1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk, skb->len); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent, 0); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 91 sk->sk_state_change(sk); 92 } 93 94 bh_unlock_sock(sk); 95 local_irq_restore(flags); 96 97 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 98 /* We have to drop DLC lock here, otherwise 99 * rfcomm_sock_destruct() will dead lock. */ 100 rfcomm_dlc_unlock(d); 101 rfcomm_sock_kill(sk); 102 rfcomm_dlc_lock(d); 103 } 104 } 105 106 /* ---- Socket functions ---- */ 107 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 108 { 109 struct sock *sk = NULL; 110 111 sk_for_each(sk, &rfcomm_sk_list.head) { 112 if (rfcomm_pi(sk)->channel == channel && 113 !bacmp(&bt_sk(sk)->src, src)) 114 break; 115 } 116 117 return sk ? sk : NULL; 118 } 119 120 /* Find socket with channel and source bdaddr. 121 * Returns closest match. 122 */ 123 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 124 { 125 struct sock *sk = NULL, *sk1 = NULL; 126 127 read_lock(&rfcomm_sk_list.lock); 128 129 sk_for_each(sk, &rfcomm_sk_list.head) { 130 if (state && sk->sk_state != state) 131 continue; 132 133 if (rfcomm_pi(sk)->channel == channel) { 134 /* Exact match. */ 135 if (!bacmp(&bt_sk(sk)->src, src)) 136 break; 137 138 /* Closest match */ 139 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 140 sk1 = sk; 141 } 142 } 143 144 read_unlock(&rfcomm_sk_list.lock); 145 146 return sk ? sk : sk1; 147 } 148 149 static void rfcomm_sock_destruct(struct sock *sk) 150 { 151 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 152 153 BT_DBG("sk %p dlc %p", sk, d); 154 155 skb_queue_purge(&sk->sk_receive_queue); 156 skb_queue_purge(&sk->sk_write_queue); 157 158 rfcomm_dlc_lock(d); 159 rfcomm_pi(sk)->dlc = NULL; 160 161 /* Detach DLC if it's owned by this socket */ 162 if (d->owner == sk) 163 d->owner = NULL; 164 rfcomm_dlc_unlock(d); 165 166 rfcomm_dlc_put(d); 167 } 168 169 static void rfcomm_sock_cleanup_listen(struct sock *parent) 170 { 171 struct sock *sk; 172 173 BT_DBG("parent %p", parent); 174 175 /* Close not yet accepted dlcs */ 176 while ((sk = bt_accept_dequeue(parent, NULL))) { 177 rfcomm_sock_close(sk); 178 rfcomm_sock_kill(sk); 179 } 180 181 parent->sk_state = BT_CLOSED; 182 sock_set_flag(parent, SOCK_ZAPPED); 183 } 184 185 /* Kill socket (only if zapped and orphan) 186 * Must be called on unlocked socket. 187 */ 188 static void rfcomm_sock_kill(struct sock *sk) 189 { 190 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 191 return; 192 193 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 194 195 /* Kill poor orphan */ 196 bt_sock_unlink(&rfcomm_sk_list, sk); 197 sock_set_flag(sk, SOCK_DEAD); 198 sock_put(sk); 199 } 200 201 static void __rfcomm_sock_close(struct sock *sk) 202 { 203 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 204 205 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 206 207 switch (sk->sk_state) { 208 case BT_LISTEN: 209 rfcomm_sock_cleanup_listen(sk); 210 break; 211 212 case BT_CONNECT: 213 case BT_CONNECT2: 214 case BT_CONFIG: 215 case BT_CONNECTED: 216 rfcomm_dlc_close(d, 0); 217 218 default: 219 sock_set_flag(sk, SOCK_ZAPPED); 220 break; 221 } 222 } 223 224 /* Close socket. 225 * Must be called on unlocked socket. 