1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/rfcomm.h> 36 37 static const struct proto_ops rfcomm_sock_ops; 38 39 static struct bt_sock_list rfcomm_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 41 }; 42 43 static void rfcomm_sock_close(struct sock *sk); 44 static void rfcomm_sock_kill(struct sock *sk); 45 46 /* ---- DLC callbacks ---- 47 * 48 * called under rfcomm_dlc_lock() 49 */ 50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 51 { 52 struct sock *sk = d->owner; 53 if (!sk) 54 return; 55 56 atomic_add(skb->len, &sk->sk_rmem_alloc); 57 skb_queue_tail(&sk->sk_receive_queue, skb); 58 sk->sk_data_ready(sk); 59 60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 61 rfcomm_dlc_throttle(d); 62 } 63 64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 65 { 66 struct sock *sk = d->owner, *parent; 67 unsigned long flags; 68 69 if (!sk) 70 return; 71 72 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 73 74 local_irq_save(flags); 75 bh_lock_sock(sk); 76 77 if (err) 78 sk->sk_err = err; 79 80 sk->sk_state = d->state; 81 82 parent = bt_sk(sk)->parent; 83 if (parent) { 84 if (d->state == BT_CLOSED) { 85 sock_set_flag(sk, SOCK_ZAPPED); 86 bt_accept_unlink(sk); 87 } 88 parent->sk_data_ready(parent); 89 } else { 90 if (d->state == BT_CONNECTED) 91 rfcomm_session_getaddr(d->session, 92 &rfcomm_pi(sk)->src, NULL); 93 sk->sk_state_change(sk); 94 } 95 96 bh_unlock_sock(sk); 97 local_irq_restore(flags); 98 99 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 100 /* We have to drop DLC lock here, otherwise 101 * rfcomm_sock_destruct() will dead lock. */ 102 rfcomm_dlc_unlock(d); 103 rfcomm_sock_kill(sk); 104 rfcomm_dlc_lock(d); 105 } 106 } 107 108 /* ---- Socket functions ---- */ 109 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 110 { 111 struct sock *sk = NULL; 112 113 sk_for_each(sk, &rfcomm_sk_list.head) { 114 if (rfcomm_pi(sk)->channel != channel) 115 continue; 116 117 if (bacmp(&rfcomm_pi(sk)->src, src)) 118 continue; 119 120 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 121 break; 122 } 123 124 return sk ? sk : NULL; 125 } 126 127 /* Find socket with channel and source bdaddr. 128 * Returns closest match. 129 */ 130 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 131 { 132 struct sock *sk = NULL, *sk1 = NULL; 133 134 read_lock(&rfcomm_sk_list.lock); 135 136 sk_for_each(sk, &rfcomm_sk_list.head) { 137 if (state && sk->sk_state != state) 138 continue; 139 140 if (rfcomm_pi(sk)->channel == channel) { 141 /* Exact match. */ 142 if (!bacmp(&rfcomm_pi(sk)->src, src)) 143 break; 144 145 /* Closest match */ 146 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 147 sk1 = sk; 148 } 149 } 150 151 read_unlock(&rfcomm_sk_list.lock); 152 153 return sk ? sk : sk1; 154 } 155 156 static void rfcomm_sock_destruct(struct sock *sk) 157 { 158 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 159 160 BT_DBG("sk %p dlc %p", sk, d); 161 162 skb_queue_purge(&sk->sk_receive_queue); 163 skb_queue_purge(&sk->sk_write_queue); 164 165 rfcomm_dlc_lock(d); 166 rfcomm_pi(sk)->dlc = NULL; 167 168 /* Detach DLC if it's owned by this socket */ 169 if (d->owner == sk) 170 d->owner = NULL; 171 rfcomm_dlc_unlock(d); 172 173 rfcomm_dlc_put(d); 174 } 175 176 static void rfcomm_sock_cleanup_listen(struct sock *parent) 177 { 178 struct sock *sk; 179 180 BT_DBG("parent %p", parent); 181 182 /* Close not yet accepted dlcs */ 183 while ((sk = bt_accept_dequeue(parent, NULL))) { 184 rfcomm_sock_close(sk); 185 rfcomm_sock_kill(sk); 186 } 187 188 parent->sk_state = BT_CLOSED; 189 sock_set_flag(parent, SOCK_ZAPPED); 190 } 191 192 /* Kill socket (only if zapped and orphan) 193 * Must be called on unlocked socket. 