1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <linux/debugfs.h> 44 #include <linux/seq_file.h> 45 #include <linux/security.h> 46 #include <net/sock.h> 47 48 #include <linux/uaccess.h> 49 50 #include <net/bluetooth/bluetooth.h> 51 #include <net/bluetooth/hci_core.h> 52 #include <net/bluetooth/l2cap.h> 53 #include <net/bluetooth/rfcomm.h> 54 55 static const struct proto_ops rfcomm_sock_ops; 56 57 static struct bt_sock_list rfcomm_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 59 }; 60 61 static void rfcomm_sock_close(struct sock *sk); 62 static void rfcomm_sock_kill(struct sock *sk); 63 64 /* ---- DLC callbacks ---- 65 * 66 * called under rfcomm_dlc_lock() 67 */ 68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 69 { 70 struct sock *sk = d->owner; 71 if (!sk) 72 return; 73 74 atomic_add(skb->len, &sk->sk_rmem_alloc); 75 skb_queue_tail(&sk->sk_receive_queue, skb); 76 sk->sk_data_ready(sk, skb->len); 77 78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 79 rfcomm_dlc_throttle(d); 80 } 81 82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 83 { 84 struct sock *sk = d->owner, *parent; 85 unsigned long flags; 86 87 if (!sk) 88 return; 89 90 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 91 92 local_irq_save(flags); 93 bh_lock_sock(sk); 94 95 if (err) 96 sk->sk_err = err; 97 98 sk->sk_state = d->state; 99 100 parent = bt_sk(sk)->parent; 101 if (parent) { 102 if (d->state == BT_CLOSED) { 103 sock_set_flag(sk, SOCK_ZAPPED); 104 bt_accept_unlink(sk); 105 } 106 parent->sk_data_ready(parent, 0); 107 } else { 108 if (d->state == BT_CONNECTED) 109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 110 sk->sk_state_change(sk); 111 } 112 113 bh_unlock_sock(sk); 114 local_irq_restore(flags); 115 116 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 117 /* We have to drop DLC lock here, otherwise 118 * rfcomm_sock_destruct() will dead lock. */ 119 rfcomm_dlc_unlock(d); 120 rfcomm_sock_kill(sk); 121 rfcomm_dlc_lock(d); 122 } 123 } 124 125 /* ---- Socket functions ---- */ 126 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 127 { 128 struct sock *sk = NULL; 129 struct hlist_node *node; 130 131 sk_for_each(sk, node, &rfcomm_sk_list.head) { 132 if (rfcomm_pi(sk)->channel == channel && 133 !bacmp(&bt_sk(sk)->src, src)) 134 break; 135 } 136 137 return node ? sk : NULL; 138 } 139 140 /* Find socket with channel and source bdaddr. 141 * Returns closest match. 142 */ 143 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 144 { 145 struct sock *sk = NULL, *sk1 = NULL; 146 struct hlist_node *node; 147 148 read_lock(&rfcomm_sk_list.lock); 149 150 sk_for_each(sk, node, &rfcomm_sk_list.head) { 151 if (state && sk->sk_state != state) 152 continue; 153 154 if (rfcomm_pi(sk)->channel == channel) { 155 /* Exact match. */ 156 if (!bacmp(&bt_sk(sk)->src, src)) 157 break; 158 159 /* Closest match */ 160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 161 sk1 = sk; 162 } 163 } 164 165 read_unlock(&rfcomm_sk_list.lock); 166 167 return node ? sk : sk1; 168 } 169 170 static void rfcomm_sock_destruct(struct sock *sk) 171 { 172 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 173 174 BT_DBG("sk %p dlc %p", sk, d); 175 176 skb_queue_purge(&sk->sk_receive_queue); 177 skb_queue_purge(&sk->sk_write_queue); 178 179 rfcomm_dlc_lock(d); 180 rfcomm_pi(sk)->dlc = NULL; 181 182 /* Detach DLC if it's owned by this socket */ 183 if (d->owner == sk) 184 d->owner = NULL; 185 rfcomm_dlc_unlock(d); 186 187 rfcomm_dlc_put(d); 188 } 189 190 static void rfcomm_sock_cleanup_listen(struct sock *parent) 191 { 192 struct sock *sk; 193 194 BT_DBG("parent %p", parent); 195 196 /* Close not yet accepted dlcs */ 197 while ((sk = bt_accept_dequeue(parent, NULL))) { 198 rfcomm_sock_close(sk); 199 rfcomm_sock_kill(sk); 200 } 201 202 parent->sk_state = BT_CLOSED; 203 sock_set_flag(parent, SOCK_ZAPPED); 204 } 205 206 /* Kill socket (only if zapped and orphan) 207 * Must be called on unlocked socket. 