2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static void l2cap_sock_timeout(unsigned long arg)
35 struct sock *sk = (struct sock *) arg;
38 BT_DBG("sock %p state %d", sk, sk->sk_state);
42 if (sock_owned_by_user(sk)) {
43 /* sk is owned by user. Try again later */
44 l2cap_sock_set_timer(sk, HZ / 5);
50 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
51 reason = ECONNREFUSED;
52 else if (sk->sk_state == BT_CONNECT &&
53 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
54 reason = ECONNREFUSED;
58 __l2cap_sock_close(sk, reason);
66 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
69 struct hlist_node *node;
70 sk_for_each(sk, node, &l2cap_sk_list.head)
71 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
78 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
80 struct sock *sk = sock->sk;
81 struct sockaddr_l2 la;
86 if (!addr || addr->sa_family != AF_BLUETOOTH)
89 memset(&la, 0, sizeof(la));
90 len = min_t(unsigned int, sizeof(la), alen);
91 memcpy(&la, addr, len);
98 if (sk->sk_state != BT_OPEN) {
104 __u16 psm = __le16_to_cpu(la.l2_psm);
106 /* PSM must be odd and lsb of upper byte must be 0 */
107 if ((psm & 0x0101) != 0x0001) {
112 /* Restrict usage of well-known PSMs */
113 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
119 write_lock_bh(&l2cap_sk_list.lock);
121 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
124 /* Save source address */
125 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
126 l2cap_pi(sk)->psm = la.l2_psm;
127 l2cap_pi(sk)->sport = la.l2_psm;
128 sk->sk_state = BT_BOUND;
130 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
131 __le16_to_cpu(la.l2_psm) == 0x0003)
132 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
135 write_unlock_bh(&l2cap_sk_list.lock);
142 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
144 struct sock *sk = sock->sk;
145 struct sockaddr_l2 la;
150 if (!addr || alen < sizeof(addr->sa_family) ||
151 addr->sa_family != AF_BLUETOOTH)
154 memset(&la, 0, sizeof(la));
155 len = min_t(unsigned int, sizeof(la), alen);
156 memcpy(&la, addr, len);
163 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
169 switch (l2cap_pi(sk)->mode) {
170 case L2CAP_MODE_BASIC:
172 case L2CAP_MODE_ERTM:
173 case L2CAP_MODE_STREAMING:
182 switch (sk->sk_state) {
186 /* Already connecting */
190 /* Already connected */
204 /* PSM must be odd and lsb of upper byte must be 0 */
205 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
206 sk->sk_type != SOCK_RAW) {
211 /* Set destination address and psm */
212 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
213 l2cap_pi(sk)->psm = la.l2_psm;
215 err = l2cap_do_connect(sk);
220 err = bt_sock_wait_state(sk, BT_CONNECTED,
221 sock_sndtimeo(sk, flags & O_NONBLOCK));
227 static int l2cap_sock_listen(struct socket *sock, int backlog)
229 struct sock *sk = sock->sk;
232 BT_DBG("sk %p backlog %d", sk, backlog);
236 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
237 || sk->sk_state != BT_BOUND) {
242 switch (l2cap_pi(sk)->mode) {
243 case L2CAP_MODE_BASIC:
245 case L2CAP_MODE_ERTM:
246 case L2CAP_MODE_STREAMING:
255 if (!l2cap_pi(sk)->psm) {
256 bdaddr_t *src = &bt_sk(sk)->src;
261 write_lock_bh(&l2cap_sk_list.lock);
263 for (psm = 0x1001; psm < 0x1100; psm += 2)
264 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
265 l2cap_pi(sk)->psm = cpu_to_le16(psm);
266 l2cap_pi(sk)->sport = cpu_to_le16(psm);
271 write_unlock_bh(&l2cap_sk_list.lock);
277 sk->sk_max_ack_backlog = backlog;
278 sk->sk_ack_backlog = 0;
279 sk->sk_state = BT_LISTEN;
286 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
288 DECLARE_WAITQUEUE(wait, current);
289 struct sock *sk = sock->sk, *nsk;
293 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
295 if (sk->sk_state != BT_LISTEN) {
300 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
302 BT_DBG("sk %p timeo %ld", sk, timeo);
304 /* Wait for an incoming connection. (wake-one). */
305 add_wait_queue_exclusive(sk_sleep(sk), &wait);
306 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
307 set_current_state(TASK_INTERRUPTIBLE);
314 timeo = schedule_timeout(timeo);
315 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
317 if (sk->sk_state != BT_LISTEN) {
322 if (signal_pending(current)) {
323 err = sock_intr_errno(timeo);
327 set_current_state(TASK_RUNNING);
328 remove_wait_queue(sk_sleep(sk), &wait);
333 newsock->state = SS_CONNECTED;
335 BT_DBG("new socket %p", nsk);
342 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
344 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
345 struct sock *sk = sock->sk;
347 BT_DBG("sock %p, sk %p", sock, sk);
349 addr->sa_family = AF_BLUETOOTH;
350 *len = sizeof(struct sockaddr_l2);
353 la->l2_psm = l2cap_pi(sk)->psm;
354 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
355 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
357 la->l2_psm = l2cap_pi(sk)->sport;
358 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
359 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
