mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-25 21:24:08 +08:00
c4f5627f7e
With commite163376220
("Bluetooth: Handle bt_accept_enqueue() socket atomically") lock_sock[_nested]() is used to acquire the socket lock before manipulating the socket. lock_sock[_nested]() may block, which is problematic since bt_accept_enqueue() can be called in bottom half context (e.g. from rfcomm_connect_ind()): [<ffffff80080d81ec>] __might_sleep+0x4c/0x80 [<ffffff800876c7b0>] lock_sock_nested+0x24/0x58 [<ffffff8000d7c27c>] bt_accept_enqueue+0x48/0xd4 [bluetooth] [<ffffff8000e67d8c>] rfcomm_connect_ind+0x190/0x218 [rfcomm] Add a parameter to bt_accept_enqueue() to indicate whether the function is called from BH context, and acquire the socket lock with bh_lock_sock_nested() if that's the case. Also adapt all callers of bt_accept_enqueue() to pass the new parameter: - l2cap_sock_new_connection_cb() - uses lock_sock() to lock the parent socket => process context - rfcomm_connect_ind() - acquires the parent socket lock with bh_lock_sock() => BH context - __sco_chan_add() - called from sco_chan_add(), which is called from sco_connect(). parent is NULL, hence bt_accept_enqueue() isn't called in this code path and we can ignore it - also called from sco_conn_ready(). uses bh_lock_sock() to acquire the parent lock => BH context Fixes:e163376220
("Bluetooth: Handle bt_accept_enqueue() socket atomically") Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Reviewed-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
417 lines
9.8 KiB
C
417 lines
9.8 KiB
C
/*
|
|
BlueZ - Bluetooth protocol stack for Linux
|
|
Copyright (C) 2000-2001 Qualcomm Incorporated
|
|
|
|
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License version 2 as
|
|
published by the Free Software Foundation;
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
|
|
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
|
|
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
|
|
SOFTWARE IS DISCLAIMED.
|
|
*/
|
|
|
|
#ifndef __BLUETOOTH_H
|
|
#define __BLUETOOTH_H
|
|
|
|
#include <linux/poll.h>
|
|
#include <net/sock.h>
|
|
#include <linux/seq_file.h>
|
|
|
|
#define BT_SUBSYS_VERSION 2
|
|
#define BT_SUBSYS_REVISION 22
|
|
|
|
#ifndef AF_BLUETOOTH
|
|
#define AF_BLUETOOTH 31
|
|
#define PF_BLUETOOTH AF_BLUETOOTH
|
|
#endif
|
|
|
|
/* Bluetooth versions */
|
|
#define BLUETOOTH_VER_1_1 1
|
|
#define BLUETOOTH_VER_1_2 2
|
|
#define BLUETOOTH_VER_2_0 3
|
|
|
|
/* Reserv for core and drivers use */
|
|
#define BT_SKB_RESERVE 8
|
|
|
|
#define BTPROTO_L2CAP 0
|
|
#define BTPROTO_HCI 1
|
|
#define BTPROTO_SCO 2
|
|
#define BTPROTO_RFCOMM 3
|
|
#define BTPROTO_BNEP 4
|
|
#define BTPROTO_CMTP 5
|
|
#define BTPROTO_HIDP 6
|
|
#define BTPROTO_AVDTP 7
|
|
|
|
#define SOL_HCI 0
|
|
#define SOL_L2CAP 6
|
|
#define SOL_SCO 17
|
|
#define SOL_RFCOMM 18
|
|
|
|
#define BT_SECURITY 4
|
|
struct bt_security {
|
|
__u8 level;
|
|
__u8 key_size;
|
|
};
|
|
#define BT_SECURITY_SDP 0
|
|
#define BT_SECURITY_LOW 1
|
|
#define BT_SECURITY_MEDIUM 2
|
|
#define BT_SECURITY_HIGH 3
|
|
#define BT_SECURITY_FIPS 4
|
|
|
|
#define BT_DEFER_SETUP 7
|
|
|
|
#define BT_FLUSHABLE 8
|
|
|
|
#define BT_FLUSHABLE_OFF 0
|
|
#define BT_FLUSHABLE_ON 1
|
|
|
|
#define BT_POWER 9
|
|
struct bt_power {
|
|
__u8 force_active;
|
|
};
|
|
#define BT_POWER_FORCE_ACTIVE_OFF 0
|
|
#define BT_POWER_FORCE_ACTIVE_ON 1
|
|
|
|
#define BT_CHANNEL_POLICY 10
|
|
|
|
/* BR/EDR only (default policy)
|
|
* AMP controllers cannot be used.
