2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/module.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
39 static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43 static const struct proto_ops l2cap_sock_ops;
44 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio);
48 bool l2cap_is_socket(struct socket *sock)
50 return sock && sock->ops == &l2cap_sock_ops;
52 EXPORT_SYMBOL(l2cap_is_socket);
54 static int l2cap_validate_bredr_psm(u16 psm)
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
60 /* Restrict usage of well-known PSMs */
61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
67 static int l2cap_validate_le_psm(u16 psm)
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 struct sock *sk = sock->sk;
83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
84 struct sockaddr_l2 la;
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
96 if (la.l2_cid && la.l2_psm)
99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
103 /* We only allow ATT user space socket */
105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
111 if (sk->sk_state != BT_OPEN) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
119 if (la.l2_bdaddr_type == BDADDR_BREDR)
120 err = l2cap_validate_bredr_psm(psm);
122 err = l2cap_validate_le_psm(psm);
129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
136 switch (chan->chan_type) {
137 case L2CAP_CHAN_CONN_LESS:
138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
139 chan->sec_level = BT_SECURITY_SDP;
141 case L2CAP_CHAN_CONN_ORIENTED:
142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
144 chan->sec_level = BT_SECURITY_SDP;
147 chan->sec_level = BT_SECURITY_SDP;
149 case L2CAP_CHAN_FIXED:
150 /* Fixed channels default to the L2CAP core not holding a
151 * hci_conn reference for them. For fixed channels mapping to
152 * L2CAP sockets we do want to hold a reference so set the
153 * appropriate flag to request it.
155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
159 bacpy(&chan->src, &la.l2_bdaddr);
160 chan->src_type = la.l2_bdaddr_type;
162 if (chan->psm && bdaddr_type_is_le(chan->src_type))
163 chan->mode = L2CAP_MODE_LE_FLOWCTL;
165 chan->state = BT_BOUND;
166 sk->sk_state = BT_BOUND;
173 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 struct sock *sk = sock->sk;
177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178 struct sockaddr_l2 la;
183 if (!addr || alen < sizeof(addr->sa_family) ||
184 addr->sa_family != AF_BLUETOOTH)
187 memset(&la, 0, sizeof(la));
188 len = min_t(unsigned int, sizeof(la), alen);
189 memcpy(&la, addr, len);
191 if (la.l2_cid && la.l2_psm)
194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 /* Check that the socket wasn't bound to something that
198 * conflicts with the address given to connect(). If chan->src
199 * is BDADDR_ANY it means bind() was never used, in which case
200 * chan->src_type and la.l2_bdaddr_type do not need to match.
202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203 bdaddr_type_is_le(la.l2_bdaddr_type)) {
204 /* Old user space versions will try to incorrectly bind
205 * the ATT socket using BDADDR_BREDR. We need to accept
206 * this and fix up the source address type only when
207 * both the source CID and destination CID indicate
208 * ATT. Anything else is an invalid combination.
210 if (chan->scid != L2CAP_CID_ATT ||
211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 /* We don't have the hdev available here to make a
215 * better decision on random vs public, but since all
216 * user space versions that exhibit this issue anyway do
217 * not support random local addresses assuming public
218 * here is good enough.
220 chan->src_type = BDADDR_LE_PUBLIC;
223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
227 /* We only allow ATT user space socket */
229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
233 if (chan->psm && bdaddr_type_is_le(chan->src_type))
234 chan->mode = L2CAP_MODE_LE_FLOWCTL;
236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
237 &la.l2_bdaddr, la.l2_bdaddr_type);
243 err = bt_sock_wait_state(sk, BT_CONNECTED,
244 sock_sndtimeo(sk, flags & O_NONBLOCK));
251 static int l2cap_sock_listen(struct socket *sock, int backlog)
253 struct sock *sk = sock->sk;
254 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 BT_DBG("sk %p backlog %d", sk, backlog);
261 if (sk->sk_state != BT_BOUND) {
266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
271 switch (chan->mode) {
272 case L2CAP_MODE_BASIC:
273 case L2CAP_MODE_LE_FLOWCTL:
275 case L2CAP_MODE_ERTM:
276 case L2CAP_MODE_STREAMING:
285 sk->sk_max_ack_backlog = backlog;
286 sk->sk_ack_backlog = 0;
288 /* Listening channels need to use nested locking in order not to
289 * cause lockdep warnings when the created child channels end up
290 * being locked in the same thread as the parent channel.