226 */ 227 static void rfcomm_sock_close(struct sock *sk) 228 { 229 lock_sock(sk); 230 __rfcomm_sock_close(sk); 231 release_sock(sk); 232 } 233 234 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 235 { 236 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 237 238 BT_DBG("sk %p", sk); 239 240 if (parent) { 241 sk->sk_type = parent->sk_type; 242 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 243 &bt_sk(parent)->flags); 244 245 pi->sec_level = rfcomm_pi(parent)->sec_level; 246 pi->role_switch = rfcomm_pi(parent)->role_switch; 247 248 security_sk_clone(parent, sk); 249 } else { 250 pi->dlc->defer_setup = 0; 251 252 pi->sec_level = BT_SECURITY_LOW; 253 pi->role_switch = 0; 254 } 255 256 pi->dlc->sec_level = pi->sec_level; 257 pi->dlc->role_switch = pi->role_switch; 258 } 259 260 static struct proto rfcomm_proto = { 261 .name = "RFCOMM", 262 .owner = THIS_MODULE, 263 .obj_size = sizeof(struct rfcomm_pinfo) 264 }; 265 266 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 267 { 268 struct rfcomm_dlc *d; 269 struct sock *sk; 270 271 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 272 if (!sk) 273 return NULL; 274 275 sock_init_data(sock, sk); 276 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 277 278 d = rfcomm_dlc_alloc(prio); 279 if (!d) { 280 sk_free(sk); 281 return NULL; 282 } 283 284 d->data_ready = rfcomm_sk_data_ready; 285 d->state_change = rfcomm_sk_state_change; 286 287 rfcomm_pi(sk)->dlc = d; 288 d->owner = sk; 289 290 sk->sk_destruct = rfcomm_sock_destruct; 291 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 292 293 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 294 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 295 296 sock_reset_flag(sk, SOCK_ZAPPED); 297 298 sk->sk_protocol = proto; 299 sk->sk_state = BT_OPEN; 300 301 bt_sock_link(&rfcomm_sk_list, sk); 302 303 BT_DBG("sk %p", sk); 304 return sk; 305 } 306 307 static int rfcomm_sock_create(struct net *net, struct socket *sock, 308 int protocol, int kern) 309 { 310 struct sock *sk; 311 312 BT_DBG("sock %p", sock); 313 314 sock->state = SS_UNCONNECTED; 315 316 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 317 return -ESOCKTNOSUPPORT; 318 319 sock->ops = &rfcomm_sock_ops; 320 321 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 322 if (!sk) 323 return -ENOMEM; 324 325 rfcomm_sock_init(sk, NULL); 326 return 0; 327 } 328 329 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 330 { 331 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 332 struct sock *sk = sock->sk; 333 int err = 0; 334 335 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); 336 337 if (!addr || addr->sa_family != AF_BLUETOOTH) 338 return -EINVAL; 339 340 lock_sock(sk); 341 342 if (sk->sk_state != BT_OPEN) { 343 err = -EBADFD; 344 goto done; 345 } 346 347 if (sk->sk_type != SOCK_STREAM) { 348 err = -EINVAL; 349 goto done; 350 } 351 352 write_lock(&rfcomm_sk_list.lock); 353 354 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 355 err = -EADDRINUSE; 356 } else { 357 /* Save source address */ 358 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 359 rfcomm_pi(sk)->channel = sa->rc_channel; 360 sk->sk_state = BT_BOUND; 361 } 362 363 write_unlock(&rfcomm_sk_list.lock); 364 365 done: 366 release_sock(sk); 367 return err; 368 } 369 370 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 371 { 372 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 373 struct sock *sk = sock->sk; 374 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 375 int err = 0; 376 377 BT_DBG("sk %p", sk); 378 379 if (alen < sizeof(struct sockaddr_rc) || 380 addr->sa_family != AF_BLUETOOTH) 381 return -EINVAL; 382 383 lock_sock(sk); 384 385 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 386 err = -EBADFD; 387 goto done; 388 } 389 390 if (sk->sk_type != SOCK_STREAM) { 391 err = -EINVAL; 392 goto done; 393 } 394 395 sk->sk_state = BT_CONNECT; 396 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 397 rfcomm_pi(sk)->channel = sa->rc_channel; 398 399 d->sec_level = rfcomm_pi(sk)->sec_level; 400 d->role_switch = rfcomm_pi(sk)->role_switch; 401 402 