1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, 91 &rfcomm_pi(sk)->src, NULL); 92 sk->sk_state_change(sk); 93 } 94 95 bh_unlock_sock(sk); 96 local_irq_restore(flags); 97 98 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 99 /* We have to drop DLC lock here, otherwise 100 * rfcomm_sock_destruct() will dead lock. */ 101 rfcomm_dlc_unlock(d); 102 rfcomm_sock_kill(sk); 103 rfcomm_dlc_lock(d); 104 } 105 } 106 107 /* ---- Socket functions ---- */ 108 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 109 { 110 struct sock *sk = NULL; 111 112 sk_for_each(sk, &rfcomm_sk_list.head) { 113 if (rfcomm_pi(sk)->channel != channel) 114 continue; 115 116 if (bacmp(&rfcomm_pi(sk)->src, src)) 117 continue; 118 119 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 120 break; 121 } 122 123 return sk ? sk : NULL; 124 } 125 126 /* Find socket with channel and source bdaddr. 127 * Returns closest match. 128 */ 129 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 130 { 131 struct sock *sk = NULL, *sk1 = NULL; 132 133 read_lock(&rfcomm_sk_list.lock); 134 135 sk_for_each(sk, &rfcomm_sk_list.head) { 136 if (state && sk->sk_state != state) 137 continue; 138 139 if (rfcomm_pi(sk)->channel == channel) { 140 /* Exact match. */ 141 if (!bacmp(&rfcomm_pi(sk)->src, src)) 142 break; 143 144 /* Closest match */ 145 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 146 sk1 = sk; 147 } 148 } 149 150 read_unlock(&rfcomm_sk_list.lock); 151 152 return sk ? sk : sk1; 153 } 154 155 static void rfcomm_sock_destruct(struct sock *sk) 156 { 157 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 158 159 BT_DBG("sk %p dlc %p", sk, d); 160 161 skb_queue_purge(&sk->sk_receive_queue); 162 skb_queue_purge(&sk->sk_write_queue); 163 164 rfcomm_dlc_lock(d); 165 rfcomm_pi(sk)->dlc = NULL; 166 167 /* Detach DLC if it's owned by this socket */ 168 if (d->owner == sk) 169 d->owner = NULL; 170 rfcomm_dlc_unlock(d); 171 172 rfcomm_dlc_put(d); 173 } 174 175 static void rfcomm_sock_cleanup_listen(struct sock *parent) 176 { 177 struct sock *sk; 178 179 BT_DBG("parent %p", parent); 180 181 /* Close not yet accepted dlcs */ 182 while ((sk = bt_accept_dequeue(parent, NULL))) { 183 rfcomm_sock_close(sk); 184 rfcomm_sock_kill(sk); 185 } 186 187 parent->sk_state = BT_CLOSED; 188 sock_set_flag(parent, SOCK_ZAPPED); 189 } 190 191 /* Kill socket (only if zapped and orphan) 192 * Must be called on unlocked socket. 193 */ 194 static void rfcomm_sock_kill(struct sock *sk) 195 { 196 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 197 return; 198 199 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 200 201 /* Kill poor orphan */ 202 bt_sock_unlink(&rfcomm_sk_list, sk); 203 sock_set_flag(sk, SOCK_DEAD); 204 sock_put(sk); 205 } 206 207 static void __rfcomm_sock_close(struct sock *sk) 208 { 209 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 210 211 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 212 213 switch (sk->sk_state) { 214 case BT_LISTEN: 215 rfcomm_sock_cleanup_listen(sk); 216 break; 217 218 case BT_CONNECT: 219 case BT_CONNECT2: 220 case BT_CONFIG: 221 case BT_CONNECTED: 222 rfcomm_dlc_close(d, 0); 223 224 default: 225 sock_set_flag(sk, SOCK_ZAPPED); 226 break; 227 } 228 } 229 230 /* Close socket. 231 * Must be called on unlocked socket. 