2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
33 static void l2cap_sock_timeout(unsigned long arg
)
35 struct sock
*sk
= (struct sock
*) arg
;
38 BT_DBG("sock %p state %d", sk
, sk
->sk_state
);
42 if (sock_owned_by_user(sk
)) {
43 /* sk is owned by user. Try again later */
44 l2cap_sock_set_timer(sk
, HZ
/ 5);
50 if (sk
->sk_state
== BT_CONNECTED
|| sk
->sk_state
== BT_CONFIG
)
51 reason
= ECONNREFUSED
;
52 else if (sk
->sk_state
== BT_CONNECT
&&
53 l2cap_pi(sk
)->sec_level
!= BT_SECURITY_SDP
)
54 reason
= ECONNREFUSED
;
58 __l2cap_sock_close(sk
, reason
);
66 static struct sock
*__l2cap_get_sock_by_addr(__le16 psm
, bdaddr_t
*src
)
69 struct hlist_node
*node
;
70 sk_for_each(sk
, node
, &l2cap_sk_list
.head
)
71 if (l2cap_pi(sk
)->sport
== psm
&& !bacmp(&bt_sk(sk
)->src
, src
))
78 static int l2cap_sock_bind(struct socket
*sock
, struct sockaddr
*addr
, int alen
)
80 struct sock
*sk
= sock
->sk
;
81 struct sockaddr_l2 la
;
86 if (!addr
|| addr
->sa_family
!= AF_BLUETOOTH
)
89 memset(&la
, 0, sizeof(la
));
90 len
= min_t(unsigned int, sizeof(la
), alen
);
91 memcpy(&la
, addr
, len
);
98 if (sk
->sk_state
!= BT_OPEN
) {
104 __u16 psm
= __le16_to_cpu(la
.l2_psm
);
106 /* PSM must be odd and lsb of upper byte must be 0 */
107 if ((psm
& 0x0101) != 0x0001) {
112 /* Restrict usage of well-known PSMs */
113 if (psm
< 0x1001 && !capable(CAP_NET_BIND_SERVICE
)) {
119 write_lock_bh(&l2cap_sk_list
.lock
);
121 if (la
.l2_psm
&& __l2cap_get_sock_by_addr(la
.l2_psm
, &la
.l2_bdaddr
)) {
124 /* Save source address */
125 bacpy(&bt_sk(sk
)->src
, &la
.l2_bdaddr
);
126 l2cap_pi(sk
)->psm
= la
.l2_psm
;
127 l2cap_pi(sk
)->sport
= la
.l2_psm
;
128 sk
->sk_state
= BT_BOUND
;
130 if (__le16_to_cpu(la
.l2_psm
) == 0x0001 ||
131 __le16_to_cpu(la
.l2_psm
) == 0x0003)
132 l2cap_pi(sk
)->sec_level
= BT_SECURITY_SDP
;
135 write_unlock_bh(&l2cap_sk_list
.lock
);
142 static int l2cap_sock_connect(struct socket
*sock
, struct sockaddr
*addr
, int alen
, int flags
)
144 struct sock
*sk
= sock
->sk
;
145 struct sockaddr_l2 la
;
150 if (!addr
|| alen
< sizeof(addr
->sa_family
) ||
151 addr
->sa_family
!= AF_BLUETOOTH
)
154 memset(&la
, 0, sizeof(la
));
155 len
= min_t(unsigned int, sizeof(la
), alen
);
156 memcpy(&la
, addr
, len
);
163 if ((sk
->sk_type
== SOCK_SEQPACKET
|| sk
->sk_type
== SOCK_STREAM
)
169 switch (l2cap_pi(sk
)->mode
) {
170 case L2CAP_MODE_BASIC
:
172 case L2CAP_MODE_ERTM
:
173 case L2CAP_MODE_STREAMING
:
182 switch (sk
->sk_state
) {
186 /* Already connecting */
190 /* Already connected */
204 /* PSM must be odd and lsb of upper byte must be 0 */
205 if ((__le16_to_cpu(la
.l2_psm
) & 0x0101) != 0x0001 &&
206 sk
->sk_type
!= SOCK_RAW
) {
211 /* Set destination address and psm */
212 bacpy(&bt_sk(sk
)->dst
, &la
.l2_bdaddr
);
213 l2cap_pi(sk
)->psm
= la
.l2_psm
;
215 err
= l2cap_do_connect(sk
);
220 err
= bt_sock_wait_state(sk
, BT_CONNECTED