208 */ 209 static void rfcomm_sock_kill(struct sock *sk) 210 { 211 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 212 return; 213 214 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 215 216 /* Kill poor orphan */ 217 bt_sock_unlink(&rfcomm_sk_list, sk); 218 sock_set_flag(sk, SOCK_DEAD); 219 sock_put(sk); 220 } 221 222 static void __rfcomm_sock_close(struct sock *sk) 223 { 224 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 225 226 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 227 228 switch (sk->sk_state) { 229 case BT_LISTEN: 230 rfcomm_sock_cleanup_listen(sk); 231 break; 232 233 case BT_CONNECT: 234 case BT_CONNECT2: 235 case BT_CONFIG: 236 case BT_CONNECTED: 237 rfcomm_dlc_close(d, 0); 238 239 default: 240 sock_set_flag(sk, SOCK_ZAPPED); 241 break; 242 } 243 } 244 245 /* Close socket. 246 * Must be called on unlocked socket. 247 */ 248 static void rfcomm_sock_close(struct sock *sk) 249 { 250 lock_sock(sk); 251 __rfcomm_sock_close(sk); 252 release_sock(sk); 253 } 254 255 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 256 { 257 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 258 259 BT_DBG("sk %p", sk); 260 261 if (parent) { 262 sk->sk_type = parent->sk_type; 263 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 264 265 pi->sec_level = rfcomm_pi(parent)->sec_level; 266 pi->role_switch = rfcomm_pi(parent)->role_switch; 267 268 security_sk_clone(parent, sk); 269 } else { 270 pi->dlc->defer_setup = 0; 271 272 pi->sec_level = BT_SECURITY_LOW; 273 pi->role_switch = 0; 274 } 275 276 pi->dlc->sec_level = pi->sec_level; 277 pi->dlc->role_switch = pi->role_switch; 278 } 279 280 static struct proto rfcomm_proto = { 281 .name = "RFCOMM", 282 .owner = THIS_MODULE, 283 .obj_size = sizeof(struct rfcomm_pinfo) 284 }; 285 286 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 287 { 288 struct rfcomm_dlc *d; 289 struct sock *sk; 290 291 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 292 if (!sk) 293 return NULL; 294 295 sock_init_data(sock, sk); 296 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 297 298 d = rfcomm_dlc_alloc(prio); 299 if (!d) { 300 sk_free(sk); 301 return NULL; 302 } 303 304 d->data_ready = rfcomm_sk_data_ready; 305 d->state_change = rfcomm_sk_state_change; 306 307 rfcomm_pi(sk)->dlc = d; 308 d->owner = sk; 309 310 sk->sk_destruct = rfcomm_sock_destruct; 311 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 312 313 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 314 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 316 sock_reset_flag(sk, SOCK_ZAPPED); 317 318 sk->sk_protocol = proto; 319 sk->sk_state = BT_OPEN; 320 321 bt_sock_link(&rfcomm_sk_list, sk); 322 323 BT_DBG("sk %p", sk); 324 return sk; 325 } 326 327 static int rfcomm_sock_create(struct net *net, struct socket *sock, 328 int protocol, int kern) 329 { 330 struct sock *sk; 331 332 BT_DBG("sock %p", sock); 333 334 sock->state = SS_UNCONNECTED; 335 336 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 337 return -ESOCKTNOSUPPORT; 338 339 sock->ops = &rfcomm_sock_ops; 340 341 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 342 if (!sk) 343 return -ENOMEM; 344 345 rfcomm_sock_init(sk, NULL); 346 return 0; 347 } 348 349 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 350 { 351 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 352 struct sock *sk = sock->sk; 353 int err = 0; 354 355 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 356 357 if (!addr || addr->sa_family != AF_BLUETOOTH) 358 return -EINVAL; 359 360 lock_sock(sk); 361 362 if (sk->sk_state != BT_OPEN) { 363 err = -EBADFD; 364 goto done; 365 } 366 367 if (sk->sk_type != SOCK_STREAM) { 368 err = -EINVAL; 369 goto done; 370 } 371 372 write_lock(&rfcomm_sk_list.lock); 373 374 