232 */ 233 static void rfcomm_sock_close(struct sock *sk) 234 { 235 lock_sock(sk); 236 __rfcomm_sock_close(sk); 237 release_sock(sk); 238 } 239 240 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 241 { 242 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 243 244 BT_DBG("sk %p", sk); 245 246 if (parent) { 247 sk->sk_type = parent->sk_type; 248 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 249 &bt_sk(parent)->flags); 250 251 pi->sec_level = rfcomm_pi(parent)->sec_level; 252 pi->role_switch = rfcomm_pi(parent)->role_switch; 253 254 security_sk_clone(parent, sk); 255 } else { 256 pi->dlc->defer_setup = 0; 257 258 pi->sec_level = BT_SECURITY_LOW; 259 pi->role_switch = 0; 260 } 261 262 pi->dlc->sec_level = pi->sec_level; 263 pi->dlc->role_switch = pi->role_switch; 264 } 265 266 static struct proto rfcomm_proto = { 267 .name = "RFCOMM", 268 .owner = THIS_MODULE, 269 .obj_size = sizeof(struct rfcomm_pinfo) 270 }; 271 272 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 273 { 274 struct rfcomm_dlc *d; 275 struct sock *sk; 276 277 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 278 if (!sk) 279 return NULL; 280 281 sock_init_data(sock, sk); 282 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 283 284 d = rfcomm_dlc_alloc(prio); 285 if (!d) { 286 sk_free(sk); 287 return NULL; 288 } 289 290 d->data_ready = rfcomm_sk_data_ready; 291 d->state_change = rfcomm_sk_state_change; 292 293 rfcomm_pi(sk)->dlc = d; 294 d->owner = sk; 295 296 sk->sk_destruct = rfcomm_sock_destruct; 297 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 298 299 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 300 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 301 302 sock_reset_flag(sk, SOCK_ZAPPED); 303 304 sk->sk_protocol = proto; 305 sk->sk_state = BT_OPEN; 306 307 bt_sock_link(&rfcomm_sk_list, sk); 308 309 BT_DBG("sk %p", sk); 310 return sk; 311 } 312 313 static int rfcomm_sock_create(struct net *net, struct socket *sock, 314 int protocol, int kern) 315 { 316 struct sock *sk; 317 318 BT_DBG("sock %p", sock); 319 320 sock->state = SS_UNCONNECTED; 321 322 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 323 return -ESOCKTNOSUPPORT; 324 325 sock->ops = &rfcomm_sock_ops; 326 327 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 328 if (!sk) 329 return -ENOMEM; 330 331 rfcomm_sock_init(sk, NULL); 332 return 0; 333 } 334 335 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 336 { 337 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 338 struct sock *sk = sock->sk; 339 int chan = sa->rc_channel; 340 int err = 0; 341 342 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); 343 344 if (!addr || addr->sa_family != AF_BLUETOOTH) 345 return -EINVAL; 346 347 lock_sock(sk); 348 349 if (sk->sk_state != BT_OPEN) { 350 err = -EBADFD; 351 goto done; 352 } 353 354 if (sk->sk_type != SOCK_STREAM) { 355 err = -EINVAL; 356 goto done; 357 } 358 359 write_lock(&rfcomm_sk_list.lock); 360 361 if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) { 362 err = -EADDRINUSE; 363 } else { 364 /* Save source address */ 365 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); 366 rfcomm_pi(sk)->channel = chan; 367 sk->sk_state = BT_BOUND; 368 } 369 370 write_unlock(&rfcomm_sk_list.lock); 371 372 done: 373 release_sock(sk); 374 return err; 375 } 376 377 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 378 { 379 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 380 struct sock *sk = sock->sk; 381 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 382 int err = 0; 383 384 BT_DBG("sk %p", sk); 385 386 if (alen < sizeof(struct sockaddr_rc) || 387 addr->sa_family != AF_BLUETOOTH) 388 return -EINVAL; 389 390 lock_sock(sk); 391 392 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 393 err = -EBADFD; 394 goto done; 395 } 396 397 if (sk->sk_type != SOCK_STREAM) { 398 err = -EINVAL; 399 goto done; 400 } 401 402 sk->sk_state = BT_CONNECT; 403 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 404 rfcomm_pi(sk)->channel = sa->rc_channel; 405 406 d->sec_level = rfcomm_pi(sk)->sec_level; 407 d->role_switch = rfcomm_pi(sk)->role_switch; 408 409 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 410 sa->rc_channel); 411 if (!err) 412 err = bt_sock_wait_state(sk, BT_CONNECTED, 413 sock_sndtimeo(sk, flags & O_NONBLOCK)); 414 415 done: 416 release_sock(sk); 417 return err; 418 } 419 420 static int rfcomm_sock_listen(struct socket *sock, int backlog) 421 { 422 struct sock *sk = sock->sk; 423 int err = 0; 424 425 BT_DBG("sk %p backlog %d", sk, backlog); 426 427 lock_sock(sk); 428 429 if (sk->sk_state != BT_BOUND) { 430 err = -EBADFD; 431 goto done; 432 } 433 434 if (sk->sk_type != SOCK_STREAM) { 435 err = -EINVAL; 436 goto done; 437 } 438 439 if (!rfcomm_pi(sk)->channel) { 440 bdaddr_t *src = &rfcomm_pi(sk)->src; 441 u8 channel; 442 443 err = -EINVAL; 444 445 write_lock(&rfcomm_sk_list.lock); 446 447 for (channel = 1; channel < 31; channel++) 448 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 449 rfcomm_pi(sk)->channel = channel; 450 err = 0; 451 break; 452 } 453 454 write_unlock(&rfcomm_sk_list.lock); 455 456 if (err < 0) 457 goto done; 458 } 459 460 sk->sk_max_ack_backlog = backlog; 461 sk->sk_ack_backlog = 0; 462 sk->sk_state = BT_LISTEN; 463 464 done: 465 release_sock(sk); 466 return err; 467 } 468 469 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 470 { 471 DECLARE_WAITQUEUE(wait, current); 472 struct sock *sk = sock->sk, *nsk; 473 long timeo; 474 int err = 0; 475 476 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 477 478 if (sk->sk_type != SOCK_STREAM) { 479 err = -EINVAL; 480 goto done; 481 } 482 483 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 484 485 BT_DBG("sk %p timeo %ld", sk, timeo); 486 487 /* Wait for an incoming connection. (wake-one). */ 488 add_wait_queue_exclusive(sk_sleep(sk), &wait); 489 while (1) { 490 set_current_state(TASK_INTERRUPTIBLE); 491 492 if (sk->sk_state != BT_LISTEN) { 493 err = -EBADFD; 494 break; 495 } 496 497 nsk = bt_accept_dequeue(sk, newsock); 498 if (nsk) 499 break; 500 501 if (!timeo) { 502 err = -EAGAIN; 503 break; 504 } 505 506 if (signal_pending(current)) { 507 err = sock_intr_errno(timeo); 508 break; 509 } 510 511 release_sock(sk); 512 timeo = schedule_timeout(timeo); 513 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 514 } 515 __set_current_state(TASK_RUNNING); 516 remove_wait_queue(sk_sleep(sk), &wait); 517 518 if (err) 519 goto done; 520 521 newsock->state = SS_CONNECTED; 522 523 BT_DBG("new socket %p", nsk); 524 525 done: 526 release_sock(sk); 527 return err; 528 } 529 530 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 531 { 532 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 533 struct sock *sk = sock->sk; 534 535 BT_DBG("sock %p, sk %p", sock, sk); 536 537 if (peer && sk->sk_state != BT_CONNECTED && 538 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 539 return -ENOTCONN; 540 541 memset(sa, 0, sizeof(*sa)); 542 sa->rc_family = AF_BLUETOOTH; 543 sa->rc_channel = rfcomm_pi(sk)->channel; 544 if (peer) 545 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 546 else 547 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 548 549 *len = sizeof(struct sockaddr_rc); 550 return 0; 551 } 552 553 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 554 struct msghdr *msg, size_t len) 555 { 556 struct sock *sk = sock->sk; 557 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 558 struct sk_buff *skb; 559 int sent; 560 561 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 562 return -ENOTCONN; 563 564 if (msg->msg_flags & MSG_OOB) 565 return -EOPNOTSUPP; 566 567 if (sk->sk_shutdown & SEND_SHUTDOWN) 568 return -EPIPE; 569 570 BT_DBG("sock %p, sk %p", sock, sk); 571 572 lock_sock(sk); 573 574 sent = bt_sock_wait_ready(sk, msg->msg_flags); 575 if (sent) 576 goto done; 577 578 while (len) { 579 size_t size = min_t(size_t, len, d->mtu); 580 int err; 581 582 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 583 msg->msg_flags & MSG_DONTWAIT, &err); 584 if (!skb) { 585 if (sent == 0) 586 sent = err; 587 break; 588 } 589 