2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static const struct proto_ops l2cap_sock_ops;
34 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
35 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
37 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
39 struct sock *sk = sock->sk;
40 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
41 struct sockaddr_l2 la;
46 if (!addr || addr->sa_family != AF_BLUETOOTH)
49 memset(&la, 0, sizeof(la));
50 len = min_t(unsigned int, sizeof(la), alen);
51 memcpy(&la, addr, len);
53 if (la.l2_cid && la.l2_psm)
58 if (sk->sk_state != BT_OPEN) {
64 __u16 psm = __le16_to_cpu(la.l2_psm);
66 /* PSM must be odd and lsb of upper byte must be 0 */
67 if ((psm & 0x0101) != 0x0001) {
72 /* Restrict usage of well-known PSMs */
73 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
80 err = l2cap_add_scid(chan, la.l2_cid);
82 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
87 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
88 __le16_to_cpu(la.l2_psm) == 0x0003)
89 chan->sec_level = BT_SECURITY_SDP;
91 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
92 sk->sk_state = BT_BOUND;
99 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
101 struct sock *sk = sock->sk;
102 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
103 struct sockaddr_l2 la;
108 if (!addr || alen < sizeof(addr->sa_family) ||
109 addr->sa_family != AF_BLUETOOTH)
112 memset(&la, 0, sizeof(la));
113 len = min_t(unsigned int, sizeof(la), alen);
114 memcpy(&la, addr, len);
116 if (la.l2_cid && la.l2_psm)
121 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
122 && !(la.l2_psm || la.l2_cid)) {
127 switch (chan->mode) {
128 case L2CAP_MODE_BASIC:
130 case L2CAP_MODE_ERTM:
131 case L2CAP_MODE_STREAMING:
140 switch (sk->sk_state) {
144 /* Already connecting */
148 /* Already connected */
162 /* PSM must be odd and lsb of upper byte must be 0 */
163 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
164 chan->chan_type != L2CAP_CHAN_RAW) {
169 /* Set destination address and psm */
170 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
171 chan->psm = la.l2_psm;
172 chan->dcid = la.l2_cid;
174 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
179 err = bt_sock_wait_state(sk, BT_CONNECTED,
180 sock_sndtimeo(sk, flags & O_NONBLOCK));
186 static int l2cap_sock_listen(struct socket *sock, int backlog)
188 struct sock *sk = sock->sk;
189 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
192 BT_DBG("sk %p backlog %d", sk, backlog);
196 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
197 || sk->sk_state != BT_BOUND) {
202 switch (chan->mode) {
203 case L2CAP_MODE_BASIC:
205 case L2CAP_MODE_ERTM:
206 case L2CAP_MODE_STREAMING:
215 sk->sk_max_ack_backlog = backlog;
216 sk->sk_ack_backlog = 0;
217 sk->sk_state = BT_LISTEN;
224 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
226 DECLARE_WAITQUEUE(wait, current);
227 struct sock *sk = sock->sk, *nsk;
231 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
233 if (sk->sk_state != BT_LISTEN) {
238 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
240 BT_DBG("sk %p timeo %ld", sk, timeo);
242 /* Wait for an incoming connection. (wake-one). */
243 add_wait_queue_exclusive(sk_sleep(sk), &wait);
244 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
245 set_current_state(TASK_INTERRUPTIBLE);
252 timeo = schedule_timeout(timeo);
253 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
255 if (sk->sk_state != BT_LISTEN) {
260 if (signal_pending(current)) {
261 err = sock_intr_errno(timeo);
265 set_current_state(TASK_RUNNING);
266 remove_wait_queue(sk_sleep(sk), &wait);
271 newsock->state = SS_CONNECTED;
273 BT_DBG("new socket %p", nsk);
280 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
282 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
283 struct sock *sk = sock->sk;