,
221 sock_sndtimeo(sk
, flags
& O_NONBLOCK
));
227 static int l2cap_sock_listen(struct socket
*sock
, int backlog
)
229 struct sock
*sk
= sock
->sk
;
232 BT_DBG("sk %p backlog %d", sk
, backlog
);
236 if ((sock
->type
!= SOCK_SEQPACKET
&& sock
->type
!= SOCK_STREAM
)
237 || sk
->sk_state
!= BT_BOUND
) {
242 switch (l2cap_pi(sk
)->mode
) {
243 case L2CAP_MODE_BASIC
:
245 case L2CAP_MODE_ERTM
:
246 case L2CAP_MODE_STREAMING
:
255 if (!l2cap_pi(sk
)->psm
) {
256 bdaddr_t
*src
= &bt_sk(sk
)->src
;
261 write_lock_bh(&l2cap_sk_list
.lock
);
263 for (psm
= 0x1001; psm
< 0x1100; psm
+= 2)
264 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm
), src
)) {
265 l2cap_pi(sk
)->psm
= cpu_to_le16(psm
);
266 l2cap_pi(sk
)->sport
= cpu_to_le16(psm
);
271 write_unlock_bh(&l2cap_sk_list
.lock
);
277 sk
->sk_max_ack_backlog
= backlog
;
278 sk
->sk_ack_backlog
= 0;
279 sk
->sk_state
= BT_LISTEN
;
286 static int l2cap_sock_accept(struct socket
*sock
, struct socket
*newsock
, int flags
)
288 DECLARE_WAITQUEUE(wait
, current
);
289 struct sock
*sk
= sock
->sk
, *nsk
;
293 lock_sock_nested(sk
, SINGLE_DEPTH_NESTING
);
295 if (sk
->sk_state
!= BT_LISTEN
) {
300 timeo
= sock_rcvtimeo(sk
, flags
& O_NONBLOCK
);
302 BT_DBG("sk %p timeo %ld", sk
, timeo
);
304 /* Wait for an incoming connection. (wake-one). */
305 add_wait_queue_exclusive(sk_sleep(sk
), &wait
);
306 while (!(nsk
= bt_accept_dequeue(sk
, newsock
))) {
307 set_current_state(TASK_INTERRUPTIBLE
);
314 timeo
= schedule_timeout(timeo
);
315 lock_sock_nested(sk
, SINGLE_DEPTH_NESTING
);
317 if (sk
->sk_state
!= BT_LISTEN
) {
322 if (signal_pending(current
)) {
323 err
= sock_intr_errno(timeo
);
327 set_current_state(TASK_RUNNING
);
328 remove_wait_queue(sk_sleep(sk
), &wait
);
333 newsock
->state
= SS_CONNECTED
;
335 BT_DBG("new socket %p", nsk
);
342 static int l2cap_sock_getname(struct socket
*sock
, struct sockaddr
*addr
, int *len
, int peer
)
344 struct sockaddr_l2
*la
= (struct sockaddr_l2
*) addr
;
345 struct sock
*sk
= sock
->sk
;
347 BT_DBG("sock %p, sk %p", sock
, sk
);
349 addr
->sa_family
= AF_BLUETOOTH
;
350 *len
= sizeof(struct sockaddr_l2
);
353 la
->l2_psm
= l2cap_pi(sk
)->psm
;
354 bacpy(&la
->l2_bdaddr
, &bt_sk(sk
)->dst
);
355 la
->l2_cid
= cpu_to_le16(l2cap_pi(sk
)->dcid
);
357 la
->l2_psm
= l2cap_pi(sk
)->sport
;
358 bacpy(&la
->l2_bdaddr
, &bt_sk(sk
)->src
);
359 la
->l2_cid
= cpu_to_le16(l2cap_pi(sk
)->scid
);
365 static int l2cap_sock_getsockopt_old(struct socket
*sock
, int optname
, char __user
*optval
, int __user
*optlen
)
367 struct sock
*sk
= sock
->sk
;
368 struct l2cap_options opts
;
369 struct l2cap_conninfo cinfo
;
375 if (get_user(len
, optlen
))
382 opts
.imtu
= l2cap_pi(sk
)->imtu
;
383 opts
.omtu
= l2cap_pi(sk
)->omtu
;
384 opts
.flush_to
= l2cap_pi(sk
)->flush_to
;
385 opts
.mode
= l2cap_pi(sk
)->mode
;
386 opts
.fcs
= l2cap_pi(sk
)->fcs
;
387 opts
.max_tx
= l2cap_pi(sk