292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
294 chan->state = BT_LISTEN;
295 sk->sk_state = BT_LISTEN;
302 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 #ifdef CONFIG_TIZEN_WIP
306 DECLARE_WAITQUEUE(wait, current);
308 DEFINE_WAIT_FUNC(wait, woken_wake_function);
310 struct sock *sk = sock->sk, *nsk;
314 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
316 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
318 BT_DBG("sk %p timeo %ld", sk, timeo);
320 /* Wait for an incoming connection. (wake-one). */
321 add_wait_queue_exclusive(sk_sleep(sk), &wait);
323 #ifdef CONFIG_TIZEN_WIP
324 set_current_state(TASK_INTERRUPTIBLE);
326 if (sk->sk_state != BT_LISTEN) {
331 nsk = bt_accept_dequeue(sk, newsock);
340 if (signal_pending(current)) {
341 err = sock_intr_errno(timeo);
346 #ifdef CONFIG_TIZEN_WIP
347 timeo = schedule_timeout(timeo);
349 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
352 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
354 #ifdef CONFIG_TIZEN_WIP
355 __set_current_state(TASK_RUNNING);
357 remove_wait_queue(sk_sleep(sk), &wait);
362 newsock->state = SS_CONNECTED;
364 BT_DBG("new socket %p", nsk);
371 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
374 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
375 struct sock *sk = sock->sk;
376 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
378 BT_DBG("sock %p, sk %p", sock, sk);
380 if (peer && sk->sk_state != BT_CONNECTED &&
381 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
382 sk->sk_state != BT_CONFIG)
385 memset(la, 0, sizeof(struct sockaddr_l2));
386 addr->sa_family = AF_BLUETOOTH;
387 *len = sizeof(struct sockaddr_l2);
389 la->l2_psm = chan->psm;
392 bacpy(&la->l2_bdaddr, &chan->dst);
393 la->l2_cid = cpu_to_le16(chan->dcid);
394 la->l2_bdaddr_type = chan->dst_type;
396 bacpy(&la->l2_bdaddr, &chan->src);
397 la->l2_cid = cpu_to_le16(chan->scid);
398 la->l2_bdaddr_type = chan->src_type;
404 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
405 char __user *optval, int __user *optlen)
407 struct sock *sk = sock->sk;
408 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
409 struct l2cap_options opts;
410 struct l2cap_conninfo cinfo;
416 if (get_user(len, optlen))
423 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
424 * legacy ATT code depends on getsockopt for
425 * L2CAP_OPTIONS we need to let this pass.
