1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <net/sock.h> 44 45 #include <asm/system.h> 46 #include <asm/uaccess.h> 47 48 #include <net/bluetooth/bluetooth.h> 49 #include <net/bluetooth/hci_core.h> 50 #include <net/bluetooth/l2cap.h> 51 #include <net/bluetooth/rfcomm.h> 52 53 static const struct proto_ops rfcomm_sock_ops; 54 55 static struct bt_sock_list rfcomm_sk_list = { 56 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 57 }; 58 59 static void rfcomm_sock_close(struct sock *sk); 60 static void rfcomm_sock_kill(struct sock *sk); 61 62 /* ---- DLC callbacks ---- 63 * 64 * called under rfcomm_dlc_lock() 65 */ 66 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 67 { 68 struct sock *sk = d->owner; 69 if (!sk) 70 return; 71 72 atomic_add(skb->len, &sk->sk_rmem_alloc); 73 skb_queue_tail(&sk->sk_receive_queue, skb); 74 sk->sk_data_ready(sk, skb->len); 75 76 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 77 rfcomm_dlc_throttle(d); 78 } 79 80 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 81 { 82 struct sock *sk = d->owner, *parent; 83 if (!sk) 84 return; 85 86 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 87 88 bh_lock_sock(sk); 89 90 if (err) 91 sk->sk_err = err; 92 93 sk->sk_state = d->state; 94 95 parent = bt_sk(sk)->parent; 96 if (parent) { 97 if (d->state == BT_CLOSED) { 98 sock_set_flag(sk, SOCK_ZAPPED); 99 bt_accept_unlink(sk); 100 } 101 parent->sk_data_ready(parent, 0); 102 } else { 103 if (d->state == BT_CONNECTED) 104 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 105 sk->sk_state_change(sk); 106 } 107 108 bh_unlock_sock(sk); 109 110 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 111 /* We have to drop DLC lock here, otherwise 112 * rfcomm_sock_destruct() will dead lock. */ 113 rfcomm_dlc_unlock(d); 114 rfcomm_sock_kill(sk); 115 rfcomm_dlc_lock(d); 116 } 117 } 118 119 /* ---- Socket functions ---- */ 120 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 121 { 122 struct sock *sk = NULL; 123 struct hlist_node *node; 124 125 sk_for_each(sk, node, &rfcomm_sk_list.head) { 126 if (rfcomm_pi(sk)->channel == channel && 127 !bacmp(&bt_sk(sk)->src, src)) 128 break; 129 } 130 131 return node ? sk : NULL; 132 } 133 134 /* Find socket with channel and source bdaddr. 135 * Returns closest match. 136 */ 137 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 138 { 139 struct sock *sk = NULL, *sk1 = NULL; 140 struct hlist_node *node; 141 142 sk_for_each(sk, node, &rfcomm_sk_list.head) { 143 if (state && sk->sk_state != state) 144 continue; 145 146 if (rfcomm_pi(sk)->channel == channel) { 147 /* Exact match. */ 148 if (!bacmp(&bt_sk(sk)->src, src)) 149 break; 150 151 /* Closest match */ 152 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 153 sk1 = sk; 154 } 155 } 156 return node ? sk : sk1; 157 } 158 159 /* Find socket with given address (channel, src). 160 * Returns locked socket */ 161 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 162 { 163 struct sock *s; 164 read_lock(&rfcomm_sk_list.lock); 165 s = __rfcomm_get_sock_by_channel(state, channel, src); 166 if (s) bh_lock_sock(s); 167 read_unlock(&rfcomm_sk_list.lock); 168 return s; 169 } 170 171 static void rfcomm_sock_destruct(struct sock *sk) 172 { 173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 174 175 BT_DBG("sk %p dlc %p", sk, d); 176 177 skb_queue_purge(&sk->sk_receive_queue); 178 skb_queue_purge(&sk->sk_write_queue); 179 180 rfcomm_dlc_lock(d); 181 rfcomm_pi(sk)->dlc = NULL; 182 183 /* Detach DLC if it's owned by this socket */ 184 if (d->owner == sk) 185 