284 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
286 BT_DBG("sock %p, sk %p", sock, sk);
288 addr->sa_family = AF_BLUETOOTH;
289 *len = sizeof(struct sockaddr_l2);
292 la->l2_psm = chan->psm;
293 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
294 la->l2_cid = cpu_to_le16(chan->dcid);
296 la->l2_psm = chan->sport;
297 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
298 la->l2_cid = cpu_to_le16(chan->scid);
304 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
306 struct sock *sk = sock->sk;
307 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
308 struct l2cap_options opts;
309 struct l2cap_conninfo cinfo;
315 if (get_user(len, optlen))
322 memset(&opts, 0, sizeof(opts));
323 opts.imtu = chan->imtu;
324 opts.omtu = chan->omtu;
325 opts.flush_to = chan->flush_to;
326 opts.mode = chan->mode;
327 opts.fcs = chan->fcs;
328 opts.max_tx = chan->max_tx;
329 opts.txwin_size = (__u16)chan->tx_win;
331 len = min_t(unsigned int, len, sizeof(opts));
332 if (copy_to_user(optval, (char *) &opts, len))
338 switch (chan->sec_level) {
339 case BT_SECURITY_LOW:
342 case BT_SECURITY_MEDIUM:
343 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
345 case BT_SECURITY_HIGH:
346 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
354 if (chan->role_switch)
355 opt |= L2CAP_LM_MASTER;
357 if (chan->force_reliable)
358 opt |= L2CAP_LM_RELIABLE;
360 if (put_user(opt, (u32 __user *) optval))
365 if (sk->sk_state != BT_CONNECTED &&
366 !(sk->sk_state == BT_CONNECT2 &&
367 bt_sk(sk)->defer_setup)) {
372 memset(&cinfo, 0, sizeof(cinfo));
373 cinfo.hci_handle = chan->conn->hcon->handle;
374 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
376 len = min_t(unsigned int, len, sizeof(cinfo));
377 if (copy_to_user(optval, (char *) &cinfo, len))
391 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
393 struct sock *sk = sock->sk;
394 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
395 struct bt_security sec;
401 if (level == SOL_L2CAP)
402 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
404 if (level != SOL_BLUETOOTH)
407 if (get_user(len, optlen))
414 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
415 chan->chan_type != L2CAP_CHAN_RAW) {
420 sec.level = chan->sec_level;
422 len = min_t(unsigned int, len, sizeof(sec));
423 if (copy_to_user(optval, (char *) &sec, len))
429 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
434 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
440 if (put_user(chan->flushable, (u32 __user *) optval))
446 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
447 && sk->sk_type != SOCK_RAW) {
452 pwr.force_active = chan->force_active;
454 len = min_t(unsigned int, len, sizeof(pwr));
455 if (copy_to_user(optval, (char *) &pwr, len))
469 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
471 struct sock *sk = sock->sk;
472 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
473 struct l2cap_options opts;
483 if (sk->sk_state == BT_CONNECTED) {
488 opts.imtu = chan->imtu;
489 opts.omtu = chan->omtu;
490 opts.flush_to = chan->flush_to;
491 opts.mode = chan->mode;
492 opts.fcs = chan->fcs;
493 opts.max_tx = chan->max_tx;
494 opts.txwin_size = (__u16)chan->tx_win;
496 len = min_t(unsigned int, sizeof(opts), optlen);
497 if (copy_from_user((char *) &opts, optval, len)) {
502 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
507 chan->mode = opts.mode;
508 switch (chan->mode) {
509 case L2CAP_MODE_BASIC:
510 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
512 case L2CAP_MODE_ERTM:
513 case L2CAP_MODE_STREAMING:
522 chan->imtu = opts.imtu;
523 chan->omtu = opts.omtu;
524 chan->fcs = opts.fcs;
525 chan->max_tx = opts.max_tx;
526 chan->tx_win = (__u8)opts.txwin_size;
530 if (get_user(opt, (u32 __user *) optval)) {
535 if (opt & L2CAP_LM_AUTH)
536 chan->sec_level = BT_SECURITY_LOW;
537 if (opt & L2CAP_LM_ENCRYPT)
538 chan->sec_level = BT_SECURITY_MEDIUM;
