2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static const struct proto_ops l2cap_sock_ops;
34 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
35 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
37 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
39 struct sock *sk = sock->sk;
40 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
41 struct sockaddr_l2 la;
46 if (!addr || addr->sa_family != AF_BLUETOOTH)
49 memset(&la, 0, sizeof(la));
50 len = min_t(unsigned int, sizeof(la), alen);
51 memcpy(&la, addr, len);
53 if (la.l2_cid && la.l2_psm)
58 if (sk->sk_state != BT_OPEN) {
64 __u16 psm = __le16_to_cpu(la.l2_psm);
66 /* PSM must be odd and lsb of upper byte must be 0 */
67 if ((psm & 0x0101) != 0x0001) {
72 /* Restrict usage of well-known PSMs */
73 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
80 err = l2cap_add_scid(chan, la.l2_cid);
82 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
87 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
88 __le16_to_cpu(la.l2_psm) == 0x0003)
89 chan->sec_level = BT_SECURITY_SDP;
91 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
93 chan->state = BT_BOUND;
94 sk->sk_state = BT_BOUND;
101 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
103 struct sock *sk = sock->sk;
104 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
105 struct sockaddr_l2 la;
110 if (!addr || alen < sizeof(addr->sa_family) ||
111 addr->sa_family != AF_BLUETOOTH)
114 memset(&la, 0, sizeof(la));
115 len = min_t(unsigned int, sizeof(la), alen);
116 memcpy(&la, addr, len);
118 if (la.l2_cid && la.l2_psm)
123 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
124 && !(la.l2_psm || la.l2_cid)) {
129 switch (chan->mode) {
130 case L2CAP_MODE_BASIC:
132 case L2CAP_MODE_ERTM:
133 case L2CAP_MODE_STREAMING:
142 switch (sk->sk_state) {
146 /* Already connecting */
150 /* Already connected */
164 /* PSM must be odd and lsb of upper byte must be 0 */
165 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
166 chan->chan_type != L2CAP_CHAN_RAW) {
171 /* Set destination address and psm */
172 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
173 chan->psm = la.l2_psm;
174 chan->dcid = la.l2_cid;
176 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
181 err = bt_sock_wait_state(sk, BT_CONNECTED,
182 sock_sndtimeo(sk, flags & O_NONBLOCK));
188 static int l2cap_sock_listen(struct socket *sock, int backlog)
190 struct sock *sk = sock->sk;
191 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
194 BT_DBG("sk %p backlog %d", sk, backlog);
198 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
199 || sk->sk_state != BT_BOUND) {
204 switch (chan->mode) {
205 case L2CAP_MODE_BASIC:
207 case L2CAP_MODE_ERTM:
208 case L2CAP_MODE_STREAMING:
217 sk->sk_max_ack_backlog = backlog;
218 sk->sk_ack_backlog = 0;
220 chan->state = BT_LISTEN;
221 sk->sk_state = BT_LISTEN;
228 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
230 DECLARE_WAITQUEUE(wait, current);
231 struct sock *sk = sock->sk, *nsk;
235 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
237 if (sk->sk_state != BT_LISTEN) {
242 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
244 BT_DBG("sk %p timeo %ld", sk, timeo);
246 /* Wait for an incoming connection. (wake-one). */
247 add_wait_queue_exclusive(sk_sleep(sk), &wait);
248 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
249 set_current_state(TASK_INTERRUPTIBLE);
256 timeo = schedule_timeout(timeo);
257 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
259 if (sk->sk_state != BT_LISTEN) {
264 if (signal_pending(current)) {
265 err = sock_intr_errno(timeo);
269 set_current_state(TASK_RUNNING);
270 remove_wait_queue(sk_sleep(sk), &wait);
275 newsock->state = SS_CONNECTED;
277 BT_DBG("new socket %p", nsk);
284 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
286 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
287 struct sock *sk = sock->sk;
288 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
290 BT_DBG("sock %p, sk %p", sock, sk);
