1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 #include <linux/compat.h> 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/rfcomm.h> 36 37 static const struct proto_ops rfcomm_sock_ops; 38 39 static struct bt_sock_list rfcomm_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 41 }; 42 43 static void rfcomm_sock_close(struct sock *sk); 44 static void rfcomm_sock_kill(struct sock *sk); 45 46 /* ---- DLC callbacks ---- 47 * 48 * called under rfcomm_dlc_lock() 49 */ 50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 51 { 52 struct sock *sk = d->owner; 53 if (!sk) 54 return; 55 56 atomic_add(skb->len, &sk->sk_rmem_alloc); 57 skb_queue_tail(&sk->sk_receive_queue, skb); 58 sk->sk_data_ready(sk); 59 60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 61 rfcomm_dlc_throttle(d); 62 } 63 64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 65 { 66 struct sock *sk = d->owner, *parent; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 spin_lock_bh(&sk->sk_lock.slock); 74 75 if (err) 76 sk->sk_err = err; 77 78 sk->sk_state = d->state; 79 80 parent = bt_sk(sk)->parent; 81 if (parent) { 82 if (d->state == BT_CLOSED) { 83 sock_set_flag(sk, SOCK_ZAPPED); 84 bt_accept_unlink(sk); 85 } 86 parent->sk_data_ready(parent); 87 } else { 88 if (d->state == BT_CONNECTED) 89 rfcomm_session_getaddr(d->session, 90 &rfcomm_pi(sk)->src, NULL); 91 sk->sk_state_change(sk); 92 } 93 94 spin_unlock_bh(&sk->sk_lock.slock); 95 96 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 97 /* We have to drop DLC lock here, otherwise 98 * rfcomm_sock_destruct() will dead lock. */ 99 rfcomm_dlc_unlock(d); 100 rfcomm_sock_kill(sk); 101 rfcomm_dlc_lock(d); 102 } 103 } 104 105 /* ---- Socket functions ---- */ 106 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 107 { 108 struct sock *sk = NULL; 109 110 sk_for_each(sk, &rfcomm_sk_list.head) { 111 if (rfcomm_pi(sk)->channel != channel) 112 continue; 113 114 if (bacmp(&rfcomm_pi(sk)->src, src)) 115 continue; 116 117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 118 break; 119 } 120 121 return sk ? sk : NULL; 122 } 123 124 /* Find socket with channel and source bdaddr. 125 * Returns closest match. 126 */ 127 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 128 { 129 struct sock *sk = NULL, *sk1 = NULL; 130 131 read_lock(&rfcomm_sk_list.lock); 132 133 sk_for_each(sk, &rfcomm_sk_list.head) { 134 if (state && sk->sk_state != state) 135 continue; 136 137 if (rfcomm_pi(sk)->channel == channel) { 138 /* Exact match. */ 139 if (!bacmp(&rfcomm_pi(sk)->src, src)) 140 break; 141 142 /* Closest match */ 143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 144 sk1 = sk; 145 } 146 } 147 148 read_unlock(&rfcomm_sk_list.lock); 149 150 return sk ? sk : sk1; 151 } 152 153 static void rfcomm_sock_destruct(struct sock *sk) 154 { 155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 156 157 BT_DBG("sk %p dlc %p", sk, d); 158 159 skb_queue_purge(&sk->sk_receive_queue); 160 skb_queue_purge(&sk->sk_write_queue); 161 162 rfcomm_dlc_lock(d); 163 rfcomm_pi(sk)->dlc = NULL; 164 165 /* Detach DLC if it's owned by this socket */ 166 if (d->owner == sk) 167 d->owner = NULL; 168 rfcomm_dlc_unlock(d); 169 170 rfcomm_dlc_put(d); 171 } 172 173 static void rfcomm_sock_cleanup_listen(struct sock *parent) 174 { 175 struct sock *sk; 176 177 BT_DBG("parent %p", parent); 178 179 /* Close not yet accepted dlcs */ 180 while ((sk = bt_accept_dequeue(parent, NULL))) { 181 rfcomm_sock_close(sk); 182 rfcomm_sock_kill(sk); 183 } 184 185 parent->sk_state = BT_CLOSED; 186 sock_set_flag(parent, SOCK_ZAPPED); 187 } 188 189 /* Kill socket (only if zapped and orphan) 190 * Must be called on unlocked socket. 