|
|
* Channel move requests from the remote device are denied.
|
|
* If the L2CAP channel is currently using AMP, move the channel to BR/EDR.
|
|
*/
|
|
#define BT_CHANNEL_POLICY_BREDR_ONLY 0
|
|
|
|
/* BR/EDR Preferred
|
|
* Allow use of AMP controllers.
|
|
* If the L2CAP channel is currently on AMP, move it to BR/EDR.
|
|
* Channel move requests from the remote device are allowed.
|
|
*/
|
|
#define BT_CHANNEL_POLICY_BREDR_PREFERRED 1
|
|
|
|
/* AMP Preferred
|
|
* Allow use of AMP controllers
|
|
* If the L2CAP channel is currently on BR/EDR and AMP controller
|
|
* resources are available, initiate a channel move to AMP.
|
|
* Channel move requests from the remote device are allowed.
|
|
* If the L2CAP socket has not been connected yet, try to create
|
|
* and configure the channel directly on an AMP controller rather
|
|
* than BR/EDR.
|
|
*/
|
|
#define BT_CHANNEL_POLICY_AMP_PREFERRED 2
|
|
|
|
#define BT_VOICE 11
|
|
struct bt_voice {
|
|
__u16 setting;
|
|
};
|
|
|
|
#define BT_VOICE_TRANSPARENT 0x0003
|
|
#define BT_VOICE_CVSD_16BIT 0x0060
|
|
|
|
#define BT_SNDMTU 12
|
|
#define BT_RCVMTU 13
|
|
|
|
__printf(1, 2)
|
|
void bt_info(const char *fmt, ...);
|
|
__printf(1, 2)
|
|
void bt_warn(const char *fmt, ...);
|
|
__printf(1, 2)
|
|
void bt_err(const char *fmt, ...);
|
|
__printf(1, 2)
|
|
void bt_err_ratelimited(const char *fmt, ...);
|
|
|
|
#define BT_INFO(fmt, ...) bt_info(fmt "\n", ##__VA_ARGS__)
|
|
#define BT_WARN(fmt, ...) bt_warn(fmt "\n", ##__VA_ARGS__)
|
|
#define BT_ERR(fmt, ...) bt_err(fmt "\n", ##__VA_ARGS__)
|
|
#define BT_DBG(fmt, ...) pr_debug(fmt "\n", ##__VA_ARGS__)
|
|
|
|
#define BT_ERR_RATELIMITED(fmt, ...) bt_err_ratelimited(fmt "\n", ##__VA_ARGS__)
|
|
|
|
#define bt_dev_info(hdev, fmt, ...) \
|
|
BT_INFO("%s: " fmt, (hdev)->name, ##__VA_ARGS__)
|
|
#define bt_dev_warn(hdev, fmt, ...) \
|
|
BT_WARN("%s: " fmt, (hdev)->name, ##__VA_ARGS__)
|
|
#define bt_dev_err(hdev, fmt, ...) \
|
|
BT_ERR("%s: " fmt, (hdev)->name, ##__VA_ARGS__)
|
|
#define bt_dev_dbg(hdev, fmt, ...) \
|
|
BT_DBG("%s: " fmt, (hdev)->name, ##__VA_ARGS__)
|
|
|
|
#define bt_dev_err_ratelimited(hdev, fmt, ...) \
|
|
BT_ERR_RATELIMITED("%s: " fmt, (hdev)->name, ##__VA_ARGS__)
|
|
|
|
/* Connection and socket states */
|
|
enum {
|
|
BT_CONNECTED = 1, /* Equal to TCP_ESTABLISHED to make net code happy */
|
|
BT_OPEN,
|
|
BT_BOUND,
|
|
BT_LISTEN,
|
|
BT_CONNECT,
|
|
BT_CONNECT2,
|
|
BT_CONFIG,
|
|
BT_DISCONN,
|
|
BT_CLOSED
|
|
};
|
|
|
|
/* If unused will be removed by compiler */
|
|
static inline const char *state_to_string(int state)
|
|
{
|
|
switch (state) {
|
|
case BT_CONNECTED:
|
|
return "BT_CONNECTED";
|
|
case BT_OPEN:
|
|
return "BT_OPEN";
|
|
case BT_BOUND:
|
|
return "BT_BOUND";
|
|
case BT_LISTEN:
|
|
return "BT_LISTEN";
|
|
case BT_CONNECT:
|
|
return "BT_CONNECT";
|
|
case BT_CONNECT2:
|
|
return "BT_CONNECT2";