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 590 591 err = memcpy_from_msg(skb_put(skb, size), msg, size); 592 if (err) { 593 kfree_skb(skb); 594 if (sent == 0) 595 sent = err; 596 break; 597 } 598 599 skb->priority = sk->sk_priority; 600 601 err = rfcomm_dlc_send(d, skb); 602 if (err < 0) { 603 kfree_skb(skb); 604 if (sent == 0) 605 sent = err; 606 break; 607 } 608 609 sent += size; 610 len -= size; 611 } 612 613 done: 614 release_sock(sk); 615 616 return sent; 617 } 618 619 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 620 struct msghdr *msg, size_t size, int flags) 621 { 622 struct sock *sk = sock->sk; 623 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 624 int len; 625 626 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 627 rfcomm_dlc_accept(d); 628 return 0; 629 } 630 631 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 632 633 lock_sock(sk); 634 if (!(flags & MSG_PEEK) && len > 0) 635 atomic_sub(len, &sk->sk_rmem_alloc); 636 637 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 638 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 639 release_sock(sk); 640 641 return len; 642 } 643 644 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 645 { 646 struct sock *sk = sock->sk; 647 int err = 0; 648 u32 opt; 649 650 BT_DBG("sk %p", sk); 651 652 lock_sock(sk); 653 654 switch (optname) { 655 case RFCOMM_LM: 656 if (get_user(opt, (u32 __user *) optval)) { 657 err = -EFAULT; 658 break; 659 } 660 661 if (opt & RFCOMM_LM_FIPS) { 662 err = -EINVAL; 663 break; 664 } 665 666 if (opt & RFCOMM_LM_AUTH) 667 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 668 if (opt & RFCOMM_LM_ENCRYPT) 669 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 670 if (opt & RFCOMM_LM_SECURE) 671 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 672 673 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 674 break; 675 676 default: 677 err = -ENOPROTOOPT; 678 break; 679 } 680 681 release_sock(sk); 682 return err; 683 } 684 685 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 686 { 687 struct sock *sk = sock->sk; 688 struct bt_security sec; 689 int err = 0; 690 size_t len; 691 u32 opt; 692 693 BT_DBG("sk %p", sk); 694 695 if (level == SOL_RFCOMM) 696 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 697 698 if (level != SOL_BLUETOOTH) 699 return -ENOPROTOOPT; 700 701 lock_sock(sk); 702 703 switch (optname) { 704 case BT_SECURITY: 705 if (sk->sk_type != SOCK_STREAM) { 706 err = -EINVAL; 707 break; 708 } 709 710 sec.level = BT_SECURITY_LOW; 711 712 len = min_t(unsigned int, sizeof(sec), optlen); 713 if (copy_from_user((char *) &sec, optval, len)) { 714 err = -EFAULT; 715 break; 716 } 717 718 if (sec.level > BT_SECURITY_HIGH) { 719 err = -EINVAL; 720 break; 721 } 722 723 rfcomm_pi(sk)->sec_level = sec.level; 724 break; 725 726 case BT_DEFER_SETUP: 727 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 728 err = -EINVAL; 729 break; 730 } 731 732 if (get_user(opt, (u32 __user *) optval)) { 733 err = -EFAULT; 734 break; 735 } 736 737 if (opt) 738 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 739 else 740 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 741 742 break; 743 744 default: 745 err = -ENOPROTOOPT; 746 break; 747 } 748 749 release_sock(sk); 750 return err; 751 } 752 753 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 754 { 755 struct sock *sk = sock->sk; 756 struct sock *l2cap_sk; 757 struct l2cap_conn *conn; 758 struct rfcomm_conninfo cinfo; 759 int len, err = 0; 760 u32 opt; 761 762 BT_DBG("sk %p", sk); 763 764 if (get_user(len, optlen)) 765 return -EFAULT; 766 767 lock_sock(sk); 768 769 switch (optname) { 770 case RFCOMM_LM: 771 switch (rfcomm_pi(sk)->sec_level) { 772 case BT_SECURITY_LOW: 773 opt = RFCOMM_LM_AUTH; 774 break; 775 case BT_SECURITY_MEDIUM: 776 