191 */ 192 static void rfcomm_sock_kill(struct sock *sk) 193 { 194 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 195 return; 196 197 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 198 199 /* Kill poor orphan */ 200 bt_sock_unlink(&rfcomm_sk_list, sk); 201 sock_set_flag(sk, SOCK_DEAD); 202 sock_put(sk); 203 } 204 205 static void __rfcomm_sock_close(struct sock *sk) 206 { 207 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 208 209 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 210 211 switch (sk->sk_state) { 212 case BT_LISTEN: 213 rfcomm_sock_cleanup_listen(sk); 214 break; 215 216 case BT_CONNECT: 217 case BT_CONNECT2: 218 case BT_CONFIG: 219 case BT_CONNECTED: 220 rfcomm_dlc_close(d, 0); 221 /* fall through */ 222 223 default: 224 sock_set_flag(sk, SOCK_ZAPPED); 225 break; 226 } 227 } 228 229 /* Close socket. 230 * Must be called on unlocked socket. 231 */ 232 static void rfcomm_sock_close(struct sock *sk) 233 { 234 lock_sock(sk); 235 __rfcomm_sock_close(sk); 236 release_sock(sk); 237 } 238 239 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 240 { 241 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 242 243 BT_DBG("sk %p", sk); 244 245 if (parent) { 246 sk->sk_type = parent->sk_type; 247 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 248 &bt_sk(parent)->flags); 249 250 pi->sec_level = rfcomm_pi(parent)->sec_level; 251 pi->role_switch = rfcomm_pi(parent)->role_switch; 252 253 security_sk_clone(parent, sk); 254 } else { 255 pi->dlc->defer_setup = 0; 256 257 pi->sec_level = BT_SECURITY_LOW; 258 pi->role_switch = 0; 259 } 260 261 pi->dlc->sec_level = pi->sec_level; 262 pi->dlc->role_switch = pi->role_switch; 263 } 264 265 static struct proto rfcomm_proto = { 266 .name = "RFCOMM", 267 .owner = THIS_MODULE, 268 .obj_size = sizeof(struct rfcomm_pinfo) 269 }; 270 271 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 272 { 273 struct rfcomm_dlc *d; 274 struct sock *sk; 275 276 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); 277 if (!sk) 278 return NULL; 279 280 sock_init_data(sock, sk); 281 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 282 283 d = rfcomm_dlc_alloc(prio); 284 if (!d) { 285 sk_free(sk); 286 return NULL; 287 } 288 289 d->data_ready = rfcomm_sk_data_ready; 290 d->state_change = rfcomm_sk_state_change; 291 292 rfcomm_pi(sk)->dlc = d; 293 d->owner = sk; 294 295 sk->sk_destruct = rfcomm_sock_destruct; 296 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 297 298 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 299 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 300 301 sock_reset_flag(sk, SOCK_ZAPPED); 302 303 sk->sk_protocol = proto; 304 sk->sk_state = BT_OPEN; 305 306 bt_sock_link(&rfcomm_sk_list, sk); 307 308 BT_DBG("sk %p", sk); 309 return sk; 310 } 311 312 static int rfcomm_sock_create(struct net *net, struct socket *sock, 313 int protocol, int kern) 314 { 315 struct sock *sk; 316 317 BT_DBG("sock %p", sock); 318 319 sock->state = SS_UNCONNECTED; 320 321 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 322 return -ESOCKTNOSUPPORT; 323 324 sock->ops = &rfcomm_sock_ops; 325 326 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 327 if (!sk) 328 return -ENOMEM; 329 330 