2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static void l2cap_sock_timeout(unsigned long arg)
35 struct sock *sk = (struct sock *) arg;
38 BT_DBG("sock %p state %d", sk, sk->sk_state);
42 if (sock_owned_by_user(sk)) {
43 /* sk is owned by user. Try again later */
44 l2cap_sock_set_timer(sk, HZ / 5);
50 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
51 reason = ECONNREFUSED;
52 else if (sk->sk_state == BT_CONNECT &&
53 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
54 reason = ECONNREFUSED;
58 __l2cap_sock_close(sk, reason);
66 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
69 struct hlist_node *node;
70 sk_for_each(sk, node, &l2cap_sk_list.head)
71 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
78 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
80 struct sock *sk = sock->sk;
81 struct sockaddr_l2 la;
86 if (!addr || addr->sa_family != AF_BLUETOOTH)
89 memset(&la, 0, sizeof(la));
90 len = min_t(unsigned int, sizeof(la), alen);
91 memcpy(&la, addr, len);
98 if (sk->sk_state != BT_OPEN) {
104 __u16 psm = __le16_to_cpu(la.l2_psm);
106 /* PSM must be odd and lsb of upper byte must be 0 */
107 if ((psm & 0x0101) != 0x0001) {
112 /* Restrict usage of well-known PSMs */
113 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
119 write_lock_bh(&l2cap_sk_list.lock);
121 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
124 /* Save source address */
125 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
126 l2cap_pi(sk)->psm = la.l2_psm;
127 l2cap_pi(sk)->sport = la.l2_psm;
128 sk->sk_state = BT_BOUND;
130 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
131 __le16_to_cpu(la.l2_psm) == 0x0003)
132 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
135 write_unlock_bh(&l2cap_sk_list.lock);
142 static int l2cap_sock_listen(struct socket *sock, int backlog)
144 struct sock *sk = sock->sk;
147 BT_DBG("sk %p backlog %d", sk, backlog);
151 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
152 || sk->sk_state != BT_BOUND) {
157 switch (l2cap_pi(sk)->mode) {
158 case L2CAP_MODE_BASIC:
160 case L2CAP_MODE_ERTM:
161 case L2CAP_MODE_STREAMING:
170 if (!l2cap_pi(sk)->psm) {
171 bdaddr_t *src = &bt_sk(sk)->src;
176 write_lock_bh(&l2cap_sk_list.lock);
178 for (psm = 0x1001; psm < 0x1100; psm += 2)
179 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
180 l2cap_pi(sk)->psm = cpu_to_le16(psm);
181 l2cap_pi(sk)->sport = cpu_to_le16(psm);
186 write_unlock_bh(&l2cap_sk_list.lock);
192 sk->sk_max_ack_backlog = backlog;
193 sk->sk_ack_backlog = 0;
194 sk->sk_state = BT_LISTEN;
201 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
203 DECLARE_WAITQUEUE(wait, current);
204 struct sock *sk = sock->sk, *nsk;
208 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
210 if (sk->sk_state != BT_LISTEN) {
215 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
217 BT_DBG("sk %p timeo %ld", sk, timeo);
219 /* Wait for an incoming connection. (wake-one). */
220 add_wait_queue_exclusive(sk_sleep(sk), &wait);
221 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
222 set_current_state(TASK_INTERRUPTIBLE);
229 timeo = schedule_timeout(timeo);
230 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
232 if (sk->sk_state != BT_LISTEN) {
237 if (signal_pending(current)) {
238 err = sock_intr_errno(timeo);
242 set_current_state(TASK_RUNNING);
243 remove_wait_queue(sk_sleep(sk), &wait);
248 newsock->state = SS_CONNECTED;
250 BT_DBG("new socket %p", nsk);
257 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
259 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
260 struct sock *sk = sock->sk;
262 BT_DBG("sock %p, sk %p", sock, sk);
264 addr->sa_family = AF_BLUETOOTH;
265 *len = sizeof(struct sockaddr_l2);
268 la->l2_psm = l2cap_pi(sk)->psm;
269 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
270 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
272 la->l2_psm = l2cap_pi(sk)->sport;
273 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
274 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
280 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
282 struct sock *sk = sock->sk;
283 struct l2cap_options opts;
284 struct l2cap_conninfo cinfo;
