2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static const struct proto_ops l2cap_sock_ops;
35 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
37 struct sock *sk = sock->sk;
38 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
39 struct sockaddr_l2 la;
44 if (!addr || addr->sa_family != AF_BLUETOOTH)
47 memset(&la, 0, sizeof(la));
48 len = min_t(unsigned int, sizeof(la), alen);
49 memcpy(&la, addr, len);
51 if (la.l2_cid && la.l2_psm)
56 if (sk->sk_state != BT_OPEN) {
62 __u16 psm = __le16_to_cpu(la.l2_psm);
64 /* PSM must be odd and lsb of upper byte must be 0 */
65 if ((psm & 0x0101) != 0x0001) {
70 /* Restrict usage of well-known PSMs */
71 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
78 err = l2cap_add_scid(chan, la.l2_cid);
80 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
85 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
86 __le16_to_cpu(la.l2_psm) == 0x0003)
87 chan->sec_level = BT_SECURITY_SDP;
89 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
90 sk->sk_state = BT_BOUND;
97 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
99 struct sock *sk = sock->sk;
100 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
101 struct sockaddr_l2 la;
106 if (!addr || alen < sizeof(addr->sa_family) ||
107 addr->sa_family != AF_BLUETOOTH)
110 memset(&la, 0, sizeof(la));
111 len = min_t(unsigned int, sizeof(la), alen);
112 memcpy(&la, addr, len);
114 if (la.l2_cid && la.l2_psm)
119 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
120 && !(la.l2_psm || la.l2_cid)) {
125 switch (chan->mode) {
126 case L2CAP_MODE_BASIC:
128 case L2CAP_MODE_ERTM:
129 case L2CAP_MODE_STREAMING:
138 switch (sk->sk_state) {
142 /* Already connecting */
146 /* Already connected */
160 /* PSM must be odd and lsb of upper byte must be 0 */
161 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
162 chan->chan_type != L2CAP_CHAN_RAW) {
167 /* Set destination address and psm */
168 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
169 chan->psm = la.l2_psm;
170 chan->dcid = la.l2_cid;
172 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
177 err = bt_sock_wait_state(sk, BT_CONNECTED,
178 sock_sndtimeo(sk, flags & O_NONBLOCK));
184 static int l2cap_sock_listen(struct socket *sock, int backlog)
186 struct sock *sk = sock->sk;
187 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
190 BT_DBG("sk %p backlog %d", sk, backlog);
194 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
195 || sk->sk_state != BT_BOUND) {
200 switch (chan->mode) {
201 case L2CAP_MODE_BASIC:
203 case L2CAP_MODE_ERTM:
204 case L2CAP_MODE_STREAMING:
213 sk->sk_max_ack_backlog = backlog;
214 sk->sk_ack_backlog = 0;
215 sk->sk_state = BT_LISTEN;
222 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
224 DECLARE_WAITQUEUE(wait, current);
225 struct sock *sk = sock->sk, *nsk;
229 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
231 if (sk->sk_state != BT_LISTEN) {
236 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
238 BT_DBG("sk %p timeo %ld", sk, timeo);
240 /* Wait for an incoming connection. (wake-one). */
241 add_wait_queue_exclusive(sk_sleep(sk), &wait);
242 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
243 set_current_state(TASK_INTERRUPTIBLE);
250 timeo = schedule_timeout(timeo);
251 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
253 if (sk->sk_state != BT_LISTEN) {
258 if (signal_pending(current)) {
259 err = sock_intr_errno(timeo);
263 set_current_state(TASK_RUNNING);
264 remove_wait_queue(sk_sleep(sk), &wait);
269 newsock->state = SS_CONNECTED;
271 BT_DBG("new socket %p", nsk);
278 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
280 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
281 struct sock *sk = sock->sk;
282 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
284 BT_DBG("sock %p, sk %p", sock, sk);
286 addr->sa_family = AF_BLUETOOTH;
287 *len = sizeof(struct sockaddr_l2);
290 la->l2_psm = chan->psm;
291 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
292 la->l2_cid = cpu_to_le16(chan->dcid);
294 la->l2_psm = chan->sport;
295 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
296 la->l2_cid = cpu_to_le16(chan->scid);
302 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
304 struct sock *sk = sock->sk;
305 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
306 struct l2cap_options opts;
307 struct l2cap_conninfo cinfo;
313 if (get_user(len, optlen))
320 memset(&opts, 0, sizeof(opts));
321 opts.imtu = chan->imtu;
322 opts.omtu = chan->omtu;
323 opts.flush_to = chan->flush_to;
324 opts.mode = chan->mode;
325 opts.fcs = chan->fcs;
326 opts.max_tx = chan->max_tx;
327 opts.txwin_size = (__u16)chan->tx_win;
329 len = min_t(unsigned int, len, sizeof(opts));