rfcomm_sock_init(sk, NULL); 331 return 0; 332 } 333 334 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 335 { 336 struct sockaddr_rc sa; 337 struct sock *sk = sock->sk; 338 int len, err = 0; 339 340 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || 341 addr->sa_family != AF_BLUETOOTH) 342 return -EINVAL; 343 344 memset(&sa, 0, sizeof(sa)); 345 len = min_t(unsigned int, sizeof(sa), addr_len); 346 memcpy(&sa, addr, len); 347 348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 349 350 lock_sock(sk); 351 352 if (sk->sk_state != BT_OPEN) { 353 err = -EBADFD; 354 goto done; 355 } 356 357 if (sk->sk_type != SOCK_STREAM) { 358 err = -EINVAL; 359 goto done; 360 } 361 362 write_lock(&rfcomm_sk_list.lock); 363 364 if (sa.rc_channel && 365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 366 err = -EADDRINUSE; 367 } else { 368 /* Save source address */ 369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 370 rfcomm_pi(sk)->channel = sa.rc_channel; 371 sk->sk_state = BT_BOUND; 372 } 373 374 write_unlock(&rfcomm_sk_list.lock); 375 376 done: 377 release_sock(sk); 378 return err; 379 } 380 381 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 382 { 383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 384 struct sock *sk = sock->sk; 385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 386 int err = 0; 387 388 BT_DBG("sk %p", sk); 389 390 if (alen < sizeof(struct sockaddr_rc) || 391 addr->sa_family != AF_BLUETOOTH) 392 return -EINVAL; 393 394 lock_sock(sk); 395 396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 397 err = -EBADFD; 398 goto done; 399 } 400 401 if (sk->sk_type != SOCK_STREAM) { 402 err = -EINVAL; 403 goto done; 404 } 405 406 sk->sk_state = BT_CONNECT; 407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 408 rfcomm_pi(sk)->channel = sa->rc_channel; 409 410 d->sec_level = rfcomm_pi(sk)->sec_level; 411 d->role_switch = rfcomm_pi(sk)->role_switch; 412 413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 414 sa->rc_channel); 415 if (!err) 416 err = bt_sock_wait_state(sk, BT_CONNECTED, 417 sock_sndtimeo(sk, flags & O_NONBLOCK)); 418 419 done: 420 release_sock(sk); 421 return err; 422 } 423 424 static int rfcomm_sock_listen(struct socket *sock, int backlog) 425 { 426 struct sock *sk = sock->sk; 427 int err = 0; 428 429 BT_DBG("sk %p backlog %d", sk, backlog); 430 431 lock_sock(sk); 432 433 if (sk->sk_state != BT_BOUND) { 434 err = -EBADFD; 435 goto done; 436 } 437 438 if (sk->sk_type != SOCK_STREAM) { 439 err = -EINVAL; 440 goto done; 441 } 442 443 if (!rfcomm_pi(sk)->channel) { 444 bdaddr_t *src = &rfcomm_pi(sk)->src; 445 u8 channel; 446 447 err = -EINVAL; 448 449 write_lock(&rfcomm_sk_list.lock); 450 451 for (channel = 1; channel < 31; channel++) 452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 453 rfcomm_pi(sk)->channel = channel; 454 err = 0; 455 break; 456 } 457 458 write_unlock(&rfcomm_sk_list.lock); 459 460 if (err < 0) 461 goto done; 462 } 463 464 sk->sk_max_ack_backlog = backlog; 465 sk->sk_ack_backlog = 0; 466 sk->sk_state = BT_LISTEN; 467 468 done: 469 release_sock(sk); 470 return err; 471 } 472 473 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags, 474 bool kern) 475 { 476 DEFINE_WAIT_FUNC(wait, woken_wake_function); 477 struct sock *sk = sock->sk, *nsk; 478 long timeo; 479 int err = 0; 480 481 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 482 483 if (sk->sk_type != SOCK_STREAM) { 484 err = -EINVAL; 485 goto done; 486 } 487 488 