1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, 91 &rfcomm_pi(sk)->src, NULL); 92 sk->sk_state_change(sk); 93 } 94 95 bh_unlock_sock(sk); 96 local_irq_restore(flags); 97 98 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 99 /* We have to drop DLC lock here, otherwise 100 * rfcomm_sock_destruct() will dead lock. */ 101 rfcomm_dlc_unlock(d); 102 rfcomm_sock_kill(sk); 103 rfcomm_dlc_lock(d); 104 } 105 } 106 107 /* ---- Socket functions ---- */ 108 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 109 { 110 struct sock *sk = NULL; 111 112 sk_for_each(sk, &rfcomm_sk_list.head) { 113 if (rfcomm_pi(sk)->channel != channel) 114 continue; 115 116 if (bacmp(&rfcomm_pi(sk)->src, src)) 117 continue; 118 119 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 120 break; 121 } 122 123 return sk ? sk : NULL; 124 } 125 126 /* Find socket with channel and source bdaddr. 127 * Returns closest match. 128 */ 129 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 130 { 131 struct sock *sk = NULL, *sk1 = NULL; 132 133 read_lock(&rfcomm_sk_list.lock); 134 135 sk_for_each(sk, &rfcomm_sk_list.head) { 136 if (state && sk->sk_state != state) 137 continue; 138 139 if (rfcomm_pi(sk)->channel == channel) { 140 /* Exact match. */ 141 if (!bacmp(&rfcomm_pi(sk)->src, src)) 142 break; 143 144 /* Closest match */ 145 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 146 sk1 = sk; 147 } 148 } 149 150 read_unlock(&rfcomm_sk_list.lock); 151 152 return sk ? sk : sk1; 153 } 154 155 static void rfcomm_sock_destruct(struct sock *sk) 156 { 157 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 158 159 BT_DBG("sk %p dlc %p", sk, d); 160 161 skb_queue_purge(&sk->sk_receive_queue); 162 skb_queue_purge(&sk->sk_write_queue); 163 164 rfcomm_dlc_lock(d); 165 rfcomm_pi(sk)->dlc = NULL; 166 167 /* Detach DLC if it's owned by this socket */ 168 if (d->owner == sk) 169 d->owner = NULL; 170 rfcomm_dlc_unlock(d); 171 172 rfcomm_dlc_put(d); 173 } 174 175 static void rfcomm_sock_cleanup_listen(struct sock *parent) 176 { 177 struct sock *sk; 178 179 BT_DBG("parent %p", parent); 180 181 /* Close not yet accepted dlcs */ 182 while ((sk = bt_accept_dequeue(parent, NULL))) { 183 rfcomm_sock_close(sk); 184 rfcomm_sock_kill(sk); 185 } 186 187 parent->sk_state = BT_CLOSED; 188 sock_set_flag(parent, SOCK_ZAPPED); 189 } 190 191 /* Kill socket (only if zapped and orphan) 192 * Must be called on unlocked socket. 193 */ 194 static void rfcomm_sock_kill(struct sock *sk) 195 { 196 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 197 return; 198 199 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 200 201 /* Kill poor orphan */ 202 bt_sock_unlink(&rfcomm_sk_list, sk); 203 sock_set_flag(sk, SOCK_DEAD); 204 sock_put(sk); 205 } 206 207 static void __rfcomm_sock_close(struct sock *sk) 208 { 209 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 210 211 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 212 213 switch (sk->sk_state) { 214 case BT_LISTEN: 215 rfcomm_sock_cleanup_listen(sk); 216 break; 217 218 case BT_CONNECT: 219 case BT_CONNECT2: 220 case BT_CONFIG: 221 case BT_CONNECTED: 222 rfcomm_dlc_close(d, 0); 223 224 default: 225 sock_set_flag(sk, SOCK_ZAPPED); 226 break; 227 } 228 } 229 230 /* Close socket. 231 * Must be called on unlocked socket. 232 */ 233 static void rfcomm_sock_close(struct sock *sk) 234 { 235 lock_sock(sk); 236 __rfcomm_sock_close(sk); 237 release_sock(sk); 238 } 239 240 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 241 { 242 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 243 244 BT_DBG("sk %p", sk); 245 246 if (parent) { 247 sk->sk_type = parent->sk_type; 248 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 249 &bt_sk(parent)->flags); 250 251 pi->sec_level = rfcomm_pi(parent)->sec_level; 252 pi->role_switch = rfcomm_pi(parent)->role_switch; 253 254 security_sk_clone(parent, sk); 255 } else { 256 pi->dlc->defer_setup = 0; 257 258 pi->sec_level = BT_SECURITY_LOW; 259 pi->role_switch = 0; 260 } 261 262 pi->dlc->sec_level = pi->sec_level; 263 pi->dlc->role_switch = pi->role_switch; 264 } 265 266 static struct proto rfcomm_proto = { 267 .name = "RFCOMM", 268 .owner = THIS_MODULE, 269 .obj_size = sizeof(struct rfcomm_pinfo) 270 }; 271 272 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 273 { 274 struct rfcomm_dlc *d; 275 struct sock *sk; 276 277 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 278 if (!sk) 279 return NULL; 280 281 sock_init_data(sock, sk); 282 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 283 284 d = rfcomm_dlc_alloc(prio); 285 if (!d) { 286 sk_free(sk); 287 return NULL; 288 } 289 290 d->data_ready = rfcomm_sk_data_ready; 291 d->state_change = rfcomm_sk_state_change; 292 293 rfcomm_pi(sk)->dlc = d; 294 d->owner = sk; 295 296 sk->sk_destruct = rfcomm_sock_destruct; 297 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 298 299 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 300 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 301 302 sock_reset_flag(sk, SOCK_ZAPPED); 303 304 sk->sk_protocol = proto; 305 sk->sk_state = BT_OPEN; 306 307 bt_sock_link(&rfcomm_sk_list, sk); 308 309 BT_DBG("sk %p", sk); 310 return sk; 311 } 312 313 static int rfcomm_sock_create(struct net *net, struct socket *sock, 314 int protocol, int kern) 315 { 316 struct sock *sk; 317 318 BT_DBG("sock %p", sock); 319 320 sock->state = SS_UNCONNECTED; 321 322 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 323 return -ESOCKTNOSUPPORT; 324 325 sock->ops = &rfcomm_sock_ops; 326 327 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 328 if (!sk) 329 return -ENOMEM; 330 331 rfcomm_sock_init(sk, NULL); 332 return 0; 333 } 334 335 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 336 { 337 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 338 struct sock *sk = sock->sk; 339 int chan = sa->rc_channel; 340 int err = 0; 341 342 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); 343 344 if (!addr || addr->sa_family != AF_BLUETOOTH) 345 return -EINVAL; 346 347 lock_sock(sk); 348 349 if (sk->sk_state != BT_OPEN) { 350 err = -EBADFD; 351 goto done; 352 } 353 354 if (sk->sk_type != SOCK_STREAM) { 355 err = -EINVAL; 356 goto done; 357 } 358 359 write_lock(&rfcomm_sk_list.lock); 360 361 if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) { 362 err = -EADDRINUSE; 363 } else { 364 /* Save source address */ 365 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); 366 rfcomm_pi(sk)->channel = chan; 367 sk->sk_state = BT_BOUND; 368 } 369 370 write_unlock(&rfcomm_sk_list.lock); 371 372 done: 373 release_sock(sk); 374 return err; 375 } 376 377 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 378 { 379 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 380 struct sock *sk = sock->sk; 381 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 382 int err = 0; 383 384 BT_DBG("sk %p", sk); 385 386 if (alen < sizeof(struct sockaddr_rc) || 387 addr->sa_family != AF_BLUETOOTH) 388 return -EINVAL; 389 390 lock_sock(sk); 391 392 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 393 err = -EBADFD; 394 goto done; 395 } 396 397 if (sk->sk_type != SOCK_STREAM) { 398 err = -EINVAL; 399 goto done; 400 } 401 402 sk->sk_state = BT_CONNECT; 403 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 404 rfcomm_pi(sk)->channel = sa->rc_channel; 405 406 d->sec_level = rfcomm_pi(sk)->sec_level; 407 d->role_switch = rfcomm_pi(sk)->role_switch; 408 409 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 410 sa->rc_channel); 411 if (!err) 412 err = bt_sock_wait_state(sk, BT_CONNECTED, 413 sock_sndtimeo(sk, flags & O_NONBLOCK)); 414 415 done: 416 release_sock(sk); 417 return err; 418 } 419 420 static int rfcomm_sock_listen(struct socket *sock, int backlog) 421 { 422 struct sock *sk = sock->sk; 423 int err = 0; 424 425 BT_DBG("sk %p backlog %d", sk, backlog); 426 427 lock_sock(sk); 428 429 if (sk->sk_state != BT_BOUND) { 430 err = -EBADFD; 431 goto done; 432 } 433 434 if (sk->sk_type != SOCK_STREAM) { 435 err = -EINVAL; 436 goto done; 437 } 438 439 if (!rfcomm_pi(sk)->channel) { 440 bdaddr_t *src = &rfcomm_pi(sk)->src; 441 u8 channel; 442 443 err = -EINVAL; 444 445 write_lock(&rfcomm_sk_list.lock); 446 447 for (channel = 1; channel < 31; channel++) 448 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 449 rfcomm_pi(sk)->channel = channel; 450 err = 0; 451 break; 452 } 453 454 write_unlock(&rfcomm_sk_list.lock); 455 456 if (err < 0) 457 goto done; 458 } 459 460 sk->sk_max_ack_backlog = backlog; 461 sk->sk_ack_backlog = 0; 462 sk->sk_state = BT_LISTEN; 463 464 done: 465 release_sock(sk); 466 return err; 467 } 468 469 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 470 { 471 DEFINE_WAIT_FUNC(wait, woken_wake_function); 472 struct sock *sk = sock->sk, *nsk; 473 long timeo; 474 int err = 0; 475 476 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 477 478 if (sk->sk_type != SOCK_STREAM) { 479 err = -EINVAL; 480 goto done; 481 } 482 483 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 484 485 BT_DBG("sk %p timeo %ld", sk, timeo); 486 487 /* Wait for an incoming connection. (wake-one). */ 488 add_wait_queue_exclusive(sk_sleep(sk), &wait); 489 while (1) { 490 if (sk->sk_state != BT_LISTEN) { 491 err = -EBADFD; 492 break; 493 } 494 495 nsk = bt_accept_dequeue(sk, newsock); 496 if (nsk) 497 break; 498 499 if (!timeo) { 500 err = -EAGAIN; 501 break; 502 } 503 504 if (signal_pending(current)) { 505 err = sock_intr_errno(timeo); 506 break; 507 } 508 509 release_sock(sk); 510 511 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 512 513 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 514 } 515 remove_wait_queue(sk_sleep(sk), &wait); 516 517 if (err) 518 goto done; 519 520 newsock->state = SS_CONNECTED; 521 522 BT_DBG("new socket %p", nsk); 523 524 done: 525 release_sock(sk); 526 return err; 527 } 528 529 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 530 { 531 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 532 struct sock *sk = sock->sk; 533 534 BT_DBG("sock %p, sk %p", sock, sk); 535 536 if (peer && sk->sk_state != BT_CONNECTED && 537 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 538 return -ENOTCONN; 539 540 memset(sa, 0, sizeof(*sa)); 541 sa->rc_family = AF_BLUETOOTH; 542 sa->rc_channel = rfcomm_pi(sk)->channel; 543 if (peer) 544 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 545 else 546 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 547 548 *len = sizeof(struct sockaddr_rc); 549 return 0; 550 } 551 552 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 553 size_t len) 554 { 555 struct sock *sk = sock->sk; 556 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 557 struct sk_buff *skb; 558 int sent; 559 560 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 561 return -ENOTCONN; 562 563 if (msg->msg_flags & MSG_OOB) 564 return -EOPNOTSUPP; 565 566 if (sk->sk_shutdown & SEND_SHUTDOWN) 567 return -EPIPE; 568 569 BT_DBG("sock %p, sk %p", sock, sk); 570 571 lock_sock(sk); 572 573 sent = bt_sock_wait_ready(sk, msg->msg_flags); 574 if (sent) 575 goto done; 576 577 while (len) { 578 size_t size = min_t(size_t, len, d->mtu); 579 int err; 580 581 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 582 msg->msg_flags & MSG_DONTWAIT, &err); 583 if (!skb) { 584 if (sent == 0) 585 sent = err; 586 break; 587 } 588 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 589 590 