2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static const struct proto_ops l2cap_sock_ops;
35 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
37 struct sock *sk = sock->sk;
38 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
39 struct sockaddr_l2 la;
44 if (!addr || addr->sa_family != AF_BLUETOOTH)
47 memset(&la, 0, sizeof(la));
48 len = min_t(unsigned int, sizeof(la), alen);
49 memcpy(&la, addr, len);
51 if (la.l2_cid && la.l2_psm)
56 if (sk->sk_state != BT_OPEN) {
62 __u16 psm = __le16_to_cpu(la.l2_psm);
64 /* PSM must be odd and lsb of upper byte must be 0 */
65 if ((psm & 0x0101) != 0x0001) {
70 /* Restrict usage of well-known PSMs */
71 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
78 err = l2cap_add_scid(chan, la.l2_cid);
80 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
85 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
86 __le16_to_cpu(la.l2_psm) == 0x0003)
87 chan->sec_level = BT_SECURITY_SDP;
89 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
90 sk->sk_state = BT_BOUND;
97 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
99 struct sock *sk = sock->sk;
100 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
101 struct sockaddr_l2 la;
106 if (!addr || alen < sizeof(addr->sa_family) ||
107 addr->sa_family != AF_BLUETOOTH)
110 memset(&la, 0, sizeof(la));
111 len = min_t(unsigned int, sizeof(la), alen);
112 memcpy(&la, addr, len);
114 if (la.l2_cid && la.l2_psm)
119 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
120 && !(la.l2_psm || la.l2_cid)) {
125 switch (chan->mode) {
126 case L2CAP_MODE_BASIC:
128 case L2CAP_MODE_ERTM:
129 case L2CAP_MODE_STREAMING:
138 switch (sk->sk_state) {
142 /* Already connecting */
146 /* Already connected */
160 /* PSM must be odd and lsb of upper byte must be 0 */
161 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
162 chan->chan_type != L2CAP_CHAN_RAW) {
167 /* Set destination address and psm */
168 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
169 chan->psm = la.l2_psm;
170 chan->dcid = la.l2_cid;
172 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
177 err = bt_sock_wait_state(sk, BT_CONNECTED,
178 sock_sndtimeo(sk, flags & O_NONBLOCK));
184 static int l2cap_sock_listen(struct socket *sock, int backlog)
186 struct sock *sk = sock->sk;
187 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
190 BT_DBG("sk %p backlog %d", sk, backlog);
194 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
195 || sk->sk_state != BT_BOUND) {
200 switch (chan->mode) {
201 case L2CAP_MODE_BASIC:
203 case L2CAP_MODE_ERTM:
204 case L2CAP_MODE_STREAMING:
213 sk->sk_max_ack_backlog = backlog;
214 sk->sk_ack_backlog = 0;
215 sk->sk_state = BT_LISTEN;
222 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
224 DECLARE_WAITQUEUE(wait, current);
225 struct sock *sk = sock->sk, *nsk;
229 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
231 if (sk->sk_state != BT_LISTEN) {
236 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
238 BT_DBG("sk %p timeo %ld", sk, timeo);
240 /* Wait for an incoming connection. (wake-one). */
241 add_wait_queue_exclusive(sk_sleep(sk), &wait);
242 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
243 set_current_state(TASK_INTERRUPTIBLE);
250 timeo = schedule_timeout(timeo);
251 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
253 if (sk->sk_state != BT_LISTEN) {
258 if (signal_pending(current)) {
259 err = sock_intr_errno(timeo);
263 set_current_state(TASK_RUNNING);
264 remove_wait_queue(sk_sleep(sk), &wait);
269 newsock->state = SS_CONNECTED;
271 BT_DBG("new socket %p", nsk);
278 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
280 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
281 struct sock *sk = sock->sk;
