1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk, skb->len); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent, 0); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, 91 &rfcomm_pi(sk)->src, NULL); 92 sk->sk_state_change(sk); 93 } 94 95 bh_unlock_sock(sk); 96 local_irq_restore(flags); 97 98 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 99 /* We have to drop DLC lock here, otherwise 100 * rfcomm_sock_destruct() will dead lock. */ 101 rfcomm_dlc_unlock(d); 102 rfcomm_sock_kill(sk); 103 rfcomm_dlc_lock(d); 104 } 105 } 106 107 /* ---- Socket functions ---- */ 108 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 109 { 110 struct sock *sk = NULL; 111 112 sk_for_each(sk, &rfcomm_sk_list.head) { 113 if (rfcomm_pi(sk)->channel == channel && 114 !bacmp(&rfcomm_pi(sk)->src, src)) 115 break; 116 } 117 118 return sk ? sk : NULL; 119 } 120 121 /* Find socket with channel and source bdaddr. 122 * Returns closest match. 123 */ 124 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 125 { 126 struct sock *sk = NULL, *sk1 = NULL; 127 128 read_lock(&rfcomm_sk_list.lock); 129 130 sk_for_each(sk, &rfcomm_sk_list.head) { 131 if (state && sk->sk_state != state) 132 continue; 133 134 if (rfcomm_pi(sk)->channel == channel) { 135 /* Exact match. */ 136 if (!bacmp(&rfcomm_pi(sk)->src, src)) 137 break; 138 139 /* Closest match */ 140 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 141 sk1 = sk; 142 } 143 } 144 145 read_unlock(&rfcomm_sk_list.lock); 146 147 return sk ? sk : sk1; 148 } 149 150 static void rfcomm_sock_destruct(struct sock *sk) 151 { 152 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 153 154 BT_DBG("sk %p dlc %p", sk, d); 155 156 skb_queue_purge(&sk->sk_receive_queue); 157 skb_queue_purge(&sk->sk_write_queue); 158 159 rfcomm_dlc_lock(d); 160 rfcomm_pi(sk)->dlc = NULL; 161 162 /* Detach DLC if it's owned by this socket */ 163 if (d->owner == sk) 164 d->owner = NULL; 165 rfcomm_dlc_unlock(d); 166 167 rfcomm_dlc_put(d); 168 } 169 170 static void rfcomm_sock_cleanup_listen(struct sock *parent) 171 { 172 struct sock *sk; 173 174 BT_DBG("parent %p", parent); 175 176 /* Close not yet accepted dlcs */ 177 while ((sk = bt_accept_dequeue(parent, NULL))) { 178 rfcomm_sock_close(sk); 179 rfcomm_sock_kill(sk); 180 } 181 182 parent->sk_state = BT_CLOSED; 183 sock_set_flag(parent, SOCK_ZAPPED); 184 } 185 186 /* Kill socket (only if zapped and orphan) 187 * Must be called on unlocked socket. 188 */ 189 static void rfcomm_sock_kill(struct sock *sk) 190 { 191 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 192 return; 193 194 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 195 196 /* Kill poor orphan */ 197 bt_sock_unlink(&rfcomm_sk_list, sk); 198 sock_set_flag(sk, SOCK_DEAD); 199 sock_put(sk); 200 } 201 202 static void __rfcomm_sock_close(struct sock *sk) 203 { 204 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 205 206 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 207 208 switch (sk->sk_state) { 209 case BT_LISTEN: 210 rfcomm_sock_cleanup_listen(sk); 211 break; 212 213 case BT_CONNECT: 214 case BT_CONNECT2: 215 case BT_CONFIG: 216 case BT_CONNECTED: 217 rfcomm_dlc_close(d, 0); 218 219 default: 220 sock_set_flag(sk, SOCK_ZAPPED); 221 break; 222 } 223 } 224 225 /* Close socket. 226 * Must be called on unlocked socket. 