)->max_tx
;
388 opts
.txwin_size
= (__u16
)l2cap_pi(sk
)->tx_win
;
390 len
= min_t(unsigned int, len
, sizeof(opts
));
391 if (copy_to_user(optval
, (char *) &opts
, len
))
397 switch (l2cap_pi(sk
)->sec_level
) {
398 case BT_SECURITY_LOW
:
401 case BT_SECURITY_MEDIUM
:
402 opt
= L2CAP_LM_AUTH
| L2CAP_LM_ENCRYPT
;
404 case BT_SECURITY_HIGH
:
405 opt
= L2CAP_LM_AUTH
| L2CAP_LM_ENCRYPT
|
413 if (l2cap_pi(sk
)->role_switch
)
414 opt
|= L2CAP_LM_MASTER
;
416 if (l2cap_pi(sk
)->force_reliable
)
417 opt
|= L2CAP_LM_RELIABLE
;
419 if (put_user(opt
, (u32 __user
*) optval
))
424 if (sk
->sk_state
!= BT_CONNECTED
&&
425 !(sk
->sk_state
== BT_CONNECT2
&&
426 bt_sk(sk
)->defer_setup
)) {
431 cinfo
.hci_handle
= l2cap_pi(sk
)->conn
->hcon
->handle
;
432 memcpy(cinfo
.dev_class
, l2cap_pi(sk
)->conn
->hcon
->dev_class
, 3);
434 len
= min_t(unsigned int, len
, sizeof(cinfo
));
435 if (copy_to_user(optval
, (char *) &cinfo
, len
))
449 static int l2cap_sock_getsockopt(struct socket
*sock
, int level
, int optname
, char __user
*optval
, int __user
*optlen
)
451 struct sock
*sk
= sock
->sk
;
452 struct bt_security sec
;
457 if (level
== SOL_L2CAP
)
458 return l2cap_sock_getsockopt_old(sock
, optname
, optval
, optlen
);
460 if (level
!= SOL_BLUETOOTH
)
463 if (get_user(len
, optlen
))
470 if (sk
->sk_type
!= SOCK_SEQPACKET
&& sk
->sk_type
!= SOCK_STREAM
471 && sk
->sk_type
!= SOCK_RAW
) {
476 sec
.level
= l2cap_pi(sk
)->sec_level
;
478 len
= min_t(unsigned int, len
, sizeof(sec
));
479 if (copy_to_user(optval
, (char *) &sec
, len
))
485 if (sk
->sk_state
!= BT_BOUND
&& sk
->sk_state
!= BT_LISTEN
) {
490 if (put_user(bt_sk(sk
)->defer_setup
, (u32 __user
*) optval
))
496 if (put_user(l2cap_pi(sk
)->flushable
, (u32 __user
*) optval
))
510 static int l2cap_sock_setsockopt_old(struct socket
*sock
, int optname
, char __user
*optval
, unsigned int optlen
)
512 struct sock
*sk
= sock
->sk
;
513 struct l2cap_options opts
;
523 if (sk
->sk_state
== BT_CONNECTED
) {
528 opts
.imtu
= l2cap_pi(sk
)->imtu
;
529 opts
.omtu
= l2cap_pi(sk
)->omtu
;
530 opts
.flush_to
= l2cap_pi(sk
)->flush_to
;
531 opts
.mode
= l2cap_pi(sk
)->mode
;
532 opts
.fcs
= l2cap_pi(sk
)->fcs
;
533 opts
.max_tx
= l2cap_pi(sk
)->max_tx
;
534 opts
.txwin_size
= (__u16
)l2cap_pi(sk
)->tx_win
;
536 len
= min_t(unsigned int, sizeof(opts
), optlen
);
537 if (copy_from_user((char *) &opts
, optval
, len
)) {
542 if (opts
.txwin_size
> L2CAP_DEFAULT_TX_WINDOW
) {
547 l2cap_pi(sk
)->mode
= opts
.mode
;
548 switch (l2cap_pi(sk
)->mode
) {
549 case L2CAP_MODE_BASIC
:
550 l2cap_pi(sk
)->conf_state
&= ~L2CAP_CONF_STATE2_DEVICE
;
552 case L2CAP_MODE_ERTM
:
553 case L2CAP_MODE_STREAMING
:
562 l2cap_pi(sk
)->imtu
= opts
.imtu
;
563 l2cap_pi(sk
)->omtu
= opts
.omtu
;
564 l2cap_pi(sk
)->fcs
= opts
.fcs
;
565 l2cap_pi(sk
)->max_tx
= opts
.max_tx
;
566 l2cap_pi(sk
)->tx_win
= (__u8
)opts
.txwin_size
;