330 if (copy_to_user(optval, (char *) &opts, len))
336 switch (chan->sec_level) {
337 case BT_SECURITY_LOW:
340 case BT_SECURITY_MEDIUM:
341 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
343 case BT_SECURITY_HIGH:
344 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
352 if (chan->role_switch)
353 opt |= L2CAP_LM_MASTER;
355 if (chan->force_reliable)
356 opt |= L2CAP_LM_RELIABLE;
358 if (put_user(opt, (u32 __user *) optval))
363 if (sk->sk_state != BT_CONNECTED &&
364 !(sk->sk_state == BT_CONNECT2 &&
365 bt_sk(sk)->defer_setup)) {
370 cinfo.hci_handle = chan->conn->hcon->handle;
371 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
373 len = min_t(unsigned int, len, sizeof(cinfo));
374 if (copy_to_user(optval, (char *) &cinfo, len))
388 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
390 struct sock *sk = sock->sk;
391 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
392 struct bt_security sec;
397 if (level == SOL_L2CAP)
398 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
400 if (level != SOL_BLUETOOTH)
403 if (get_user(len, optlen))
410 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
411 chan->chan_type != L2CAP_CHAN_RAW) {
416 sec.level = chan->sec_level;
418 len = min_t(unsigned int, len, sizeof(sec));
419 if (copy_to_user(optval, (char *) &sec, len))
425 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
430 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
436 if (put_user(chan->flushable, (u32 __user *) optval))
450 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
452 struct sock *sk = sock->sk;
453 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
454 struct l2cap_options opts;
464 if (sk->sk_state == BT_CONNECTED) {
469 opts.imtu = chan->imtu;
470 opts.omtu = chan->omtu;
471 opts.flush_to = chan->flush_to;
472 opts.mode = chan->mode;
473 opts.fcs = chan->fcs;
474 opts.max_tx = chan->max_tx;
475 opts.txwin_size = (__u16)chan->tx_win;
477 len = min_t(unsigned int, sizeof(opts), optlen);
478 if (copy_from_user((char *) &opts, optval, len)) {
483 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
488 chan->mode = opts.mode;
489 switch (chan->mode) {
490 case L2CAP_MODE_BASIC:
491 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
493 case L2CAP_MODE_ERTM:
494 case L2CAP_MODE_STREAMING:
503 chan->imtu = opts.imtu;
504 chan->omtu = opts.omtu;
505 chan->fcs = opts.fcs;
506 chan->max_tx = opts.max_tx;
507 chan->tx_win = (__u8)opts.txwin_size;
511 if (get_user(opt, (u32 __user *) optval)) {
516 if (opt & L2CAP_LM_AUTH)
517 chan->sec_level = BT_SECURITY_LOW;
518 if (opt & L2CAP_LM_ENCRYPT)
519 chan->sec_level = BT_SECURITY_MEDIUM;
520 if (opt & L2CAP_LM_SECURE)
521 chan->sec_level = BT_SECURITY_HIGH;
523 chan->role_switch = (opt & L2CAP_LM_MASTER);
524 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
536 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
538 struct sock *sk = sock->sk;
539 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
540 struct bt_security sec;
546 if (level == SOL_L2CAP)
547 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
549 if (level != SOL_BLUETOOTH)
556 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
557 chan->chan_type != L2CAP_CHAN_RAW) {
562 sec.level = BT_SECURITY_LOW;
564 len = min_t(unsigned int, sizeof(sec), optlen);
565 if (copy_from_user((char *) &sec, optval, len)) {
570 if (sec.level < BT_SECURITY_LOW ||
571 sec.level > BT_SECURITY_HIGH) {
576 chan->sec_level = sec.level;
580 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
585 if (get_user(opt, (u32 __user *) optval)) {
590 bt_sk(sk)->defer_setup = opt;
594 if (get_user(opt, (u32 __user *) optval)) {
599 if (opt > BT_FLUSHABLE_ON) {
604 if (opt == BT_FLUSHABLE_OFF) {
605 struct l2cap_conn *conn = chan->conn;
606 /* proceed further only when we have l2cap_conn and
607 No Flush support in the LM */
608 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
614 chan->flushable = opt;
626 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
628 struct sock *sk = sock->sk;
629 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
632 BT_DBG("sock %p, sk %p", sock, sk);
634 err = sock_error(sk);
638 if (msg->msg_flags & MSG_OOB)
643 if (sk->sk_state != BT_CONNECTED) {
648 err = l2cap_chan_send(chan, msg, len);
654 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
656 struct sock *sk = sock->sk;
660 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
661 sk->sk_state = BT_CONFIG;
663 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
670 if (sock->type == SOCK_STREAM)
671 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
673 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
676 /* Kill socket (only if zapped and orphan)
677 * Must be called on unlocked socket.
