1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk, skb->len); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent, 0); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 91 sk->sk_state_change(sk); 92 } 93 94 bh_unlock_sock(sk); 95 local_irq_restore(flags); 96 97 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 98 /* We have to drop DLC lock here, otherwise 99 * rfcomm_sock_destruct() will dead lock. */ 100 rfcomm_dlc_unlock(d); 101 rfcomm_sock_kill(sk); 102 rfcomm_dlc_lock(d); 103 } 104 } 105 106 /* ---- Socket functions ---- */ 107 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 108 { 109 struct sock *sk = NULL; 110 111 sk_for_each(sk, &rfcomm_sk_list.head) { 112 if (rfcomm_pi(sk)->channel == channel && 113 !bacmp(&bt_sk(sk)->src, src)) 114 break; 115 } 116 117 return sk ? sk : NULL; 118 } 119 120 /* Find socket with channel and source bdaddr. 121 * Returns closest match. 122 */ 123 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 124 { 125 struct sock *sk = NULL, *sk1 = NULL; 126 127 read_lock(&rfcomm_sk_list.lock); 128 129 sk_for_each(sk, &rfcomm_sk_list.head) { 130 if (state && sk->sk_state != state) 131 continue; 132 133 if (rfcomm_pi(sk)->channel == channel) { 134 /* Exact match. */ 135 if (!bacmp(&bt_sk(sk)->src, src)) 136 break; 137 138 /* Closest match */ 139 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 140 sk1 = sk; 141 } 142 } 143 144 read_unlock(&rfcomm_sk_list.lock); 145 146 return sk ? sk : sk1; 147 } 148 149 static void rfcomm_sock_destruct(struct sock *sk) 150 { 151 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 152 153 BT_DBG("sk %p dlc %p", sk, d); 154 155 skb_queue_purge(&sk->sk_receive_queue); 156 skb_queue_purge(&sk->sk_write_queue); 157 158 rfcomm_dlc_lock(d); 159 rfcomm_pi(sk)->dlc = NULL; 160 161 /* Detach DLC if it's owned by this socket */ 162 if (d->owner == sk) 163 d->owner = NULL; 164 rfcomm_dlc_unlock(d); 165 166 rfcomm_dlc_put(d); 167 } 168 169 static void rfcomm_sock_cleanup_listen(struct sock *parent) 170 { 171 struct sock *sk; 172 173 BT_DBG("parent %p", parent); 174 175 /* Close not yet accepted dlcs */ 176 while ((sk = bt_accept_dequeue(parent, NULL))) { 177 rfcomm_sock_close(sk); 178 rfcomm_sock_kill(sk); 179 } 180 181 parent->sk_state = BT_CLOSED; 182 sock_set_flag(parent, SOCK_ZAPPED); 183 } 184 185 /* Kill socket (only if zapped and orphan) 186 * Must be called on unlocked socket. 187 */ 188 static void rfcomm_sock_kill(struct sock *sk) 189 { 190 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 191 return; 192 193 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 194 195 /* Kill poor orphan */ 196 bt_sock_unlink(&rfcomm_sk_list, sk); 197 sock_set_flag(sk, SOCK_DEAD); 198 sock_put(sk); 199 } 200 201 static void __rfcomm_sock_close(struct sock *sk) 202 { 203 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 204 205 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 206 207 switch (sk->sk_state) { 208 case BT_LISTEN: 209 rfcomm_sock_cleanup_listen(sk); 210 break; 211 212 case BT_CONNECT: 213 case BT_CONNECT2: 214 case BT_CONFIG: 215 case BT_CONNECTED: 216 rfcomm_dlc_close(d, 0); 217 218 default: 219 sock_set_flag(sk, SOCK_ZAPPED); 220 break; 221 } 222 } 223 224 /* Close socket. 225 * Must be called on unlocked socket. 