427 if (bdaddr_type_is_le(chan->src_type) &&
428 chan->scid != L2CAP_CID_ATT) {
433 memset(&opts, 0, sizeof(opts));
434 opts.imtu = chan->imtu;
435 opts.omtu = chan->omtu;
436 opts.flush_to = chan->flush_to;
437 opts.mode = chan->mode;
438 opts.fcs = chan->fcs;
439 opts.max_tx = chan->max_tx;
440 opts.txwin_size = chan->tx_win;
442 len = min_t(unsigned int, len, sizeof(opts));
443 if (copy_to_user(optval, (char *) &opts, len))
449 switch (chan->sec_level) {
450 case BT_SECURITY_LOW:
453 case BT_SECURITY_MEDIUM:
454 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
456 case BT_SECURITY_HIGH:
457 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
460 case BT_SECURITY_FIPS:
461 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
462 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
469 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
470 opt |= L2CAP_LM_MASTER;
472 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
473 opt |= L2CAP_LM_RELIABLE;
475 if (put_user(opt, (u32 __user *) optval))
481 if (sk->sk_state != BT_CONNECTED &&
482 !(sk->sk_state == BT_CONNECT2 &&
483 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
488 memset(&cinfo, 0, sizeof(cinfo));
489 cinfo.hci_handle = chan->conn->hcon->handle;
490 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
492 len = min_t(unsigned int, len, sizeof(cinfo));
493 if (copy_to_user(optval, (char *) &cinfo, len))
507 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
508 char __user *optval, int __user *optlen)
510 struct sock *sk = sock->sk;
511 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
512 struct bt_security sec;
518 if (level == SOL_L2CAP)
519 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
521 if (level != SOL_BLUETOOTH)
524 if (get_user(len, optlen))
531 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
532 chan->chan_type != L2CAP_CHAN_FIXED &&
533 chan->chan_type != L2CAP_CHAN_RAW) {
538 memset(&sec, 0, sizeof(sec));
540 sec.level = chan->conn->hcon->sec_level;
542 if (sk->sk_state == BT_CONNECTED)
543 sec.key_size = chan->conn->hcon->enc_key_size;
545 sec.level = chan->sec_level;
548 len = min_t(unsigned int, len, sizeof(sec));
549 if (copy_to_user(optval, (char *) &sec, len))
555 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
560 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
561 (u32 __user *) optval))
567 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
568 (u32 __user *) optval))
574 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
575 && sk->sk_type != SOCK_RAW) {
580 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
582 len = min_t(unsigned int, len, sizeof(pwr));
583 if (copy_to_user(optval, (char *) &pwr, len))
588 case BT_CHANNEL_POLICY:
589 if (put_user(chan->chan_policy, (u32 __user *) optval))
594 if (!bdaddr_type_is_le(chan->src_type)) {
599 if (sk->sk_state != BT_CONNECTED) {
604 if (put_user(chan->omtu, (u16 __user *) optval))
609 if (!bdaddr_type_is_le(chan->src_type)) {
614 if (put_user(chan->imtu, (u16 __user *) optval))
627 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
629 switch (chan->scid) {
631 if (mtu < L2CAP_LE_MIN_MTU)
636 if (mtu < L2CAP_DEFAULT_MIN_MTU)
643 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
644 char __user *optval, unsigned int optlen)
646 struct sock *sk = sock->sk;
647 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
648 struct l2cap_options opts;
658 if (bdaddr_type_is_le(chan->src_type)) {
663 if (sk->sk_state == BT_CONNECTED) {
668 opts.imtu = chan->imtu;
669 opts.omtu = chan->omtu;
670 opts.flush_to = chan->flush_to;
671 opts.mode = chan->mode;
672 opts.fcs = chan->fcs;
673 opts.max_tx = chan->max_tx;
674 opts.txwin_size = chan->tx_win;
676 len = min_t(unsigned int, sizeof(opts), optlen);
677 if (copy_from_user((char *) &opts, optval, len)) {