365 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
367 struct sock *sk = sock->sk;
368 struct l2cap_options opts;
369 struct l2cap_conninfo cinfo;
375 if (get_user(len, optlen))
382 opts.imtu = l2cap_pi(sk)->imtu;
383 opts.omtu = l2cap_pi(sk)->omtu;
384 opts.flush_to = l2cap_pi(sk)->flush_to;
385 opts.mode = l2cap_pi(sk)->mode;
386 opts.fcs = l2cap_pi(sk)->fcs;
387 opts.max_tx = l2cap_pi(sk)->max_tx;
388 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
390 len = min_t(unsigned int, len, sizeof(opts));
391 if (copy_to_user(optval, (char *) &opts, len))
397 switch (l2cap_pi(sk)->sec_level) {
398 case BT_SECURITY_LOW:
401 case BT_SECURITY_MEDIUM:
402 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
404 case BT_SECURITY_HIGH:
405 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
413 if (l2cap_pi(sk)->role_switch)
414 opt |= L2CAP_LM_MASTER;
416 if (l2cap_pi(sk)->force_reliable)
417 opt |= L2CAP_LM_RELIABLE;
419 if (put_user(opt, (u32 __user *) optval))
424 if (sk->sk_state != BT_CONNECTED &&
425 !(sk->sk_state == BT_CONNECT2 &&
426 bt_sk(sk)->defer_setup)) {
431 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
432 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
434 len = min_t(unsigned int, len, sizeof(cinfo));
435 if (copy_to_user(optval, (char *) &cinfo, len))
449 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
451 struct sock *sk = sock->sk;
452 struct bt_security sec;
457 if (level == SOL_L2CAP)
458 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
460 if (level != SOL_BLUETOOTH)
463 if (get_user(len, optlen))
470 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
471 && sk->sk_type != SOCK_RAW) {
476 sec.level = l2cap_pi(sk)->sec_level;
478 len = min_t(unsigned int, len, sizeof(sec));
479 if (copy_to_user(optval, (char *) &sec, len))
485 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
490 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
496 if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval))
510 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
512 struct sock *sk = sock->sk;
513 struct l2cap_options opts;
523 if (sk->sk_state == BT_CONNECTED) {
528 opts.imtu = l2cap_pi(sk)->imtu;
529 opts.omtu = l2cap_pi(sk)->omtu;
530 opts.flush_to = l2cap_pi(sk)->flush_to;
531 opts.mode = l2cap_pi(sk)->mode;
532 opts.fcs = l2cap_pi(sk)->fcs;
533 opts.max_tx = l2cap_pi(sk)->max_tx;
534 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
536 len = min_t(unsigned int, sizeof(opts), optlen);
537 if (copy_from_user((char *) &opts, optval, len)) {
542 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
547 l2cap_pi(sk)->mode = opts.mode;
548 switch (l2cap_pi(sk)->mode) {
549 case L2CAP_MODE_BASIC:
550 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
552 case L2CAP_MODE_ERTM:
553 case L2CAP_MODE_STREAMING:
562 l2cap_pi(sk)->imtu = opts.imtu;
563 l2cap_pi(sk)->omtu = opts.omtu;
564 l2cap_pi(sk)->fcs = opts.fcs;
565 l2cap_pi(sk)->max_tx = opts.max_tx;
566 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
570 if (get_user(opt, (u32 __user *) optval)) {
575 if (opt & L2CAP_LM_AUTH)
576 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
577 if (opt & L2CAP_LM_ENCRYPT)
578 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
579 if (opt & L2CAP_LM_SECURE)
580 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
582 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
583 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
595 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
597 struct sock *sk = sock->sk;
598 struct bt_security sec;
604 if (level == SOL_L2CAP)
605 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
607 if (level != SOL_BLUETOOTH)
614 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
615 && sk->sk_type != SOCK_RAW) {
620 sec.level = BT_SECURITY_LOW;
622 len = min_t(unsigned int, sizeof(sec), optlen);
623 if (copy_from_user((char *) &sec, optval, len)) {
628 if (sec.level < BT_SECURITY_LOW ||
629 sec.level > BT_SECURITY_HIGH) {
634 l2cap_pi(sk)->sec_level = sec.level;
638 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
643 if (get_user(opt, (u32 __user *) optval)) {
648 bt_sk(sk)->defer_setup = opt;
652 if (get_user(opt, (u32 __user *) optval)) {
657 if (opt > BT_FLUSHABLE_ON) {
662 if (opt == BT_FLUSHABLE_OFF) {
663 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
664 /* proceed futher only when we have l2cap_conn and
665 No Flush support in the LM */
666 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
672 l2cap_pi(sk)->flushable = opt;
684 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
686 struct sock *sk = sock->sk;
690 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
691 struct l2cap_conn_rsp rsp;
692 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
695 sk->sk_state = BT_CONFIG;
697 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
698 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
699 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
700 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