226 */ 227 static void rfcomm_sock_close(struct sock *sk) 228 { 229 lock_sock(sk); 230 __rfcomm_sock_close(sk); 231 release_sock(sk); 232 } 233 234 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 235 { 236 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 237 238 BT_DBG("sk %p", sk); 239 240 if (parent) { 241 sk->sk_type = parent->sk_type; 242 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 243 &bt_sk(parent)->flags); 244 245 pi->sec_level = rfcomm_pi(parent)->sec_level; 246 pi->role_switch = rfcomm_pi(parent)->role_switch; 247 248 security_sk_clone(parent, sk); 249 } else { 250 pi->dlc->defer_setup = 0; 251 252 pi->sec_level = BT_SECURITY_LOW; 253 pi->role_switch = 0; 254 } 255 256 pi->dlc->sec_level = pi->sec_level; 257 pi->dlc->role_switch = pi->role_switch; 258 } 259 260 static struct proto rfcomm_proto = { 261 .name = "RFCOMM", 262 .owner = THIS_MODULE, 263 .obj_size = sizeof(struct rfcomm_pinfo) 264 }; 265 266 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 267 { 268 struct rfcomm_dlc *d; 269 struct sock *sk; 270 271 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 272 if (!sk) 273 return NULL; 274 275 sock_init_data(sock, sk); 276 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 277 278 d = rfcomm_dlc_alloc(prio); 279 if (!d) { 280 sk_free(sk); 281 return NULL; 282 } 283 284 d->data_ready = rfcomm_sk_data_ready; 285 d->state_change = rfcomm_sk_state_change; 286 287 rfcomm_pi(sk)->dlc = d; 288 d->owner = sk; 289 290 sk->sk_destruct = rfcomm_sock_destruct; 291 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 292 293 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 294 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 295 296 sock_reset_flag(sk, SOCK_ZAPPED); 297 298 sk->sk_protocol = proto; 299 sk->sk_state = BT_OPEN; 300 301 bt_sock_link(&rfcomm_sk_list, sk); 302 303 BT_DBG("sk %p", sk); 304 return sk; 305 } 306 307 static int rfcomm_sock_create(struct net *net, struct socket *sock, 308 int protocol, int kern) 309 { 310 struct sock *sk; 311 312 BT_DBG("sock %p", sock); 313 314 sock->state = SS_UNCONNECTED; 315 316 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 317 return -ESOCKTNOSUPPORT; 318 319 sock->ops = &rfcomm_sock_ops; 320 321 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 322 if (!sk) 323 return -ENOMEM; 324 325 rfcomm_sock_init(sk, NULL); 326 return 0; 327 } 328 329 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 330 { 331 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 332 struct sock *sk = sock->sk; 333 int err = 0; 334 335 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); 336 337 if (!addr || addr->sa_family != AF_BLUETOOTH) 338 return -EINVAL; 339 340 lock_sock(sk); 341 342 if (sk->sk_state != BT_OPEN) { 343 err = -EBADFD; 344 goto done; 345 } 346 347 if (sk->sk_type != SOCK_STREAM) { 348 err = -EINVAL; 349 goto done; 350 } 351 352 write_lock(&rfcomm_sk_list.lock); 353 354 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 355 err = -EADDRINUSE; 356 } else { 357 /* Save source address */ 358 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 359 rfcomm_pi(sk)->channel = sa->rc_channel; 360 sk->sk_state = BT_BOUND; 361 } 362 363 write_unlock(&rfcomm_sk_list.lock); 364 365 done: 366 release_sock(sk); 367 return err; 368 } 369 370 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 371 { 372 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 373 struct sock *sk = sock->sk; 374 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 375 int err = 0; 376 377 BT_DBG("sk %p", sk); 378 379 if (alen < sizeof(struct sockaddr_rc) || 380 addr->sa_family != AF_BLUETOOTH) 381 return -EINVAL; 382 383 lock_sock(sk); 384 385 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 386 err = -EBADFD; 387 goto done; 388 } 389 390 if (sk->sk_type != SOCK_STREAM) { 391 err = -EINVAL; 392 goto done; 393 } 394 395 sk->sk_state = BT_CONNECT; 396 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 397 rfcomm_pi(sk)->channel = sa->rc_channel; 398 399 d->sec_level = rfcomm_pi(sk)->sec_level; 400 d->role_switch = rfcomm_pi(sk)->role_switch; 401 402 