682 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
687 if (!l2cap_valid_mtu(chan, opts.imtu)) {
692 chan->mode = opts.mode;
693 switch (chan->mode) {
694 case L2CAP_MODE_LE_FLOWCTL:
696 case L2CAP_MODE_BASIC:
697 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
699 case L2CAP_MODE_ERTM:
700 case L2CAP_MODE_STREAMING:
709 chan->imtu = opts.imtu;
710 chan->omtu = opts.omtu;
711 chan->fcs = opts.fcs;
712 chan->max_tx = opts.max_tx;
713 chan->tx_win = opts.txwin_size;
714 chan->flush_to = opts.flush_to;
718 if (get_user(opt, (u32 __user *) optval)) {
723 if (opt & L2CAP_LM_FIPS) {
728 if (opt & L2CAP_LM_AUTH)
729 chan->sec_level = BT_SECURITY_LOW;
730 if (opt & L2CAP_LM_ENCRYPT)
731 chan->sec_level = BT_SECURITY_MEDIUM;
732 if (opt & L2CAP_LM_SECURE)
733 chan->sec_level = BT_SECURITY_HIGH;
735 if (opt & L2CAP_LM_MASTER)
736 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
738 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
740 if (opt & L2CAP_LM_RELIABLE)
741 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
743 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
755 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
756 char __user *optval, unsigned int optlen)
758 struct sock *sk = sock->sk;
759 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
760 struct bt_security sec;
762 struct l2cap_conn *conn;
768 if (level == SOL_L2CAP)
769 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
771 if (level != SOL_BLUETOOTH)
778 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
779 chan->chan_type != L2CAP_CHAN_FIXED &&
780 chan->chan_type != L2CAP_CHAN_RAW) {
785 sec.level = BT_SECURITY_LOW;
787 len = min_t(unsigned int, sizeof(sec), optlen);
788 if (copy_from_user((char *) &sec, optval, len)) {
793 if (sec.level < BT_SECURITY_LOW ||
794 sec.level > BT_SECURITY_HIGH) {
799 chan->sec_level = sec.level;
806 /*change security for LE channels */
807 if (chan->scid == L2CAP_CID_ATT) {
808 if (smp_conn_security(conn->hcon, sec.level))
810 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
811 sk->sk_state = BT_CONFIG;
812 chan->state = BT_CONFIG;
814 /* or for ACL link */
815 } else if ((sk->sk_state == BT_CONNECT2 &&
816 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
817 sk->sk_state == BT_CONNECTED) {
818 if (!l2cap_chan_check_security(chan, true))
819 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
821 sk->sk_state_change(sk);
828 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
833 if (get_user(opt, (u32 __user *) optval)) {
839 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
840 set_bit(FLAG_DEFER_SETUP, &chan->flags);
842 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
843 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
848 if (get_user(opt, (u32 __user *) optval)) {
853 if (opt > BT_FLUSHABLE_ON) {
858 if (opt == BT_FLUSHABLE_OFF) {
860 /* proceed further only when we have l2cap_conn and
861 No Flush support in the LM */
862 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
869 set_bit(FLAG_FLUSHABLE, &chan->flags);
871 clear_bit(FLAG_FLUSHABLE, &chan->flags);
875 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
876 chan->chan_type != L2CAP_CHAN_RAW) {
881 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
883 len = min_t(unsigned int, sizeof(pwr), optlen);
884 if (copy_from_user((char *) &pwr, optval, len)) {
889 if (pwr.force_active)
890 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
892 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
895 case BT_CHANNEL_POLICY:
896 if (get_user(opt, (u32 __user *) optval)) {
901 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
906 if (chan->mode != L2CAP_MODE_ERTM &&
907 chan->mode != L2CAP_MODE_STREAMING) {
912 chan->chan_policy = (u8) opt;
914 if (sk->sk_state == BT_CONNECTED &&