|
|
case BT_CONFIG:
|
|
return "BT_CONFIG";
|
|
case BT_DISCONN:
|
|
return "BT_DISCONN";
|
|
case BT_CLOSED:
|
|
return "BT_CLOSED";
|
|
}
|
|
|
|
return "invalid state";
|
|
}
|
|
|
|
/* BD Address */
|
|
typedef struct {
|
|
__u8 b[6];
|
|
} __packed bdaddr_t;
|
|
|
|
/* BD Address type */
|
|
#define BDADDR_BREDR 0x00
|
|
#define BDADDR_LE_PUBLIC 0x01
|
|
#define BDADDR_LE_RANDOM 0x02
|
|
|
|
static inline bool bdaddr_type_is_valid(u8 type)
|
|
{
|
|
switch (type) {
|
|
case BDADDR_BREDR:
|
|
case BDADDR_LE_PUBLIC:
|
|
case BDADDR_LE_RANDOM:
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
static inline bool bdaddr_type_is_le(u8 type)
|
|
{
|
|
switch (type) {
|
|
case BDADDR_LE_PUBLIC:
|
|
case BDADDR_LE_RANDOM:
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
#define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0}})
|
|
#define BDADDR_NONE (&(bdaddr_t) {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}})
|
|
|
|
/* Copy, swap, convert BD Address */
|
|
static inline int bacmp(const bdaddr_t *ba1, const bdaddr_t *ba2)
|
|
{
|
|
return memcmp(ba1, ba2, sizeof(bdaddr_t));
|
|
}
|
|
static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
|
|
{
|
|
memcpy(dst, src, sizeof(bdaddr_t));
|
|
}
|
|
|
|
void baswap(bdaddr_t *dst, const bdaddr_t *src);
|
|
|
|
/* Common socket structures and functions */
|
|
|
|
#define bt_sk(__sk) ((struct bt_sock *) __sk)
|
|
|
|
struct bt_sock {
|
|
struct sock sk;
|
|
struct list_head accept_q;
|
|
struct sock *parent;
|
|
unsigned long flags;
|
|
void (*skb_msg_name)(struct sk_buff *, void *, int *);
|
|
};
|
|
|
|
enum {
|
|
BT_SK_DEFER_SETUP,
|
|
BT_SK_SUSPEND,
|
|
};
|
|
|
|
struct bt_sock_list {
|
|
struct hlist_head head;
|
|
rwlock_t lock;
|
|
#ifdef CONFIG_PROC_FS
|
|
int (* custom_seq_show)(struct seq_file *, void *);
|
|
#endif
|
|
};
|
|
|
|
int bt_sock_register(int proto, const struct net_proto_family *ops);
|
|
void bt_sock_unregister(int proto);
|
|
void bt_sock_link(struct bt_sock_list *l, struct sock *s);
|
|
void bt_sock_unlink(struct bt_sock_list *l, struct sock *s);
|
|
int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
|
|
int flags);
|
|
int bt_sock_stream_recvmsg(struct socket *sock, struct msghdr *msg,
|
|
size_t len, int flags);
|
|
__poll_t bt_sock_poll(struct file *file, struct socket *sock, poll_table *wait);
|
|
int bt_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
|
|
int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo);
|
|
int bt_sock_wait_ready(struct sock *sk, unsigned long flags);
|
|
|
|
void bt_accept_enqueue(struct sock *parent, struct sock *sk, bool bh);
|
|
void bt_accept_unlink(struct sock *sk);
|
|
struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock);
|
|
|
|
/* Skb helpers */
|
|
struct l2cap_ctrl {
|
|
u8 sframe:1,
|
|
poll:1,
|
|
final:1,
|
|
fcs:1,
|
|
sar:2,
|
|
super:2;
|
|
|
|
u16 reqseq;