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 403 if (!err) 404 err = bt_sock_wait_state(sk, BT_CONNECTED, 405 sock_sndtimeo(sk, flags & O_NONBLOCK)); 406 407 done: 408 release_sock(sk); 409 return err; 410 } 411 412 static int rfcomm_sock_listen(struct socket *sock, int backlog) 413 { 414 struct sock *sk = sock->sk; 415 int err = 0; 416 417 BT_DBG("sk %p backlog %d", sk, backlog); 418 419 lock_sock(sk); 420 421 if (sk->sk_state != BT_BOUND) { 422 err = -EBADFD; 423 goto done; 424 } 425 426 if (sk->sk_type != SOCK_STREAM) { 427 err = -EINVAL; 428 goto done; 429 } 430 431 if (!rfcomm_pi(sk)->channel) { 432 bdaddr_t *src = &bt_sk(sk)->src; 433 u8 channel; 434 435 err = -EINVAL; 436 437 write_lock(&rfcomm_sk_list.lock); 438 439 for (channel = 1; channel < 31; channel++) 440 if (!__rfcomm_get_sock_by_addr(channel, src)) { 441 rfcomm_pi(sk)->channel = channel; 442 err = 0; 443 break; 444 } 445 446 write_unlock(&rfcomm_sk_list.lock); 447 448 if (err < 0) 449 goto done; 450 } 451 452 sk->sk_max_ack_backlog = backlog; 453 sk->sk_ack_backlog = 0; 454 sk->sk_state = BT_LISTEN; 455 456 done: 457 release_sock(sk); 458 return err; 459 } 460 461 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 462 { 463 DECLARE_WAITQUEUE(wait, current); 464 struct sock *sk = sock->sk, *nsk; 465 long timeo; 466 int err = 0; 467 468 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 469 470 if (sk->sk_type != SOCK_STREAM) { 471 err = -EINVAL; 472 goto done; 473 } 474 475 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 476 477 BT_DBG("sk %p timeo %ld", sk, timeo); 478 479 /* Wait for an incoming connection. (wake-one). */ 480 add_wait_queue_exclusive(sk_sleep(sk), &wait); 481 while (1) { 482 set_current_state(TASK_INTERRUPTIBLE); 483 484 if (sk->sk_state != BT_LISTEN) { 485 err = -EBADFD; 486 break; 487 } 488 489 nsk = bt_accept_dequeue(sk, newsock); 490 if (nsk) 491 break; 492 493 if (!timeo) { 494 err = -EAGAIN; 495 break; 496 } 497 498 if (signal_pending(current)) { 499 err = sock_intr_errno(timeo); 500 break; 501 } 502 503 release_sock(sk); 504 timeo = schedule_timeout(timeo); 505 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 506 } 507 __set_current_state(TASK_RUNNING); 508 remove_wait_queue(sk_sleep(sk), &wait); 509 510 if (err) 511 goto done; 512 513 newsock->state = SS_CONNECTED; 514 515 BT_DBG("new socket %p", nsk); 516 517 done: 518 release_sock(sk); 519 return err; 520 } 521 522 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 523 { 524 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 525 struct sock *sk = sock->sk; 526 527 BT_DBG("sock %p, sk %p", sock, sk); 528 529 memset(sa, 0, sizeof(*sa)); 530 sa->rc_family = AF_BLUETOOTH; 531 sa->rc_channel = rfcomm_pi(sk)->channel; 532 if (peer) 533 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 534 else 535 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 536 537 *len = sizeof(struct sockaddr_rc); 538 return 0; 539 } 540 541 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 542 struct msghdr *msg, size_t len) 543 { 544 struct sock *sk = sock->sk; 545 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 546 struct sk_buff *skb; 547 int sent = 0; 548 549 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 550 return -ENOTCONN; 551 552 if (msg->msg_flags & MSG_OOB) 553 return -EOPNOTSUPP; 554 555 if (sk->sk_shutdown & SEND_SHUTDOWN) 556 return -EPIPE; 557 558 BT_DBG("sock %p, sk %p", sock, sk); 559 560 lock_sock(sk); 561 562 while (len) { 563 size_t size = min_t(size_t, len, d->mtu); 564 int err; 565 566 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 567 msg->msg_flags & MSG_DONTWAIT, &err); 568 if (!skb) { 569 if (sent == 0) 570 sent = err; 571 break; 572 } 573 