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 489 490 BT_DBG("sk %p timeo %ld", sk, timeo); 491 492 /* Wait for an incoming connection. (wake-one). */ 493 add_wait_queue_exclusive(sk_sleep(sk), &wait); 494 while (1) { 495 if (sk->sk_state != BT_LISTEN) { 496 err = -EBADFD; 497 break; 498 } 499 500 nsk = bt_accept_dequeue(sk, newsock); 501 if (nsk) 502 break; 503 504 if (!timeo) { 505 err = -EAGAIN; 506 break; 507 } 508 509 if (signal_pending(current)) { 510 err = sock_intr_errno(timeo); 511 break; 512 } 513 514 release_sock(sk); 515 516 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 517 518 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 519 } 520 remove_wait_queue(sk_sleep(sk), &wait); 521 522 if (err) 523 goto done; 524 525 newsock->state = SS_CONNECTED; 526 527 BT_DBG("new socket %p", nsk); 528 529 done: 530 release_sock(sk); 531 return err; 532 } 533 534 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) 535 { 536 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 537 struct sock *sk = sock->sk; 538 539 BT_DBG("sock %p, sk %p", sock, sk); 540 541 if (peer && sk->sk_state != BT_CONNECTED && 542 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 543 return -ENOTCONN; 544 545 memset(sa, 0, sizeof(*sa)); 546 sa->rc_family = AF_BLUETOOTH; 547 sa->rc_channel = rfcomm_pi(sk)->channel; 548 if (peer) 549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 550 else 551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 552 553 return sizeof(struct sockaddr_rc); 554 } 555 556 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 557 size_t len) 558 { 559 struct sock *sk = sock->sk; 560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 561 struct sk_buff *skb; 562 int sent; 563 564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 565 return -ENOTCONN; 566 567 if (msg->msg_flags & MSG_OOB) 568 return -EOPNOTSUPP; 569 570 if (sk->sk_shutdown & SEND_SHUTDOWN) 571 return -EPIPE; 572 573 BT_DBG("sock %p, sk %p", sock, sk); 574 575 lock_sock(sk); 576 577 sent = bt_sock_wait_ready(sk, msg->msg_flags); 578 if (sent) 579 goto done; 580 581 while (len) { 582 size_t size = min_t(size_t, len, d->mtu); 583 int err; 584 585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 586 msg->msg_flags & MSG_DONTWAIT, &err); 587 if (!skb) { 588 if (sent == 0) 589 sent = err; 590 break; 591 } 592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 593 594 err = memcpy_from_msg(skb_put(skb, size), msg, size); 595 if (err) { 596 kfree_skb(skb); 597 if (sent == 0) 598 sent = err; 599 break; 600 } 601 602 skb->priority = sk->sk_priority; 603 604 err = rfcomm_dlc_send(d, skb); 605 if (err < 0) { 606 kfree_skb(skb); 607 if (sent == 0) 608 sent = err; 609 break; 610 } 611 612 sent += size; 613 len -= size; 614 } 615 616 done: 617 release_sock(sk); 618 619 return sent; 620 } 621 622 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 623 size_t size, int flags) 624 { 625 struct sock *sk = sock->sk; 626 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 627 int len; 628 629 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 630 rfcomm_dlc_accept(d); 631 return 0; 632 } 633 634 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 635 636 lock_sock(sk); 637 if (!