194 */ 195 static void rfcomm_sock_kill(struct sock *sk) 196 { 197 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 198 return; 199 200 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 201 202 /* Kill poor orphan */ 203 bt_sock_unlink(&rfcomm_sk_list, sk); 204 sock_set_flag(sk, SOCK_DEAD); 205 sock_put(sk); 206 } 207 208 static void __rfcomm_sock_close(struct sock *sk) 209 { 210 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 211 212 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 213 214 switch (sk->sk_state) { 215 case BT_LISTEN: 216 rfcomm_sock_cleanup_listen(sk); 217 break; 218 219 case BT_CONNECT: 220 case BT_CONNECT2: 221 case BT_CONFIG: 222 case BT_CONNECTED: 223 rfcomm_dlc_close(d, 0); 224 225 default: 226 sock_set_flag(sk, SOCK_ZAPPED); 227 break; 228 } 229 } 230 231 /* Close socket. 232 * Must be called on unlocked socket. 233 */ 234 static void rfcomm_sock_close(struct sock *sk) 235 { 236 lock_sock(sk); 237 __rfcomm_sock_close(sk); 238 release_sock(sk); 239 } 240 241 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 242 { 243 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 244 245 BT_DBG("sk %p", sk); 246 247 if (parent) { 248 sk->sk_type = parent->sk_type; 249 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 250 &bt_sk(parent)->flags); 251 252 pi->sec_level = rfcomm_pi(parent)->sec_level; 253 pi->role_switch = rfcomm_pi(parent)->role_switch; 254 255 security_sk_clone(parent, sk); 256 } else { 257 pi->dlc->defer_setup = 0; 258 259 pi->sec_level = BT_SECURITY_LOW; 260 pi->role_switch = 0; 261 } 262 263 pi->dlc->sec_level = pi->sec_level; 264 pi->dlc->role_switch = pi->role_switch; 265 } 266 267 static struct proto rfcomm_proto = { 268 .name = "RFCOMM", 269 .owner = THIS_MODULE, 270 .obj_size = sizeof(struct rfcomm_pinfo) 271 }; 272 273 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 274 { 275 struct rfcomm_dlc *d; 276 struct sock *sk; 277 278 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); 279 if (!sk) 280 return NULL; 281 282 sock_init_data(sock, sk); 283 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 284 285 d = rfcomm_dlc_alloc(prio); 286 if (!d) { 287 sk_free(sk); 288 return NULL; 289 } 290 291 d->data_ready = rfcomm_sk_data_ready; 292 d->state_change = rfcomm_sk_state_change; 293 294 rfcomm_pi(sk)->dlc = d; 295 d->owner = sk; 296 297 sk->sk_destruct = rfcomm_sock_destruct; 298 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 299 300 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 301 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 302 303 sock_reset_flag(sk, SOCK_ZAPPED); 304 305 sk->sk_protocol = proto; 306 sk->sk_state = BT_OPEN; 307 308 bt_sock_link(&rfcomm_sk_list, sk); 309 310 BT_DBG("sk %p", sk); 311 return sk; 312 } 313 314 static int rfcomm_sock_create(struct net *net, struct socket *sock, 315 int protocol, int kern) 316 { 317 struct sock *sk; 318 319 BT_DBG("sock %p", sock); 320 321 sock->state = SS_UNCONNECTED; 322 323 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 324 return -ESOCKTNOSUPPORT; 325 326 sock->ops = &rfcomm_sock_ops; 327 328 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 329 if (!sk) 330 return -ENOMEM; 331 332 