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 574 575 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 576 if (err) { 577 kfree_skb(skb); 578 if (sent == 0) 579 sent = err; 580 break; 581 } 582 583 skb->priority = sk->sk_priority; 584 585 err = rfcomm_dlc_send(d, skb); 586 if (err < 0) { 587 kfree_skb(skb); 588 if (sent == 0) 589 sent = err; 590 break; 591 } 592 593 sent += size; 594 len -= size; 595 } 596 597 release_sock(sk); 598 599 return sent; 600 } 601 602 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 603 struct msghdr *msg, size_t size, int flags) 604 { 605 struct sock *sk = sock->sk; 606 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 607 int len; 608 609 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 610 rfcomm_dlc_accept(d); 611 return 0; 612 } 613 614 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 615 616 lock_sock(sk); 617 if (!(flags & MSG_PEEK) && len > 0) 618 atomic_sub(len, &sk->sk_rmem_alloc); 619 620 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 621 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 622 release_sock(sk); 623 624 return len; 625 } 626 627 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 628 { 629 struct sock *sk = sock->sk; 630 int err = 0; 631 u32 opt; 632 633 BT_DBG("sk %p", sk); 634 635 lock_sock(sk); 636 637 switch (optname) { 638 case RFCOMM_LM: 639 if (get_user(opt, (u32 __user *) optval)) { 640 err = -EFAULT; 641 break; 642 } 643 644 if (opt & RFCOMM_LM_AUTH) 645 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 646 if (opt & RFCOMM_LM_ENCRYPT) 647 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 648 if (opt & RFCOMM_LM_SECURE) 649 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 650 651 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 652 break; 653 654 default: 655 err = -ENOPROTOOPT; 656 break; 657 } 658 659 release_sock(sk); 660 return err; 661 } 662 663 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 664 { 665 struct sock *sk = sock->sk; 666 struct bt_security sec; 667 int err = 0; 668 size_t len; 669 u32 opt; 670 671 BT_DBG("sk %p", sk); 672 673 if (level == SOL_RFCOMM) 674 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 675 676 if (level != SOL_BLUETOOTH) 677 return -ENOPROTOOPT; 678 679 lock_sock(sk); 680 681 switch (optname) { 682 case BT_SECURITY: 683 if (sk->sk_type != SOCK_STREAM) { 684 err = -EINVAL; 685 break; 686 } 687 688 sec.level = BT_SECURITY_LOW; 689 690 len = min_t(unsigned int, sizeof(sec), optlen); 691 if (copy_from_user((char *) &sec, optval, len)) { 692 err = -EFAULT; 693 break; 694 } 695 696 if (sec.level > BT_SECURITY_HIGH) { 697 err = -EINVAL; 698 break; 699 } 700 701 rfcomm_pi(sk)->sec_level = sec.level; 702 break; 703 704 case BT_DEFER_SETUP: 705 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 706 err = -EINVAL; 707 break; 708 } 709 710 if (get_user(opt, (u32 __user *) optval)) { 711 err = -EFAULT; 712 break; 713 } 714 715 if (opt) 716 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 717 else 718 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 719 720 break; 721 722 default: 723 err = -ENOPROTOOPT; 724 break; 725 } 726 727 release_sock(sk); 728 return err; 729 } 730 731 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 732 { 733 struct sock *sk = sock->sk; 734 struct rfcomm_conninfo cinfo; 735 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 736 int len, err = 0; 737 u32 opt; 738 739 BT_DBG("sk %p", sk); 740 741 if (get_user(len, optlen)) 742 return -EFAULT; 743 744 lock_sock(sk); 745 746 switch (optname) { 747 case RFCOMM_LM: 748 switch (rfcomm_pi(sk)->sec_level) { 749 case BT_SECURITY_LOW: 750 opt = RFCOMM_LM_AUTH; 751 break; 752 case BT_SECURITY_MEDIUM: 753 