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 403 if (!err) 404 err = bt_sock_wait_state(sk, BT_CONNECTED, 405 sock_sndtimeo(sk, flags & O_NONBLOCK)); 406 407 done: 408 release_sock(sk); 409 return err; 410 } 411 412 static int rfcomm_sock_listen(struct socket *sock, int backlog) 413 { 414 struct sock *sk = sock->sk; 415 int err = 0; 416 417 BT_DBG("sk %p backlog %d", sk, backlog); 418 419 lock_sock(sk); 420 421 if (sk->sk_state != BT_BOUND) { 422 err = -EBADFD; 423 goto done; 424 } 425 426 if (sk->sk_type != SOCK_STREAM) { 427 err = -EINVAL; 428 goto done; 429 } 430 431 if (!rfcomm_pi(sk)->channel) { 432 bdaddr_t *src = &bt_sk(sk)->src; 433 u8 channel; 434 435 err = -EINVAL; 436 437 write_lock(&rfcomm_sk_list.lock); 438 439 for (channel = 1; channel < 31; channel++) 440 if (!__rfcomm_get_sock_by_addr(channel, src)) { 441 rfcomm_pi(sk)->channel = channel; 442 err = 0; 443 break; 444 } 445 446 write_unlock(&rfcomm_sk_list.lock); 447 448 if (err < 0) 449 goto done; 450 } 451 452 sk->sk_max_ack_backlog = backlog; 453 sk->sk_ack_backlog = 0; 454 sk->sk_state = BT_LISTEN; 455 456 done: 457 release_sock(sk); 458 return err; 459 } 460 461 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 462 { 463 DECLARE_WAITQUEUE(wait, current); 464 struct sock *sk = sock->sk, *nsk; 465 long timeo; 466 int err = 0; 467 468 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 469 470 if (sk->sk_type != SOCK_STREAM) { 471 err = -EINVAL; 472 goto done; 473 } 474 475 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 476 477 BT_DBG("sk %p timeo %ld", sk, timeo); 478 479 /* Wait for an incoming connection. (wake-one). */ 480 add_wait_queue_exclusive(sk_sleep(sk), &wait); 481 while (1) { 482 set_current_state(TASK_INTERRUPTIBLE); 483 484 if (sk->sk_state != BT_LISTEN) { 485 err = -EBADFD; 486 break; 487 } 488 489 nsk = bt_accept_dequeue(sk, newsock); 490 if (nsk) 491 break; 492 493 if (!timeo) { 494 err = -EAGAIN; 495 break; 496 } 497 498 if (signal_pending(current)) { 499 err = sock_intr_errno(timeo); 500 break; 501 } 502 503 release_sock(sk); 504 timeo = schedule_timeout(timeo); 505 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 506 } 507 __set_current_state(TASK_RUNNING); 508 remove_wait_queue(sk_sleep(sk), &wait); 509 510 if (err) 511 goto done; 512 513 newsock->state = SS_CONNECTED; 514 515 BT_DBG("new socket %p", nsk); 516 517 done: 518 release_sock(sk); 519 return err; 520 } 521 522 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 523 { 524 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 525 struct sock *sk = sock->sk; 526 527 BT_DBG("sock %p, sk %p", sock, sk); 528 529 memset(sa, 0, sizeof(*sa)); 530 sa->rc_family = AF_BLUETOOTH; 531 sa->rc_channel = rfcomm_pi(sk)->channel; 532 if (peer) 533 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 534 else 535 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 536 537 *len = sizeof(struct sockaddr_rc); 538 return 0; 539 } 540 541 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 542 struct msghdr *msg, size_t len) 543 { 544 struct sock *sk = sock->sk; 545 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 546 struct sk_buff *skb; 547 int sent = 0; 548 549 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 550 return -ENOTCONN; 551 552 if (msg->msg_flags & MSG_OOB) 553 return -EOPNOTSUPP; 554 555 if (sk->sk_shutdown & SEND_SHUTDOWN) 556 return -EPIPE; 557 558 BT_DBG("sock %p, sk %p", sock, sk); 559 560 lock_sock(sk); 561 562 while (len) { 563 size_t size = min_t(size_t, len, d->mtu); 564 int err; 565 566 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 567 msg->msg_flags & MSG_DONTWAIT, &err); 568 if (!skb) { 569 if (sent == 0) 570 sent = err; 