570 if (get_user(opt
, (u32 __user
*) optval
)) {
575 if (opt
& L2CAP_LM_AUTH
)
576 l2cap_pi(sk
)->sec_level
= BT_SECURITY_LOW
;
577 if (opt
& L2CAP_LM_ENCRYPT
)
578 l2cap_pi(sk
)->sec_level
= BT_SECURITY_MEDIUM
;
579 if (opt
& L2CAP_LM_SECURE
)
580 l2cap_pi(sk
)->sec_level
= BT_SECURITY_HIGH
;
582 l2cap_pi(sk
)->role_switch
= (opt
& L2CAP_LM_MASTER
);
583 l2cap_pi(sk
)->force_reliable
= (opt
& L2CAP_LM_RELIABLE
);
595 static int l2cap_sock_setsockopt(struct socket
*sock
, int level
, int optname
, char __user
*optval
, unsigned int optlen
)
597 struct sock
*sk
= sock
->sk
;
598 struct bt_security sec
;
604 if (level
== SOL_L2CAP
)
605 return l2cap_sock_setsockopt_old(sock
, optname
, optval
, optlen
);
607 if (level
!= SOL_BLUETOOTH
)
614 if (sk
->sk_type
!= SOCK_SEQPACKET
&& sk
->sk_type
!= SOCK_STREAM
615 && sk
->sk_type
!= SOCK_RAW
) {
620 sec
.level
= BT_SECURITY_LOW
;
622 len
= min_t(unsigned int, sizeof(sec
), optlen
);
623 if (copy_from_user((char *) &sec
, optval
, len
)) {
628 if (sec
.level
< BT_SECURITY_LOW
||
629 sec
.level
> BT_SECURITY_HIGH
) {
634 l2cap_pi(sk
)->sec_level
= sec
.level
;
638 if (sk
->sk_state
!= BT_BOUND
&& sk
->sk_state
!= BT_LISTEN
) {
643 if (get_user(opt
, (u32 __user
*) optval
)) {
648 bt_sk(sk
)->defer_setup
= opt
;
652 if (get_user(opt
, (u32 __user
*) optval
)) {
657 if (opt
> BT_FLUSHABLE_ON
) {
662 if (opt
== BT_FLUSHABLE_OFF
) {
663 struct l2cap_conn
*conn
= l2cap_pi(sk
)->conn
;
664 /* proceed futher only when we have l2cap_conn and
665 No Flush support in the LM */
666 if (!conn
|| !lmp_no_flush_capable(conn
->hcon
->hdev
)) {
672 l2cap_pi(sk
)->flushable
= opt
;
684 static int l2cap_sock_release(struct socket
*sock
)
686 struct sock
*sk
= sock
->sk
;
689 BT_DBG("sock %p, sk %p", sock
, sk
);
694 err
= l2cap_sock_shutdown(sock
, 2);
701 static void l2cap_sock_destruct(struct sock
*sk
)
705 skb_queue_purge(&sk
->sk_receive_queue
);
706 skb_queue_purge(&sk
->sk_write_queue
);
709 void l2cap_sock_init(struct sock
*sk
, struct sock
*parent
)
711 struct l2cap_pinfo
*pi
= l2cap_pi(sk
);
716 sk
->sk_type
= parent
->sk_type
;
717 bt_sk(sk
)->defer_setup
= bt_sk(parent
)->defer_setup
;
719 pi
->imtu
= l2cap_pi(parent
)->imtu
;
720 pi
->omtu
= l2cap_pi(parent
)->omtu
;
721 pi
->conf_state
= l2cap_pi(parent
)->conf_state
;
722 pi
->mode
= l2cap_pi(parent
)->mode
;
723 pi
->fcs
= l2cap_pi(parent
)->fcs
;
724 pi
->max_tx
= l2cap_pi(parent
)->max_tx
;
725 pi
->tx_win
= l2cap_pi(parent
)->tx_win
;
726 pi
->sec_level
= l2cap_pi(parent
)->sec_level
;
727 pi
->role_switch
= l2cap_pi(parent
)->role_switch
;
728 pi
->force_reliable
= l2cap_pi(parent
)->force_reliable
;
729 pi
->flushable
= l2cap_pi(parent
)->flushable
;
731 pi
->imtu
= L2CAP_DEFAULT_MTU
;
733 if (!disable_ertm
&& sk
->sk_type
== SOCK_STREAM
) {
734 pi
->mode
= L2CAP_MODE_ERTM
;
735 pi
->conf_state
|= L2CAP_CONF_STATE2_DEVICE
;
737 pi
->mode
= L2CAP_MODE_BASIC