282 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
284 BT_DBG("sock %p, sk %p", sock, sk);
286 addr->sa_family = AF_BLUETOOTH;
287 *len = sizeof(struct sockaddr_l2);
290 la->l2_psm = chan->psm;
291 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
292 la->l2_cid = cpu_to_le16(chan->dcid);
294 la->l2_psm = chan->sport;
295 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
296 la->l2_cid = cpu_to_le16(chan->scid);
302 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
304 struct sock *sk = sock->sk;
305 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
306 struct l2cap_options opts;
307 struct l2cap_conninfo cinfo;
313 if (get_user(len, optlen))
320 memset(&opts, 0, sizeof(opts));
321 opts.imtu = chan->imtu;
322 opts.omtu = chan->omtu;
323 opts.flush_to = chan->flush_to;
324 opts.mode = chan->mode;
325 opts.fcs = chan->fcs;
326 opts.max_tx = chan->max_tx;
327 opts.txwin_size = (__u16)chan->tx_win;
329 len = min_t(unsigned int, len, sizeof(opts));
330 if (copy_to_user(optval, (char *) &opts, len))
336 switch (chan->sec_level) {
337 case BT_SECURITY_LOW:
340 case BT_SECURITY_MEDIUM:
341 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
343 case BT_SECURITY_HIGH:
344 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
352 if (chan->role_switch)
353 opt |= L2CAP_LM_MASTER;
355 if (chan->force_reliable)
356 opt |= L2CAP_LM_RELIABLE;
358 if (put_user(opt, (u32 __user *) optval))
363 if (sk->sk_state != BT_CONNECTED &&
364 !(sk->sk_state == BT_CONNECT2 &&
365 bt_sk(sk)->defer_setup)) {
370 cinfo.hci_handle = chan->conn->hcon->handle;
371 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
373 len = min_t(unsigned int, len, sizeof(cinfo));
374 if (copy_to_user(optval, (char *) &cinfo, len))
388 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
390 struct sock *sk = sock->sk;
391 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
392 struct bt_security sec;
398 if (level == SOL_L2CAP)
399 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
401 if (level != SOL_BLUETOOTH)
404 if (get_user(len, optlen))
411 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
412 chan->chan_type != L2CAP_CHAN_RAW) {
417 sec.level = chan->sec_level;
419 len = min_t(unsigned int, len, sizeof(sec));
420 if (copy_to_user(optval, (char *) &sec, len))
426 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
431 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
437 if (put_user(chan->flushable, (u32 __user *) optval))
443 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
444 && sk->sk_type != SOCK_RAW) {
449 pwr.force_active = chan->force_active;
451 len = min_t(unsigned int, len, sizeof(pwr));
452 if (copy_to_user(optval, (char *) &pwr, len))
466 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
468 struct sock *sk = sock->sk;
469 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
470 struct l2cap_options opts;
480 if (sk->sk_state == BT_CONNECTED) {
485 opts.imtu = chan->imtu;
486 opts.omtu = chan->omtu;
487 opts.flush_to = chan->flush_to;
488 opts.mode = chan->mode;
489 opts.fcs = chan->fcs;
490 opts.max_tx = chan->max_tx;
491 opts.txwin_size = (__u16)chan->tx_win;
493 len = min_t(unsigned int, sizeof(opts), optlen);
494 if (copy_from_user((char *) &opts, optval, len)) {
499 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
504 chan->mode = opts.mode;
505 switch (chan->mode) {
506 case L2CAP_MODE_BASIC:
507 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
509 case L2CAP_MODE_ERTM:
510 case L2CAP_MODE_STREAMING:
519 chan->imtu = opts.imtu;
520 chan->omtu = opts.omtu;
521 chan->fcs = opts.fcs;
522 chan->max_tx = opts.max_tx;
523 chan->tx_win = (__u8)opts.txwin_size;
527 if (get_user(opt, (u32 __user *) optval)) {
532 if (opt & L2CAP_LM_AUTH)