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 375 err = -EADDRINUSE; 376 } else { 377 /* Save source address */ 378 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 379 rfcomm_pi(sk)->channel = sa->rc_channel; 380 sk->sk_state = BT_BOUND; 381 } 382 383 write_unlock(&rfcomm_sk_list.lock); 384 385 done: 386 release_sock(sk); 387 return err; 388 } 389 390 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 391 { 392 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 393 struct sock *sk = sock->sk; 394 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 395 int err = 0; 396 397 BT_DBG("sk %p", sk); 398 399 if (alen < sizeof(struct sockaddr_rc) || 400 addr->sa_family != AF_BLUETOOTH) 401 return -EINVAL; 402 403 lock_sock(sk); 404 405 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 406 err = -EBADFD; 407 goto done; 408 } 409 410 if (sk->sk_type != SOCK_STREAM) { 411 err = -EINVAL; 412 goto done; 413 } 414 415 sk->sk_state = BT_CONNECT; 416 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 417 rfcomm_pi(sk)->channel = sa->rc_channel; 418 419 d->sec_level = rfcomm_pi(sk)->sec_level; 420 d->role_switch = rfcomm_pi(sk)->role_switch; 421 422 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 423 if (!err) 424 err = bt_sock_wait_state(sk, BT_CONNECTED, 425 sock_sndtimeo(sk, flags & O_NONBLOCK)); 426 427 done: 428 release_sock(sk); 429 return err; 430 } 431 432 static int rfcomm_sock_listen(struct socket *sock, int backlog) 433 { 434 struct sock *sk = sock->sk; 435 int err = 0; 436 437 BT_DBG("sk %p backlog %d", sk, backlog); 438 439 lock_sock(sk); 440 441 if (sk->sk_state != BT_BOUND) { 442 err = -EBADFD; 443 goto done; 444 } 445 446 if (sk->sk_type != SOCK_STREAM) { 447 err = -EINVAL; 448 goto done; 449 } 450 451 if (!rfcomm_pi(sk)->channel) { 452 bdaddr_t *src = &bt_sk(sk)->src; 453 u8 channel; 454 455 err = -EINVAL; 456 457 write_lock(&rfcomm_sk_list.lock); 458 459 for (channel = 1; channel < 31; channel++) 460 if (!__rfcomm_get_sock_by_addr(channel, src)) { 461 rfcomm_pi(sk)->channel = channel; 462 err = 0; 463 break; 464 } 465 466 write_unlock(&rfcomm_sk_list.lock); 467 468 if (err < 0) 469 goto done; 470 } 471 472 sk->sk_max_ack_backlog = backlog; 473 sk->sk_ack_backlog = 0; 474 sk->sk_state = BT_LISTEN; 475 476 done: 477 release_sock(sk); 478 return err; 479 } 480 481 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 482 { 483 DECLARE_WAITQUEUE(wait, current); 484 struct sock *sk = sock->sk, *nsk; 485 long timeo; 486 int err = 0; 487 488 lock_sock(sk); 489 490 if (sk->sk_type != SOCK_STREAM) { 491 err = -EINVAL; 492 goto done; 493 } 494 495 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 496 497 BT_DBG("sk %p timeo %ld", sk, timeo); 498 499 /* Wait for an incoming connection. (wake-one). */ 500 add_wait_queue_exclusive(sk_sleep(sk), &wait); 501 while (1) { 502 set_current_state(TASK_INTERRUPTIBLE); 503 504 if (sk->sk_state != BT_LISTEN) { 505 err = -EBADFD; 506 break; 507 } 508 509 nsk = bt_accept_dequeue(sk, newsock); 510 if (nsk) 511 break; 512 513 if (!timeo) { 514 err = -EAGAIN; 515 break; 516 } 517 518 if (signal_pending(current)) { 519 err = sock_intr_errno(timeo); 520 break; 521 } 522 523 release_sock(sk); 524 timeo = schedule_timeout(timeo); 525 lock_sock(sk); 526 } 527 __set_current_state(TASK_RUNNING); 528 remove_wait_queue(sk_sleep(sk), &wait); 529 530 if (err) 531 goto done; 532 533 newsock->state = SS_CONNECTED; 534 535 BT_DBG("new socket %p", nsk); 536 537 done: 538 release_sock(sk); 539 return err; 540 } 541 542 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 543 { 544 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 545 struct sock *sk = sock->sk; 546 547 BT_DBG("sock %p, sk %p", sock, sk); 548 549 sa->rc_family = AF_BLUETOOTH; 550 sa->rc_channel = rfcomm_pi(sk)->channel; 551 if (peer) 552 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 553 else 