|
|
u16 txseq;
|
|
u8 retries;
|
|
__le16 psm;
|
|
bdaddr_t bdaddr;
|
|
struct l2cap_chan *chan;
|
|
};
|
|
|
|
struct hci_dev;
|
|
|
|
typedef void (*hci_req_complete_t)(struct hci_dev *hdev, u8 status, u16 opcode);
|
|
typedef void (*hci_req_complete_skb_t)(struct hci_dev *hdev, u8 status,
|
|
u16 opcode, struct sk_buff *skb);
|
|
|
|
#define HCI_REQ_START BIT(0)
|
|
#define HCI_REQ_SKB BIT(1)
|
|
|
|
struct hci_ctrl {
|
|
u16 opcode;
|
|
u8 req_flags;
|
|
u8 req_event;
|
|
union {
|
|
hci_req_complete_t req_complete;
|
|
hci_req_complete_skb_t req_complete_skb;
|
|
};
|
|
};
|
|
|
|
struct bt_skb_cb {
|
|
u8 pkt_type;
|
|
u8 force_active;
|
|
u16 expect;
|
|
u8 incoming:1;
|
|
union {
|
|
struct l2cap_ctrl l2cap;
|
|
struct hci_ctrl hci;
|
|
};
|
|
};
|
|
#define bt_cb(skb) ((struct bt_skb_cb *)((skb)->cb))
|
|
|
|
#define hci_skb_pkt_type(skb) bt_cb((skb))->pkt_type
|
|
#define hci_skb_expect(skb) bt_cb((skb))->expect
|
|
#define hci_skb_opcode(skb) bt_cb((skb))->hci.opcode
|
|
|
|
static inline struct sk_buff *bt_skb_alloc(unsigned int len, gfp_t how)
|
|
{
|
|
struct sk_buff *skb;
|
|
|
|
skb = alloc_skb(len + BT_SKB_RESERVE, how);
|
|
if (skb)
|
|
skb_reserve(skb, BT_SKB_RESERVE);
|
|
return skb;
|
|
}
|
|
|
|
static inline struct sk_buff *bt_skb_send_alloc(struct sock *sk,
|
|
unsigned long len, int nb, int *err)
|
|
{
|
|
struct sk_buff *skb;
|
|
|
|
skb = sock_alloc_send_skb(sk, len + BT_SKB_RESERVE, nb, err);
|
|
if (skb)
|
|
skb_reserve(skb, BT_SKB_RESERVE);
|
|
|
|
if (!skb && *err)
|
|
return NULL;
|
|
|
|
*err = sock_error(sk);
|
|
if (*err)
|
|
goto out;
|
|
|
|
if (sk->sk_shutdown) {
|
|
*err = -ECONNRESET;
|
|
goto out;
|
|
}
|
|
|
|
return skb;
|
|
|
|
out:
|
|
kfree_skb(skb);
|
|
return NULL;
|
|
}
|
|
|
|
int bt_to_errno(u16 code);
|
|
|
|
void hci_sock_set_flag(struct sock *sk, int nr);
|
|
void hci_sock_clear_flag(struct sock *sk, int nr);
|
|
int hci_sock_test_flag(struct sock *sk, int nr);
|
|
unsigned short hci_sock_get_channel(struct sock *sk);
|
|
u32 hci_sock_get_cookie(struct sock *sk);
|
|
|
|
int hci_sock_init(void);
|
|
void hci_sock_cleanup(void);
|
|
|
|
int bt_sysfs_init(void);
|
|
void bt_sysfs_cleanup(void);
|
|
|
|
int bt_procfs_init(struct net *net, const char *name,
|
|
struct bt_sock_list *sk_list,
|
|
int (*seq_show)(struct seq_file *, void *));
|
|
void bt_procfs_cleanup(struct net *net, const char *name);
|
|
|
|
extern struct dentry *bt_debugfs;
|
|
|
|
int l2cap_init(void);
|
|
void l2cap_exit(void);
|
|
|
|
#if IS_ENABLED(CONFIG_BT_BREDR)
|
|
int sco_init(void);
|
|
void sco_exit(void);
|
|
#else
|
|
static inline int sco_init(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void sco_exit(void)
|
|
{
|
|
}
|
|
#endif
|
|
|
|
int mgmt_init(void);
|
|
void mgmt_exit(void);
|
|
|
|
void bt_sock_reclassify_lock(struct sock *sk, int proto);
|
|
|
|
#endif /* __BLUETOOTH_H */
|