(flags & MSG_PEEK) && len > 0) 638 atomic_sub(len, &sk->sk_rmem_alloc); 639 640 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 641 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 642 release_sock(sk); 643 644 return len; 645 } 646 647 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 648 { 649 struct sock *sk = sock->sk; 650 int err = 0; 651 u32 opt; 652 653 BT_DBG("sk %p", sk); 654 655 lock_sock(sk); 656 657 switch (optname) { 658 case RFCOMM_LM: 659 if (get_user(opt, (u32 __user *) optval)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opt & RFCOMM_LM_FIPS) { 665 err = -EINVAL; 666 break; 667 } 668 669 if (opt & RFCOMM_LM_AUTH) 670 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 671 if (opt & RFCOMM_LM_ENCRYPT) 672 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 673 if (opt & RFCOMM_LM_SECURE) 674 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 675 676 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 677 break; 678 679 default: 680 err = -ENOPROTOOPT; 681 break; 682 } 683 684 release_sock(sk); 685 return err; 686 } 687 688 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 689 { 690 struct sock *sk = sock->sk; 691 struct bt_security sec; 692 int err = 0; 693 size_t len; 694 u32 opt; 695 696 BT_DBG("sk %p", sk); 697 698 if (level == SOL_RFCOMM) 699 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 700 701 if (level != SOL_BLUETOOTH) 702 return -ENOPROTOOPT; 703 704 lock_sock(sk); 705 706 switch (optname) { 707 case BT_SECURITY: 708 if (sk->sk_type != SOCK_STREAM) { 709 err = -EINVAL; 710 break; 711 } 712 713 sec.level = BT_SECURITY_LOW; 714 715 len = min_t(unsigned int, sizeof(sec), optlen); 716 if (copy_from_user((char *) &sec, optval, len)) { 717 err = -EFAULT; 718 break; 719 } 720 721 if (sec.level > BT_SECURITY_HIGH) { 722 err = -EINVAL; 723 break; 724 } 725 726 rfcomm_pi(sk)->sec_level = sec.level; 727 break; 728 729 case BT_DEFER_SETUP: 730 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 731 err = -EINVAL; 732 break; 733 } 734 735 if (get_user(opt, (u32 __user *) optval)) { 736 err = -EFAULT; 737 break; 738 } 739 740 if (opt) 741 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 742 else 743 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 744 745 break; 746 747 default: 748 err = -ENOPROTOOPT; 749 break; 750 } 751 752 release_sock(sk); 753 return err; 754 } 755 756 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 757 { 758 struct sock *sk = sock->sk; 759 struct sock *l2cap_sk; 760 struct l2cap_conn *conn; 761 struct rfcomm_conninfo cinfo; 762 int len, err = 0; 763 u32 opt; 764 765 BT_DBG("sk %p", sk); 766 767 if (get_user(len, optlen)) 768 return -EFAULT; 769 770 lock_sock(sk); 771 772 switch (optname) { 773 case RFCOMM_LM: 774 switch (rfcomm_pi(sk)->sec_level) { 775 case BT_SECURITY_LOW: 776 opt = RFCOMM_LM_AUTH; 777 break; 778 case BT_SECURITY_MEDIUM: 779 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 780 break; 781 case BT_SECURITY_HIGH: 782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 783 RFCOMM_LM_SECURE; 784 break; 785 case BT_SECURITY_FIPS: 786 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 787 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 788 break; 789 default: 790 opt = 0; 791 break; 792 } 793 794 if (rfcomm_pi(sk)->role_switch) 795 opt |= RFCOMM_LM_MASTER; 796 797 if (put_user(opt, (u32 __user *) optval)) 798 err = -EFAULT; 799 800 break; 801 802 case RFCOMM_CONNINFO: 803 if (sk->sk_state != BT_CONNECTED && 804 !rfcomm_pi(sk)->dlc->defer_setup) { 805 err = -ENOTCONN; 806 break; 807 } 808 809 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 810 conn = l2cap_pi(l2cap_sk)->chan->conn; 811 