915 chan->move_role == L2CAP_MOVE_ROLE_NONE)
916 l2cap_move_start(chan);
921 if (!bdaddr_type_is_le(chan->src_type)) {
926 /* Setting is not supported as it's the remote side that
933 if (!bdaddr_type_is_le(chan->src_type)) {
938 if (sk->sk_state == BT_CONNECTED) {
943 if (get_user(opt, (u32 __user *) optval)) {
951 #ifdef CONFIG_TIZEN_WIP
952 case BT_LE_CONN_PARAM: {
953 struct hci_dev *hdev;
954 struct le_conn_param param;
957 len = min_t(unsigned int, sizeof(param), optlen);
958 if (copy_from_user((char *) ¶m, optval, len)) {
963 err = hci_check_conn_params(param.min, param.max,
964 param.latency, param.to_multiplier);
969 hdev = conn->hcon->hdev;
970 if (conn->hcon->out ||
971 (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC &&
972 conn->hcon->features[0][0] & HCI_LE_CONN_PARAM_REQ_PROC)) {
973 BT_DBG("use hci_le_conn_update");
974 err = hci_le_conn_update(conn->hcon, param.min,
975 param.max, param.latency,
976 param.to_multiplier);
980 BT_DBG("use l2cap conn_update");
981 err = l2cap_update_connection_param(conn, param.min,
982 param.max, param.latency, param.to_multiplier);
996 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
997 struct msghdr *msg, size_t len)
999 struct sock *sk = sock->sk;
1000 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1003 BT_DBG("sock %p, sk %p", sock, sk);
1005 err = sock_error(sk);
1009 if (msg->msg_flags & MSG_OOB)
1012 if (sk->sk_state != BT_CONNECTED)
1016 err = bt_sock_wait_ready(sk, msg->msg_flags);
1021 l2cap_chan_lock(chan);
1022 err = l2cap_chan_send(chan, msg, len);
1023 l2cap_chan_unlock(chan);
1028 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1029 struct msghdr *msg, size_t len, int flags)
1031 struct sock *sk = sock->sk;
1032 struct l2cap_pinfo *pi = l2cap_pi(sk);
1037 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1038 &bt_sk(sk)->flags)) {
1039 if (bdaddr_type_is_le(pi->chan->src_type)) {
1040 sk->sk_state = BT_CONNECTED;
1041 pi->chan->state = BT_CONNECTED;
1042 __l2cap_le_connect_rsp_defer(pi->chan);
1044 sk->sk_state = BT_CONFIG;
1045 pi->chan->state = BT_CONFIG;
1046 __l2cap_connect_rsp_defer(pi->chan);
1055 if (sock->type == SOCK_STREAM)
1056 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1058 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1060 if (pi->chan->mode != L2CAP_MODE_ERTM)
1063 /* Attempt to put pending rx data in the socket buffer */
1067 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1070 if (pi->rx_busy_skb) {
1071 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1072 pi->rx_busy_skb = NULL;
1077 /* Restore data flow when half of the receive buffer is
1078 * available. This avoids resending large numbers of
1081 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1082 l2cap_chan_busy(pi->chan, 0);
1089 /* Kill socket (only if zapped and orphan)
1090 * Must be called on unlocked socket.
1092 static void l2cap_sock_kill(struct sock *sk)
1094 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1097 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1099 /* Kill poor orphan */
1101 l2cap_chan_put(l2cap_pi(sk)->chan);
1102 sock_set_flag(sk, SOCK_DEAD);
1106 static int __l2cap_wait_ack(struct sock *sk)
1108 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1109 DECLARE_WAITQUEUE(wait, current);
1113 add_wait_queue(sk_sleep(sk), &wait);
1114 set_current_state(TASK_INTERRUPTIBLE);
1115 while (chan->unacked_frames > 0 && chan->conn) {
1119 if (signal_pending(current)) {
1120 err = sock_intr_errno(timeo);
1125 timeo = schedule_timeout(timeo);
1127 set_current_state(TASK_INTERRUPTIBLE);
1129 err = sock_error(sk);
1133 set_current_state(TASK_RUNNING);
1134 remove_wait_queue(sk_sleep(sk), &wait);
1138 static int l2cap_sock_shutdown(struct socket *sock, int how)
1140 struct sock *sk = sock->sk;