err = memcpy_from_msg(skb_put(skb, size), msg, size); 591 if (err) { 592 kfree_skb(skb); 593 if (sent == 0) 594 sent = err; 595 break; 596 } 597 598 skb->priority = sk->sk_priority; 599 600 err = rfcomm_dlc_send(d, skb); 601 if (err < 0) { 602 kfree_skb(skb); 603 if (sent == 0) 604 sent = err; 605 break; 606 } 607 608 sent += size; 609 len -= size; 610 } 611 612 done: 613 release_sock(sk); 614 615 return sent; 616 } 617 618 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 619 size_t size, int flags) 620 { 621 struct sock *sk = sock->sk; 622 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 623 int len; 624 625 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 626 rfcomm_dlc_accept(d); 627 return 0; 628 } 629 630 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 631 632 lock_sock(sk); 633 if (!(flags & MSG_PEEK) && len > 0) 634 atomic_sub(len, &sk->sk_rmem_alloc); 635 636 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 637 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 638 release_sock(sk); 639 640 return len; 641 } 642 643 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 644 { 645 struct sock *sk = sock->sk; 646 int err = 0; 647 u32 opt; 648 649 BT_DBG("sk %p", sk); 650 651 lock_sock(sk); 652 653 switch (optname) { 654 case RFCOMM_LM: 655 if (get_user(opt, (u32 __user *) optval)) { 656 err = -EFAULT; 657 break; 658 } 659 660 if (opt & RFCOMM_LM_FIPS) { 661 err = -EINVAL; 662 break; 663 } 664 665 if (opt & RFCOMM_LM_AUTH) 666 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 667 if (opt & RFCOMM_LM_ENCRYPT) 668 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 669 if (opt & RFCOMM_LM_SECURE) 670 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 671 672 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 673 break; 674 675 default: 676 err = -ENOPROTOOPT; 677 break; 678 } 679 680 release_sock(sk); 681 return err; 682 } 683 684 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 685 { 686 struct sock *sk = sock->sk; 687 struct bt_security sec; 688 int err = 0; 689 size_t len; 690 u32 opt; 691 692 BT_DBG("sk %p", sk); 693 694 if (level == SOL_RFCOMM) 695 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 696 697 if (level != SOL_BLUETOOTH) 698 return -ENOPROTOOPT; 699 700 lock_sock(sk); 701 702 switch (optname) { 703 case BT_SECURITY: 704 if (sk->sk_type != SOCK_STREAM) { 705 err = -EINVAL; 706 break; 707 } 708 709 sec.level = BT_SECURITY_LOW; 710 711 len = min_t(unsigned int, sizeof(sec), optlen); 712 if (copy_from_user((char *) &sec, optval, len)) { 713 err = -EFAULT; 714 break; 715 } 716 717 if (sec.level > BT_SECURITY_HIGH) { 718 err = -EINVAL; 719 break; 720 } 721 722 rfcomm_pi(sk)->sec_level = sec.level; 723 break; 724 725 case BT_DEFER_SETUP: 726 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 727 err = -EINVAL; 728 break; 729 } 730 731 if (get_user(opt, (u32 __user *) optval)) { 732 err = -EFAULT; 733 break; 734 } 735 736 if (opt) 737 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 738 else 739 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 740 741 break; 742 743 default: 744 err = -ENOPROTOOPT; 745 break; 746 } 747 748 release_sock(sk); 749 return err; 750 } 751 752 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 753 { 754 struct sock *sk = sock->sk; 755 struct sock *l2cap_sk; 756 struct l2cap_conn *conn; 757 struct rfcomm_conninfo cinfo; 758 int len, err = 0; 759 u32 opt; 760 761 BT_DBG("sk %p", sk); 762 763 if (get_user(len, optlen)) 764 return -EFAULT; 765 766 lock_sock(sk); 767 768 switch (optname) { 769 case RFCOMM_LM: 770 switch (rfcomm_pi(sk)->sec_level) { 771 case BT_SECURITY_LOW: 772 opt = RFCOMM_LM_AUTH; 773 break; 774 case BT_SECURITY_MEDIUM: 775 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 776 break; 777 case BT_SECURITY_HIGH: 778 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 779 RFCOMM_LM_SECURE; 780 break; 781 case BT_SECURITY_FIPS: 782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 783 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 784 break; 785 default: 786 opt = 0; 787 break; 788 } 789 790 if (rfcomm_pi(sk)->role_switch) 791 opt |= RFCOMM_LM_MASTER; 792 793 if (put_user(opt, (u32 __user *) optval)) 794 err = -EFAULT; 795 796 break; 797 798 case RFCOMM_CONNINFO: 799 if (sk->sk_state != BT_CONNECTED && 800 !rfcomm_pi(sk)->dlc->defer_setup) { 801 err = -ENOTCONN; 802 break; 803 } 804 805 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 806 conn = l2cap_pi(l2cap_sk)->chan->conn; 807 808 memset(&cinfo, 0, sizeof(cinfo)); 809 cinfo.hci_handle = conn->hcon->handle; 810 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 811 812 len = min_t(unsigned int, len, sizeof(cinfo)); 813 if (copy_to_user(optval, (char *) &cinfo, len)) 814 err = -EFAULT; 815 816 break; 817 818 default: 819 err = -ENOPROTOOPT; 820 break; 821 } 822 823 release_sock(sk); 824 return err; 825 } 826 827 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 828 { 829 struct sock *sk = sock->sk; 830 struct bt_security sec; 831 int len, err = 0; 832 833 BT_DBG("sk %p", sk); 834 835 if (level == SOL_RFCOMM) 836 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 837 838 if (level != SOL_BLUETOOTH) 839 return -ENOPROTOOPT; 840 841 if (get_user(len, optlen)) 842 return -EFAULT; 843 844 lock_sock(sk); 845 846 switch (optname) { 847 case BT_SECURITY: 848 if (sk->sk_type != SOCK_STREAM) { 849 err = -EINVAL; 850 break; 851 } 852 853 sec.level = rfcomm_pi(sk)->sec_level; 854 sec.key_size = 0; 855 856 len = min_t(unsigned int, len, sizeof(sec)); 857 if (copy_to_user(optval, (char *) &sec, len)) 858 err = -EFAULT; 859 860 break; 861 862 case BT_DEFER_SETUP: 863 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 864 err = -EINVAL; 865 break; 866 } 867 868 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 869 (u32 __user *) optval)) 870 err = -EFAULT; 871 872 break; 873 874 default: 875 err = -ENOPROTOOPT; 876 break; 877 } 878 879 release_sock(sk); 880 return err; 881 } 882 883 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 884 { 885 struct sock *sk __maybe_unused = sock->sk; 886 int err; 887 888 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 889 890 err = bt_sock_ioctl(sock, cmd, arg); 891 892 if (err == -ENOIOCTLCMD) { 893 #ifdef CONFIG_BT_RFCOMM_TTY 894 lock_sock(sk); 895 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 896 release_sock(sk); 897 #else 898 err = -EOPNOTSUPP; 899 #endif 900 } 901 902 return err; 903 } 904 905 static int rfcomm_sock_shutdown(struct socket *sock, int how) 906 { 907 struct sock *sk = sock->sk; 908 int err = 0; 909 910 BT_DBG("sock %p, sk %p", sock, sk); 911 912 if (!sk) 913 return 0; 914 915 lock_sock(sk); 916 if (!sk->sk_shutdown) { 917 sk->sk_shutdown = SHUTDOWN_MASK; 918 __rfcomm_sock_close(sk); 919 920 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 921 !(current->flags & PF_EXITING)) 922 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 923 } 924 release_sock(sk); 925 return err; 926 } 927 928 static int rfcomm_sock_release(struct socket *sock) 929 { 930 struct sock *sk = sock->sk; 931 int err; 932 933 BT_DBG("sock %p, sk %p", sock, sk); 934 935 if (!sk) 936 return 0; 937 938 err = rfcomm_sock_shutdown(sock, 2); 939 940 sock_orphan(sk); 941 rfcomm_sock_kill(sk); 942 return err; 943 } 944 945 /* ---- RFCOMM core layer callbacks ---- 946 * 947 * called under rfcomm_lock() 948 */ 949 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 950 { 951 struct sock *sk, *parent; 952 bdaddr_t src, dst; 953 int result = 0; 954 955 BT_DBG("session %p channel %d", s, channel); 956 957 