290 if (get_user(len, optlen))
297 opts.imtu = l2cap_pi(sk)->imtu;
298 opts.omtu = l2cap_pi(sk)->omtu;
299 opts.flush_to = l2cap_pi(sk)->flush_to;
300 opts.mode = l2cap_pi(sk)->mode;
301 opts.fcs = l2cap_pi(sk)->fcs;
302 opts.max_tx = l2cap_pi(sk)->max_tx;
303 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
305 len = min_t(unsigned int, len, sizeof(opts));
306 if (copy_to_user(optval, (char *) &opts, len))
312 switch (l2cap_pi(sk)->sec_level) {
313 case BT_SECURITY_LOW:
316 case BT_SECURITY_MEDIUM:
317 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
319 case BT_SECURITY_HIGH:
320 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
328 if (l2cap_pi(sk)->role_switch)
329 opt |= L2CAP_LM_MASTER;
331 if (l2cap_pi(sk)->force_reliable)
332 opt |= L2CAP_LM_RELIABLE;
334 if (put_user(opt, (u32 __user *) optval))
339 if (sk->sk_state != BT_CONNECTED &&
340 !(sk->sk_state == BT_CONNECT2 &&
341 bt_sk(sk)->defer_setup)) {
346 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
347 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
349 len = min_t(unsigned int, len, sizeof(cinfo));
350 if (copy_to_user(optval, (char *) &cinfo, len))
364 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
366 struct sock *sk = sock->sk;
367 struct bt_security sec;
372 if (level == SOL_L2CAP)
373 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
375 if (level != SOL_BLUETOOTH)
378 if (get_user(len, optlen))
385 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
386 && sk->sk_type != SOCK_RAW) {
391 sec.level = l2cap_pi(sk)->sec_level;
393 len = min_t(unsigned int, len, sizeof(sec));
394 if (copy_to_user(optval, (char *) &sec, len))
400 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
405 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
411 if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval))
425 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
427 struct sock *sk = sock->sk;
428 struct l2cap_options opts;
438 if (sk->sk_state == BT_CONNECTED) {
443 opts.imtu = l2cap_pi(sk)->imtu;
444 opts.omtu = l2cap_pi(sk)->omtu;
445 opts.flush_to = l2cap_pi(sk)->flush_to;
446 opts.mode = l2cap_pi(sk)->mode;
447 opts.fcs = l2cap_pi(sk)->fcs;
448 opts.max_tx = l2cap_pi(sk)->max_tx;
449 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
451 len = min_t(unsigned int, sizeof(opts), optlen);
452 if (copy_from_user((char *) &opts, optval, len)) {
457 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
462 l2cap_pi(sk)->mode = opts.mode;
463 switch (l2cap_pi(sk)->mode) {
464 case L2CAP_MODE_BASIC:
465 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
467 case L2CAP_MODE_ERTM:
468 case L2CAP_MODE_STREAMING:
477 l2cap_pi(sk)->imtu = opts.imtu;
478 l2cap_pi(sk)->omtu = opts.omtu;
479 l2cap_pi(sk)->fcs = opts.fcs;
480 l2cap_pi(sk)->max_tx = opts.max_tx;
481 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
485 if (get_user(opt, (u32 __user *) optval)) {
490 if (opt & L2CAP_LM_AUTH)
491 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
492 if (opt & L2CAP_LM_ENCRYPT)
493 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
494 if (opt & L2CAP_LM_SECURE)
495 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
497 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
498 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
510 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
512 struct sock *sk = sock->sk;
513 struct bt_security sec;
519 if (level == SOL_L2CAP)
520 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
522 if (level != SOL_BLUETOOTH)
529 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
530 && sk->sk_type != SOCK_RAW) {
535 sec.level = BT_SECURITY_LOW;
537 len = min_t(unsigned int, sizeof(sec), optlen);
538 if (copy_from_user((char *) &sec, optval, len)) {
543 if (sec.level < BT_SECURITY_LOW ||
544 sec.level > BT_SECURITY_HIGH) {
549 l2cap_pi(sk)->sec_level = sec.level;
553 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
558 if (get_user(opt, (u32 __user *) optval)) {
563 bt_sk(sk)->defer_setup = opt;
567 if (get_user(opt, (u32 __user *) optval)) {
572 if (opt > BT_FLUSHABLE_ON) {
577 if (opt == BT_FLUSHABLE_OFF) {
578 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