1141 struct l2cap_chan *chan;
1142 struct l2cap_conn *conn;
1145 BT_DBG("sock %p, sk %p", sock, sk);
1150 chan = l2cap_pi(sk)->chan;
1153 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1156 mutex_lock(&conn->chan_lock);
1158 l2cap_chan_lock(chan);
1161 if (!sk->sk_shutdown) {
1162 if (chan->mode == L2CAP_MODE_ERTM)
1163 err = __l2cap_wait_ack(sk);
1165 sk->sk_shutdown = SHUTDOWN_MASK;
1168 l2cap_chan_close(chan, 0);
1171 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1172 !(current->flags & PF_EXITING))
1173 err = bt_sock_wait_state(sk, BT_CLOSED,
1177 if (!err && sk->sk_err)
1181 l2cap_chan_unlock(chan);
1184 mutex_unlock(&conn->chan_lock);
1189 static int l2cap_sock_release(struct socket *sock)
1191 struct sock *sk = sock->sk;
1194 BT_DBG("sock %p, sk %p", sock, sk);
1199 bt_sock_unlink(&l2cap_sk_list, sk);
1201 err = l2cap_sock_shutdown(sock, 2);
1204 l2cap_sock_kill(sk);
1208 static void l2cap_sock_cleanup_listen(struct sock *parent)
1212 BT_DBG("parent %p state %s", parent,
1213 state_to_string(parent->sk_state));
1215 /* Close not yet accepted channels */
1216 while ((sk = bt_accept_dequeue(parent, NULL))) {
1217 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1219 BT_DBG("child chan %p state %s", chan,
1220 state_to_string(chan->state));
1222 l2cap_chan_lock(chan);
1223 __clear_chan_timer(chan);
1224 l2cap_chan_close(chan, ECONNRESET);
1225 l2cap_chan_unlock(chan);
1227 l2cap_sock_kill(sk);
1231 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1233 struct sock *sk, *parent = chan->data;
1237 /* Check for backlog size */
1238 if (sk_acceptq_is_full(parent)) {
1239 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1240 release_sock(parent);
1244 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1247 release_sock(parent);
1251 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1253 l2cap_sock_init(sk, parent);
1255 bt_accept_enqueue(parent, sk);
1257 release_sock(parent);
1259 return l2cap_pi(sk)->chan;
1262 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1264 struct sock *sk = chan->data;
1269 if (l2cap_pi(sk)->rx_busy_skb) {
1274 err = sock_queue_rcv_skb(sk, skb);
1276 /* For ERTM, handle one skb that doesn't fit into the recv
1277 * buffer. This is important to do because the data frames
1278 * have already been acked, so the skb cannot be discarded.
1280 * Notify the l2cap core that the buffer is full, so the
1281 * LOCAL_BUSY state is entered and no more frames are
1282 * acked and reassembled until there is buffer space
1285 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1286 l2cap_pi(sk)->rx_busy_skb = skb;
1287 l2cap_chan_busy(chan, 1);
1297 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1299 struct sock *sk = chan->data;
1301 l2cap_sock_kill(sk);
1304 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1306 struct sock *sk = chan->data;
1307 struct sock *parent;
1309 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1311 /* This callback can be called both for server (BT_LISTEN)
1312 * sockets as well as "normal" ones. To avoid lockdep warnings
1313 * with child socket locking (through l2cap_sock_cleanup_listen)
1314 * we need separation into separate nesting levels. The simplest
1315 * way to accomplish this is to inherit the nesting level used
1318 lock_sock_nested(sk, atomic_read(&chan->nesting));
1320 parent = bt_sk(sk)->parent;
1322 sock_set_flag(sk, SOCK_ZAPPED);
1324 switch (chan->state) {
1330 l2cap_sock_cleanup_listen(sk);
1331 sk->sk_state = BT_CLOSED;
1332 chan->state = BT_CLOSED;
1336 sk->sk_state = BT_CLOSED;
1337 chan->state = BT_CLOSED;
1342 bt_accept_unlink(sk);
1343 #ifdef CONFIG_TIZEN_WIP
1344 parent->sk_data_ready(parent, 0);
1346 parent->sk_data_ready(parent);
1349 sk->sk_state_change(sk);
