2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static void l2cap_sock_timeout(unsigned long arg)
35 struct sock *sk = (struct sock *) arg;
38 BT_DBG("sock %p state %d", sk, sk->sk_state);
42 if (sock_owned_by_user(sk)) {
43 /* sk is owned by user. Try again later */
44 l2cap_sock_set_timer(sk, HZ / 5);
50 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
51 reason = ECONNREFUSED;
52 else if (sk->sk_state == BT_CONNECT &&
53 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
54 reason = ECONNREFUSED;
58 __l2cap_sock_close(sk, reason);
66 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
69 struct hlist_node *node;
70 sk_for_each(sk, node, &l2cap_sk_list.head)
71 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
78 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
80 struct sock *sk = sock->sk;
81 struct sockaddr_l2 la;
86 if (!addr || addr->sa_family != AF_BLUETOOTH)
89 memset(&la, 0, sizeof(la));
90 len = min_t(unsigned int, sizeof(la), alen);
91 memcpy(&la, addr, len);
98 if (sk->sk_state != BT_OPEN) {
104 __u16 psm = __le16_to_cpu(la.l2_psm);
106 /* PSM must be odd and lsb of upper byte must be 0 */
107 if ((psm & 0x0101) != 0x0001) {
112 /* Restrict usage of well-known PSMs */
113 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
119 write_lock_bh(&l2cap_sk_list.lock);
121 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
124 /* Save source address */
125 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
126 l2cap_pi(sk)->psm = la.l2_psm;
127 l2cap_pi(sk)->sport = la.l2_psm;
128 sk->sk_state = BT_BOUND;
130 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
131 __le16_to_cpu(la.l2_psm) == 0x0003)
132 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
135 write_unlock_bh(&l2cap_sk_list.lock);
142 static int l2cap_sock_listen(struct socket *sock, int backlog)
144 struct sock *sk = sock->sk;
147 BT_DBG("sk %p backlog %d", sk, backlog);
151 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
152 || sk->sk_state != BT_BOUND) {
157 switch (l2cap_pi(sk)->mode) {
158 case L2CAP_MODE_BASIC:
160 case L2CAP_MODE_ERTM:
161 case L2CAP_MODE_STREAMING:
170 if (!l2cap_pi(sk)->psm) {
171 bdaddr_t *src = &bt_sk(sk)->src;
176 write_lock_bh(&l2cap_sk_list.lock);
178 for (psm = 0x1001; psm < 0x1100; psm += 2)
179 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
180 l2cap_pi(sk)->psm = cpu_to_le16(psm);
181 l2cap_pi(sk)->sport = cpu_to_le16(psm);
186 write_unlock_bh(&l2cap_sk_list.lock);
192 sk->sk_max_ack_backlog = backlog;
193 sk->sk_ack_backlog = 0;
194 sk->sk_state = BT_LISTEN;
201 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
203 DECLARE_WAITQUEUE(wait, current);
204 struct sock *sk = sock->sk, *nsk;
208 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
210 if (sk->sk_state != BT_LISTEN) {
215 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
217 BT_DBG("sk %p timeo %ld", sk, timeo);
219 /* Wait for an incoming connection. (wake-one). */
220 add_wait_queue_exclusive(sk_sleep(sk), &wait);
221 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
222 set_current_state(TASK_INTERRUPTIBLE);
229 timeo = schedule_timeout(timeo);
230 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
232 if (sk->sk_state != BT_LISTEN) {
237 if (signal_pending(current)) {
238 err = sock_intr_errno(timeo);
242 set_current_state(TASK_RUNNING);
243 remove_wait_queue(sk_sleep(sk), &wait);
248 newsock->state = SS_CONNECTED;
250 BT_DBG("new socket %p", nsk);
257 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
259 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
260 struct sock *sk = sock->sk;
262 BT_DBG("sock %p, sk %p", sock, sk);
264 addr->sa_family = AF_BLUETOOTH;
265 *len = sizeof(struct sockaddr_l2);
268 la->l2_psm = l2cap_pi(sk)->psm;
269 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
270 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
272 la->l2_psm = l2cap_pi(sk)->sport;
273 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
274 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
280 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
282 struct sock *sk = sock->sk;
283 struct l2cap_options opts;
293 if (sk->sk_state == BT_CONNECTED) {
298 opts.imtu = l2cap_pi(sk)->imtu;
299 opts.omtu = l2cap_pi(sk)->omtu;
300 opts.flush_to = l2cap_pi(sk)->flush_to;
301 opts.mode = l2cap_pi(sk)->mode;
302 opts.fcs = l2cap_pi(sk)->fcs;
303 opts.max_tx = l2cap_pi(sk)->max_tx;
304 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
306 len = min_t(unsigned int, sizeof(opts), optlen);
307 if (copy_from_user((char *) &opts, optval, len)) {
312 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
317 l2cap_pi(sk)->mode = opts.mode;
318 switch (l2cap_pi(sk)->mode) {
319 case L2CAP_MODE_BASIC:
320 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
322 case L2CAP_MODE_ERTM:
323 case L2CAP_MODE_STREAMING:
332 l2cap_pi(sk)->imtu = opts.imtu;
333 l2cap_pi(sk)->omtu = opts.omtu;
334 l2cap_pi(sk)->fcs = opts.fcs;
335 l2cap_pi(sk)->max_tx = opts.max_tx;
336 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
340 if (get_user(opt, (u32 __user *) optval)) {
345 if (opt & L2CAP_LM_AUTH)
346 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
347 if (opt & L2CAP_LM_ENCRYPT)
348 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