;
739 pi
->max_tx
= L2CAP_DEFAULT_MAX_TX
;
740 pi
->fcs
= L2CAP_FCS_CRC16
;
741 pi
->tx_win
= L2CAP_DEFAULT_TX_WINDOW
;
742 pi
->sec_level
= BT_SECURITY_LOW
;
744 pi
->force_reliable
= 0;
745 pi
->flushable
= BT_FLUSHABLE_OFF
;
748 /* Default config options */
750 pi
->flush_to
= L2CAP_DEFAULT_FLUSH_TO
;
751 skb_queue_head_init(TX_QUEUE(sk
));
752 skb_queue_head_init(SREJ_QUEUE(sk
));
753 skb_queue_head_init(BUSY_QUEUE(sk
));
754 INIT_LIST_HEAD(SREJ_LIST(sk
));
757 static struct proto l2cap_proto
= {
759 .owner
= THIS_MODULE
,
760 .obj_size
= sizeof(struct l2cap_pinfo
)
763 struct sock
*l2cap_sock_alloc(struct net
*net
, struct socket
*sock
, int proto
, gfp_t prio
)
767 sk
= sk_alloc(net
, PF_BLUETOOTH
, prio
, &l2cap_proto
);
771 sock_init_data(sock
, sk
);
772 INIT_LIST_HEAD(&bt_sk(sk
)->accept_q
);
774 sk
->sk_destruct
= l2cap_sock_destruct
;
775 sk
->sk_sndtimeo
= msecs_to_jiffies(L2CAP_CONN_TIMEOUT
);
777 sock_reset_flag(sk
, SOCK_ZAPPED
);
779 sk
->sk_protocol
= proto
;
780 sk
->sk_state
= BT_OPEN
;
782 setup_timer(&sk
->sk_timer
, l2cap_sock_timeout
, (unsigned long) sk
);
784 bt_sock_link(&l2cap_sk_list
, sk
);
788 static int l2cap_sock_create(struct net
*net
, struct socket
*sock
, int protocol
,
793 BT_DBG("sock %p", sock
);
795 sock
->state
= SS_UNCONNECTED
;
797 if (sock
->type
!= SOCK_SEQPACKET
&& sock
->type
!= SOCK_STREAM
&&
798 sock
->type
!= SOCK_DGRAM
&& sock
->type
!= SOCK_RAW
)
799 return -ESOCKTNOSUPPORT
;
801 if (sock
->type
== SOCK_RAW
&& !kern
&& !capable(CAP_NET_RAW
))
804 sock
->ops
= &l2cap_sock_ops
;
806 sk
= l2cap_sock_alloc(net
, sock
, protocol
, GFP_ATOMIC
);
810 l2cap_sock_init(sk
, NULL
);
814 const struct proto_ops l2cap_sock_ops
= {
815 .family
= PF_BLUETOOTH
,
816 .owner
= THIS_MODULE
,
817 .release
= l2cap_sock_release
,
818 .bind
= l2cap_sock_bind
,
819 .connect
= l2cap_sock_connect
,
820 .listen
= l2cap_sock_listen
,
821 .accept
= l2cap_sock_accept
,
822 .getname
= l2cap_sock_getname
,
823 .sendmsg
= l2cap_sock_sendmsg
,
824 .recvmsg
= l2cap_sock_recvmsg
,
825 .poll
= bt_sock_poll
,
826 .ioctl
= bt_sock_ioctl
,
827 .mmap
= sock_no_mmap
,
828 .socketpair
= sock_no_socketpair
,
829 .shutdown
= l2cap_sock_shutdown
,
830 .setsockopt
= l2cap_sock_setsockopt
,
831 .getsockopt
= l2cap_sock_getsockopt
834 static const struct net_proto_family l2cap_sock_family_ops
= {
835 .family
= PF_BLUETOOTH
,
836 .owner
= THIS_MODULE
,
837 .create
= l2cap_sock_create
,
840 int __init
l2cap_init_sockets(void)
844 err
= proto_register(&l2cap_proto
, 0);
848 err
= bt_sock_register(BTPROTO_L2CAP
, &l2cap_sock_family_ops
);
852 BT_INFO("L2CAP socket layer initialized");
857 BT_ERR("L2CAP socket registration failed");
858 proto_unregister(&l2cap_proto
);
862 void l2cap_cleanup_sockets(void)
864 if (bt_sock_unregister(BTPROTO_L2CAP
) < 0)
865 BT_ERR("L2CAP socket unregistration failed");
867 proto_unregister(&l2cap_proto
);