227 */ 228 static void rfcomm_sock_close(struct sock *sk) 229 { 230 lock_sock(sk); 231 __rfcomm_sock_close(sk); 232 release_sock(sk); 233 } 234 235 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 236 { 237 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 238 239 BT_DBG("sk %p", sk); 240 241 if (parent) { 242 sk->sk_type = parent->sk_type; 243 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 244 &bt_sk(parent)->flags); 245 246 pi->sec_level = rfcomm_pi(parent)->sec_level; 247 pi->role_switch = rfcomm_pi(parent)->role_switch; 248 249 security_sk_clone(parent, sk); 250 } else { 251 pi->dlc->defer_setup = 0; 252 253 pi->sec_level = BT_SECURITY_LOW; 254 pi->role_switch = 0; 255 } 256 257 pi->dlc->sec_level = pi->sec_level; 258 pi->dlc->role_switch = pi->role_switch; 259 } 260 261 static struct proto rfcomm_proto = { 262 .name = "RFCOMM", 263 .owner = THIS_MODULE, 264 .obj_size = sizeof(struct rfcomm_pinfo) 265 }; 266 267 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 268 { 269 struct rfcomm_dlc *d; 270 struct sock *sk; 271 272 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 273 if (!sk) 274 return NULL; 275 276 sock_init_data(sock, sk); 277 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 278 279 d = rfcomm_dlc_alloc(prio); 280 if (!d) { 281 sk_free(sk); 282 return NULL; 283 } 284 285 d->data_ready = rfcomm_sk_data_ready; 286 d->state_change = rfcomm_sk_state_change; 287 288 rfcomm_pi(sk)->dlc = d; 289 d->owner = sk; 290 291 sk->sk_destruct = rfcomm_sock_destruct; 292 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 293 294 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 295 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 296 297 sock_reset_flag(sk, SOCK_ZAPPED); 298 299 sk->sk_protocol = proto; 300 sk->sk_state = BT_OPEN; 301 302 bt_sock_link(&rfcomm_sk_list, sk); 303 304 BT_DBG("sk %p", sk); 305 return sk; 306 } 307 308 static int rfcomm_sock_create(struct net *net, struct socket *sock, 309 int protocol, int kern) 310 { 311 struct sock *sk; 312 313 BT_DBG("sock %p", sock); 314 315 sock->state = SS_UNCONNECTED; 316 317 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 318 return -ESOCKTNOSUPPORT; 319 320 sock->ops = &rfcomm_sock_ops; 321 322 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 323 if (!sk) 324 return -ENOMEM; 325 326 rfcomm_sock_init(sk, NULL); 327 return 0; 328 } 329 330 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 331 { 332 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 333 struct sock *sk = sock->sk; 334 int err = 0; 335 336 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); 337 338 if (!addr || addr->sa_family != AF_BLUETOOTH) 339 return -EINVAL; 340 341 lock_sock(sk); 342 343 if (sk->sk_state != BT_OPEN) { 344 err = -EBADFD; 345 goto done; 346 } 347 348 if (sk->sk_type != SOCK_STREAM) { 349 err = -EINVAL; 350 goto done; 351 } 352 353 write_lock(&rfcomm_sk_list.lock); 354 355 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 356 err = -EADDRINUSE; 357 } else { 358 /* Save source address */ 359 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); 360 rfcomm_pi(sk)->channel = sa->rc_channel; 361 sk->sk_state = BT_BOUND; 362 } 363 364 write_unlock(&rfcomm_sk_list.lock); 365 366 done: 367 release_sock(sk); 368 return err; 369 } 370 371 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 372 { 373 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 374 struct sock *sk = sock->sk; 375 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 376 int err = 0; 377 378 BT_DBG("sk %p", sk); 379 380 if (alen < sizeof(struct sockaddr_rc) || 381 addr->sa_family != AF_BLUETOOTH) 382 return -EINVAL; 383 384 lock_sock(sk); 385 386 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 387 err = -EBADFD; 388 goto done; 389 } 390 391 if (sk->sk_type != SOCK_STREAM) { 392 err = -EINVAL; 393 goto done; 394 } 395 396 sk->sk_state = BT_CONNECT; 397 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 398 rfcomm_pi(sk)->channel = sa->rc_channel; 399 400 d->sec_level = rfcomm_pi(sk)->sec_level; 401 d->role_switch = rfcomm_pi(sk)->role_switch; 402 403 