812 memset(&cinfo, 0, sizeof(cinfo)); 813 cinfo.hci_handle = conn->hcon->handle; 814 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 815 816 len = min_t(unsigned int, len, sizeof(cinfo)); 817 if (copy_to_user(optval, (char *) &cinfo, len)) 818 err = -EFAULT; 819 820 break; 821 822 default: 823 err = -ENOPROTOOPT; 824 break; 825 } 826 827 release_sock(sk); 828 return err; 829 } 830 831 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 832 { 833 struct sock *sk = sock->sk; 834 struct bt_security sec; 835 int len, err = 0; 836 837 BT_DBG("sk %p", sk); 838 839 if (level == SOL_RFCOMM) 840 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 841 842 if (level != SOL_BLUETOOTH) 843 return -ENOPROTOOPT; 844 845 if (get_user(len, optlen)) 846 return -EFAULT; 847 848 lock_sock(sk); 849 850 switch (optname) { 851 case BT_SECURITY: 852 if (sk->sk_type != SOCK_STREAM) { 853 err = -EINVAL; 854 break; 855 } 856 857 sec.level = rfcomm_pi(sk)->sec_level; 858 sec.key_size = 0; 859 860 len = min_t(unsigned int, len, sizeof(sec)); 861 if (copy_to_user(optval, (char *) &sec, len)) 862 err = -EFAULT; 863 864 break; 865 866 case BT_DEFER_SETUP: 867 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 868 err = -EINVAL; 869 break; 870 } 871 872 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 873 (u32 __user *) optval)) 874 err = -EFAULT; 875 876 break; 877 878 default: 879 err = -ENOPROTOOPT; 880 break; 881 } 882 883 release_sock(sk); 884 return err; 885 } 886 887 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 888 { 889 struct sock *sk __maybe_unused = sock->sk; 890 int err; 891 892 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 893 894 err = bt_sock_ioctl(sock, cmd, arg); 895 896 if (err == -ENOIOCTLCMD) { 897 #ifdef CONFIG_BT_RFCOMM_TTY 898 lock_sock(sk); 899 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 900 release_sock(sk); 901 #else 902 err = -EOPNOTSUPP; 903 #endif 904 } 905 906 return err; 907 } 908 909 #ifdef CONFIG_COMPAT 910 static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 911 { 912 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); 913 } 914 #endif 915 916 static int rfcomm_sock_shutdown(struct socket *sock, int how) 917 { 918 struct sock *sk = sock->sk; 919 int err = 0; 920 921 BT_DBG("sock %p, sk %p", sock, sk); 922 923 if (!sk) 924 return 0; 925 926 lock_sock(sk); 927 if (!sk->sk_shutdown) { 928 sk->sk_shutdown = SHUTDOWN_MASK; 929 __rfcomm_sock_close(sk); 930 931 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 932 !(current->flags & PF_EXITING)) 933 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 934 } 935 release_sock(sk); 936 return err; 937 } 938 939 static int rfcomm_sock_release(struct socket *sock) 940 { 941 struct sock *sk = sock->sk; 942 int err; 943 944 BT_DBG("sock %p, sk %p", sock, sk); 945 946 if (!sk) 947 return 0; 948 949 err = rfcomm_sock_shutdown(sock, 2); 950 951 sock_orphan(sk); 952 rfcomm_sock_kill(sk); 953 return err; 954 } 955 956 /* ---- RFCOMM core layer callbacks ---- 957 * 958 * called under rfcomm_lock() 959 */ 960 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 961 { 962 struct sock *sk, *parent; 963 bdaddr_t src, dst; 964 int result = 0; 965 966 BT_DBG("session %p channel %d", s, channel); 967 968 rfcomm_session_getaddr(s, &src, &dst); 969 970 /* Check if we have socket listening on channel */ 971 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 972 if (!parent) 973 return 0; 974 975 