2cap_sock_destruct;
1482 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1484 sock_reset_flag(sk, SOCK_ZAPPED);
1486 sk->sk_protocol = proto;
1487 sk->sk_state = BT_OPEN;
1489 chan = l2cap_chan_create();
1495 l2cap_chan_hold(chan);
1497 l2cap_pi(sk)->chan = chan;
1502 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1507 BT_DBG("sock %p", sock);
1509 sock->state = SS_UNCONNECTED;
1511 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1512 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1513 return -ESOCKTNOSUPPORT;
1515 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1518 sock->ops = &l2cap_sock_ops;
1520 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1524 l2cap_sock_init(sk, NULL);
1525 bt_sock_link(&l2cap_sk_list, sk);
1529 static const struct proto_ops l2cap_sock_ops = {
1530 .family = PF_BLUETOOTH,
1531 .owner = THIS_MODULE,
1532 .release = l2cap_sock_release,
1533 .bind = l2cap_sock_bind,
1534 .connect = l2cap_sock_connect,
1535 .listen = l2cap_sock_listen,
1536 .accept = l2cap_sock_accept,
1537 .getname = l2cap_sock_getname,
1538 .sendmsg = l2cap_sock_sendmsg,
1539 .recvmsg = l2cap_sock_recvmsg,
1540 .poll = bt_sock_poll,
1541 .ioctl = bt_sock_ioctl,
1542 .mmap = sock_no_mmap,
1543 .socketpair = sock_no_socketpair,
1544 .shutdown = l2cap_sock_shutdown,
1545 .setsockopt = l2cap_sock_setsockopt,
1546 .getsockopt = l2cap_sock_getsockopt
1549 static const struct net_proto_family l2cap_sock_family_ops = {
1550 .family = PF_BLUETOOTH,
1551 .owner = THIS_MODULE,
1552 .create = l2cap_sock_create,
1555 int __init l2cap_init_sockets(void)
1559 err = proto_register(&l2cap_proto, 0);
1563 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1565 BT_ERR("L2CAP socket registration failed");
1569 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1572 BT_ERR("Failed to create L2CAP proc file");
1573 bt_sock_unregister(BTPROTO_L2CAP);
1577 BT_INFO("L2CAP socket layer initialized");
1582 proto_unregister(&l2cap_proto);
1586 void l2cap_cleanup_sockets(void)
1588 bt_procfs_cleanup(&init_net, "l2cap");
1589 bt_sock_unregister(BTPROTO_L2CAP);
1590 proto_unregister(&l2cap_proto);
1593 module_param(enable_lecoc, bool, 0644);
1594 MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC");