1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/rfcomm.h> 36 37 static const struct proto_ops rfcomm_sock_ops; 38 39 static struct bt_sock_list rfcomm_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 41 }; 42 43 static void rfcomm_sock_close(struct sock *sk); 44 static void rfcomm_sock_kill(struct sock *sk); 45 46 /* ---- DLC callbacks ---- 47 * 48 * called under rfcomm_dlc_lock() 49 */ 50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 51 { 52 struct sock *sk = d->owner; 53 if (!sk) 54 return; 55 56 atomic_add(skb->len, &sk->sk_rmem_alloc); 57 skb_queue_tail(&sk->sk_receive_queue, skb); 58 sk->sk_data_ready(sk); 59 60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 61 rfcomm_dlc_throttle(d); 62 } 63 64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 65 { 66 struct sock *sk = d->owner, *parent; 67 unsigned long flags; 68 69 if (!sk) 70 return; 71 72 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 73 74 local_irq_save(flags); 75 bh_lock_sock(sk); 76 77 if (err) 78 sk->sk_err = err; 79 80 sk->sk_state = d->state; 81 82 parent = bt_sk(sk)->parent; 83 if (parent) { 84 if (d->state == BT_CLOSED) { 85 sock_set_flag(sk, SOCK_ZAPPED); 86 bt_accept_unlink(sk); 87 } 88 parent->sk_data_ready(parent); 89 } else { 90 if (d->state == BT_CONNECTED) 91 rfcomm_session_getaddr(d->session, 92 &rfcomm_pi(sk)->src, NULL); 93 sk->sk_state_change(sk); 94 } 95 96 bh_unlock_sock(sk); 97 local_irq_restore(flags); 98 99 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 100 /* We have to drop DLC lock here, otherwise 101 * rfcomm_sock_destruct() will dead lock. */ 102 rfcomm_dlc_unlock(d); 103 rfcomm_sock_kill(sk); 104 rfcomm_dlc_lock(d); 105 } 106 } 107 108 /* ---- Socket functions ---- */ 109 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 110 { 111 struct sock *sk = NULL; 112 113 sk_for_each(sk, &rfcomm_sk_list.head) { 114 if (rfcomm_pi(sk)->channel != channel) 115 continue; 116 117 if (bacmp(&rfcomm_pi(sk)->src, src)) 118 continue; 119 120 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 121 break; 122 } 123 124 return sk ? sk : NULL; 125 } 126 127 /* Find socket with channel and source bdaddr. 128 * Returns closest match. 129 */ 130 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 131 { 132 struct sock *sk = NULL, *sk1 = NULL; 133 134 read_lock(&rfcomm_sk_list.lock); 135 136 sk_for_each(sk, &rfcomm_sk_list.head) { 137 if (state && sk->sk_state != state) 138 continue; 139 140 if (rfcomm_pi(sk)->channel == channel) { 141 /* Exact match. */ 142 if (!bacmp(&rfcomm_pi(sk)->src, src)) 143 break; 144 145 /* Closest match */ 146 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 147 sk1 = sk; 148 } 149 } 150 151 read_unlock(&rfcomm_sk_list.lock); 152 153 return sk ? sk : sk1; 154 } 155 156 static void rfcomm_sock_destruct(struct sock *sk) 157 { 158 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 159 160 BT_DBG("sk %p dlc %p", sk, d); 161 162 skb_queue_purge(&sk->sk_receive_queue); 163 skb_queue_purge(&sk->sk_write_queue); 164 165 rfcomm_dlc_lock(d); 166 rfcomm_pi(sk)->dlc = NULL; 167 168 /* Detach DLC if it's owned by this socket */ 169 if (d->owner == sk) 170 d->owner = NULL; 171 rfcomm_dlc_unlock(d); 172 173 rfcomm_dlc_put(d); 174 } 175 176 static void rfcomm_sock_cleanup_listen(struct sock *parent) 177 { 178 struct sock *sk; 179 180 BT_DBG("parent %p", parent); 181 182 /* Close not yet accepted dlcs */ 183 while ((sk = bt_accept_dequeue(parent, NULL))) { 184 rfcomm_sock_close(sk); 185 rfcomm_sock_kill(sk); 186 } 187 188 parent->sk_state = BT_CLOSED; 189 sock_set_flag(parent, SOCK_ZAPPED); 190 } 191 192 /* Kill socket (only if zapped and orphan) 193 * Must be called on unlocked socket. 