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 404 sa->rc_channel); 405 if (!err) 406 err = bt_sock_wait_state(sk, BT_CONNECTED, 407 sock_sndtimeo(sk, flags & O_NONBLOCK)); 408 409 done: 410 release_sock(sk); 411 return err; 412 } 413 414 static int rfcomm_sock_listen(struct socket *sock, int backlog) 415 { 416 struct sock *sk = sock->sk; 417 int err = 0; 418 419 BT_DBG("sk %p backlog %d", sk, backlog); 420 421 lock_sock(sk); 422 423 if (sk->sk_state != BT_BOUND) { 424 err = -EBADFD; 425 goto done; 426 } 427 428 if (sk->sk_type != SOCK_STREAM) { 429 err = -EINVAL; 430 goto done; 431 } 432 433 if (!rfcomm_pi(sk)->channel) { 434 bdaddr_t *src = &rfcomm_pi(sk)->src; 435 u8 channel; 436 437 err = -EINVAL; 438 439 write_lock(&rfcomm_sk_list.lock); 440 441 for (channel = 1; channel < 31; channel++) 442 if (!__rfcomm_get_sock_by_addr(channel, src)) { 443 rfcomm_pi(sk)->channel = channel; 444 err = 0; 445 break; 446 } 447 448 write_unlock(&rfcomm_sk_list.lock); 449 450 if (err < 0) 451 goto done; 452 } 453 454 sk->sk_max_ack_backlog = backlog; 455 sk->sk_ack_backlog = 0; 456 sk->sk_state = BT_LISTEN; 457 458 done: 459 release_sock(sk); 460 return err; 461 } 462 463 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 464 { 465 DECLARE_WAITQUEUE(wait, current); 466 struct sock *sk = sock->sk, *nsk; 467 long timeo; 468 int err = 0; 469 470 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 471 472 if (sk->sk_type != SOCK_STREAM) { 473 err = -EINVAL; 474 goto done; 475 } 476 477 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 478 479 BT_DBG("sk %p timeo %ld", sk, timeo); 480 481 /* Wait for an incoming connection. (wake-one). */ 482 add_wait_queue_exclusive(sk_sleep(sk), &wait); 483 while (1) { 484 set_current_state(TASK_INTERRUPTIBLE); 485 486 if (sk->sk_state != BT_LISTEN) { 487 err = -EBADFD; 488 break; 489 } 490 491 nsk = bt_accept_dequeue(sk, newsock); 492 if (nsk) 493 break; 494 495 if (!timeo) { 496 err = -EAGAIN; 497 break; 498 } 499 500 if (signal_pending(current)) { 501 err = sock_intr_errno(timeo); 502 break; 503 } 504 505 release_sock(sk); 506 timeo = schedule_timeout(timeo); 507 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 508 } 509 __set_current_state(TASK_RUNNING); 510 remove_wait_queue(sk_sleep(sk), &wait); 511 512 if (err) 513 goto done; 514 515 newsock->state = SS_CONNECTED; 516 517 BT_DBG("new socket %p", nsk); 518 519 done: 520 release_sock(sk); 521 return err; 522 } 523 524 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 525 { 526 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 527 struct sock *sk = sock->sk; 528 529 BT_DBG("sock %p, sk %p", sock, sk); 530 531 memset(sa, 0, sizeof(*sa)); 532 sa->rc_family = AF_BLUETOOTH; 533 sa->rc_channel = rfcomm_pi(sk)->channel; 534 if (peer) 535 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 536 else 537 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 538 539 *len = sizeof(struct sockaddr_rc); 540 return 0; 541 } 542 543 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 544 struct msghdr *msg, size_t len) 545 { 546 struct sock *sk = sock->sk; 547 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 548 struct sk_buff *skb; 549 int sent; 550 551 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 552 return -ENOTCONN; 553 554 if (msg->msg_flags & MSG_OOB) 555 return -EOPNOTSUPP; 556 557 if (sk->sk_shutdown & SEND_SHUTDOWN) 558 return -EPIPE; 559 560 BT_DBG("sock %p, sk %p", sock, sk); 561 562 lock_sock(sk); 563 564 sent = bt_sock_wait_ready(sk, msg->msg_flags); 565 if (sent) 566 goto done; 567 568 while (len) { 569 size_t size = min_t(size_t, len, d->mtu); 570 int err; 571 572 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 573 msg->msg_flags & MSG_DONTWAIT, &err); 574 if (!skb) { 575 if (sent == 0) 576 sent = err; 577 break; 578 } 579 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 580 581 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 582 if (err) { 583 kfree_skb(skb); 584 if (sent == 0) 585 sent = err; 586 break; 587 } 588 589 skb->priority = sk->sk_priority; 590 591 err = rfcomm_dlc_send(d, skb); 592 if (err < 0) { 593 kfree_skb(skb); 594 if (sent == 0) 595 sent = err; 596 break; 597 } 598 599 sent += size; 600 len -= size; 601 } 602 603 done: 604 release_sock(sk); 605 606 return sent; 607 } 608 609 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 610 struct msghdr *msg, size_t size, int flags) 611 { 612 struct sock *sk = sock->sk; 613 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 614 int len; 615 616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 617 rfcomm_dlc_accept(d); 618 return 0; 619 } 620 621 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 622 623 lock_sock(sk); 624 if (!(flags & MSG_PEEK) && len > 0) 625 atomic_sub(len, &sk->sk_rmem_alloc); 626 627 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 628 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 629 release_sock(sk); 630 631 return len; 632 } 633 634 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 635 { 636 struct sock *sk = sock->sk; 637 int err = 0; 638 u32 opt; 639 640 BT_DBG("sk %p", sk); 641 642 lock_sock(sk); 643 644 switch (optname) { 645 case RFCOMM_LM: 646 if (get_user(opt, (u32 __user *) optval)) { 647 err = -EFAULT; 648 break; 649 } 650 651 if (opt & RFCOMM_LM_AUTH) 652 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 653 if (opt & RFCOMM_LM_ENCRYPT) 654 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 655 if (opt & RFCOMM_LM_SECURE) 656 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 657 658 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 659 break; 660 661 default: 662 err = -ENOPROTOOPT; 663 break; 664 } 665 666 release_sock(sk); 667 return err; 668 } 669 670 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 671 { 672 struct sock *sk = sock->sk; 673 struct bt_security sec; 674 int err = 0; 675 size_t len; 676 u32 opt; 677 678 BT_DBG("sk %p", sk); 679 680 if (level == SOL_RFCOMM) 681 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 682 683 if (level != SOL_BLUETOOTH) 684 return -ENOPROTOOPT; 685 686 lock_sock(sk); 687 688 switch (optname) { 689 case BT_SECURITY: 690 if (sk->sk_type != SOCK_STREAM) { 691 err = -EINVAL; 692 break; 693 } 694 695 sec.level = BT_SECURITY_LOW; 696 697 len = min_t(unsigned int, sizeof(sec), optlen); 698 if (copy_from_user((char *) &sec, optval, len)) { 699 err = -EFAULT; 700 break; 701 } 702 703 if (sec.level > BT_SECURITY_HIGH) { 704 err = -EINVAL; 705 break; 706 } 707 708 rfcomm_pi(sk)->sec_level = sec.level; 709 break; 710 711 case BT_DEFER_SETUP: 712 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 713 err = -EINVAL; 714 break; 715 } 716 717 if (get_user(opt, (u32 __user *) optval)) { 718 err = -EFAULT; 719 break; 720 } 721 722 if (opt) 723 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 724 else 725 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 726 727 break; 728 729 default: 730 err = -ENOPROTOOPT; 731 break; 732 } 733 734 release_sock(sk); 735 return err; 736 } 737 738 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 739 { 740 struct sock *sk = sock->sk; 741 struct sock *l2cap_sk; 742 struct l2cap_conn *conn; 743 struct rfcomm_conninfo cinfo; 744 int len, err = 0; 745 u32 opt; 746 747 BT_DBG("sk %p", sk); 748 749 if (get_user(len, optlen)) 750 return -EFAULT; 751 752 lock_sock(sk); 753 754 switch (optname) { 755 case RFCOMM_LM: 756 switch (rfcomm_pi(sk)->sec_level) { 757 case BT_SECURITY_LOW: 758 opt = RFCOMM_LM_AUTH; 759 break; 760 case BT_SECURITY_MEDIUM: 761 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 762 break; 763 case BT_SECURITY_HIGH: 764 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 765 RFCOMM_LM_SECURE; 766 break; 767 default: 768 opt = 0; 769 break; 770 } 771 772 if (rfcomm_pi(sk)->role_switch) 773 opt |= RFCOMM_LM_MASTER; 774 775 if (put_user(opt, (u32 __user *) optval)) 776 err = -EFAULT; 777 break; 778 779 case RFCOMM_CONNINFO: 780 if (sk->sk_state != BT_CONNECTED && 781 !rfcomm_pi(sk)->dlc->defer_setup) { 782 err = -ENOTCONN; 783 break; 784 } 785 786 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 787 conn = l2cap_pi(l2cap_sk)->chan->conn; 788 789 memset(&cinfo, 0, sizeof(cinfo)); 790 cinfo.hci_handle = conn->hcon->handle; 791 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 792 793 len = min_t(unsigned int, len, sizeof(cinfo)); 794 if (copy_to_user(optval, (char *) &cinfo, len)) 795 err = -EFAULT; 796 797 break; 798 799 default: 800 err = -ENOPROTOOPT; 801 break; 802 } 803 804 release_sock(sk); 805 return err; 806 } 807 808 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 809 { 810 struct sock *sk = sock->sk; 811 struct bt_security sec; 812 int len, err = 0; 813 814 BT_DBG("sk %p", sk); 815 816 if (level == SOL_RFCOMM) 817 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 818 819 if (level != SOL_BLUETOOTH) 820 return -ENOPROTOOPT; 821 822 if (get_user(len, optlen)) 823 return -EFAULT; 824 825 lock_sock(sk); 826 827 switch (optname) { 828 case BT_SECURITY: 829 if (sk->sk_type != SOCK_STREAM) { 830 err = -EINVAL; 831 break; 832 } 833 834 sec.level = rfcomm_pi(sk)->sec_level; 835 sec.key_size = 0; 836 837 len = min_t(unsigned int, len, sizeof(sec)); 838 if (copy_to_user(optval, (char *) &sec, len)) 839 err = -EFAULT; 840 841 break; 842 843 case BT_DEFER_SETUP: 844 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 845 err = -EINVAL; 846 break; 847 } 848 849 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 850 (u32 __user *) optval)) 851 err = -EFAULT; 852 853 break; 854 855 default: 856 err = -ENOPROTOOPT; 857 break; 858 } 859 860 release_sock(sk); 861 return err; 862 } 863 864 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 865 { 866 struct sock *sk __maybe_unused = sock->sk; 867 int err; 868 869 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 870 871 err = bt_sock_ioctl(sock, cmd, arg); 872 873 if (err == -ENOIOCTLCMD) { 874 #ifdef CONFIG_BT_RFCOMM_TTY 875 lock_sock(sk); 876 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 877 release_sock(sk); 878 #else 879 err = -EOPNOTSUPP; 880 #endif 881 } 882 883 return err; 884 } 885 886 static int rfcomm_sock_shutdown(struct socket *sock, int how) 887 { 888 struct sock *sk = sock->sk; 889 int err = 0; 890 891 BT_DBG("sock %p, sk %p", sock, sk); 892 893 if (!sk) 894 return 0; 895 896 lock_sock(sk); 897 if (!sk->sk_shutdown) { 898 sk->sk_shutdown = SHUTDOWN_MASK; 899 __rfcomm_sock_close(sk); 900 901 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 902 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 903 } 904 release_sock(sk); 905 return err; 906 } 907 908 static int rfcomm_sock_release(struct socket *sock) 909 { 910 struct sock *sk = sock->sk; 911 int err; 912 913 BT_DBG("sock %p, sk %p", sock, sk); 914 915 if (!sk) 916 return 0; 917 918 err = rfcomm_sock_shutdown(sock, 2); 919 920 sock_orphan(sk); 921 rfcomm_sock_kill(sk); 922 return err; 923 } 924 925 /* ---- RFCOMM core layer callbacks ---- 926 * 927 * called under rfcomm_lock() 928 */ 929 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 930 { 931 struct sock *sk, *parent; 932 bdaddr_t src, dst; 933 int result = 0; 934 935 BT_DBG("session %p channel %d", s, channel); 936 937 rfcomm_session_getaddr(s, &src, &dst); 938 939 /* Check if we have socket listening on channel */ 940 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 941 if (!parent) 942 return 0; 943 944 bh_lock_sock(parent); 945 946 /* Check for backlog size */ 947 if (sk_acceptq_is_full(parent)) { 948 BT_DBG("backlog full %d", parent->sk_ack_backlog); 949 goto done; 950 } 951 952 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 953 if (!sk) 954 goto done; 955 956 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 957 958 rfcomm_sock_init(sk, parent); 959 bacpy(&rfcomm_pi(sk)->src, &src); 960 bacpy(&rfcomm_pi(sk)->dst, &dst); 961 rfcomm_pi(sk)->channel = channel; 962 963 sk->sk_state = BT_CONFIG; 964 bt_accept_enqueue(parent, sk); 965 966 /* Accept connection and return socket DLC */ 967 *d = rfcomm_pi(sk)->dlc; 968 result = 1; 969 970 done: 971 bh_unlock_sock(parent); 972 973 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 974 parent->sk_state_change(parent); 975 976 return result; 977 } 978 979 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 980 { 981 struct sock *sk; 982 983 read_lock(&rfcomm_sk_list.lock); 984 985 sk_for_each(sk, &rfcomm_sk_list.head) { 986 seq_printf(f, "%pMR %pMR %d %d\n", 987 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 988 sk->sk_state, rfcomm_pi(sk)->channel); 989 } 990 991 read_unlock(&rfcomm_sk_list.lock); 992 993 return 0; 994 } 995 996 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 997 { 998 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 999 } 1000 1001 static const struct file_operations rfcomm_sock_debugfs_fops = { 1002 .open = rfcomm_sock_debugfs_open, 1003 .read = seq_read, 1004 .llseek = seq_lseek, 1005 .release = single_release, 1006 }; 1007 1008 static struct dentry *rfcomm_sock_debugfs; 1009 1010 static const struct proto_ops rfcomm_sock_ops = { 1011 .family = PF_BLUETOOTH, 1012 .owner = THIS_MODULE, 1013 .release = rfcomm_sock_release, 1014 .bind = rfcomm_sock_bind, 1015 .connect = rfcomm_sock_connect, 1016 .listen = rfcomm_sock_listen, 1017 .accept = rfcomm_sock_accept, 1018 .getname = rfcomm_sock_getname, 1019 .sendmsg = rfcomm_sock_sendmsg, 1020 .recvmsg = rfcomm_sock_recvmsg, 1021 .shutdown = rfcomm_sock_shutdown, 1022 .setsockopt = rfcomm_sock_setsockopt, 1023 .getsockopt = rfcomm_sock_getsockopt, 1024 .ioctl = rfcomm_sock_ioctl, 1025 .poll = bt_sock_poll, 1026 .socketpair = sock_no_socketpair, 1027 .mmap = sock_no_mmap 1028 }; 1029 1030 static const struct net_proto_family rfcomm_sock_family_ops = { 1031 .family = PF_BLUETOOTH, 1032 .owner = THIS_MODULE, 1033 .create = rfcomm_sock_create 1034 }; 1035 1036 int __init rfcomm_init_sockets(void) 1037 { 1038 int err; 1039 1040 err = proto_register(&rfcomm_proto, 0); 1041 if (err < 0) 1042 return err; 1043 1044 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1045 if (err < 0) { 1046 BT_ERR("RFCOMM socket layer registration failed"); 1047 goto error; 1048 } 1049 1050 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1051 if (err < 0) { 1052 BT_ERR("Failed to create RFCOMM proc file"); 1053 bt_sock_unregister(BTPROTO_RFCOMM); 1054 goto error; 1055 } 1056 1057 BT_INFO("RFCOMM socket layer initialized"); 1058 1059 if (IS_ERR_OR_NULL(bt_debugfs)) 1060 return 0; 1061 1062 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1063 bt_debugfs, NULL, 1064 &rfcomm_sock_debugfs_fops); 1065 1066 return 0; 1067 1068 error: 1069 proto_unregister(&rfcomm_proto); 1070 return err; 1071 } 1072 1073 void __exit rfcomm_cleanup_sockets(void) 1074 { 1075 bt_procfs_cleanup(&init_net, "rfcomm"); 1076 1077 debugfs_remove(rfcomm_sock_debugfs); 1078 1079 bt_sock_unregister(BTPROTO_RFCOMM); 1080 1081 proto_unregister(&rfcomm_proto); 1082 } 1083