rfcomm_sock_init(sk, NULL); 333 return 0; 334 } 335 336 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 337 { 338 struct sockaddr_rc sa; 339 struct sock *sk = sock->sk; 340 int len, err = 0; 341 342 if (!addr || addr->sa_family != AF_BLUETOOTH) 343 return -EINVAL; 344 345 memset(&sa, 0, sizeof(sa)); 346 len = min_t(unsigned int, sizeof(sa), addr_len); 347 memcpy(&sa, addr, len); 348 349 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 350 351 lock_sock(sk); 352 353 if (sk->sk_state != BT_OPEN) { 354 err = -EBADFD; 355 goto done; 356 } 357 358 if (sk->sk_type != SOCK_STREAM) { 359 err = -EINVAL; 360 goto done; 361 } 362 363 write_lock(&rfcomm_sk_list.lock); 364 365 if (sa.rc_channel && 366 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 367 err = -EADDRINUSE; 368 } else { 369 /* Save source address */ 370 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 371 rfcomm_pi(sk)->channel = sa.rc_channel; 372 sk->sk_state = BT_BOUND; 373 } 374 375 write_unlock(&rfcomm_sk_list.lock); 376 377 done: 378 release_sock(sk); 379 return err; 380 } 381 382 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 383 { 384 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 385 struct sock *sk = sock->sk; 386 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 387 int err = 0; 388 389 BT_DBG("sk %p", sk); 390 391 if (alen < sizeof(struct sockaddr_rc) || 392 addr->sa_family != AF_BLUETOOTH) 393 return -EINVAL; 394 395 lock_sock(sk); 396 397 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 398 err = -EBADFD; 399 goto done; 400 } 401 402 if (sk->sk_type != SOCK_STREAM) { 403 err = -EINVAL; 404 goto done; 405 } 406 407 sk->sk_state = BT_CONNECT; 408 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 409 rfcomm_pi(sk)->channel = sa->rc_channel; 410 411 d->sec_level = rfcomm_pi(sk)->sec_level; 412 d->role_switch = rfcomm_pi(sk)->role_switch; 413 414 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 415 sa->rc_channel); 416 if (!err) 417 err = bt_sock_wait_state(sk, BT_CONNECTED, 418 sock_sndtimeo(sk, flags & O_NONBLOCK)); 419 420 done: 421 release_sock(sk); 422 return err; 423 } 424 425 static int rfcomm_sock_listen(struct socket *sock, int backlog) 426 { 427 struct sock *sk = sock->sk; 428 int err = 0; 429 430 BT_DBG("sk %p backlog %d", sk, backlog); 431 432 lock_sock(sk); 433 434 if (sk->sk_state != BT_BOUND) { 435 err = -EBADFD; 436 goto done; 437 } 438 439 if (sk->sk_type != SOCK_STREAM) { 440 err = -EINVAL; 441 goto done; 442 } 443 444 if (!rfcomm_pi(sk)->channel) { 445 bdaddr_t *src = &rfcomm_pi(sk)->src; 446 u8 channel; 447 448 err = -EINVAL; 449 450 write_lock(&rfcomm_sk_list.lock); 451 452 for (channel = 1; channel < 31; channel++) 453 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 454 rfcomm_pi(sk)->channel = channel; 455 err = 0; 456 break; 457 } 458 459 write_unlock(&rfcomm_sk_list.lock); 460 461 if (err < 0) 462 goto done; 463 } 464 465 sk->sk_max_ack_backlog = backlog; 466 sk->sk_ack_backlog = 0; 467 sk->sk_state = BT_LISTEN; 468 469 done: 470 release_sock(sk); 471 return err; 472 } 473 474 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 475 { 476 DEFINE_WAIT_FUNC(wait, woken_wake_function); 477 struct sock *sk = sock->sk, *nsk; 478 long timeo; 479 int err = 0; 480 481 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 482 483 if (sk->sk_type != SOCK_STREAM) { 484 err = -EINVAL; 485 goto done; 486 } 487 488 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 