d->owner = NULL; 186 rfcomm_dlc_unlock(d); 187 188 rfcomm_dlc_put(d); 189 } 190 191 static void rfcomm_sock_cleanup_listen(struct sock *parent) 192 { 193 struct sock *sk; 194 195 BT_DBG("parent %p", parent); 196 197 /* Close not yet accepted dlcs */ 198 while ((sk = bt_accept_dequeue(parent, NULL))) { 199 rfcomm_sock_close(sk); 200 rfcomm_sock_kill(sk); 201 } 202 203 parent->sk_state = BT_CLOSED; 204 sock_set_flag(parent, SOCK_ZAPPED); 205 } 206 207 /* Kill socket (only if zapped and orphan) 208 * Must be called on unlocked socket. 209 */ 210 static void rfcomm_sock_kill(struct sock *sk) 211 { 212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 213 return; 214 215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 216 217 /* Kill poor orphan */ 218 bt_sock_unlink(&rfcomm_sk_list, sk); 219 sock_set_flag(sk, SOCK_DEAD); 220 sock_put(sk); 221 } 222 223 static void __rfcomm_sock_close(struct sock *sk) 224 { 225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 226 227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 228 229 switch (sk->sk_state) { 230 case BT_LISTEN: 231 rfcomm_sock_cleanup_listen(sk); 232 break; 233 234 case BT_CONNECT: 235 case BT_CONNECT2: 236 case BT_CONFIG: 237 case BT_CONNECTED: 238 rfcomm_dlc_close(d, 0); 239 240 default: 241 sock_set_flag(sk, SOCK_ZAPPED); 242 break; 243 } 244 } 245 246 /* Close socket. 247 * Must be called on unlocked socket. 248 */ 249 static void rfcomm_sock_close(struct sock *sk) 250 { 251 lock_sock(sk); 252 __rfcomm_sock_close(sk); 253 release_sock(sk); 254 } 255 256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 257 { 258 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 259 260 BT_DBG("sk %p", sk); 261 262 if (parent) { 263 sk->sk_type = parent->sk_type; 264 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 265 266 pi->sec_level = rfcomm_pi(parent)->sec_level; 267 pi->role_switch = rfcomm_pi(parent)->role_switch; 268 } else { 269 pi->dlc->defer_setup = 0; 270 271 pi->sec_level = BT_SECURITY_LOW; 272 pi->role_switch = 0; 273 } 274 275 pi->dlc->sec_level = pi->sec_level; 276 pi->dlc->role_switch = pi->role_switch; 277 } 278 279 static struct proto rfcomm_proto = { 280 .name = "RFCOMM", 281 .owner = THIS_MODULE, 282 .obj_size = sizeof(struct rfcomm_pinfo) 283 }; 284 285 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 286 { 287 struct rfcomm_dlc *d; 288 struct sock *sk; 289 290 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 291 if (!sk) 292 return NULL; 293 294 sock_init_data(sock, sk); 295 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 296 297 d = rfcomm_dlc_alloc(prio); 298 if (!d) { 299 sk_free(sk); 300 return NULL; 301 } 302 303 d->data_ready = rfcomm_sk_data_ready; 304 d->state_change = rfcomm_sk_state_change; 305 306 rfcomm_pi(sk)->dlc = d; 307 d->owner = sk; 308 309 sk->sk_destruct = rfcomm_sock_destruct; 310 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 311 312 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 313 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 314 315 sock_reset_flag(sk, SOCK_ZAPPED); 316 317 sk->sk_protocol = proto; 318 sk->sk_state = BT_OPEN; 319 320 bt_sock_link(&rfcomm_sk_list, sk); 321 322 BT_DBG("sk %p", sk); 323 return sk; 324 } 325 326 static int rfcomm_sock_create(struct net *net, struct socket *sock, 327 int protocol, int kern) 328 { 329 struct sock *sk; 330 331 BT_DBG("sock %p", sock); 332 333 sock->state = SS_UNCONNECTED; 334 335 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 336 return -ESOCKTNOSUPPORT; 337 338 sock->ops = &rfcomm_sock_ops; 339 340 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 341 if (!sk) 342 return -ENOMEM; 343 344 rfcomm_sock_init(sk, NULL); 345 return 0; 346 } 347 348 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 349 { 350 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 351 struct sock *sk = sock->sk; 352 int err = 0; 353 354 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 355 356 if (!addr || addr->sa_family != AF_BLUETOOTH) 357 return -EINVAL; 358 359 lock_sock(sk); 360 361 if (sk->sk_state != BT_OPEN) { 362 err = -EBADFD; 363 goto done; 364 } 365 366 if (sk->sk_type != SOCK_STREAM) { 367 err = -EINVAL; 368 goto done; 369 } 370 371 write_lock_bh(&rfcomm_sk_list.lock); 372 373 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 374 err = -EADDRINUSE; 375 } else { 376 /* Save source address */ 377 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 378 rfcomm_pi(sk)->channel = sa->rc_channel; 379 sk->sk_state = BT_BOUND; 380 } 381 382 write_unlock_bh(&rfcomm_sk_list.lock); 383 384 done: 385 release_sock(sk); 386 return err; 387 } 388 389 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 390 { 391 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 392 struct sock *sk = sock->sk; 393 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 394 int err = 0; 395 396 BT_DBG("sk %p", sk); 397 398 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 399 return -EINVAL; 400 401 lock_sock(sk); 402 403 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 404 err = -EBADFD; 405 goto done; 406 } 407 408 if (sk->sk_type != SOCK_STREAM) { 409 err = -EINVAL; 410 goto done; 411 } 412 413 sk->sk_state = BT_CONNECT; 414 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 415 rfcomm_pi(sk)->channel = sa->rc_channel; 416 417 d->sec_level = rfcomm_pi(sk)->sec_level; 418 d->role_switch = rfcomm_pi(sk)->role_switch; 419 420 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 421 if (!err) 422 err = bt_sock_wait_state(sk, BT_CONNECTED, 423 sock_sndtimeo(sk, flags & O_NONBLOCK)); 424 425 done: 426 release_sock(sk); 427 return err; 428 } 429 430 static int rfcomm_sock_listen(struct socket *sock, int backlog) 431 { 432 struct sock *sk = sock->sk; 433 int err = 0; 434 435 BT_DBG("sk %p backlog %d", sk, backlog); 436 437 lock_sock(sk); 438 439 if (sk->sk_state != BT_BOUND) { 440 err = -EBADFD; 441 goto done; 442 } 443 444 if (sk->sk_type != SOCK_STREAM) { 445 err = -EINVAL; 446 goto done; 447 } 448 449 if (!rfcomm_pi(sk)->channel) { 450 bdaddr_t *src = &bt_sk(sk)->src; 451 u8 channel; 452 453 err = -EINVAL; 454 455 write_lock_bh(&rfcomm_sk_list.lock); 456 457 for (channel = 1; channel < 31; channel++) 458 if (!__rfcomm_get_sock_by_addr(channel, src)) { 459 rfcomm_pi(sk)->channel = channel; 460 err = 0; 461 break; 462 } 463 464 write_unlock_bh(&rfcomm_sk_list.lock); 465 466 if (err < 0) 467 goto done; 468 } 469 470 sk->sk_max_ack_backlog = backlog; 471 sk->sk_ack_backlog = 0; 472 sk->sk_state = BT_LISTEN; 473 474 done: 475 release_sock(sk); 476 return err; 477 } 478 479 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 480 { 481 DECLARE_WAITQUEUE(wait, current); 482 struct sock *sk = sock->sk, *nsk; 483 long timeo; 484 int err = 0; 485 486 lock_sock(sk); 487 488 if (sk->sk_state != BT_LISTEN) { 489 err = -EBADFD; 490 goto done; 491 } 492 493 if (sk->sk_type != SOCK_STREAM) { 494 err = -EINVAL; 495 goto done; 496 } 497 498 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 499 500 BT_DBG("sk %p timeo %ld", sk, timeo); 501 502 /* Wait for an incoming connection. (wake-one). */ 503 add_wait_queue_exclusive(sk->sk_sleep, &wait); 504 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 505 set_current_state(TASK_INTERRUPTIBLE); 506 if (!timeo) { 507 err = -EAGAIN; 508 break; 509 } 510 511 release_sock(sk); 512 timeo = schedule_timeout(timeo); 513 lock_sock(sk); 514 515 if (sk->sk_state != BT_LISTEN) { 516 err = -EBADFD; 517 break; 518 } 519 520 if (signal_pending(current)) { 521 err = sock_intr_errno(timeo); 522 break; 523 } 524 } 525 set_current_state(TASK_RUNNING); 526 remove_wait_queue(sk->sk_sleep, &wait); 527 528 if (err) 529 goto done; 530 531 newsock->state = SS_CONNECTED; 532 533 BT_DBG("new socket %p", nsk); 534 535 done: 536 release_sock(sk); 537 return err; 538 } 539 540 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 541 { 542 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 543 struct sock *sk = sock->sk; 544 545 BT_DBG("sock %p, sk %p", sock, sk); 546 547 sa->rc_family = AF_BLUETOOTH; 548 sa->rc_channel = rfcomm_pi(sk)->channel; 549 if (peer) 550 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 551 else 552 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 553 554 *len = sizeof(struct sockaddr_rc); 555 return 0; 556 } 557 558 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 559 struct msghdr *msg, size_t len) 560 { 561 struct sock *sk = sock->sk; 562 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 563 struct sk_buff *skb; 564 int sent = 0; 565 566 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 567 return -ENOTCONN; 568 569 if (msg->msg_flags & MSG_OOB) 570 return -EOPNOTSUPP; 571 572 if (sk->sk_shutdown & SEND_SHUTDOWN) 573 return -EPIPE; 574 575 BT_DBG("sock %p, sk %p", sock, sk); 576 577 lock_sock(sk); 578 579 while (len) { 580 size_t size = min_t(size_t, len, d->mtu); 581 int err; 582 583 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 584 msg->msg_flags & MSG_DONTWAIT, &err); 585 if (!skb) { 586 if (sent == 0) 587 sent = err; 588 break; 589 } 590 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 591 592 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 593 if (err) { 594 kfree_skb(skb); 595 if (sent == 0) 596 sent = err; 597 break; 598 } 599 600 err = rfcomm_dlc_send(d, skb); 601 if (err < 0) { 602 kfree_skb(skb); 603 if (sent == 0) 604 sent = err; 605 break; 606 } 607 608 sent += size; 609 len -= size; 610 } 611 612 release_sock(sk); 613 614 return sent; 615 } 616 617 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 618 { 619 DECLARE_WAITQUEUE(wait, current); 620 621 add_wait_queue(sk->sk_sleep, &wait); 622 for (;;) { 623 set_current_state(TASK_INTERRUPTIBLE); 624 625 if (!skb_queue_empty(&sk->sk_receive_queue) || 626 sk->sk_err || 627 (sk->sk_shutdown & RCV_SHUTDOWN) || 628 signal_pending(current) || 629 !timeo) 630 break; 631 632 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 633 release_sock(sk); 634 timeo = schedule_timeout(timeo); 635 lock_sock(sk); 636 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 637 } 638 639 __set_current_state(TASK_RUNNING); 640 remove_wait_queue(sk->sk_sleep, &wait); 641 return timeo; 642 } 643 644 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 645 struct msghdr *msg, size_t size, int flags) 646 { 647 struct sock *sk = sock->sk; 648 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 649 int err = 0; 650 size_t target, copied = 0; 651 long timeo; 652 653 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 654 rfcomm_dlc_accept(d); 655 return 0; 656 } 657 658 if (flags & MSG_OOB) 659 return -EOPNOTSUPP; 660 661 msg->msg_namelen = 0; 662 663 BT_DBG("sk %p size %zu", sk, size); 664 665 lock_sock(sk); 666 667 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 668 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 669 670 do { 671 struct sk_buff *skb; 672 int chunk; 673 674 skb = skb_dequeue(&sk->sk_receive_queue); 675 if (!skb) { 676 if (copied >= target) 677 break; 678 679 if ((err = sock_error(sk)) != 0) 680 break; 681 if (sk->sk_shutdown & RCV_SHUTDOWN) 682 break; 683 684 err = -EAGAIN; 685 if (!timeo) 686 break; 687 688 timeo = rfcomm_sock_data_wait(sk, timeo); 689 690 if (signal_pending(current)) { 691 err = sock_intr_errno(timeo); 692 goto out; 693 } 694 continue; 695 } 696 697 chunk = min_t(unsigned int, skb->len, size); 698 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 699 skb_queue_head(&sk->sk_receive_queue, skb); 700 if (!copied) 701 copied = -EFAULT; 702 break; 703 } 704 copied += chunk; 705 size -= chunk; 706 707 sock_recv_ts_and_drops(msg, sk, skb); 708 709 if (!(flags & MSG_PEEK)) { 710 atomic_sub(chunk, &sk->sk_rmem_alloc); 711 712 skb_pull(skb, chunk); 713 if (skb->len) { 714 skb_queue_head(&sk->sk_receive_queue, skb); 715 break; 716 } 717 kfree_skb(skb); 718 719 } else { 720 /* put message back and return */ 721 skb_queue_head(&sk->sk_receive_queue, skb); 722 break; 723 } 724 } while (size); 725 726 out: 727 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 728 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 729 730 release_sock(sk); 731 return copied ? : err; 732 } 733 734 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 735 { 736 struct sock *sk = sock->sk; 737 int err = 0; 738 u32 opt; 739 740 BT_DBG("sk %p", sk); 741 742 lock_sock(sk); 743 744 switch (optname) { 745 case RFCOMM_LM: 746 if (get_user(opt, (u32 __user *) optval)) { 747 err = -EFAULT; 748 break; 749 } 750 751 if (opt & RFCOMM_LM_AUTH) 752 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 753 if (opt & RFCOMM_LM_ENCRYPT) 754 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 755 if (opt & RFCOMM_LM_SECURE) 756 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 757 758 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 759 break; 760 761 default: 762 err = -ENOPROTOOPT; 763 break; 764 } 765 766 release_sock(sk); 767 return err; 768 } 769 770 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 771 { 772 struct sock *sk = sock->sk; 773 struct bt_security sec; 774 int len, err = 0; 775 u32 opt; 776 777 BT_DBG("sk %p", sk); 778 779 if (level == SOL_RFCOMM) 780 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 781 782 if (level != SOL_BLUETOOTH) 783 return -ENOPROTOOPT; 784 785 lock_sock(sk); 786 787 switch (optname) { 788 case BT_SECURITY: 789 if (sk->sk_type != SOCK_STREAM) { 790 err = -EINVAL; 791 break; 792 } 793 794 sec.level = BT_SECURITY_LOW; 795 796 len = min_t(unsigned int, sizeof(sec), optlen); 797 if (copy_from_user((char *) &sec, optval, len)) { 798 err = -EFAULT; 799 break; 800 } 801 802 if (sec.level > BT_SECURITY_HIGH) { 803 err = -EINVAL; 804 break; 805 } 806 807 rfcomm_pi(sk)->sec_level = sec.level; 808 break; 809 810 case BT_DEFER_SETUP: 811 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 812 err = -EINVAL; 813 break; 814 } 815 816 if (get_user(opt, (u32 __user *) optval)) { 817 err = -EFAULT; 818 break; 819 } 820 821 bt_sk(sk)->defer_setup = opt; 822 break; 823 824 default: 825 err = -ENOPROTOOPT; 826 break; 827 } 828 829 release_sock(sk); 830 return err; 831 } 832 833 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 834 { 835 struct sock *sk = sock->sk; 836 struct sock *l2cap_sk; 837 struct rfcomm_conninfo cinfo; 838 int len, err = 0; 839 u32 opt; 840 841 BT_DBG("sk %p", sk); 842 843 if (get_user(len, optlen)) 844 return -EFAULT; 845 846 lock_sock(sk); 847 848 switch (optname) { 849 case RFCOMM_LM: 850 switch (rfcomm_pi(sk)->sec_level) { 851 case BT_SECURITY_LOW: 852 opt = RFCOMM_LM_AUTH; 853 break; 854 case BT_SECURITY_MEDIUM: 855 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 856 break; 857 case BT_SECURITY_HIGH: 858 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 859 RFCOMM_LM_SECURE; 860 break; 861 default: 862 opt = 0; 863 break; 864 } 865 866 if (rfcomm_pi(sk)->role_switch) 867 opt |= RFCOMM_LM_MASTER; 868 869 if (put_user(opt, (u32 __user *) optval)) 870 err = -EFAULT; 871 break; 872 873 case RFCOMM_CONNINFO: 874 if (sk->sk_state != BT_CONNECTED && 875 !rfcomm_pi(sk)->dlc->defer_setup) { 876 err = -ENOTCONN; 877 break; 878 } 879 880 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 881 882 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 883 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 884 885 len = min_t(unsigned int, len, sizeof(cinfo)); 886 if (copy_to_user(optval, (char *) &cinfo, len)) 887 err = -EFAULT; 888 889 break; 890 891 default: 892 err = -ENOPROTOOPT; 893 break; 894 } 895 896 release_sock(sk); 897 return err; 898 } 899 900 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 901 { 902 struct sock *sk = sock->sk; 903 struct bt_security sec; 904 int len, err = 0; 905 906 BT_DBG("sk %p", sk); 907 908 if (level == SOL_RFCOMM) 909 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 910 911 if (level != SOL_BLUETOOTH) 912 return -ENOPROTOOPT; 913 914 if (get_user(len, optlen)) 915 return -EFAULT; 916 917 lock_sock(sk); 918 919 switch (optname) { 920 case BT_SECURITY: 921 if (sk->sk_type != SOCK_STREAM) { 922 err = -EINVAL; 923 break; 924 } 925 926 sec.level = rfcomm_pi(sk)->sec_level; 927 928 len = min_t(unsigned int, len, sizeof(sec)); 929 if (copy_to_user(optval, (char *) &sec, len)) 930 err = -EFAULT; 931 932 break; 933 934 case BT_DEFER_SETUP: 935 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 936 err = -EINVAL; 937 break; 938 } 939 940 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 941 err = -EFAULT; 942 943 break; 944 945 default: 946 err = -ENOPROTOOPT; 947 break; 948 } 949 950 release_sock(sk); 951 return err; 952 } 953 954 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 955 { 956 struct sock *sk __maybe_unused = sock->sk; 957 int err; 958 959 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 960 961 err = bt_sock_ioctl(sock, cmd, arg); 962 963 if (err == -ENOIOCTLCMD) { 964 #ifdef CONFIG_BT_RFCOMM_TTY 965 lock_sock(sk); 966 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 967 release_sock(sk); 968 #else 969 err = -EOPNOTSUPP; 970 #endif 971 } 972 973 return err; 974 } 975 976 static int rfcomm_sock_shutdown(struct socket *sock, int how) 977 { 978 struct sock *sk = sock->sk; 979 int err = 0; 980 981 BT_DBG("sock %p, sk %p", sock, sk); 982 983 if (!sk) return 0; 984 985 lock_sock(sk); 986 if (!sk->sk_shutdown) { 987 sk->sk_shutdown = SHUTDOWN_MASK; 988 __rfcomm_sock_close(sk); 989 990 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 991 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 992 } 993 release_sock(sk); 994 return err; 995 } 996 997 static int rfcomm_sock_release(struct socket *sock) 998 { 999 struct sock *sk = sock->sk; 1000 int err; 1001 1002 BT_DBG("sock %p, sk %p", sock, sk); 1003 1004 if (!sk) 1005 return 0; 1006 1007 err = rfcomm_sock_shutdown(sock, 2); 1008 1009 sock_orphan(sk); 1010 rfcomm_sock_kill(sk); 1011 return err; 1012 } 1013 1014 /* ---- RFCOMM core layer callbacks ---- 1015 * 1016 * called under rfcomm_lock() 1017 */ 1018 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 1019 { 1020 struct sock *sk, *parent; 1021 bdaddr_t src, dst; 1022 int result = 0; 1023 1024 BT_DBG("session %p channel %d", s, channel); 1025 1026 rfcomm_session_getaddr(s, &src, &dst); 1027 1028 /* Check if we have socket listening on channel */ 1029 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 1030 if (!parent) 1031 return 0; 1032 1033 /* Check for backlog size */ 1034 if (sk_acceptq_is_full(parent)) { 1035 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1036 goto done; 1037 } 1038 1039 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 1040 if (!sk) 1041 goto done; 1042 1043 rfcomm_sock_init(sk, parent); 1044 bacpy(&bt_sk(sk)->src, &src); 1045 bacpy(&bt_sk(sk)->dst, &dst); 1046 rfcomm_pi(sk)->channel = channel; 1047 1048 sk->sk_state = BT_CONFIG; 1049 bt_accept_enqueue(parent, sk); 1050 1051 /* Accept connection and return socket DLC */ 1052 *d = rfcomm_pi(sk)->dlc; 1053 result = 1; 1054 1055 done: 1056 bh_unlock_sock(parent); 1057 1058 if (bt_sk(parent)->defer_setup) 1059 parent->sk_state_change(parent); 1060 1061 return result; 1062 } 1063 1064 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 1065 { 1066 struct sock *sk; 1067 struct hlist_node *node; 1068 char *str = buf; 1069 1070 read_lock_bh(&rfcomm_sk_list.lock); 1071 1072 sk_for_each(sk, node, &rfcomm_sk_list.head) { 1073 str += sprintf(str, "%s %s %d %d\n", 1074 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 1075 sk->sk_state, rfcomm_pi(sk)->channel); 1076 } 1077 1078 read_unlock_bh(&rfcomm_sk_list.lock); 1079 1080 return (str - buf); 1081 } 1082 1083 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 1084 1085 static const struct proto_ops rfcomm_sock_ops = { 1086 .family = PF_BLUETOOTH, 1087 .owner = THIS_MODULE, 1088 .release = rfcomm_sock_release, 1089 .bind = rfcomm_sock_bind, 1090 .connect = rfcomm_sock_connect, 1091 .listen = rfcomm_sock_listen, 1092 .accept = rfcomm_sock_accept, 1093 .getname = rfcomm_sock_getname, 1094 .sendmsg = rfcomm_sock_sendmsg, 1095 .recvmsg = rfcomm_sock_recvmsg, 1096 .shutdown = rfcomm_sock_shutdown, 1097 .setsockopt = rfcomm_sock_setsockopt, 1098 .getsockopt = rfcomm_sock_getsockopt, 1099 .ioctl = rfcomm_sock_ioctl, 1100 .poll = bt_sock_poll, 1101 .socketpair = sock_no_socketpair, 1102 .mmap = sock_no_mmap 1103 }; 1104 1105 static const struct net_proto_family rfcomm_sock_family_ops = { 1106 .family = PF_BLUETOOTH, 1107 .owner = THIS_MODULE, 1108 .create = rfcomm_sock_create 1109 }; 1110 1111 int __init rfcomm_init_sockets(void) 1112 { 1113 int err; 1114 1115 err = proto_register(&rfcomm_proto, 0); 1116 if (err < 0) 1117 return err; 1118 1119 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1120 if (err < 0) 1121 goto error; 1122 1123 if (class_create_file(bt_class, &class_attr_rfcomm) < 0) 1124 BT_ERR("Failed to create RFCOMM info file"); 1125 1126 BT_INFO("RFCOMM socket layer initialized"); 1127 1128 return 0; 1129 1130 error: 1131 BT_ERR("RFCOMM socket layer registration failed"); 1132 proto_unregister(&rfcomm_proto); 1133 return err; 1134 } 1135 1136 void rfcomm_cleanup_sockets(void) 1137 { 1138 class_remove_file(bt_class, &class_attr_rfcomm); 1139 1140 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1141 BT_ERR("RFCOMM socket layer unregistration failed"); 1142 1143 proto_unregister(&rfcomm_proto); 1144 } 1145