554 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 555 556 *len = sizeof(struct sockaddr_rc); 557 return 0; 558 } 559 560 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 561 struct msghdr *msg, size_t len) 562 { 563 struct sock *sk = sock->sk; 564 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 565 struct sk_buff *skb; 566 int sent = 0; 567 568 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 569 return -ENOTCONN; 570 571 if (msg->msg_flags & MSG_OOB) 572 return -EOPNOTSUPP; 573 574 if (sk->sk_shutdown & SEND_SHUTDOWN) 575 return -EPIPE; 576 577 BT_DBG("sock %p, sk %p", sock, sk); 578 579 lock_sock(sk); 580 581 while (len) { 582 size_t size = min_t(size_t, len, d->mtu); 583 int err; 584 585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 586 msg->msg_flags & MSG_DONTWAIT, &err); 587 if (!skb) { 588 if (sent == 0) 589 sent = err; 590 break; 591 } 592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 593 594 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 595 if (err) { 596 kfree_skb(skb); 597 if (sent == 0) 598 sent = err; 599 break; 600 } 601 602 skb->priority = sk->sk_priority; 603 604 err = rfcomm_dlc_send(d, skb); 605 if (err < 0) { 606 kfree_skb(skb); 607 if (sent == 0) 608 sent = err; 609 break; 610 } 611 612 sent += size; 613 len -= size; 614 } 615 616 release_sock(sk); 617 618 return sent; 619 } 620 621 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 622 struct msghdr *msg, size_t size, int flags) 623 { 624 struct sock *sk = sock->sk; 625 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 626 int len; 627 628 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 629 rfcomm_dlc_accept(d); 630 return 0; 631 } 632 633 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 634 635 lock_sock(sk); 636 if (!(flags & MSG_PEEK) && len > 0) 637 atomic_sub(len, &sk->sk_rmem_alloc); 638 639 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 640 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 641 release_sock(sk); 642 643 return len; 644 } 645 646 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 647 { 648 struct sock *sk = sock->sk; 649 int err = 0; 650 u32 opt; 651 652 BT_DBG("sk %p", sk); 653 654 lock_sock(sk); 655 656 switch (optname) { 657 case RFCOMM_LM: 658 if (get_user(opt, (u32 __user *) optval)) { 659 err = -EFAULT; 660 break; 661 } 662 663 if (opt & RFCOMM_LM_AUTH) 664 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 665 if (opt & RFCOMM_LM_ENCRYPT) 666 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 667 if (opt & RFCOMM_LM_SECURE) 668 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 669 670 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 671 break; 672 673 default: 674 err = -ENOPROTOOPT; 675 break; 676 } 677 678 release_sock(sk); 679 return err; 680 } 681 682 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 683 { 684 struct sock *sk = sock->sk; 685 struct bt_security sec; 686 int err = 0; 687 size_t len; 688 u32 opt; 689 690 BT_DBG("sk %p", sk); 691 692 if (level == SOL_RFCOMM) 693 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 694 695 if (level != SOL_BLUETOOTH) 696 return -ENOPROTOOPT; 697 698 lock_sock(sk); 699 700 switch (optname) { 701 case BT_SECURITY: 702 if (sk->sk_type != SOCK_STREAM) { 703 err = -EINVAL; 704 break; 705 } 706 707 sec.level = BT_SECURITY_LOW; 708 709 len = min_t(unsigned int, sizeof(sec), optlen); 710 if (copy_from_user((char *) &sec, optval, len)) { 711 err = -EFAULT; 712 break; 713 } 714 715 if (sec.level > BT_SECURITY_HIGH) { 716 err = -EINVAL; 717 break; 718 } 719 720 rfcomm_pi(sk)->sec_level = sec.level; 721 break; 722 723 case BT_DEFER_SETUP: 724 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 725 err = -EINVAL; 726 break; 727 } 728 729 if (get_user(opt, (u32 __user *) optval)) { 730 err = -EFAULT; 731 break; 732 } 733 734 bt_sk(sk)->defer_setup = opt; 735 break; 