489 490 BT_DBG("sk %p timeo %ld", sk, timeo); 491 492 /* Wait for an incoming connection. (wake-one). */ 493 add_wait_queue_exclusive(sk_sleep(sk), &wait); 494 while (1) { 495 if (sk->sk_state != BT_LISTEN) { 496 err = -EBADFD; 497 break; 498 } 499 500 nsk = bt_accept_dequeue(sk, newsock); 501 if (nsk) 502 break; 503 504 if (!timeo) { 505 err = -EAGAIN; 506 break; 507 } 508 509 if (signal_pending(current)) { 510 err = sock_intr_errno(timeo); 511 break; 512 } 513 514 release_sock(sk); 515 516 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 517 518 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 519 } 520 remove_wait_queue(sk_sleep(sk), &wait); 521 522 if (err) 523 goto done; 524 525 newsock->state = SS_CONNECTED; 526 527 BT_DBG("new socket %p", nsk); 528 529 done: 530 release_sock(sk); 531 return err; 532 } 533 534 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 535 { 536 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 537 struct sock *sk = sock->sk; 538 539 BT_DBG("sock %p, sk %p", sock, sk); 540 541 if (peer && sk->sk_state != BT_CONNECTED && 542 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 543 return -ENOTCONN; 544 545 memset(sa, 0, sizeof(*sa)); 546 sa->rc_family = AF_BLUETOOTH; 547 sa->rc_channel = rfcomm_pi(sk)->channel; 548 if (peer) 549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 550 else 551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 552 553 *len = sizeof(struct sockaddr_rc); 554 return 0; 555 } 556 557 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 558 size_t len) 559 { 560 struct sock *sk = sock->sk; 561 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 562 struct sk_buff *skb; 563 int sent; 564 565 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 566 return -ENOTCONN; 567 568 if (msg->msg_flags & MSG_OOB) 569 return -EOPNOTSUPP; 570 571 if (sk->sk_shutdown & SEND_SHUTDOWN) 572 return -EPIPE; 573 574 BT_DBG("sock %p, sk %p", sock, sk); 575 576 lock_sock(sk); 577 578 sent = bt_sock_wait_ready(sk, msg->msg_flags); 579 if (sent) 580 goto done; 581 582 while (len) { 583 size_t size = min_t(size_t, len, d->mtu); 584 int err; 585 586 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 587 msg->msg_flags & MSG_DONTWAIT, &err); 588 if (!skb) { 589 if (sent == 0) 590 sent = err; 591 break; 592 } 593 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 594 595 err = memcpy_from_msg(skb_put(skb, size), msg, size); 596 if (err) { 597 kfree_skb(skb); 598 if (sent == 0) 599 sent = err; 600 break; 601 } 602 603 skb->priority = sk->sk_priority; 604 605 err = rfcomm_dlc_send(d, skb); 606 if (err < 0) { 607 kfree_skb(skb); 608 if (sent == 0) 609 sent = err; 610 break; 611 } 612 613 sent += size; 614 len -= size; 615 } 616 617 done: 618 release_sock(sk); 619 620 return sent; 621 } 622 623 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 624 size_t size, int flags) 625 { 626 struct sock *sk = sock->sk; 627 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 628 int len; 629 630 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 631 rfcomm_dlc_accept(d); 632 return 0; 633 } 634 635 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 636 637 lock_sock(sk); 638 if (!