292 addr->sa_family = AF_BLUETOOTH;
293 *len = sizeof(struct sockaddr_l2);
296 la->l2_psm = chan->psm;
297 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
298 la->l2_cid = cpu_to_le16(chan->dcid);
300 la->l2_psm = chan->sport;
301 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
302 la->l2_cid = cpu_to_le16(chan->scid);
308 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
310 struct sock *sk = sock->sk;
311 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
312 struct l2cap_options opts;
313 struct l2cap_conninfo cinfo;
319 if (get_user(len, optlen))
326 memset(&opts, 0, sizeof(opts));
327 opts.imtu = chan->imtu;
328 opts.omtu = chan->omtu;
329 opts.flush_to = chan->flush_to;
330 opts.mode = chan->mode;
331 opts.fcs = chan->fcs;
332 opts.max_tx = chan->max_tx;
333 opts.txwin_size = (__u16)chan->tx_win;
335 len = min_t(unsigned int, len, sizeof(opts));
336 if (copy_to_user(optval, (char *) &opts, len))
342 switch (chan->sec_level) {
343 case BT_SECURITY_LOW:
346 case BT_SECURITY_MEDIUM:
347 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
349 case BT_SECURITY_HIGH:
350 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
358 if (chan->role_switch)
359 opt |= L2CAP_LM_MASTER;
361 if (chan->force_reliable)
362 opt |= L2CAP_LM_RELIABLE;
364 if (put_user(opt, (u32 __user *) optval))
369 if (sk->sk_state != BT_CONNECTED &&
370 !(sk->sk_state == BT_CONNECT2 &&
371 bt_sk(sk)->defer_setup)) {
376 memset(&cinfo, 0, sizeof(cinfo));
377 cinfo.hci_handle = chan->conn->hcon->handle;
378 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
380 len = min_t(unsigned int, len, sizeof(cinfo));
381 if (copy_to_user(optval, (char *) &cinfo, len))
395 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
397 struct sock *sk = sock->sk;
398 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
399 struct bt_security sec;
405 if (level == SOL_L2CAP)
406 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
408 if (level != SOL_BLUETOOTH)
411 if (get_user(len, optlen))
418 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
419 chan->chan_type != L2CAP_CHAN_RAW) {
424 sec.level = chan->sec_level;
426 len = min_t(unsigned int, len, sizeof(sec));
427 if (copy_to_user(optval, (char *) &sec, len))
433 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
438 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
444 if (put_user(chan->flushable, (u32 __user *) optval))
450 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
451 && sk->sk_type != SOCK_RAW) {
456 pwr.force_active = chan->force_active;
458 len = min_t(unsigned int, len, sizeof(pwr));
459 if (copy_to_user(optval, (char *) &pwr, len))
473 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
475 struct sock *sk = sock->sk;
476 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
477 struct l2cap_options opts;
487 if (sk->sk_state == BT_CONNECTED) {
492 opts.imtu = chan->imtu;
493 opts.omtu = chan->omtu;
494 opts.flush_to = chan->flush_to;
495 opts.mode = chan->mode;
496 opts.fcs = chan->fcs;
497 opts.max_tx = chan->max_tx;
498 opts.txwin_size = (__u16)chan->tx_win;
500 len = min_t(unsigned int, sizeof(opts), optlen);
501 if (copy_from_user((char *) &opts, optval, len)) {
506 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
511 chan->mode = opts.mode;
512 switch (chan->mode) {
513 case L2CAP_MODE_BASIC:
514 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
516 case L2CAP_MODE_ERTM:
517 case L2CAP_MODE_STREAMING:
526 chan->imtu = opts.imtu;
527 chan->omtu = opts.omtu;
528 chan->fcs = opts.fcs;
529 chan->max_tx = opts.max_tx;
530 chan->tx_win = (__u8)opts.txwin_size;
534 if (get_user(opt, (u32 __user *) optval)) {
539 if (opt & L2CAP_LM_AUTH)
540 chan->sec_level = BT_SECURITY_LOW;
541 if (opt & L2CAP_LM_ENCRYPT)
542 chan->sec_level = BT_SECURITY_MEDIUM;
543 if (opt & L2CAP_LM_SECURE)
544 chan->sec_level = BT_SECURITY_HIGH;
546 chan->role_switch = (opt & L2CAP_LM_MASTER);
547 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