701 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
702 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
704 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
709 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
710 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
711 l2cap_build_conf_req(sk, buf), buf);
712 l2cap_pi(sk)->num_conf_req++;
720 if (sock->type == SOCK_STREAM)
721 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
723 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
726 static int l2cap_sock_shutdown(struct socket *sock, int how)
728 struct sock *sk = sock->sk;
731 BT_DBG("sock %p, sk %p", sock, sk);
737 if (!sk->sk_shutdown) {
738 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
739 err = __l2cap_wait_ack(sk);
741 sk->sk_shutdown = SHUTDOWN_MASK;
742 l2cap_sock_clear_timer(sk);
743 __l2cap_sock_close(sk, 0);
745 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
746 err = bt_sock_wait_state(sk, BT_CLOSED,
750 if (!err && sk->sk_err)
757 static int l2cap_sock_release(struct socket *sock)
759 struct sock *sk = sock->sk;
762 BT_DBG("sock %p, sk %p", sock, sk);
767 err = l2cap_sock_shutdown(sock, 2);
774 static void l2cap_sock_destruct(struct sock *sk)
778 skb_queue_purge(&sk->sk_receive_queue);
779 skb_queue_purge(&sk->sk_write_queue);
782 void l2cap_sock_init(struct sock *sk, struct sock *parent)
784 struct l2cap_pinfo *pi = l2cap_pi(sk);
789 sk->sk_type = parent->sk_type;
790 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
792 pi->imtu = l2cap_pi(parent)->imtu;
793 pi->omtu = l2cap_pi(parent)->omtu;
794 pi->conf_state = l2cap_pi(parent)->conf_state;
795 pi->mode = l2cap_pi(parent)->mode;
796 pi->fcs = l2cap_pi(parent)->fcs;
797 pi->max_tx = l2cap_pi(parent)->max_tx;
798 pi->tx_win = l2cap_pi(parent)->tx_win;
799 pi->sec_level = l2cap_pi(parent)->sec_level;
800 pi->role_switch = l2cap_pi(parent)->role_switch;
801 pi->force_reliable = l2cap_pi(parent)->force_reliable;
802 pi->flushable = l2cap_pi(parent)->flushable;
804 pi->imtu = L2CAP_DEFAULT_MTU;
806 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
807 pi->mode = L2CAP_MODE_ERTM;
808 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
810 pi->mode = L2CAP_MODE_BASIC;
812 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
813 pi->fcs = L2CAP_FCS_CRC16;
814 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
815 pi->sec_level = BT_SECURITY_LOW;
817 pi->force_reliable = 0;
818 pi->flushable = BT_FLUSHABLE_OFF;
821 /* Default config options */
823 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
824 skb_queue_head_init(TX_QUEUE(sk));
825 skb_queue_head_init(SREJ_QUEUE(sk));
826 skb_queue_head_init(BUSY_QUEUE(sk));
827 INIT_LIST_HEAD(SREJ_LIST(sk));
830 static struct proto l2cap_proto = {
832 .owner = THIS_MODULE,
833 .obj_size = sizeof(struct l2cap_pinfo)
836 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
840 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
844 sock_init_data(sock, sk);
845 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
847 sk->sk_destruct = l2cap_sock_destruct;
848 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
850 sock_reset_flag(sk, SOCK_ZAPPED);
852 sk->sk_protocol = proto;
853 sk->sk_state = BT_OPEN;
855 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
857 bt_sock_link(&l2cap_sk_list, sk);
861 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
866 BT_DBG("sock %p", sock);
868 sock->state = SS_UNCONNECTED;
870 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
871 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
872 return -ESOCKTNOSUPPORT;
874 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
877 sock->ops = &l2cap_sock_ops;
879 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
883 l2cap_sock_init(sk, NULL);
887 const struct proto_ops l2cap_sock_ops = {
888 .family = PF_BLUETOOTH,
889 .owner = THIS_MODULE,
890 .release = l2cap_sock_release,
891 .bind = l2cap_sock_bind,
892 .connect = l2cap_sock_connect,
893 .listen = l2cap_sock_listen,
894 .accept = l2cap_sock_accept,
895 .getname = l2cap_sock_getname,
896 .sendmsg = l2cap_sock_sendmsg,
897 .recvmsg = l2cap_sock_recvmsg,
898 .poll = bt_sock_poll,
899 .ioctl = bt_sock_ioctl,
900 .mmap = sock_no_mmap,
901 .socketpair = sock_no_socketpair,
902 .shutdown = l2cap_sock_shutdown,
903 .setsockopt = l2cap_sock_setsockopt,
904 .getsockopt = l2cap_sock_getsockopt
907 static const struct net_proto_family l2cap_sock_family_ops = {
908 .family = PF_BLUETOOTH,
909 .owner = THIS_MODULE,
910 .create = l2cap_sock_create,
913 int __init l2cap_init_sockets(void)
917 err = proto_register(&l2cap_proto, 0);
921 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
925 BT_INFO("L2CAP socket layer initialized");
930 BT_ERR("L2CAP socket registration failed");
931 proto_unregister(&l2cap_proto);
935 void l2cap_cleanup_sockets(void)
937 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
938 BT_ERR("L2CAP socket unregistration failed");
940 proto_unregister(&l2cap_proto);