1358 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1361 struct sock *sk = chan->data;
1363 sk->sk_state = state;
1369 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1370 unsigned long hdr_len,
1371 unsigned long len, int nb)
1373 struct sock *sk = chan->data;
1374 struct sk_buff *skb;
1377 l2cap_chan_unlock(chan);
1378 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1379 l2cap_chan_lock(chan);
1382 return ERR_PTR(err);
1384 skb->priority = sk->sk_priority;
1386 bt_cb(skb)->chan = chan;
1390 #ifdef CONFIG_TIZEN_WIP
1391 static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan,
1392 unsigned char *kdata,
1393 struct iovec *iov, int len)
1395 return memcpy_fromiovec(kdata, iov, len);
1398 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1400 struct sock *sk = chan->data;
1401 struct sock *parent;
1405 parent = bt_sk(sk)->parent;
1407 BT_DBG("sk %p, parent %p", sk, parent);
1409 sk->sk_state = BT_CONNECTED;
1410 sk->sk_state_change(sk);
1413 #ifdef CONFIG_TIZEN_WIP
1414 parent->sk_data_ready(parent, 0);
1416 parent->sk_data_ready(parent);
1421 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1423 struct sock *parent, *sk = chan->data;
1427 parent = bt_sk(sk)->parent;
1429 #ifdef CONFIG_TIZEN_WIP
1430 parent->sk_data_ready(parent, 0);
1432 parent->sk_data_ready(parent);
1437 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1439 struct sock *sk = chan->data;
1441 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1442 sk->sk_state = BT_CONNECTED;
1443 chan->state = BT_CONNECTED;
1446 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1447 sk->sk_state_change(sk);
1450 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1452 struct sock *sk = chan->data;
1455 sk->sk_shutdown = SHUTDOWN_MASK;
1459 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1461 struct sock *sk = chan->data;
1463 return sk->sk_sndtimeo;
1466 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1468 struct sock *sk = chan->data;
1470 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1471 sk->sk_state_change(sk);
1474 static const struct l2cap_ops l2cap_chan_ops = {
1475 .name = "L2CAP Socket Interface",
1476 .new_connection = l2cap_sock_new_connection_cb,
1477 .recv = l2cap_sock_recv_cb,
1478 .close = l2cap_sock_close_cb,
1479 .teardown = l2cap_sock_teardown_cb,
1480 .state_change = l2cap_sock_state_change_cb,
1481 .ready = l2cap_sock_ready_cb,
1482 .defer = l2cap_sock_defer_cb,
1483 .resume = l2cap_sock_resume_cb,
1484 .suspend = l2cap_sock_suspend_cb,
1485 .set_shutdown = l2cap_sock_set_shutdown_cb,
1486 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1487 .alloc_skb = l2cap_sock_alloc_skb_cb,
1488 #ifdef CONFIG_TIZEN_WIP
1489 .memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb,
1493 static void l2cap_sock_destruct(struct sock *sk)
1495 BT_DBG("sk %p", sk);
1497 if (l2cap_pi(sk)->chan)
1498 l2cap_chan_put(l2cap_pi(sk)->chan);
1500 if (l2cap_pi(sk)->rx_busy_skb) {
1501 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1502 l2cap_pi(sk)->rx_busy_skb = NULL;
1505 skb_queue_purge(&sk->sk_receive_queue);
1506 skb_queue_purge(&sk->sk_write_queue);
1509 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1512 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1514 memset(la, 0, sizeof(struct sockaddr_l2));
1515 la->l2_family = AF_BLUETOOTH;
1516 la->l2_psm = bt_cb(skb)->psm;
1517 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1519 *msg_namelen = sizeof(struct sockaddr_l2);
1522 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1524 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1526 BT_DBG("sk %p", sk);
1529 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1531 sk->sk_type = parent->sk_type;
1532 bt_sk(sk)->flags = bt_sk(parent)->flags;
1534 chan->chan_type = pchan->chan_type;
1535 chan->imtu = pchan->imtu;