559 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
561 struct sock *sk = sock->sk;
562 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
563 struct bt_security sec;
570 if (level == SOL_L2CAP)
571 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
573 if (level != SOL_BLUETOOTH)
580 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
581 chan->chan_type != L2CAP_CHAN_RAW) {
586 sec.level = BT_SECURITY_LOW;
588 len = min_t(unsigned int, sizeof(sec), optlen);
589 if (copy_from_user((char *) &sec, optval, len)) {
594 if (sec.level < BT_SECURITY_LOW ||
595 sec.level > BT_SECURITY_HIGH) {
600 chan->sec_level = sec.level;
604 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
609 if (get_user(opt, (u32 __user *) optval)) {
614 bt_sk(sk)->defer_setup = opt;
618 if (get_user(opt, (u32 __user *) optval)) {
623 if (opt > BT_FLUSHABLE_ON) {
628 if (opt == BT_FLUSHABLE_OFF) {
629 struct l2cap_conn *conn = chan->conn;
630 /* proceed further only when we have l2cap_conn and
631 No Flush support in the LM */
632 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
638 chan->flushable = opt;
642 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
643 chan->chan_type != L2CAP_CHAN_RAW) {
648 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
650 len = min_t(unsigned int, sizeof(pwr), optlen);
651 if (copy_from_user((char *) &pwr, optval, len)) {
655 chan->force_active = pwr.force_active;
667 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
669 struct sock *sk = sock->sk;
670 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
673 BT_DBG("sock %p, sk %p", sock, sk);
675 err = sock_error(sk);
679 if (msg->msg_flags & MSG_OOB)
684 if (sk->sk_state != BT_CONNECTED) {
689 err = l2cap_chan_send(chan, msg, len);
695 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
697 struct sock *sk = sock->sk;
701 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
702 sk->sk_state = BT_CONFIG;
704 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
711 if (sock->type == SOCK_STREAM)
712 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
714 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
717 /* Kill socket (only if zapped and orphan)
718 * Must be called on unlocked socket.
720 static void l2cap_sock_kill(struct sock *sk)
722 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
725 BT_DBG("sk %p state %d", sk, sk->sk_state);
727 /* Kill poor orphan */
729 l2cap_chan_destroy(l2cap_pi(sk)->chan);
730 sock_set_flag(sk, SOCK_DEAD);
734 static int l2cap_sock_shutdown(struct socket *sock, int how)
736 struct sock *sk = sock->sk;
737 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
740 BT_DBG("sock %p, sk %p", sock, sk);
746 if (!sk->sk_shutdown) {
747 if (chan->mode == L2CAP_MODE_ERTM)
748 err = __l2cap_wait_ack(sk);
750 sk->sk_shutdown = SHUTDOWN_MASK;
751 l2cap_chan_close(chan, 0);
753 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
754 err = bt_sock_wait_state(sk, BT_CLOSED,
758 if (!err && sk->sk_err)
765 static int l2cap_sock_release(struct socket *sock)
767 struct sock *sk = sock->sk;
770 BT_DBG("sock %p, sk %p", sock, sk);
775 err = l2cap_sock_shutdown(sock, 2);
782 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
784 struct sock *sk, *parent = data;
786 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
791 l2cap_sock_init(sk, parent);
793 return l2cap_pi(sk)->chan;
796 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
798 struct sock *sk = data;
800 return sock_queue_rcv_skb(sk, skb);
803 static void l2cap_sock_close_cb(void *data)
805 struct sock *sk = data;
810 static void l2cap_sock_state_change_cb(void *data, int state)
812 struct sock *sk = data;
814 sk->sk_state = state;
817 static struct l2cap_ops l2cap_chan_ops = {
818 .name = "L2CAP Socket Interface",
819 .new_connection = l2cap_sock_new_connection_cb,
820 .recv = l2cap_sock_recv_cb,
821 .close = l2cap_sock_close_cb,
822 .state_change = l2cap_sock_state_change_cb,
825 static void l2cap_sock_destruct(struct sock *sk)