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 754 break; 755 case BT_SECURITY_HIGH: 756 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 757 RFCOMM_LM_SECURE; 758 break; 759 default: 760 opt = 0; 761 break; 762 } 763 764 if (rfcomm_pi(sk)->role_switch) 765 opt |= RFCOMM_LM_MASTER; 766 767 if (put_user(opt, (u32 __user *) optval)) 768 err = -EFAULT; 769 break; 770 771 case RFCOMM_CONNINFO: 772 if (sk->sk_state != BT_CONNECTED && 773 !rfcomm_pi(sk)->dlc->defer_setup) { 774 err = -ENOTCONN; 775 break; 776 } 777 778 memset(&cinfo, 0, sizeof(cinfo)); 779 cinfo.hci_handle = conn->hcon->handle; 780 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 781 782 len = min_t(unsigned int, len, sizeof(cinfo)); 783 if (copy_to_user(optval, (char *) &cinfo, len)) 784 err = -EFAULT; 785 786 break; 787 788 default: 789 err = -ENOPROTOOPT; 790 break; 791 } 792 793 release_sock(sk); 794 return err; 795 } 796 797 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 798 { 799 struct sock *sk = sock->sk; 800 struct bt_security sec; 801 int len, err = 0; 802 803 BT_DBG("sk %p", sk); 804 805 if (level == SOL_RFCOMM) 806 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 807 808 if (level != SOL_BLUETOOTH) 809 return -ENOPROTOOPT; 810 811 if (get_user(len, optlen)) 812 return -EFAULT; 813 814 lock_sock(sk); 815 816 switch (optname) { 817 case BT_SECURITY: 818 if (sk->sk_type != SOCK_STREAM) { 819 err = -EINVAL; 820 break; 821 } 822 823 sec.level = rfcomm_pi(sk)->sec_level; 824 sec.key_size = 0; 825 826 len = min_t(unsigned int, len, sizeof(sec)); 827 if (copy_to_user(optval, (char *) &sec, len)) 828 err = -EFAULT; 829 830 break; 831 832 case BT_DEFER_SETUP: 833 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 834 err = -EINVAL; 835 break; 836 } 837 838 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 839 (u32 __user *) optval)) 840 err = -EFAULT; 841 842 break; 843 844 default: 845 err = -ENOPROTOOPT; 846 break; 847 } 848 849 release_sock(sk); 850 return err; 851 } 852 853 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 854 { 855 struct sock *sk __maybe_unused = sock->sk; 856 int err; 857 858 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 859 860 err = bt_sock_ioctl(sock, cmd, arg); 861 862 if (err == -ENOIOCTLCMD) { 863 #ifdef CONFIG_BT_RFCOMM_TTY 864 lock_sock(sk); 865 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 866 release_sock(sk); 867 #else 868 err = -EOPNOTSUPP; 869 #endif 870 } 871 872 return err; 873 } 874 875 static int rfcomm_sock_shutdown(struct socket *sock, int how) 876 { 877 struct sock *sk = sock->sk; 878 int err = 0; 879 880 BT_DBG("sock %p, sk %p", sock, sk); 881 882 if (!sk) 883 return 0; 884 885 lock_sock(sk); 886 if (!sk->sk_shutdown) { 887 sk->sk_shutdown = SHUTDOWN_MASK; 888 __rfcomm_sock_close(sk); 889 890 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 891 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 892 } 893 release_sock(sk); 894 return err; 895 } 896 897 static int rfcomm_sock_release(struct socket *sock) 898 { 899 struct sock *sk = sock->sk; 900 int err; 901 902 BT_DBG("sock %p, sk %p", sock, sk); 903 904 if (!sk) 905 return 0; 906 907 err = rfcomm_sock_shutdown(sock, 2); 908 909 sock_orphan(sk); 910 rfcomm_sock_kill(sk); 911 return err; 912 } 913 914 /* ---- RFCOMM core layer callbacks ---- 915 * 916 * called under rfcomm_lock() 917 */ 918 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 919 { 920 struct sock *sk, *parent; 921 bdaddr_t src, dst; 922 int result = 0; 923 924 BT_DBG("session %p channel %d", s, channel); 925 926 rfcomm_session_getaddr(s, &src, &dst); 927 928 /* Check if we have socket listening on channel */ 929 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 