194 */ 195 static void rfcomm_sock_kill(struct sock *sk) 196 { 197 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 198 return; 199 200 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 201 202 /* Kill poor orphan */ 203 bt_sock_unlink(&rfcomm_sk_list, sk); 204 sock_set_flag(sk, SOCK_DEAD); 205 sock_put(sk); 206 } 207 208 static void __rfcomm_sock_close(struct sock *sk) 209 { 210 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 211 212 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 213 214 switch (sk->sk_state) { 215 case BT_LISTEN: 216 rfcomm_sock_cleanup_listen(sk); 217 break; 218 219 case BT_CONNECT: 220 case BT_CONNECT2: 221 case BT_CONFIG: 222 case BT_CONNECTED: 223 rfcomm_dlc_close(d, 0); 224 225 default: 226 sock_set_flag(sk, SOCK_ZAPPED); 227 break; 228 } 229 } 230 231 /* Close socket. 232 * Must be called on unlocked socket. 233 */ 234 static void rfcomm_sock_close(struct sock *sk) 235 { 236 lock_sock(sk); 237 __rfcomm_sock_close(sk); 238 release_sock(sk); 239 } 240 241 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 242 { 243 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 244 245 BT_DBG("sk %p", sk); 246 247 if (parent) { 248 sk->sk_type = parent->sk_type; 249 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 250 &bt_sk(parent)->flags); 251 252 pi->sec_level = rfcomm_pi(parent)->sec_level; 253 pi->role_switch = rfcomm_pi(parent)->role_switch; 254 255 security_sk_clone(parent, sk); 256 } else { 257 pi->dlc->defer_setup = 0; 258 259 pi->sec_level = BT_SECURITY_LOW; 260 pi->role_switch = 0; 261 } 262 263 pi->dlc->sec_level = pi->sec_level; 264 pi->dlc->role_switch = pi->role_switch; 265 } 266 267 static struct proto rfcomm_proto = { 268 .name = "RFCOMM", 269 .owner = THIS_MODULE, 270 .obj_size = sizeof(struct rfcomm_pinfo) 271 }; 272 273 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 274 { 275 struct rfcomm_dlc *d; 276 struct sock *sk; 277 278 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); 279 if (!sk) 280 return NULL; 281 282 sock_init_data(sock, sk); 283 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 284 285 d = rfcomm_dlc_alloc(prio); 286 if (!d) { 287 sk_free(sk); 288 return NULL; 289 } 290 291 d->data_ready = rfcomm_sk_data_ready; 292 d->state_change = rfcomm_sk_state_change; 293 294 rfcomm_pi(sk)->dlc = d; 295 d->owner = sk; 296 297 sk->sk_destruct = rfcomm_sock_destruct; 298 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 299 300 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 301 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 302 303 sock_reset_flag(sk, SOCK_ZAPPED); 304 305 sk->sk_protocol = proto; 306 sk->sk_state = BT_OPEN; 307 308 bt_sock_link(&rfcomm_sk_list, sk); 309 310 BT_DBG("sk %p", sk); 311 return sk; 312 } 313 314 static int rfcomm_sock_create(struct net *net, struct socket *sock, 315 int protocol, int kern) 316 { 317 struct sock *sk; 318 319 BT_DBG("sock %p", sock); 320 321 sock->state = SS_UNCONNECTED; 322 323 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 324 return -ESOCKTNOSUPPORT; 325 326 sock->ops = &rfcomm_sock_ops; 327 328 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 329 if (!sk) 330 return -ENOMEM; 331 332 rfcomm_sock_init(sk, NULL); 333 return 0; 334 } 335 336 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 337 { 338 struct sockaddr_rc sa; 339 struct sock *sk = sock->sk; 340 int len, err = 0; 341 342 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || 343 addr->sa_family != AF_BLUETOOTH) 344 return -EINVAL; 345 346 memset(&sa, 0, sizeof(sa)); 347 len = min_t(unsigned int, sizeof(sa), addr_len); 348 memcpy(&sa, addr, len); 349 350 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 351 352 lock_sock(sk); 353 354 if (sk->sk_state != BT_OPEN) { 355 err = -EBADFD; 356 goto done; 357 } 358 359 if (sk->sk_type != SOCK_STREAM) { 360 err = -EINVAL; 361 goto done; 362 } 363 364 write_lock(&rfcomm_sk_list.lock); 365 366 if (sa.rc_channel && 367 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 368 err = -EADDRINUSE; 369 } else { 370 /* Save source address */ 371 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 372 rfcomm_pi(sk)->channel = sa.rc_channel; 373 sk->sk_state = BT_BOUND; 374 } 375 376 write_unlock(&rfcomm_sk_list.lock); 377 378 done: 379 release_sock(sk); 