(flags & MSG_PEEK) && len > 0) 639 atomic_sub(len, &sk->sk_rmem_alloc); 640 641 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 642 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 643 release_sock(sk); 644 645 return len; 646 } 647 648 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 649 { 650 struct sock *sk = sock->sk; 651 int err = 0; 652 u32 opt; 653 654 BT_DBG("sk %p", sk); 655 656 lock_sock(sk); 657 658 switch (optname) { 659 case RFCOMM_LM: 660 if (get_user(opt, (u32 __user *) optval)) { 661 err = -EFAULT; 662 break; 663 } 664 665 if (opt & RFCOMM_LM_FIPS) { 666 err = -EINVAL; 667 break; 668 } 669 670 if (opt & RFCOMM_LM_AUTH) 671 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 672 if (opt & RFCOMM_LM_ENCRYPT) 673 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 674 if (opt & RFCOMM_LM_SECURE) 675 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 676 677 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 678 break; 679 680 default: 681 err = -ENOPROTOOPT; 682 break; 683 } 684 685 release_sock(sk); 686 return err; 687 } 688 689 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 690 { 691 struct sock *sk = sock->sk; 692 struct bt_security sec; 693 int err = 0; 694 size_t len; 695 u32 opt; 696 697 BT_DBG("sk %p", sk); 698 699 if (level == SOL_RFCOMM) 700 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 701 702 if (level != SOL_BLUETOOTH) 703 return -ENOPROTOOPT; 704 705 lock_sock(sk); 706 707 switch (optname) { 708 case BT_SECURITY: 709 if (sk->sk_type != SOCK_STREAM) { 710 err = -EINVAL; 711 break; 712 } 713 714 sec.level = BT_SECURITY_LOW; 715 716 len = min_t(unsigned int, sizeof(sec), optlen); 717 if (copy_from_user((char *) &sec, optval, len)) { 718 err = -EFAULT; 719 break; 720 } 721 722 if (sec.level > BT_SECURITY_HIGH) { 723 err = -EINVAL; 724 break; 725 } 726 727 rfcomm_pi(sk)->sec_level = sec.level; 728 break; 729 730 case BT_DEFER_SETUP: 731 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 732 err = -EINVAL; 733 break; 734 } 735 736 if (get_user(opt, (u32 __user *) optval)) { 737 err = -EFAULT; 738 break; 739 } 740 741 if (opt) 742 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 743 else 744 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 745 746 break; 747 748 default: 749 err = -ENOPROTOOPT; 750 break; 751 } 752 753 release_sock(sk); 754 return err; 755 } 756 757 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 758 { 759 struct sock *sk = sock->sk; 760 struct sock *l2cap_sk; 761 struct l2cap_conn *conn; 762 struct rfcomm_conninfo cinfo; 763 int len, err = 0; 764 u32 opt; 765 766 BT_DBG("sk %p", sk); 767 768 if (get_user(len, optlen)) 769 return -EFAULT; 770 771 lock_sock(sk); 772 773 switch (optname) { 774 case RFCOMM_LM: 775 switch (rfcomm_pi(sk)->sec_level) { 776 case BT_SECURITY_LOW: 777 opt = RFCOMM_LM_AUTH; 778 break; 779 case BT_SECURITY_MEDIUM: 780 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 781 break; 782 case BT_SECURITY_HIGH: 783 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 784 RFCOMM_LM_SECURE; 785 break; 786 case BT_SECURITY_FIPS: 787 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 788 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 789 break; 790 default: 791 opt = 0; 792 break; 793 } 794 795 if (rfcomm_pi(sk)->role_switch) 796 opt |= RFCOMM_LM_MASTER; 797 798 if (put_user(opt, (u32 __user *) optval)) 799 err = -EFAULT; 800 801 break; 802 803 case RFCOMM_CONNINFO: 804 if (sk->sk_state != BT_CONNECTED && 805 !rfcomm_pi(sk)->dlc->defer_setup) { 806 err = -ENOTCONN; 807 break; 808 } 809 810 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 811 conn = l2cap_pi(l2cap_sk)->chan->conn; 