930 if (!parent) 931 return 0; 932 933 bh_lock_sock(parent); 934 935 /* Check for backlog size */ 936 if (sk_acceptq_is_full(parent)) { 937 BT_DBG("backlog full %d", parent->sk_ack_backlog); 938 goto done; 939 } 940 941 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 942 if (!sk) 943 goto done; 944 945 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 946 947 rfcomm_sock_init(sk, parent); 948 bacpy(&bt_sk(sk)->src, &src); 949 bacpy(&bt_sk(sk)->dst, &dst); 950 rfcomm_pi(sk)->channel = channel; 951 952 sk->sk_state = BT_CONFIG; 953 bt_accept_enqueue(parent, sk); 954 955 /* Accept connection and return socket DLC */ 956 *d = rfcomm_pi(sk)->dlc; 957 result = 1; 958 959 done: 960 bh_unlock_sock(parent); 961 962 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 963 parent->sk_state_change(parent); 964 965 return result; 966 } 967 968 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 969 { 970 struct sock *sk; 971 972 read_lock(&rfcomm_sk_list.lock); 973 974 sk_for_each(sk, &rfcomm_sk_list.head) { 975 seq_printf(f, "%pMR %pMR %d %d\n", 976 &bt_sk(sk)->src, &bt_sk(sk)->dst, 977 sk->sk_state, rfcomm_pi(sk)->channel); 978 } 979 980 read_unlock(&rfcomm_sk_list.lock); 981 982 return 0; 983 } 984 985 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 986 { 987 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 988 } 989 990 static const struct file_operations rfcomm_sock_debugfs_fops = { 991 .open = rfcomm_sock_debugfs_open, 992 .read = seq_read, 993 .llseek = seq_lseek, 994 .release = single_release, 995 }; 996 997 static struct dentry *rfcomm_sock_debugfs; 998 999 static const struct proto_ops rfcomm_sock_ops = { 1000 .family = PF_BLUETOOTH, 1001 .owner = THIS_MODULE, 1002 .release = rfcomm_sock_release, 1003 .bind = rfcomm_sock_bind, 1004 .connect = rfcomm_sock_connect, 1005 .listen = rfcomm_sock_listen, 1006 .accept = rfcomm_sock_accept, 1007 .getname = rfcomm_sock_getname, 1008 .sendmsg = rfcomm_sock_sendmsg, 1009 .recvmsg = rfcomm_sock_recvmsg, 1010 .shutdown = rfcomm_sock_shutdown, 1011 .setsockopt = rfcomm_sock_setsockopt, 1012 .getsockopt = rfcomm_sock_getsockopt, 1013 .ioctl = rfcomm_sock_ioctl, 1014 .poll = bt_sock_poll, 1015 .socketpair = sock_no_socketpair, 1016 .mmap = sock_no_mmap 1017 }; 1018 1019 static const struct net_proto_family rfcomm_sock_family_ops = { 1020 .family = PF_BLUETOOTH, 1021 .owner = THIS_MODULE, 1022 .create = rfcomm_sock_create 1023 }; 1024 1025 int __init rfcomm_init_sockets(void) 1026 { 1027 int err; 1028 1029 err = proto_register(&rfcomm_proto, 0); 1030 if (err < 0) 1031 return err; 1032 1033 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1034 if (err < 0) { 1035 BT_ERR("RFCOMM socket layer registration failed"); 1036 goto error; 1037 } 1038 1039 err = bt_procfs_init(THIS_MODULE, &init_net, "rfcomm", &rfcomm_sk_list, NULL); 1040 if (err < 0) { 1041 BT_ERR("Failed to create RFCOMM proc file"); 1042 bt_sock_unregister(BTPROTO_RFCOMM); 1043 goto error; 1044 } 1045 1046 if (bt_debugfs) { 1047 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1048 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1049 if (!rfcomm_sock_debugfs) 1050 BT_ERR("Failed to create RFCOMM debug file"); 1051 } 1052 1053 BT_INFO("RFCOMM socket layer initialized"); 1054 1055 return 0; 1056 1057 error: 1058 proto_unregister(&rfcomm_proto); 1059 return err; 1060 } 1061 1062 void __exit rfcomm_cleanup_sockets(void) 1063 { 1064 bt_procfs_cleanup(&init_net, "rfcomm"); 1065 1066 debugfs_remove(rfcomm_sock_debugfs); 1067 1068 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1069 BT_ERR("RFCOMM socket layer unregistration failed"); 1070 1071 proto_unregister(&rfcomm_proto); 1072 } 1073