571 break; 572 } 573 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 574 575 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 576 if (err) { 577 kfree_skb(skb); 578 if (sent == 0) 579 sent = err; 580 break; 581 } 582 583 skb->priority = sk->sk_priority; 584 585 err = rfcomm_dlc_send(d, skb); 586 if (err < 0) { 587 kfree_skb(skb); 588 if (sent == 0) 589 sent = err; 590 break; 591 } 592 593 sent += size; 594 len -= size; 595 } 596 597 release_sock(sk); 598 599 return sent; 600 } 601 602 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 603 struct msghdr *msg, size_t size, int flags) 604 { 605 struct sock *sk = sock->sk; 606 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 607 int len; 608 609 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 610 rfcomm_dlc_accept(d); 611 msg->msg_namelen = 0; 612 return 0; 613 } 614 615 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 616 617 lock_sock(sk); 618 if (!(flags & MSG_PEEK) && len > 0) 619 atomic_sub(len, &sk->sk_rmem_alloc); 620 621 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 622 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 623 release_sock(sk); 624 625 return len; 626 } 627 628 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 629 { 630 struct sock *sk = sock->sk; 631 int err = 0; 632 u32 opt; 633 634 BT_DBG("sk %p", sk); 635 636 lock_sock(sk); 637 638 switch (optname) { 639 case RFCOMM_LM: 640 if (get_user(opt, (u32 __user *) optval)) { 641 err = -EFAULT; 642 break; 643 } 644 645 if (opt & RFCOMM_LM_AUTH) 646 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 647 if (opt & RFCOMM_LM_ENCRYPT) 648 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 649 if (opt & RFCOMM_LM_SECURE) 650 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 651 652 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 653 break; 654 655 default: 656 err = -ENOPROTOOPT; 657 break; 658 } 659 660 release_sock(sk); 661 return err; 662 } 663 664 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 665 { 666 struct sock *sk = sock->sk; 667 struct bt_security sec; 668 int err = 0; 669 size_t len; 670 u32 opt; 671 672 BT_DBG("sk %p", sk); 673 674 if (level == SOL_RFCOMM) 675 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 676 677 if (level != SOL_BLUETOOTH) 678 return -ENOPROTOOPT; 679 680 lock_sock(sk); 681 682 switch (optname) { 683 case BT_SECURITY: 684 if (sk->sk_type != SOCK_STREAM) { 685 err = -EINVAL; 686 break; 687 } 688 689 sec.level = BT_SECURITY_LOW; 690 691 len = min_t(unsigned int, sizeof(sec), optlen); 692 if (copy_from_user((char *) &sec, optval, len)) { 693 err = -EFAULT; 694 break; 695 } 696 697 if (sec.level > BT_SECURITY_HIGH) { 698 err = -EINVAL; 699 break; 700 } 701 702 rfcomm_pi(sk)->sec_level = sec.level; 703 break; 704 705 case BT_DEFER_SETUP: 706 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 707 err = -EINVAL; 708 break; 709 } 710 711 if (get_user(opt, (u32 __user *) optval)) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (opt) 717 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 718 else 719 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 720 721 break; 722 723 default: 724 err = -ENOPROTOOPT; 725 break; 726 } 727 728 release_sock(sk); 729 return err; 730 } 731 732 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 733 { 734 struct sock *sk = sock->sk; 735 struct rfcomm_conninfo cinfo; 736 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 737 int len, err = 0; 738 u32 opt; 739 740 BT_DBG("sk %p", sk); 741 742 if (get_user(len, optlen)) 743 return -EFAULT; 744 745 lock_sock(sk); 746 747 switch (optname) { 748 case RFCOMM_LM: 749 switch (rfcomm_pi(sk)->sec_level) { 750 case BT_SECURITY_LOW: 