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 777 break; 778 case BT_SECURITY_HIGH: 779 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 780 RFCOMM_LM_SECURE; 781 break; 782 case BT_SECURITY_FIPS: 783 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 784 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 785 break; 786 default: 787 opt = 0; 788 break; 789 } 790 791 if (rfcomm_pi(sk)->role_switch) 792 opt |= RFCOMM_LM_MASTER; 793 794 if (put_user(opt, (u32 __user *) optval)) 795 err = -EFAULT; 796 797 break; 798 799 case RFCOMM_CONNINFO: 800 if (sk->sk_state != BT_CONNECTED && 801 !rfcomm_pi(sk)->dlc->defer_setup) { 802 err = -ENOTCONN; 803 break; 804 } 805 806 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 807 conn = l2cap_pi(l2cap_sk)->chan->conn; 808 809 memset(&cinfo, 0, sizeof(cinfo)); 810 cinfo.hci_handle = conn->hcon->handle; 811 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 812 813 len = min_t(unsigned int, len, sizeof(cinfo)); 814 if (copy_to_user(optval, (char *) &cinfo, len)) 815 err = -EFAULT; 816 817 break; 818 819 default: 820 err = -ENOPROTOOPT; 821 break; 822 } 823 824 release_sock(sk); 825 return err; 826 } 827 828 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 829 { 830 struct sock *sk = sock->sk; 831 struct bt_security sec; 832 int len, err = 0; 833 834 BT_DBG("sk %p", sk); 835 836 if (level == SOL_RFCOMM) 837 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 838 839 if (level != SOL_BLUETOOTH) 840 return -ENOPROTOOPT; 841 842 if (get_user(len, optlen)) 843 return -EFAULT; 844 845 lock_sock(sk); 846 847 switch (optname) { 848 case BT_SECURITY: 849 if (sk->sk_type != SOCK_STREAM) { 850 err = -EINVAL; 851 break; 852 } 853 854 sec.level = rfcomm_pi(sk)->sec_level; 855 sec.key_size = 0; 856 857 len = min_t(unsigned int, len, sizeof(sec)); 858 if (copy_to_user(optval, (char *) &sec, len)) 859 err = -EFAULT; 860 861 break; 862 863 case BT_DEFER_SETUP: 864 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 865 err = -EINVAL; 866 break; 867 } 868 869 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 870 (u32 __user *) optval)) 871 err = -EFAULT; 872 873 break; 874 875 default: 876 err = -ENOPROTOOPT; 877 break; 878 } 879 880 release_sock(sk); 881 return err; 882 } 883 884 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 885 { 886 struct sock *sk __maybe_unused = sock->sk; 887 int err; 888 889 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 890 891 err = bt_sock_ioctl(sock, cmd, arg); 892 893 if (err == -ENOIOCTLCMD) { 894 #ifdef CONFIG_BT_RFCOMM_TTY 895 lock_sock(sk); 896 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 897 release_sock(sk); 898 #else 899 err = -EOPNOTSUPP; 900 #endif 901 } 902 903 return err; 904 } 905 906 static int rfcomm_sock_shutdown(struct socket *sock, int how) 907 { 908 struct sock *sk = sock->sk; 909 int err = 0; 910 911 BT_DBG("sock %p, sk %p", sock, sk); 912 913 if (!sk) 914 return 0; 915 916 lock_sock(sk); 917 if (!sk->sk_shutdown) { 918 sk->sk_shutdown = SHUTDOWN_MASK; 919 __rfcomm_sock_close(sk); 920 921 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 922 !(current->flags & PF_EXITING)) 923 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 924 } 925 release_sock(sk); 926 return err; 927 } 928 929 static int rfcomm_sock_release(struct socket *sock) 930 { 931 struct sock *sk = sock->sk; 932 int err; 933 934 BT_DBG("sock %p, sk %p", sock, sk); 935 936 if (!sk) 937 return 0; 938 939 err = rfcomm_sock_shutdown(sock, 2); 940 941 sock_orphan(sk); 942 rfcomm_sock_kill(sk); 943 return err; 944 } 945 946 /* ---- RFCOMM core layer callbacks ---- 947 * 948 * called under rfcomm_lock() 949 */ 950 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 951 { 952 struct sock *sk, *parent; 953 bdaddr_t src, dst; 954 int result = 0; 