736 737 default: 738 err = -ENOPROTOOPT; 739 break; 740 } 741 742 release_sock(sk); 743 return err; 744 } 745 746 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 747 { 748 struct sock *sk = sock->sk; 749 struct rfcomm_conninfo cinfo; 750 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 751 int len, err = 0; 752 u32 opt; 753 754 BT_DBG("sk %p", sk); 755 756 if (get_user(len, optlen)) 757 return -EFAULT; 758 759 lock_sock(sk); 760 761 switch (optname) { 762 case RFCOMM_LM: 763 switch (rfcomm_pi(sk)->sec_level) { 764 case BT_SECURITY_LOW: 765 opt = RFCOMM_LM_AUTH; 766 break; 767 case BT_SECURITY_MEDIUM: 768 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 769 break; 770 case BT_SECURITY_HIGH: 771 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 772 RFCOMM_LM_SECURE; 773 break; 774 default: 775 opt = 0; 776 break; 777 } 778 779 if (rfcomm_pi(sk)->role_switch) 780 opt |= RFCOMM_LM_MASTER; 781 782 if (put_user(opt, (u32 __user *) optval)) 783 err = -EFAULT; 784 break; 785 786 case RFCOMM_CONNINFO: 787 if (sk->sk_state != BT_CONNECTED && 788 !rfcomm_pi(sk)->dlc->defer_setup) { 789 err = -ENOTCONN; 790 break; 791 } 792 793 memset(&cinfo, 0, sizeof(cinfo)); 794 cinfo.hci_handle = conn->hcon->handle; 795 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 796 797 len = min_t(unsigned int, len, sizeof(cinfo)); 798 if (copy_to_user(optval, (char *) &cinfo, len)) 799 err = -EFAULT; 800 801 break; 802 803 default: 804 err = -ENOPROTOOPT; 805 break; 806 } 807 808 release_sock(sk); 809 return err; 810 } 811 812 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 813 { 814 struct sock *sk = sock->sk; 815 struct bt_security sec; 816 int len, err = 0; 817 818 BT_DBG("sk %p", sk); 819 820 if (level == SOL_RFCOMM) 821 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 822 823 if (level != SOL_BLUETOOTH) 824 return -ENOPROTOOPT; 825 826 if (get_user(len, optlen)) 827 return -EFAULT; 828 829 lock_sock(sk); 830 831 switch (optname) { 832 case BT_SECURITY: 833 if (sk->sk_type != SOCK_STREAM) { 834 err = -EINVAL; 835 break; 836 } 837 838 sec.level = rfcomm_pi(sk)->sec_level; 839 840 len = min_t(unsigned int, len, sizeof(sec)); 841 if (copy_to_user(optval, (char *) &sec, len)) 842 err = -EFAULT; 843 844 break; 845 846 case BT_DEFER_SETUP: 847 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 848 err = -EINVAL; 849 break; 850 } 851 852 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 853 err = -EFAULT; 854 855 break; 856 857 default: 858 err = -ENOPROTOOPT; 859 break; 860 } 861 862 release_sock(sk); 863 return err; 864 } 865 866 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 867 { 868 struct sock *sk __maybe_unused = sock->sk; 869 int err; 870 871 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 872 873 err = bt_sock_ioctl(sock, cmd, arg); 874 875 if (err == -ENOIOCTLCMD) { 876 #ifdef CONFIG_BT_RFCOMM_TTY 877 lock_sock(sk); 878 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 879 release_sock(sk); 880 #else 881 err = -EOPNOTSUPP; 882 #endif 883 } 884 885 return err; 886 } 887 888 static int rfcomm_sock_shutdown(struct socket *sock, int how) 889 { 890 struct sock *sk = sock->sk; 891 int err = 0; 892 893 BT_DBG("sock %p, sk %p", sock, sk); 894 895 if (!sk) 896 return 0; 897 898 lock_sock(sk); 899 if (!sk->sk_shutdown) { 900 sk->sk_shutdown = SHUTDOWN_MASK; 901 __rfcomm_sock_close(sk); 902 903 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 904 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 905 } 906 release_sock(sk); 907 return err; 908 } 909 910 static int rfcomm_sock_release(struct socket *sock) 911 { 912 struct sock *sk = sock->sk; 913 int err; 914 915 BT_DBG("sock %p, sk %p", sock, sk); 916 917 if (!sk) 918 return 0; 919 920 err = rfcomm_sock_shutdown(sock, 2); 921 922 sock_orphan(sk); 923 rfcomm_sock_kill(sk); 924 return err; 925 } 926 927 /* ---- RFCOMM