751 opt = RFCOMM_LM_AUTH; 752 break; 753 case BT_SECURITY_MEDIUM: 754 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 755 break; 756 case BT_SECURITY_HIGH: 757 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 758 RFCOMM_LM_SECURE; 759 break; 760 default: 761 opt = 0; 762 break; 763 } 764 765 if (rfcomm_pi(sk)->role_switch) 766 opt |= RFCOMM_LM_MASTER; 767 768 if (put_user(opt, (u32 __user *) optval)) 769 err = -EFAULT; 770 break; 771 772 case RFCOMM_CONNINFO: 773 if (sk->sk_state != BT_CONNECTED && 774 !rfcomm_pi(sk)->dlc->defer_setup) { 775 err = -ENOTCONN; 776 break; 777 } 778 779 memset(&cinfo, 0, sizeof(cinfo)); 780 cinfo.hci_handle = conn->hcon->handle; 781 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 782 783 len = min_t(unsigned int, len, sizeof(cinfo)); 784 if (copy_to_user(optval, (char *) &cinfo, len)) 785 err = -EFAULT; 786 787 break; 788 789 default: 790 err = -ENOPROTOOPT; 791 break; 792 } 793 794 release_sock(sk); 795 return err; 796 } 797 798 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 799 { 800 struct sock *sk = sock->sk; 801 struct bt_security sec; 802 int len, err = 0; 803 804 BT_DBG("sk %p", sk); 805 806 if (level == SOL_RFCOMM) 807 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 808 809 if (level != SOL_BLUETOOTH) 810 return -ENOPROTOOPT; 811 812 if (get_user(len, optlen)) 813 return -EFAULT; 814 815 lock_sock(sk); 816 817 switch (optname) { 818 case BT_SECURITY: 819 if (sk->sk_type != SOCK_STREAM) { 820 err = -EINVAL; 821 break; 822 } 823 824 sec.level = rfcomm_pi(sk)->sec_level; 825 sec.key_size = 0; 826 827 len = min_t(unsigned int, len, sizeof(sec)); 828 if (copy_to_user(optval, (char *) &sec, len)) 829 err = -EFAULT; 830 831 break; 832 833 case BT_DEFER_SETUP: 834 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 835 err = -EINVAL; 836 break; 837 } 838 839 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 840 (u32 __user *) optval)) 841 err = -EFAULT; 842 843 break; 844 845 default: 846 err = -ENOPROTOOPT; 847 break; 848 } 849 850 release_sock(sk); 851 return err; 852 } 853 854 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 855 { 856 struct sock *sk __maybe_unused = sock->sk; 857 int err; 858 859 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 860 861 err = bt_sock_ioctl(sock, cmd, arg); 862 863 if (err == -ENOIOCTLCMD) { 864 #ifdef CONFIG_BT_RFCOMM_TTY 865 lock_sock(sk); 866 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 867 release_sock(sk); 868 #else 869 err = -EOPNOTSUPP; 870 #endif 871 } 872 873 return err; 874 } 875 876 static int rfcomm_sock_shutdown(struct socket *sock, int how) 877 { 878 struct sock *sk = sock->sk; 879 int err = 0; 880 881 BT_DBG("sock %p, sk %p", sock, sk); 882 883 if (!sk) 884 return 0; 885 886 lock_sock(sk); 887 if (!sk->sk_shutdown) { 888 sk->sk_shutdown = SHUTDOWN_MASK; 889 __rfcomm_sock_close(sk); 890 891 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 892 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 893 } 894 release_sock(sk); 895 return err; 896 } 897 898 static int rfcomm_sock_release(struct socket *sock) 899 { 900 struct sock *sk = sock->sk; 901 int err; 902 903 BT_DBG("sock %p, sk %p", sock, sk); 904 905 if (!sk) 906 return 0; 907 908 err = rfcomm_sock_shutdown(sock, 2); 909 910 sock_orphan(sk); 911 rfcomm_sock_kill(sk); 912 return err; 913 } 914 915 /* ---- RFCOMM core layer callbacks ---- 916 * 917 * called under rfcomm_lock() 918 */ 919 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 920 { 921 struct sock *sk, *parent; 922 bdaddr_t src, dst; 923 int result = 0; 924 925 BT_DBG("session %p channel %d", s, channel); 926 927 rfcomm_session_getaddr(s, &src, &dst); 928 929 /* Check if we have socket listening on channel */ 930 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 931 if (!parent) 932 return 0; 933 934 bh_lock_sock(parent); 935 936 /* Check for backlog size */ 937 if (sk_acceptq_is_full(parent)) { 938 BT_DBG("backlog full %d", parent->sk_ack_backlog); 939 goto done; 940 } 941 942 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 943 if (!sk) 944 goto done; 945 946 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 947 948 rfcomm_sock_init(sk, parent); 949 bacpy(&bt_sk(sk)->src, &src); 950 bacpy(&bt_sk(sk)->dst, &dst); 951 rfcomm_pi(sk)->channel = channel; 952 953 sk->sk_state = BT_CONFIG; 954 bt_accept_enqueue(parent, sk); 955 956 /* Accept connection and return socket DLC */ 957 *d = rfcomm_pi(sk)->dlc; 958 result = 1; 959 960 done: 961 bh_unlock_sock(parent); 962 963 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 964 parent->sk_state_change(parent); 965 966 return result; 967 } 968 969 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 970 { 971 struct sock *sk; 972 973 read_lock(&rfcomm_sk_list.lock); 974 975 sk_for_each(sk, &rfcomm_sk_list.head) { 976 seq_printf(f, "%pMR %pMR %d %d\n", 977 &bt_sk(sk)->src, &bt_sk(sk)->dst, 978 sk->sk_state, rfcomm_pi(sk)->channel); 979 } 980 981 read_unlock(&rfcomm_sk_list.lock); 982 983 return 0; 984 } 985 986 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 987 { 988 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 989 } 990 991 static const struct file_operations rfcomm_sock_debugfs_fops = { 992 .open = rfcomm_sock_debugfs_open, 993 .read = seq_read, 994 .llseek = seq_lseek, 995 .release = single_release, 996 }; 997 998 static struct dentry *rfcomm_sock_debugfs; 999 1000 static const struct proto_ops rfcomm_sock_ops = { 1001 .family = PF_BLUETOOTH, 1002 .owner = THIS_MODULE, 1003 .release = rfcomm_sock_release, 1004 .bind = rfcomm_sock_bind, 1005 .connect = rfcomm_sock_connect, 1006 .listen = rfcomm_sock_listen, 1007 .accept = rfcomm_sock_accept, 1008 .getname = rfcomm_sock_getname, 1009 .sendmsg = rfcomm_sock_sendmsg, 1010 .recvmsg = rfcomm_sock_recvmsg, 1011 .shutdown = rfcomm_sock_shutdown, 1012 .setsockopt = rfcomm_sock_setsockopt, 1013 .getsockopt = rfcomm_sock_getsockopt, 1014 .ioctl = rfcomm_sock_ioctl, 1015 .poll = bt_sock_poll, 1016 .socketpair = sock_no_socketpair, 1017 .mmap = sock_no_mmap 1018 }; 1019 1020 static const struct net_proto_family rfcomm_sock_family_ops = { 1021 .family = PF_BLUETOOTH, 1022 .owner = THIS_MODULE, 1023 .create = rfcomm_sock_create 1024 }; 1025 1026 int __init rfcomm_init_sockets(void) 1027 { 1028 int err; 1029 1030 err = proto_register(&rfcomm_proto, 0); 1031 if (err < 0) 1032 return err; 1033 1034 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1035 if (err < 0) { 1036 BT_ERR("RFCOMM socket layer registration failed"); 1037 goto error; 1038 } 1039 1040 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1041 if (err < 0) { 1042 BT_ERR("Failed to create RFCOMM proc file"); 1043 bt_sock_unregister(BTPROTO_RFCOMM); 1044 goto error; 1045 } 1046 1047 if (bt_debugfs) { 1048 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1049 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1050 if (!rfcomm_sock_debugfs) 1051 BT_ERR("Failed to create RFCOMM debug file"); 1052 } 1053 1054 BT_INFO("RFCOMM socket layer initialized"); 1055 1056 return 0; 1057 1058 error: 1059 proto_unregister(&rfcomm_proto); 1060 return err; 1061 } 1062 1063 void __exit rfcomm_cleanup_sockets(void) 1064 { 1065 bt_procfs_cleanup(&init_net, "rfcomm"); 1066 1067 debugfs_remove(rfcomm_sock_debugfs); 1068 1069 bt_sock_unregister(BTPROTO_RFCOMM); 1070 1071 proto_unregister(&rfcomm_proto); 1072 } 1073