rfcomm_session_getaddr(s, &src, &dst); 958 959 /* Check if we have socket listening on channel */ 960 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 961 if (!parent) 962 return 0; 963 964 bh_lock_sock(parent); 965 966 /* Check for backlog size */ 967 if (sk_acceptq_is_full(parent)) { 968 BT_DBG("backlog full %d", parent->sk_ack_backlog); 969 goto done; 970 } 971 972 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 973 if (!sk) 974 goto done; 975 976 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 977 978 rfcomm_sock_init(sk, parent); 979 bacpy(&rfcomm_pi(sk)->src, &src); 980 bacpy(&rfcomm_pi(sk)->dst, &dst); 981 rfcomm_pi(sk)->channel = channel; 982 983 sk->sk_state = BT_CONFIG; 984 bt_accept_enqueue(parent, sk); 985 986 /* Accept connection and return socket DLC */ 987 *d = rfcomm_pi(sk)->dlc; 988 result = 1; 989 990 done: 991 bh_unlock_sock(parent); 992 993 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 994 parent->sk_state_change(parent); 995 996 return result; 997 } 998 999 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1000 { 1001 struct sock *sk; 1002 1003 read_lock(&rfcomm_sk_list.lock); 1004 1005 sk_for_each(sk, &rfcomm_sk_list.head) { 1006 seq_printf(f, "%pMR %pMR %d %d\n", 1007 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1008 sk->sk_state, rfcomm_pi(sk)->channel); 1009 } 1010 1011 read_unlock(&rfcomm_sk_list.lock); 1012 1013 return 0; 1014 } 1015 1016 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1017 { 1018 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1019 } 1020 1021 static const struct file_operations rfcomm_sock_debugfs_fops = { 1022 .open = rfcomm_sock_debugfs_open, 1023 .read = seq_read, 1024 .llseek = seq_lseek, 1025 .release = single_release, 1026 }; 1027 1028 static struct dentry *rfcomm_sock_debugfs; 1029 1030 static const struct proto_ops rfcomm_sock_ops = { 1031 .family = PF_BLUETOOTH, 1032 .owner = THIS_MODULE, 1033 .release = rfcomm_sock_release, 1034 .bind = rfcomm_sock_bind, 1035 .connect = rfcomm_sock_connect, 1036 .listen = rfcomm_sock_listen, 1037 .accept = rfcomm_sock_accept, 1038 .getname = rfcomm_sock_getname, 1039 .sendmsg = rfcomm_sock_sendmsg, 1040 .recvmsg = rfcomm_sock_recvmsg, 1041 .shutdown = rfcomm_sock_shutdown, 1042 .setsockopt = rfcomm_sock_setsockopt, 1043 .getsockopt = rfcomm_sock_getsockopt, 1044 .ioctl = rfcomm_sock_ioctl, 1045 .poll = bt_sock_poll, 1046 .socketpair = sock_no_socketpair, 1047 .mmap = sock_no_mmap 1048 }; 1049 1050 static const struct net_proto_family rfcomm_sock_family_ops = { 1051 .family = PF_BLUETOOTH, 1052 .owner = THIS_MODULE, 1053 .create = rfcomm_sock_create 1054 }; 1055 1056 int __init rfcomm_init_sockets(void) 1057 { 1058 int err; 1059 1060 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1061 1062 err = proto_register(&rfcomm_proto, 0); 1063 if (err < 0) 1064 return err; 1065 1066 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1067 if (err < 0) { 1068 BT_ERR("RFCOMM socket layer registration failed"); 1069 goto error; 1070 } 1071 1072 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1073 if (err < 0) { 1074 BT_ERR("Failed to create RFCOMM proc file"); 1075 bt_sock_unregister(BTPROTO_RFCOMM); 1076 goto error; 1077 } 1078 1079 BT_INFO("RFCOMM socket layer initialized"); 1080 1081 if (IS_ERR_OR_NULL(bt_debugfs)) 1082 return 0; 1083 1084 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1085 bt_debugfs, NULL, 1086 &rfcomm_sock_debugfs_fops); 1087 1088 return 0; 1089 1090 error: 1091 proto_unregister(&rfcomm_proto); 1092 return err; 1093 } 1094 1095 void __exit rfcomm_cleanup_sockets(void) 1096 { 1097 bt_procfs_cleanup(&init_net, "rfcomm"); 1098 1099 debugfs_remove(rfcomm_sock_debugfs); 1100 1101 bt_sock_unregister(BTPROTO_RFCOMM); 1102 1103 proto_unregister(&rfcomm_proto); 1104 } 1105