955 956 BT_DBG("session %p channel %d", s, channel); 957 958 rfcomm_session_getaddr(s, &src, &dst); 959 960 /* Check if we have socket listening on channel */ 961 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 962 if (!parent) 963 return 0; 964 965 bh_lock_sock(parent); 966 967 /* Check for backlog size */ 968 if (sk_acceptq_is_full(parent)) { 969 BT_DBG("backlog full %d", parent->sk_ack_backlog); 970 goto done; 971 } 972 973 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 974 if (!sk) 975 goto done; 976 977 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 978 979 rfcomm_sock_init(sk, parent); 980 bacpy(&rfcomm_pi(sk)->src, &src); 981 bacpy(&rfcomm_pi(sk)->dst, &dst); 982 rfcomm_pi(sk)->channel = channel; 983 984 sk->sk_state = BT_CONFIG; 985 bt_accept_enqueue(parent, sk); 986 987 /* Accept connection and return socket DLC */ 988 *d = rfcomm_pi(sk)->dlc; 989 result = 1; 990 991 done: 992 bh_unlock_sock(parent); 993 994 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 995 parent->sk_state_change(parent); 996 997 return result; 998 } 999 1000 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1001 { 1002 struct sock *sk; 1003 1004 read_lock(&rfcomm_sk_list.lock); 1005 1006 sk_for_each(sk, &rfcomm_sk_list.head) { 1007 seq_printf(f, "%pMR %pMR %d %d\n", 1008 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1009 sk->sk_state, rfcomm_pi(sk)->channel); 1010 } 1011 1012 read_unlock(&rfcomm_sk_list.lock); 1013 1014 return 0; 1015 } 1016 1017 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1018 { 1019 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1020 } 1021 1022 static const struct file_operations rfcomm_sock_debugfs_fops = { 1023 .open = rfcomm_sock_debugfs_open, 1024 .read = seq_read, 1025 .llseek = seq_lseek, 1026 .release = single_release, 1027 }; 1028 1029 static struct dentry *rfcomm_sock_debugfs; 1030 1031 static const struct proto_ops rfcomm_sock_ops = { 1032 .family = PF_BLUETOOTH, 1033 .owner = THIS_MODULE, 1034 .release = rfcomm_sock_release, 1035 .bind = rfcomm_sock_bind, 1036 .connect = rfcomm_sock_connect, 1037 .listen = rfcomm_sock_listen, 1038 .accept = rfcomm_sock_accept, 1039 .getname = rfcomm_sock_getname, 1040 .sendmsg = rfcomm_sock_sendmsg, 1041 .recvmsg = rfcomm_sock_recvmsg, 1042 .shutdown = rfcomm_sock_shutdown, 1043 .setsockopt = rfcomm_sock_setsockopt, 1044 .getsockopt = rfcomm_sock_getsockopt, 1045 .ioctl = rfcomm_sock_ioctl, 1046 .poll = bt_sock_poll, 1047 .socketpair = sock_no_socketpair, 1048 .mmap = sock_no_mmap 1049 }; 1050 1051 static const struct net_proto_family rfcomm_sock_family_ops = { 1052 .family = PF_BLUETOOTH, 1053 .owner = THIS_MODULE, 1054 .create = rfcomm_sock_create 1055 }; 1056 1057 int __init rfcomm_init_sockets(void) 1058 { 1059 int err; 1060 1061 err = proto_register(&rfcomm_proto, 0); 1062 if (err < 0) 1063 return err; 1064 1065 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1066 if (err < 0) { 1067 BT_ERR("RFCOMM socket layer registration failed"); 1068 goto error; 1069 } 1070 1071 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1072 if (err < 0) { 1073 BT_ERR("Failed to create RFCOMM proc file"); 1074 bt_sock_unregister(BTPROTO_RFCOMM); 1075 goto error; 1076 } 1077 1078 BT_INFO("RFCOMM socket layer initialized"); 1079 1080 if (IS_ERR_OR_NULL(bt_debugfs)) 1081 return 0; 1082 1083 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1084 bt_debugfs, NULL, 1085 &rfcomm_sock_debugfs_fops); 1086 1087 return 0; 1088 1089 error: 1090 proto_unregister(&rfcomm_proto); 1091 return err; 1092 } 1093 1094 void __exit rfcomm_cleanup_sockets(void) 1095 { 1096 bt_procfs_cleanup(&init_net, "rfcomm"); 1097 1098 debugfs_remove(rfcomm_sock_debugfs); 1099 1100 bt_sock_unregister(BTPROTO_RFCOMM); 1101 1102 proto_unregister(&rfcomm_proto); 1103 } 1104