812 813 memset(&cinfo, 0, sizeof(cinfo)); 814 cinfo.hci_handle = conn->hcon->handle; 815 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 816 817 len = min_t(unsigned int, len, sizeof(cinfo)); 818 if (copy_to_user(optval, (char *) &cinfo, len)) 819 err = -EFAULT; 820 821 break; 822 823 default: 824 err = -ENOPROTOOPT; 825 break; 826 } 827 828 release_sock(sk); 829 return err; 830 } 831 832 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 833 { 834 struct sock *sk = sock->sk; 835 struct bt_security sec; 836 int len, err = 0; 837 838 BT_DBG("sk %p", sk); 839 840 if (level == SOL_RFCOMM) 841 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 842 843 if (level != SOL_BLUETOOTH) 844 return -ENOPROTOOPT; 845 846 if (get_user(len, optlen)) 847 return -EFAULT; 848 849 lock_sock(sk); 850 851 switch (optname) { 852 case BT_SECURITY: 853 if (sk->sk_type != SOCK_STREAM) { 854 err = -EINVAL; 855 break; 856 } 857 858 sec.level = rfcomm_pi(sk)->sec_level; 859 sec.key_size = 0; 860 861 len = min_t(unsigned int, len, sizeof(sec)); 862 if (copy_to_user(optval, (char *) &sec, len)) 863 err = -EFAULT; 864 865 break; 866 867 case BT_DEFER_SETUP: 868 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 869 err = -EINVAL; 870 break; 871 } 872 873 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 874 (u32 __user *) optval)) 875 err = -EFAULT; 876 877 break; 878 879 default: 880 err = -ENOPROTOOPT; 881 break; 882 } 883 884 release_sock(sk); 885 return err; 886 } 887 888 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 889 { 890 struct sock *sk __maybe_unused = sock->sk; 891 int err; 892 893 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 894 895 err = bt_sock_ioctl(sock, cmd, arg); 896 897 if (err == -ENOIOCTLCMD) { 898 #ifdef CONFIG_BT_RFCOMM_TTY 899 lock_sock(sk); 900 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 901 release_sock(sk); 902 #else 903 err = -EOPNOTSUPP; 904 #endif 905 } 906 907 return err; 908 } 909 910 static int rfcomm_sock_shutdown(struct socket *sock, int how) 911 { 912 struct sock *sk = sock->sk; 913 int err = 0; 914 915 BT_DBG("sock %p, sk %p", sock, sk); 916 917 if (!sk) 918 return 0; 919 920 lock_sock(sk); 921 if (!sk->sk_shutdown) { 922 sk->sk_shutdown = SHUTDOWN_MASK; 923 __rfcomm_sock_close(sk); 924 925 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 926 !(current->flags & PF_EXITING)) 927 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 928 } 929 release_sock(sk); 930 return err; 931 } 932 933 static int rfcomm_sock_release(struct socket *sock) 934 { 935 struct sock *sk = sock->sk; 936 int err; 937 938 BT_DBG("sock %p, sk %p", sock, sk); 939 940 if (!sk) 941 return 0; 942 943 err = rfcomm_sock_shutdown(sock, 2); 944 945 sock_orphan(sk); 946 rfcomm_sock_kill(sk); 947 return err; 948 } 949 950 /* ---- RFCOMM core layer callbacks ---- 951 * 952 * called under rfcomm_lock() 953 */ 954 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 955 { 956 struct sock *sk, *parent; 957 bdaddr_t src, dst; 958 int result = 0; 959 960 BT_DBG("session %p channel %d", s, channel); 961 962 rfcomm_session_getaddr(s, &src, &dst); 963 964 /* Check if we have socket listening on channel */ 965 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 966 if (!parent) 967 return 0; 968 969 bh_lock_sock(parent); 970 971 /* Check for backlog size */ 972 if (sk_acceptq_is_full(parent)) { 973 BT_DBG("backlog full %d", parent->sk_ack_backlog); 974 goto