679 void l2cap_sock_kill(struct sock *sk)
681 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
684 BT_DBG("sk %p state %d", sk, sk->sk_state);
686 /* Kill poor orphan */
688 l2cap_chan_destroy(l2cap_pi(sk)->chan);
689 sock_set_flag(sk, SOCK_DEAD);
693 static int l2cap_sock_shutdown(struct socket *sock, int how)
695 struct sock *sk = sock->sk;
696 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
699 BT_DBG("sock %p, sk %p", sock, sk);
705 if (!sk->sk_shutdown) {
706 if (chan->mode == L2CAP_MODE_ERTM)
707 err = __l2cap_wait_ack(sk);
709 sk->sk_shutdown = SHUTDOWN_MASK;
710 l2cap_chan_clear_timer(chan);
711 __l2cap_chan_close(chan, 0);
713 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
714 err = bt_sock_wait_state(sk, BT_CLOSED,
718 if (!err && sk->sk_err)
725 static int l2cap_sock_release(struct socket *sock)
727 struct sock *sk = sock->sk;
730 BT_DBG("sock %p, sk %p", sock, sk);
735 err = l2cap_sock_shutdown(sock, 2);
742 static void l2cap_sock_destruct(struct sock *sk)
746 skb_queue_purge(&sk->sk_receive_queue);
747 skb_queue_purge(&sk->sk_write_queue);
750 void l2cap_sock_init(struct sock *sk, struct sock *parent)
752 struct l2cap_pinfo *pi = l2cap_pi(sk);
753 struct l2cap_chan *chan = pi->chan;
758 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
760 sk->sk_type = parent->sk_type;
761 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
763 chan->chan_type = pchan->chan_type;
764 chan->imtu = pchan->imtu;
765 chan->omtu = pchan->omtu;
766 chan->conf_state = pchan->conf_state;
767 chan->mode = pchan->mode;
768 chan->fcs = pchan->fcs;
769 chan->max_tx = pchan->max_tx;
770 chan->tx_win = pchan->tx_win;
771 chan->sec_level = pchan->sec_level;
772 chan->role_switch = pchan->role_switch;
773 chan->force_reliable = pchan->force_reliable;
774 chan->flushable = pchan->flushable;
777 switch (sk->sk_type) {
779 chan->chan_type = L2CAP_CHAN_RAW;
782 chan->chan_type = L2CAP_CHAN_CONN_LESS;
786 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
790 chan->imtu = L2CAP_DEFAULT_MTU;
792 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
793 chan->mode = L2CAP_MODE_ERTM;
794 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
796 chan->mode = L2CAP_MODE_BASIC;
798 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
799 chan->fcs = L2CAP_FCS_CRC16;
800 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
801 chan->sec_level = BT_SECURITY_LOW;
802 chan->role_switch = 0;
803 chan->force_reliable = 0;
804 chan->flushable = BT_FLUSHABLE_OFF;
807 /* Default config options */
808 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
811 static struct proto l2cap_proto = {
813 .owner = THIS_MODULE,
814 .obj_size = sizeof(struct l2cap_pinfo)
817 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
821 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
825 sock_init_data(sock, sk);
826 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
828 sk->sk_destruct = l2cap_sock_destruct;
829 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
831 sock_reset_flag(sk, SOCK_ZAPPED);
833 sk->sk_protocol = proto;
834 sk->sk_state = BT_OPEN;
839 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
843 struct l2cap_chan *chan;
845 BT_DBG("sock %p", sock);
847 sock->state = SS_UNCONNECTED;
849 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
850 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
851 return -ESOCKTNOSUPPORT;
853 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
856 sock->ops = &l2cap_sock_ops;
858 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
862 chan = l2cap_chan_create(sk);
868 l2cap_pi(sk)->chan = chan;
870 l2cap_sock_init(sk, NULL);
874 static const struct proto_ops l2cap_sock_ops = {
875 .family = PF_BLUETOOTH,
876 .owner = THIS_MODULE,
877 .release = l2cap_sock_release,
878 .bind = l2cap_sock_bind,
879 .connect = l2cap_sock_connect,
880 .listen = l2cap_sock_listen,
881 .accept = l2cap_sock_accept,
882 .getname = l2cap_sock_getname,
883 .sendmsg = l2cap_sock_sendmsg,
884 .recvmsg = l2cap_sock_recvmsg,
885 .poll = bt_sock_poll,
886 .ioctl = bt_sock_ioctl,
887 .mmap = sock_no_mmap,
888 .socketpair = sock_no_socketpair,
889 .shutdown = l2cap_sock_shutdown,
890 .setsockopt = l2cap_sock_setsockopt,
891 .getsockopt = l2cap_sock_getsockopt
894 static const struct net_proto_family l2cap_sock_family_ops = {
895 .family = PF_BLUETOOTH,
896 .owner = THIS_MODULE,
897 .create = l2cap_sock_create,
900 int __init l2cap_init_sockets(void)
904 err = proto_register(&l2cap_proto, 0);
908 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
912 BT_INFO("L2CAP socket layer initialized");
917 BT_ERR("L2CAP socket registration failed");
918 proto_unregister(&l2cap_proto);
922 void l2cap_cleanup_sockets(void)
924 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
925 BT_ERR("L2CAP socket unregistration failed");
927 proto_unregister(&l2cap_proto);