579 /* proceed futher only when we have l2cap_conn and
580 No Flush support in the LM */
581 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
587 l2cap_pi(sk)->flushable = opt;
599 static int l2cap_sock_release(struct socket *sock)
601 struct sock *sk = sock->sk;
604 BT_DBG("sock %p, sk %p", sock, sk);
609 err = l2cap_sock_shutdown(sock, 2);
616 static void l2cap_sock_destruct(struct sock *sk)
620 skb_queue_purge(&sk->sk_receive_queue);
621 skb_queue_purge(&sk->sk_write_queue);
624 void l2cap_sock_init(struct sock *sk, struct sock *parent)
626 struct l2cap_pinfo *pi = l2cap_pi(sk);
631 sk->sk_type = parent->sk_type;
632 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
634 pi->imtu = l2cap_pi(parent)->imtu;
635 pi->omtu = l2cap_pi(parent)->omtu;
636 pi->conf_state = l2cap_pi(parent)->conf_state;
637 pi->mode = l2cap_pi(parent)->mode;
638 pi->fcs = l2cap_pi(parent)->fcs;
639 pi->max_tx = l2cap_pi(parent)->max_tx;
640 pi->tx_win = l2cap_pi(parent)->tx_win;
641 pi->sec_level = l2cap_pi(parent)->sec_level;
642 pi->role_switch = l2cap_pi(parent)->role_switch;
643 pi->force_reliable = l2cap_pi(parent)->force_reliable;
644 pi->flushable = l2cap_pi(parent)->flushable;
646 pi->imtu = L2CAP_DEFAULT_MTU;
648 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
649 pi->mode = L2CAP_MODE_ERTM;
650 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
652 pi->mode = L2CAP_MODE_BASIC;
654 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
655 pi->fcs = L2CAP_FCS_CRC16;
656 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
657 pi->sec_level = BT_SECURITY_LOW;
659 pi->force_reliable = 0;
660 pi->flushable = BT_FLUSHABLE_OFF;
663 /* Default config options */
665 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
666 skb_queue_head_init(TX_QUEUE(sk));
667 skb_queue_head_init(SREJ_QUEUE(sk));
668 skb_queue_head_init(BUSY_QUEUE(sk));
669 INIT_LIST_HEAD(SREJ_LIST(sk));
672 static struct proto l2cap_proto = {
674 .owner = THIS_MODULE,
675 .obj_size = sizeof(struct l2cap_pinfo)
678 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
682 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
686 sock_init_data(sock, sk);
687 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
689 sk->sk_destruct = l2cap_sock_destruct;
690 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
692 sock_reset_flag(sk, SOCK_ZAPPED);
694 sk->sk_protocol = proto;
695 sk->sk_state = BT_OPEN;
697 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
699 bt_sock_link(&l2cap_sk_list, sk);
703 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
708 BT_DBG("sock %p", sock);
710 sock->state = SS_UNCONNECTED;
712 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
713 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
714 return -ESOCKTNOSUPPORT;
716 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
719 sock->ops = &l2cap_sock_ops;
721 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
725 l2cap_sock_init(sk, NULL);
729 const struct proto_ops l2cap_sock_ops = {
730 .family = PF_BLUETOOTH,
731 .owner = THIS_MODULE,
732 .release = l2cap_sock_release,
733 .bind = l2cap_sock_bind,
734 .connect = l2cap_sock_connect,
735 .listen = l2cap_sock_listen,
736 .accept = l2cap_sock_accept,
737 .getname = l2cap_sock_getname,
738 .sendmsg = l2cap_sock_sendmsg,
739 .recvmsg = l2cap_sock_recvmsg,
740 .poll = bt_sock_poll,
741 .ioctl = bt_sock_ioctl,
742 .mmap = sock_no_mmap,
743 .socketpair = sock_no_socketpair,
744 .shutdown = l2cap_sock_shutdown,
745 .setsockopt = l2cap_sock_setsockopt,
746 .getsockopt = l2cap_sock_getsockopt
749 static const struct net_proto_family l2cap_sock_family_ops = {
750 .family = PF_BLUETOOTH,
751 .owner = THIS_MODULE,
752 .create = l2cap_sock_create,
755 int __init l2cap_init_sockets(void)
759 err = proto_register(&l2cap_proto, 0);
763 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
767 BT_INFO("L2CAP socket layer initialized");
772 BT_ERR("L2CAP socket registration failed");
773 proto_unregister(&l2cap_proto);
777 void l2cap_cleanup_sockets(void)
779 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
780 BT_ERR("L2CAP socket unregistration failed");
782 proto_unregister(&l2cap_proto);