539 if (opt & L2CAP_LM_SECURE)
540 chan->sec_level = BT_SECURITY_HIGH;
542 chan->role_switch = (opt & L2CAP_LM_MASTER);
543 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
555 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
557 struct sock *sk = sock->sk;
558 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
559 struct bt_security sec;
566 if (level == SOL_L2CAP)
567 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
569 if (level != SOL_BLUETOOTH)
576 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
577 chan->chan_type != L2CAP_CHAN_RAW) {
582 sec.level = BT_SECURITY_LOW;
584 len = min_t(unsigned int, sizeof(sec), optlen);
585 if (copy_from_user((char *) &sec, optval, len)) {
590 if (sec.level < BT_SECURITY_LOW ||
591 sec.level > BT_SECURITY_HIGH) {
596 chan->sec_level = sec.level;
600 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
605 if (get_user(opt, (u32 __user *) optval)) {
610 bt_sk(sk)->defer_setup = opt;
614 if (get_user(opt, (u32 __user *) optval)) {
619 if (opt > BT_FLUSHABLE_ON) {
624 if (opt == BT_FLUSHABLE_OFF) {
625 struct l2cap_conn *conn = chan->conn;
626 /* proceed further only when we have l2cap_conn and
627 No Flush support in the LM */
628 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
634 chan->flushable = opt;
638 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
639 chan->chan_type != L2CAP_CHAN_RAW) {
644 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
646 len = min_t(unsigned int, sizeof(pwr), optlen);
647 if (copy_from_user((char *) &pwr, optval, len)) {
651 chan->force_active = pwr.force_active;
663 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
665 struct sock *sk = sock->sk;
666 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
669 BT_DBG("sock %p, sk %p", sock, sk);
671 err = sock_error(sk);
675 if (msg->msg_flags & MSG_OOB)
680 if (sk->sk_state != BT_CONNECTED) {
685 err = l2cap_chan_send(chan, msg, len);
691 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
693 struct sock *sk = sock->sk;
697 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
698 sk->sk_state = BT_CONFIG;
700 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
707 if (sock->type == SOCK_STREAM)
708 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
710 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
713 /* Kill socket (only if zapped and orphan)
714 * Must be called on unlocked socket.
716 void l2cap_sock_kill(struct sock *sk)
718 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
721 BT_DBG("sk %p state %d", sk, sk->sk_state);
723 /* Kill poor orphan */
725 l2cap_chan_destroy(l2cap_pi(sk)->chan);
726 sock_set_flag(sk, SOCK_DEAD);
730 static int l2cap_sock_shutdown(struct socket *sock, int how)
732 struct sock *sk = sock->sk;
733 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
736 BT_DBG("sock %p, sk %p", sock, sk);
742 if (!sk->sk_shutdown) {
743 if (chan->mode == L2CAP_MODE_ERTM)
744 err = __l2cap_wait_ack(sk);
746 sk->sk_shutdown = SHUTDOWN_MASK;
747 l2cap_chan_close(chan, 0);
749 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
750 err = bt_sock_wait_state(sk, BT_CLOSED,
754 if (!err && sk->sk_err)
761 static int l2cap_sock_release(struct socket *sock)
763 struct sock *sk = sock->sk;
766 BT_DBG("sock %p, sk %p", sock, sk);
771 err = l2cap_sock_shutdown(sock, 2);
778 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
780 struct sock *sk, *parent = data;
782 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
787 l2cap_sock_init(sk, parent);
789 return l2cap_pi(sk)->chan;
792 static struct l2cap_ops l2cap_chan_ops = {
793 .name = "L2CAP Socket Interface",
794 .new_connection = l2cap_sock_new_connection_cb,
797 static void l2cap_sock_destruct(struct sock *sk)
801 skb_queue_purge(&sk->sk_receive_queue);
802 skb_queue_purge(&sk->sk_write_queue);
805 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