349 if (opt & L2CAP_LM_SECURE)
350 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
352 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
353 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
365 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
367 struct sock *sk = sock->sk;
368 struct bt_security sec;
374 if (level == SOL_L2CAP)
375 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
377 if (level != SOL_BLUETOOTH)
384 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
385 && sk->sk_type != SOCK_RAW) {
390 sec.level = BT_SECURITY_LOW;
392 len = min_t(unsigned int, sizeof(sec), optlen);
393 if (copy_from_user((char *) &sec, optval, len)) {
398 if (sec.level < BT_SECURITY_LOW ||
399 sec.level > BT_SECURITY_HIGH) {
404 l2cap_pi(sk)->sec_level = sec.level;
408 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
413 if (get_user(opt, (u32 __user *) optval)) {
418 bt_sk(sk)->defer_setup = opt;
422 if (get_user(opt, (u32 __user *) optval)) {
427 if (opt > BT_FLUSHABLE_ON) {
432 if (opt == BT_FLUSHABLE_OFF) {
433 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
434 /* proceed futher only when we have l2cap_conn and
435 No Flush support in the LM */
436 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
442 l2cap_pi(sk)->flushable = opt;
454 static int l2cap_sock_release(struct socket *sock)
456 struct sock *sk = sock->sk;
459 BT_DBG("sock %p, sk %p", sock, sk);
464 err = l2cap_sock_shutdown(sock, 2);
471 static void l2cap_sock_destruct(struct sock *sk)
475 skb_queue_purge(&sk->sk_receive_queue);
476 skb_queue_purge(&sk->sk_write_queue);
479 void l2cap_sock_init(struct sock *sk, struct sock *parent)
481 struct l2cap_pinfo *pi = l2cap_pi(sk);
486 sk->sk_type = parent->sk_type;
487 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
489 pi->imtu = l2cap_pi(parent)->imtu;
490 pi->omtu = l2cap_pi(parent)->omtu;
491 pi->conf_state = l2cap_pi(parent)->conf_state;
492 pi->mode = l2cap_pi(parent)->mode;
493 pi->fcs = l2cap_pi(parent)->fcs;
494 pi->max_tx = l2cap_pi(parent)->max_tx;
495 pi->tx_win = l2cap_pi(parent)->tx_win;
496 pi->sec_level = l2cap_pi(parent)->sec_level;
497 pi->role_switch = l2cap_pi(parent)->role_switch;
498 pi->force_reliable = l2cap_pi(parent)->force_reliable;
499 pi->flushable = l2cap_pi(parent)->flushable;
501 pi->imtu = L2CAP_DEFAULT_MTU;
503 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
504 pi->mode = L2CAP_MODE_ERTM;
505 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
507 pi->mode = L2CAP_MODE_BASIC;
509 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
510 pi->fcs = L2CAP_FCS_CRC16;
511 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
512 pi->sec_level = BT_SECURITY_LOW;
514 pi->force_reliable = 0;
515 pi->flushable = BT_FLUSHABLE_OFF;
518 /* Default config options */
520 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
521 skb_queue_head_init(TX_QUEUE(sk));
522 skb_queue_head_init(SREJ_QUEUE(sk));
523 skb_queue_head_init(BUSY_QUEUE(sk));
524 INIT_LIST_HEAD(SREJ_LIST(sk));
527 static struct proto l2cap_proto = {
529 .owner = THIS_MODULE,
530 .obj_size = sizeof(struct l2cap_pinfo)
533 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
537 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
541 sock_init_data(sock, sk);
542 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
544 sk->sk_destruct = l2cap_sock_destruct;
545 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
547 sock_reset_flag(sk, SOCK_ZAPPED);
549 sk->sk_protocol = proto;
550 sk->sk_state = BT_OPEN;
552 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
554 bt_sock_link(&l2cap_sk_list, sk);
558 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
563 BT_DBG("sock %p", sock);
565 sock->state = SS_UNCONNECTED;
567 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
568 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
569 return -ESOCKTNOSUPPORT;
571 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
574 sock->ops = &l2cap_sock_ops;
576 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
580 l2cap_sock_init(sk, NULL);
584 const struct proto_ops l2cap_sock_ops = {
585 .family = PF_BLUETOOTH,
586 .owner = THIS_MODULE,
587 .release = l2cap_sock_release,
588 .bind = l2cap_sock_bind,
589 .connect = l2cap_sock_connect,
590 .listen = l2cap_sock_listen,
591 .accept = l2cap_sock_accept,
592 .getname = l2cap_sock_getname,
593 .sendmsg = l2cap_sock_sendmsg,
594 .recvmsg = l2cap_sock_recvmsg,
595 .poll = bt_sock_poll,
596 .ioctl = bt_sock_ioctl,
597 .mmap = sock_no_mmap,
598 .socketpair = sock_no_socketpair,
599 .shutdown = l2cap_sock_shutdown,
600 .setsockopt = l2cap_sock_setsockopt,
601 .getsockopt = l2cap_sock_getsockopt
604 static const struct net_proto_family l2cap_sock_family_ops = {
605 .family = PF_BLUETOOTH,
606 .owner = THIS_MODULE,
607 .create = l2cap_sock_create,
610 int __init l2cap_init_sockets(void)
614 err = proto_register(&l2cap_proto, 0);
618 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
622 BT_INFO("L2CAP socket layer initialized");
627 BT_ERR("L2CAP socket registration failed");
628 proto_unregister(&l2cap_proto);
632 void l2cap_cleanup_sockets(void)
634 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
635 BT_ERR("L2CAP socket unregistration failed");
637 proto_unregister(&l2cap_proto);