core layer callbacks ---- 928 * 929 * called under rfcomm_lock() 930 */ 931 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 932 { 933 struct sock *sk, *parent; 934 bdaddr_t src, dst; 935 int result = 0; 936 937 BT_DBG("session %p channel %d", s, channel); 938 939 rfcomm_session_getaddr(s, &src, &dst); 940 941 /* Check if we have socket listening on channel */ 942 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 943 if (!parent) 944 return 0; 945 946 bh_lock_sock(parent); 947 948 /* Check for backlog size */ 949 if (sk_acceptq_is_full(parent)) { 950 BT_DBG("backlog full %d", parent->sk_ack_backlog); 951 goto done; 952 } 953 954 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 955 if (!sk) 956 goto done; 957 958 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 959 960 rfcomm_sock_init(sk, parent); 961 bacpy(&bt_sk(sk)->src, &src); 962 bacpy(&bt_sk(sk)->dst, &dst); 963 rfcomm_pi(sk)->channel = channel; 964 965 sk->sk_state = BT_CONFIG; 966 bt_accept_enqueue(parent, sk); 967 968 /* Accept connection and return socket DLC */ 969 *d = rfcomm_pi(sk)->dlc; 970 result = 1; 971 972 done: 973 bh_unlock_sock(parent); 974 975 if (bt_sk(parent)->defer_setup) 976 parent->sk_state_change(parent); 977 978 return result; 979 } 980 981 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 982 { 983 struct sock *sk; 984 struct hlist_node *node; 985 986 read_lock(&rfcomm_sk_list.lock); 987 988 sk_for_each(sk, node, &rfcomm_sk_list.head) { 989 seq_printf(f, "%s %s %d %d\n", 990 batostr(&bt_sk(sk)->src), 991 batostr(&bt_sk(sk)->dst), 992 sk->sk_state, rfcomm_pi(sk)->channel); 993 } 994 995 read_unlock(&rfcomm_sk_list.lock); 996 997 return 0; 998 } 999 1000 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1001 { 1002 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1003 } 1004 1005 static const struct file_operations rfcomm_sock_debugfs_fops = { 1006 .open = rfcomm_sock_debugfs_open, 1007 .read = seq_read, 1008 .llseek = seq_lseek, 1009 .release = single_release, 1010 }; 1011 1012 static struct dentry *rfcomm_sock_debugfs; 1013 1014 static const struct proto_ops rfcomm_sock_ops = { 1015 .family = PF_BLUETOOTH, 1016 .owner = THIS_MODULE, 1017 .release = rfcomm_sock_release, 1018 .bind = rfcomm_sock_bind, 1019 .connect = rfcomm_sock_connect, 1020 .listen = rfcomm_sock_listen, 1021 .accept = rfcomm_sock_accept, 1022 .getname = rfcomm_sock_getname, 1023 .sendmsg = rfcomm_sock_sendmsg, 1024 .recvmsg = rfcomm_sock_recvmsg, 1025 .shutdown = rfcomm_sock_shutdown, 1026 .setsockopt = rfcomm_sock_setsockopt, 1027 .getsockopt = rfcomm_sock_getsockopt, 1028 .ioctl = rfcomm_sock_ioctl, 1029 .poll = bt_sock_poll, 1030 .socketpair = sock_no_socketpair, 1031 .mmap = sock_no_mmap 1032 }; 1033 1034 static const struct net_proto_family rfcomm_sock_family_ops = { 1035 .family = PF_BLUETOOTH, 1036 .owner = THIS_MODULE, 1037 .create = rfcomm_sock_create 1038 }; 1039 1040 int __init rfcomm_init_sockets(void) 1041 { 1042 int err; 1043 1044 err = proto_register(&rfcomm_proto, 0); 1045 if (err < 0) 1046 return err; 1047 1048 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1049 if (err < 0) 1050 goto error; 1051 1052 if (bt_debugfs) { 1053 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1054 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1055 if (!rfcomm_sock_debugfs) 1056 BT_ERR("Failed to create RFCOMM debug file"); 1057 } 1058 1059 BT_INFO("RFCOMM socket layer initialized"); 1060 1061 return 0; 1062 1063 error: 1064 BT_ERR("RFCOMM socket layer registration failed"); 1065 proto_unregister(&rfcomm_proto); 1066 return err; 1067 } 1068 1069 void __exit rfcomm_cleanup_sockets(void) 1070 { 1071 debugfs_remove(rfcomm_sock_debugfs); 1072 1073 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1074 BT_ERR("RFCOMM socket layer unregistration failed"); 1075 1076 proto_unregister(&rfcomm_proto); 1077 } 1078