533 chan->sec_level = BT_SECURITY_LOW;
534 if (opt & L2CAP_LM_ENCRYPT)
535 chan->sec_level = BT_SECURITY_MEDIUM;
536 if (opt & L2CAP_LM_SECURE)
537 chan->sec_level = BT_SECURITY_HIGH;
539 chan->role_switch = (opt & L2CAP_LM_MASTER);
540 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
552 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
554 struct sock *sk = sock->sk;
555 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
556 struct bt_security sec;
563 if (level == SOL_L2CAP)
564 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
566 if (level != SOL_BLUETOOTH)
573 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
574 chan->chan_type != L2CAP_CHAN_RAW) {
579 sec.level = BT_SECURITY_LOW;
581 len = min_t(unsigned int, sizeof(sec), optlen);
582 if (copy_from_user((char *) &sec, optval, len)) {
587 if (sec.level < BT_SECURITY_LOW ||
588 sec.level > BT_SECURITY_HIGH) {
593 chan->sec_level = sec.level;
597 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
602 if (get_user(opt, (u32 __user *) optval)) {
607 bt_sk(sk)->defer_setup = opt;
611 if (get_user(opt, (u32 __user *) optval)) {
616 if (opt > BT_FLUSHABLE_ON) {
621 if (opt == BT_FLUSHABLE_OFF) {
622 struct l2cap_conn *conn = chan->conn;
623 /* proceed further only when we have l2cap_conn and
624 No Flush support in the LM */
625 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
631 chan->flushable = opt;
635 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
636 chan->chan_type != L2CAP_CHAN_RAW) {
641 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
643 len = min_t(unsigned int, sizeof(pwr), optlen);
644 if (copy_from_user((char *) &pwr, optval, len)) {
648 chan->force_active = pwr.force_active;
660 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
662 struct sock *sk = sock->sk;
663 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
666 BT_DBG("sock %p, sk %p", sock, sk);
668 err = sock_error(sk);
672 if (msg->msg_flags & MSG_OOB)
677 if (sk->sk_state != BT_CONNECTED) {
682 err = l2cap_chan_send(chan, msg, len);
688 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
690 struct sock *sk = sock->sk;
694 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
695 sk->sk_state = BT_CONFIG;
697 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
704 if (sock->type == SOCK_STREAM)
705 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
707 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
710 /* Kill socket (only if zapped and orphan)
711 * Must be called on unlocked socket.
713 void l2cap_sock_kill(struct sock *sk)
715 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
718 BT_DBG("sk %p state %d", sk, sk->sk_state);
720 /* Kill poor orphan */
722 l2cap_chan_destroy(l2cap_pi(sk)->chan);
723 sock_set_flag(sk, SOCK_DEAD);
727 static int l2cap_sock_shutdown(struct socket *sock, int how)
729 struct sock *sk = sock->sk;
730 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
733 BT_DBG("sock %p, sk %p", sock, sk);
739 if (!sk->sk_shutdown) {
740 if (chan->mode == L2CAP_MODE_ERTM)
741 err = __l2cap_wait_ack(sk);
743 sk->sk_shutdown = SHUTDOWN_MASK;
744 l2cap_chan_close(chan, 0);
746 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
747 err = bt_sock_wait_state(sk, BT_CLOSED,
751 if (!err && sk->sk_err)
758 static int l2cap_sock_release(struct socket *sock)
760 struct sock *sk = sock->sk;
763 BT_DBG("sock %p, sk %p", sock, sk);
768 err = l2cap_sock_shutdown(sock, 2);
775 static void l2cap_sock_destruct(struct sock *sk)
779 skb_queue_purge(&sk->sk_receive_queue);
780 skb_queue_purge(&sk->sk_write_queue);
783 void l2cap_sock_init(struct sock *sk, struct sock *parent)
785 struct l2cap_pinfo *pi = l2cap_pi(sk);
786 struct l2cap_chan *chan = pi->chan;