1536 chan->omtu = pchan->omtu;
1537 chan->conf_state = pchan->conf_state;
1538 chan->mode = pchan->mode;
1539 chan->fcs = pchan->fcs;
1540 chan->max_tx = pchan->max_tx;
1541 chan->tx_win = pchan->tx_win;
1542 chan->tx_win_max = pchan->tx_win_max;
1543 chan->sec_level = pchan->sec_level;
1544 chan->flags = pchan->flags;
1545 chan->tx_credits = pchan->tx_credits;
1546 chan->rx_credits = pchan->rx_credits;
1548 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1549 chan->scid = pchan->scid;
1550 chan->dcid = pchan->scid;
1553 security_sk_clone(parent, sk);
1555 switch (sk->sk_type) {
1557 chan->chan_type = L2CAP_CHAN_RAW;
1560 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1561 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1563 case SOCK_SEQPACKET:
1565 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1569 chan->imtu = L2CAP_DEFAULT_MTU;
1571 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1572 chan->mode = L2CAP_MODE_ERTM;
1573 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1575 chan->mode = L2CAP_MODE_BASIC;
1578 l2cap_chan_set_defaults(chan);
1581 /* Default config options */
1582 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1585 chan->ops = &l2cap_chan_ops;
1588 static struct proto l2cap_proto = {
1590 .owner = THIS_MODULE,
1591 .obj_size = sizeof(struct l2cap_pinfo)
1594 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1595 int proto, gfp_t prio)
1598 struct l2cap_chan *chan;
1600 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1604 sock_init_data(sock, sk);
1605 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1607 sk->sk_destruct = l2cap_sock_destruct;
1608 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1610 sock_reset_flag(sk, SOCK_ZAPPED);
1612 sk->sk_protocol = proto;
1613 sk->sk_state = BT_OPEN;
1615 chan = l2cap_chan_create();
1621 l2cap_chan_hold(chan);
1623 l2cap_pi(sk)->chan = chan;
1628 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1633 BT_DBG("sock %p", sock);
1635 sock->state = SS_UNCONNECTED;
1637 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1638 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1639 return -ESOCKTNOSUPPORT;
1641 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1644 sock->ops = &l2cap_sock_ops;
1646 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1650 l2cap_sock_init(sk, NULL);
1651 bt_sock_link(&l2cap_sk_list, sk);
1655 static const struct proto_ops l2cap_sock_ops = {
1656 .family = PF_BLUETOOTH,
1657 .owner = THIS_MODULE,
1658 .release = l2cap_sock_release,
1659 .bind = l2cap_sock_bind,
1660 .connect = l2cap_sock_connect,
1661 .listen = l2cap_sock_listen,
1662 .accept = l2cap_sock_accept,
1663 .getname = l2cap_sock_getname,
1664 .sendmsg = l2cap_sock_sendmsg,
1665 .recvmsg = l2cap_sock_recvmsg,
1666 .poll = bt_sock_poll,
1667 .ioctl = bt_sock_ioctl,
1668 .mmap = sock_no_mmap,
1669 .socketpair = sock_no_socketpair,
1670 .shutdown = l2cap_sock_shutdown,
1671 .setsockopt = l2cap_sock_setsockopt,
1672 .getsockopt = l2cap_sock_getsockopt
1675 static const struct net_proto_family l2cap_sock_family_ops = {
1676 .family = PF_BLUETOOTH,
1677 .owner = THIS_MODULE,
1678 .create = l2cap_sock_create,
1681 int __init l2cap_init_sockets(void)
1685 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1687 err = proto_register(&l2cap_proto, 0);
1691 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1693 BT_ERR("L2CAP socket registration failed");
1697 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1700 BT_ERR("Failed to create L2CAP proc file");
1701 bt_sock_unregister(BTPROTO_L2CAP);
1705 BT_INFO("L2CAP socket layer initialized");
1710 proto_unregister(&l2cap_proto);
1714 void l2cap_cleanup_sockets(void)
1716 bt_procfs_cleanup(&init_net, "l2cap");
1717 bt_sock_unregister(BTPROTO_L2CAP);
1718 proto_unregister(&l2cap_proto);