done; 975 } 976 977 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 978 if (!sk) 979 goto done; 980 981 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 982 983 rfcomm_sock_init(sk, parent); 984 bacpy(&rfcomm_pi(sk)->src, &src); 985 bacpy(&rfcomm_pi(sk)->dst, &dst); 986 rfcomm_pi(sk)->channel = channel; 987 988 sk->sk_state = BT_CONFIG; 989 bt_accept_enqueue(parent, sk); 990 991 /* Accept connection and return socket DLC */ 992 *d = rfcomm_pi(sk)->dlc; 993 result = 1; 994 995 done: 996 bh_unlock_sock(parent); 997 998 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 999 parent->sk_state_change(parent); 1000 1001 return result; 1002 } 1003 1004 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1005 { 1006 struct sock *sk; 1007 1008 read_lock(&rfcomm_sk_list.lock); 1009 1010 sk_for_each(sk, &rfcomm_sk_list.head) { 1011 seq_printf(f, "%pMR %pMR %d %d\n", 1012 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1013 sk->sk_state, rfcomm_pi(sk)->channel); 1014 } 1015 1016 read_unlock(&rfcomm_sk_list.lock); 1017 1018 return 0; 1019 } 1020 1021 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1022 { 1023 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1024 } 1025 1026 static const struct file_operations rfcomm_sock_debugfs_fops = { 1027 .open = rfcomm_sock_debugfs_open, 1028 .read = seq_read, 1029 .llseek = seq_lseek, 1030 .release = single_release, 1031 }; 1032 1033 static struct dentry *rfcomm_sock_debugfs; 1034 1035 static const struct proto_ops rfcomm_sock_ops = { 1036 .family = PF_BLUETOOTH, 1037 .owner = THIS_MODULE, 1038 .release = rfcomm_sock_release, 1039 .bind = rfcomm_sock_bind, 1040 .connect = rfcomm_sock_connect, 1041 .listen = rfcomm_sock_listen, 1042 .accept = rfcomm_sock_accept, 1043 .getname = rfcomm_sock_getname, 1044 .sendmsg = rfcomm_sock_sendmsg, 1045 .recvmsg = rfcomm_sock_recvmsg, 1046 .shutdown = rfcomm_sock_shutdown, 1047 .setsockopt = rfcomm_sock_setsockopt, 1048 .getsockopt = rfcomm_sock_getsockopt, 1049 .ioctl = rfcomm_sock_ioctl, 1050 .poll = bt_sock_poll, 1051 .socketpair = sock_no_socketpair, 1052 .mmap = sock_no_mmap 1053 }; 1054 1055 static const struct net_proto_family rfcomm_sock_family_ops = { 1056 .family = PF_BLUETOOTH, 1057 .owner = THIS_MODULE, 1058 .create = rfcomm_sock_create 1059 }; 1060 1061 int __init rfcomm_init_sockets(void) 1062 { 1063 int err; 1064 1065 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1066 1067 err = proto_register(&rfcomm_proto, 0); 1068 if (err < 0) 1069 return err; 1070 1071 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1072 if (err < 0) { 1073 BT_ERR("RFCOMM socket layer registration failed"); 1074 goto error; 1075 } 1076 1077 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1078 if (err < 0) { 1079 BT_ERR("Failed to create RFCOMM proc file"); 1080 bt_sock_unregister(BTPROTO_RFCOMM); 1081 goto error; 1082 } 1083 1084 BT_INFO("RFCOMM socket layer initialized"); 1085 1086 if (IS_ERR_OR_NULL(bt_debugfs)) 1087 return 0; 1088 1089 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1090 bt_debugfs, NULL, 1091 &rfcomm_sock_debugfs_fops); 1092 1093 return 0; 1094 1095 error: 1096 proto_unregister(&rfcomm_proto); 1097 return err; 1098 } 1099 1100 void __exit rfcomm_cleanup_sockets(void) 1101 { 1102 bt_procfs_cleanup(&init_net, "rfcomm"); 1103 1104 debugfs_remove(rfcomm_sock_debugfs); 1105 1106 bt_sock_unregister(BTPROTO_RFCOMM); 1107 1108 proto_unregister(&rfcomm_proto); 1109 } 1110