791 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
793 sk->sk_type = parent->sk_type;
794 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
796 chan->chan_type = pchan->chan_type;
797 chan->imtu = pchan->imtu;
798 chan->omtu = pchan->omtu;
799 chan->conf_state = pchan->conf_state;
800 chan->mode = pchan->mode;
801 chan->fcs = pchan->fcs;
802 chan->max_tx = pchan->max_tx;
803 chan->tx_win = pchan->tx_win;
804 chan->sec_level = pchan->sec_level;
805 chan->role_switch = pchan->role_switch;
806 chan->force_reliable = pchan->force_reliable;
807 chan->flushable = pchan->flushable;
808 chan->force_active = pchan->force_active;
811 switch (sk->sk_type) {
813 chan->chan_type = L2CAP_CHAN_RAW;
816 chan->chan_type = L2CAP_CHAN_CONN_LESS;
820 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
824 chan->imtu = L2CAP_DEFAULT_MTU;
826 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
827 chan->mode = L2CAP_MODE_ERTM;
828 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
830 chan->mode = L2CAP_MODE_BASIC;
832 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
833 chan->fcs = L2CAP_FCS_CRC16;
834 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
835 chan->sec_level = BT_SECURITY_LOW;
836 chan->role_switch = 0;
837 chan->force_reliable = 0;
838 chan->flushable = BT_FLUSHABLE_OFF;
839 chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
842 /* Default config options */
843 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
846 static struct proto l2cap_proto = {
848 .owner = THIS_MODULE,
849 .obj_size = sizeof(struct l2cap_pinfo)
852 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
856 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
860 sock_init_data(sock, sk);
861 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
863 sk->sk_destruct = l2cap_sock_destruct;
864 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
866 sock_reset_flag(sk, SOCK_ZAPPED);
868 sk->sk_protocol = proto;
869 sk->sk_state = BT_OPEN;
874 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
878 struct l2cap_chan *chan;
880 BT_DBG("sock %p", sock);
882 sock->state = SS_UNCONNECTED;
884 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
885 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
886 return -ESOCKTNOSUPPORT;
888 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
891 sock->ops = &l2cap_sock_ops;
893 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
897 chan = l2cap_chan_create(sk);
903 l2cap_pi(sk)->chan = chan;
905 l2cap_sock_init(sk, NULL);
909 static const struct proto_ops l2cap_sock_ops = {
910 .family = PF_BLUETOOTH,
911 .owner = THIS_MODULE,
912 .release = l2cap_sock_release,
913 .bind = l2cap_sock_bind,
914 .connect = l2cap_sock_connect,
915 .listen = l2cap_sock_listen,
916 .accept = l2cap_sock_accept,
917 .getname = l2cap_sock_getname,
918 .sendmsg = l2cap_sock_sendmsg,
919 .recvmsg = l2cap_sock_recvmsg,
920 .poll = bt_sock_poll,
921 .ioctl = bt_sock_ioctl,
922 .mmap = sock_no_mmap,
923 .socketpair = sock_no_socketpair,
924 .shutdown = l2cap_sock_shutdown,
925 .setsockopt = l2cap_sock_setsockopt,
926 .getsockopt = l2cap_sock_getsockopt
929 static const struct net_proto_family l2cap_sock_family_ops = {
930 .family = PF_BLUETOOTH,
931 .owner = THIS_MODULE,
932 .create = l2cap_sock_create,
935 int __init l2cap_init_sockets(void)
939 err = proto_register(&l2cap_proto, 0);
943 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
947 BT_INFO("L2CAP socket layer initialized");
952 BT_ERR("L2CAP socket registration failed");
953 proto_unregister(&l2cap_proto);
957 void l2cap_cleanup_sockets(void)
959 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
960 BT_ERR("L2CAP socket unregistration failed");
962 proto_unregister(&l2cap_proto);