829 skb_queue_purge(&sk->sk_receive_queue);
830 skb_queue_purge(&sk->sk_write_queue);
833 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
835 struct l2cap_pinfo *pi = l2cap_pi(sk);
836 struct l2cap_chan *chan = pi->chan;
841 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
843 sk->sk_type = parent->sk_type;
844 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
846 chan->chan_type = pchan->chan_type;
847 chan->imtu = pchan->imtu;
848 chan->omtu = pchan->omtu;
849 chan->conf_state = pchan->conf_state;
850 chan->mode = pchan->mode;
851 chan->fcs = pchan->fcs;
852 chan->max_tx = pchan->max_tx;
853 chan->tx_win = pchan->tx_win;
854 chan->sec_level = pchan->sec_level;
855 chan->role_switch = pchan->role_switch;
856 chan->force_reliable = pchan->force_reliable;
857 chan->flushable = pchan->flushable;
858 chan->force_active = pchan->force_active;
861 switch (sk->sk_type) {
863 chan->chan_type = L2CAP_CHAN_RAW;
866 chan->chan_type = L2CAP_CHAN_CONN_LESS;
870 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
874 chan->imtu = L2CAP_DEFAULT_MTU;
876 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
877 chan->mode = L2CAP_MODE_ERTM;
878 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
880 chan->mode = L2CAP_MODE_BASIC;
882 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
883 chan->fcs = L2CAP_FCS_CRC16;
884 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
885 chan->sec_level = BT_SECURITY_LOW;
886 chan->role_switch = 0;
887 chan->force_reliable = 0;
888 chan->flushable = BT_FLUSHABLE_OFF;
889 chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
893 /* Default config options */
894 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
897 chan->ops = &l2cap_chan_ops;
900 static struct proto l2cap_proto = {
902 .owner = THIS_MODULE,
903 .obj_size = sizeof(struct l2cap_pinfo)
906 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
909 struct l2cap_chan *chan;
911 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
915 sock_init_data(sock, sk);
916 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
918 sk->sk_destruct = l2cap_sock_destruct;
919 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
921 sock_reset_flag(sk, SOCK_ZAPPED);
923 sk->sk_protocol = proto;
924 sk->sk_state = BT_OPEN;
926 chan = l2cap_chan_create(sk);
932 l2cap_pi(sk)->chan = chan;
937 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
942 BT_DBG("sock %p", sock);
944 sock->state = SS_UNCONNECTED;
946 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
947 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
948 return -ESOCKTNOSUPPORT;
950 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
953 sock->ops = &l2cap_sock_ops;
955 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
959 l2cap_sock_init(sk, NULL);
963 static const struct proto_ops l2cap_sock_ops = {
964 .family = PF_BLUETOOTH,
965 .owner = THIS_MODULE,
966 .release = l2cap_sock_release,
967 .bind = l2cap_sock_bind,
968 .connect = l2cap_sock_connect,
969 .listen = l2cap_sock_listen,
970 .accept = l2cap_sock_accept,
971 .getname = l2cap_sock_getname,
972 .sendmsg = l2cap_sock_sendmsg,
973 .recvmsg = l2cap_sock_recvmsg,
974 .poll = bt_sock_poll,
975 .ioctl = bt_sock_ioctl,
976 .mmap = sock_no_mmap,
977 .socketpair = sock_no_socketpair,
978 .shutdown = l2cap_sock_shutdown,
979 .setsockopt = l2cap_sock_setsockopt,
980 .getsockopt = l2cap_sock_getsockopt
983 static const struct net_proto_family l2cap_sock_family_ops = {
984 .family = PF_BLUETOOTH,
985 .owner = THIS_MODULE,
986 .create = l2cap_sock_create,
989 int __init l2cap_init_sockets(void)
993 err = proto_register(&l2cap_proto, 0);
997 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1001 BT_INFO("L2CAP socket layer initialized");
1006 BT_ERR("L2CAP socket registration failed");
1007 proto_unregister(&l2cap_proto);
1011 void l2cap_cleanup_sockets(void)
1013 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1014 BT_ERR("L2CAP socket unregistration failed");
1016 proto_unregister(&l2cap_proto);