807 struct l2cap_pinfo *pi = l2cap_pi(sk);
808 struct l2cap_chan *chan = pi->chan;
813 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
815 sk->sk_type = parent->sk_type;
816 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
818 chan->chan_type = pchan->chan_type;
819 chan->imtu = pchan->imtu;
820 chan->omtu = pchan->omtu;
821 chan->conf_state = pchan->conf_state;
822 chan->mode = pchan->mode;
823 chan->fcs = pchan->fcs;
824 chan->max_tx = pchan->max_tx;
825 chan->tx_win = pchan->tx_win;
826 chan->sec_level = pchan->sec_level;
827 chan->role_switch = pchan->role_switch;
828 chan->force_reliable = pchan->force_reliable;
829 chan->flushable = pchan->flushable;
830 chan->force_active = pchan->force_active;
833 switch (sk->sk_type) {
835 chan->chan_type = L2CAP_CHAN_RAW;
838 chan->chan_type = L2CAP_CHAN_CONN_LESS;
842 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
846 chan->imtu = L2CAP_DEFAULT_MTU;
848 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
849 chan->mode = L2CAP_MODE_ERTM;
850 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
852 chan->mode = L2CAP_MODE_BASIC;
854 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
855 chan->fcs = L2CAP_FCS_CRC16;
856 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
857 chan->sec_level = BT_SECURITY_LOW;
858 chan->role_switch = 0;
859 chan->force_reliable = 0;
860 chan->flushable = BT_FLUSHABLE_OFF;
861 chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
865 /* Default config options */
866 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
869 chan->ops = &l2cap_chan_ops;
872 static struct proto l2cap_proto = {
874 .owner = THIS_MODULE,
875 .obj_size = sizeof(struct l2cap_pinfo)
878 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
881 struct l2cap_chan *chan;
883 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
887 sock_init_data(sock, sk);
888 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
890 sk->sk_destruct = l2cap_sock_destruct;
891 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
893 sock_reset_flag(sk, SOCK_ZAPPED);
895 sk->sk_protocol = proto;
896 sk->sk_state = BT_OPEN;
898 chan = l2cap_chan_create(sk);
904 l2cap_pi(sk)->chan = chan;
909 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
914 BT_DBG("sock %p", sock);
916 sock->state = SS_UNCONNECTED;
918 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
919 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
920 return -ESOCKTNOSUPPORT;
922 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
925 sock->ops = &l2cap_sock_ops;
927 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
931 l2cap_sock_init(sk, NULL);
935 static const struct proto_ops l2cap_sock_ops = {
936 .family = PF_BLUETOOTH,
937 .owner = THIS_MODULE,
938 .release = l2cap_sock_release,
939 .bind = l2cap_sock_bind,
940 .connect = l2cap_sock_connect,
941 .listen = l2cap_sock_listen,
942 .accept = l2cap_sock_accept,
943 .getname = l2cap_sock_getname,
944 .sendmsg = l2cap_sock_sendmsg,
945 .recvmsg = l2cap_sock_recvmsg,
946 .poll = bt_sock_poll,
947 .ioctl = bt_sock_ioctl,
948 .mmap = sock_no_mmap,
949 .socketpair = sock_no_socketpair,
950 .shutdown = l2cap_sock_shutdown,
951 .setsockopt = l2cap_sock_setsockopt,
952 .getsockopt = l2cap_sock_getsockopt
955 static const struct net_proto_family l2cap_sock_family_ops = {
956 .family = PF_BLUETOOTH,
957 .owner = THIS_MODULE,
958 .create = l2cap_sock_create,
961 int __init l2cap_init_sockets(void)
965 err = proto_register(&l2cap_proto, 0);
969 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
973 BT_INFO("L2CAP socket layer initialized");
978 BT_ERR("L2CAP socket registration failed");
979 proto_unregister(&l2cap_proto);
983 void l2cap_cleanup_sockets(void)
985 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
986 BT_ERR("L2CAP socket unregistration failed");
988 proto_unregister(&l2cap_proto);