bh_lock_sock(parent); 976 977 /* Check for backlog size */ 978 if (sk_acceptq_is_full(parent)) { 979 BT_DBG("backlog full %d", parent->sk_ack_backlog); 980 goto done; 981 } 982 983 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 984 if (!sk) 985 goto done; 986 987 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 988 989 rfcomm_sock_init(sk, parent); 990 bacpy(&rfcomm_pi(sk)->src, &src); 991 bacpy(&rfcomm_pi(sk)->dst, &dst); 992 rfcomm_pi(sk)->channel = channel; 993 994 sk->sk_state = BT_CONFIG; 995 bt_accept_enqueue(parent, sk, true); 996 997 /* Accept connection and return socket DLC */ 998 *d = rfcomm_pi(sk)->dlc; 999 result = 1; 1000 1001 done: 1002 bh_unlock_sock(parent); 1003 1004 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1005 parent->sk_state_change(parent); 1006 1007 return result; 1008 } 1009 1010 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1011 { 1012 struct sock *sk; 1013 1014 read_lock(&rfcomm_sk_list.lock); 1015 1016 sk_for_each(sk, &rfcomm_sk_list.head) { 1017 seq_printf(f, "%pMR %pMR %d %d\n", 1018 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1019 sk->sk_state, rfcomm_pi(sk)->channel); 1020 } 1021 1022 read_unlock(&rfcomm_sk_list.lock); 1023 1024 return 0; 1025 } 1026 1027 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs); 1028 1029 static struct dentry *rfcomm_sock_debugfs; 1030 1031 static const struct proto_ops rfcomm_sock_ops = { 1032 .family = PF_BLUETOOTH, 1033 .owner = THIS_MODULE, 1034 .release = rfcomm_sock_release, 1035 .bind = rfcomm_sock_bind, 1036 .connect = rfcomm_sock_connect, 1037 .listen = rfcomm_sock_listen, 1038 .accept = rfcomm_sock_accept, 1039 .getname = rfcomm_sock_getname, 1040 .sendmsg = rfcomm_sock_sendmsg, 1041 .recvmsg = rfcomm_sock_recvmsg, 1042 .shutdown = rfcomm_sock_shutdown, 1043 .setsockopt = rfcomm_sock_setsockopt, 1044 .getsockopt = rfcomm_sock_getsockopt, 1045 .ioctl = rfcomm_sock_ioctl, 1046 .gettstamp = sock_gettstamp, 1047 .poll = bt_sock_poll, 1048 .socketpair = sock_no_socketpair, 1049 .mmap = sock_no_mmap, 1050 #ifdef CONFIG_COMPAT 1051 .compat_ioctl = rfcomm_sock_compat_ioctl, 1052 #endif 1053 }; 1054 1055 static const struct net_proto_family rfcomm_sock_family_ops = { 1056 .family = PF_BLUETOOTH, 1057 .owner = THIS_MODULE, 1058 .create = rfcomm_sock_create 1059 }; 1060 1061 int __init rfcomm_init_sockets(void) 1062 { 1063 int err; 1064 1065 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1066 1067 err = proto_register(&rfcomm_proto, 0); 1068 if (err < 0) 1069 return err; 1070 1071 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1072 if (err < 0) { 1073 BT_ERR("RFCOMM socket layer registration failed"); 1074 goto error; 1075 } 1076 1077 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1078 if (err < 0) { 1079 BT_ERR("Failed to create RFCOMM proc file"); 1080 bt_sock_unregister(BTPROTO_RFCOMM); 1081 goto error; 1082 } 1083 1084 BT_INFO("RFCOMM socket layer initialized"); 1085 1086 if (IS_ERR_OR_NULL(bt_debugfs)) 1087 return 0; 1088 1089 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1090 bt_debugfs, NULL, 1091 &rfcomm_sock_debugfs_fops); 1092 1093 return 0; 1094 1095 error: 1096 proto_unregister(&rfcomm_proto); 1097 return err; 1098 } 1099 1100 void __exit rfcomm_cleanup_sockets(void) 1101 { 1102 bt_procfs_cleanup(&init_net, "rfcomm"); 1103 1104 debugfs_remove(rfcomm_sock_debugfs); 1105 1106 bt_sock_unregister(BTPROTO_RFCOMM); 1107 1108 proto_unregister(&rfcomm_proto); 1109 } 1110