380 return err; 381 } 382 383 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 384 { 385 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 386 struct sock *sk = sock->sk; 387 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 388 int err = 0; 389 390 BT_DBG("sk %p", sk); 391 392 if (alen < sizeof(struct sockaddr_rc) || 393 addr->sa_family != AF_BLUETOOTH) 394 return -EINVAL; 395 396 lock_sock(sk); 397 398 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 399 err = -EBADFD; 400 goto done; 401 } 402 403 if (sk->sk_type != SOCK_STREAM) { 404 err = -EINVAL; 405 goto done; 406 } 407 408 sk->sk_state = BT_CONNECT; 409 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 410 rfcomm_pi(sk)->channel = sa->rc_channel; 411 412 d->sec_level = rfcomm_pi(sk)->sec_level; 413 d->role_switch = rfcomm_pi(sk)->role_switch; 414 415 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 416 sa->rc_channel); 417 if (!err) 418 err = bt_sock_wait_state(sk, BT_CONNECTED, 419 sock_sndtimeo(sk, flags & O_NONBLOCK)); 420 421 done: 422 release_sock(sk); 423 return err; 424 } 425 426 static int rfcomm_sock_listen(struct socket *sock, int backlog) 427 { 428 struct sock *sk = sock->sk; 429 int err = 0; 430 431 BT_DBG("sk %p backlog %d", sk, backlog); 432 433 lock_sock(sk); 434 435 if (sk->sk_state != BT_BOUND) { 436 err = -EBADFD; 437 goto done; 438 } 439 440 if (sk->sk_type != SOCK_STREAM) { 441 err = -EINVAL; 442 goto done; 443 } 444 445 if (!rfcomm_pi(sk)->channel) { 446 bdaddr_t *src = &rfcomm_pi(sk)->src; 447 u8 channel; 448 449 err = -EINVAL; 450 451 write_lock(&rfcomm_sk_list.lock); 452 453 for (channel = 1; channel < 31; channel++) 454 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 455 rfcomm_pi(sk)->channel = channel; 456 err = 0; 457 break; 458 } 459 460 write_unlock(&rfcomm_sk_list.lock); 461 462 if (err < 0) 463 goto done; 464 } 465 466 sk->sk_max_ack_backlog = backlog; 467 sk->sk_ack_backlog = 0; 468 sk->sk_state = BT_LISTEN; 469 470 done: 471 release_sock(sk); 472 return err; 473 } 474 475 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags, 476 bool kern) 477 { 478 DEFINE_WAIT_FUNC(wait, woken_wake_function); 479 struct sock *sk = sock->sk, *nsk; 480 long timeo; 481 int err = 0; 482 483 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 484 485 if (sk->sk_type != SOCK_STREAM) { 486 err = -EINVAL; 487 goto done; 488 } 489 490 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 491 492 BT_DBG("sk %p timeo %ld", sk, timeo); 493 494 /* Wait for an incoming connection. (wake-one). */ 495 add_wait_queue_exclusive(sk_sleep(sk), &wait); 496 while (1) { 497 if (sk->sk_state != BT_LISTEN) { 498 err = -EBADFD; 499 break; 500 } 501 502 nsk = bt_accept_dequeue(sk, newsock); 503 if (nsk) 504 break; 505 506 if (!timeo) { 507 err = -EAGAIN; 508 break; 509 } 510 511 if (signal_pending(current)) { 512 err = sock_intr_errno(timeo); 513 break; 514 } 515 516 release_sock(sk); 517 518 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 519 520 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 521 } 522 remove_wait_queue(sk_sleep(sk), &wait); 523 524 if (err) 525 goto done; 526 527 newsock->state = SS_CONNECTED; 528 529 BT_DBG("new socket %p", nsk); 530 531 done: 532 release_sock(sk); 533 return err; 534 } 535 536 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 537 { 538 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 539 struct sock *sk = sock->sk; 540 541 BT_DBG("sock %p, sk %p", sock, sk); 542 543 if (peer && sk->sk_state != BT_CONNECTED && 544 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 545 return -ENOTCONN; 546 547 memset(sa, 0, sizeof(*sa)); 548 sa->rc_family = AF_BLUETOOTH; 549 sa->rc_channel = rfcomm_pi(sk)->channel; 550 if (peer) 551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 552 else 553 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 554 555 *len = sizeof(struct sockaddr_rc); 556 return 0; 557 } 558 559 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 560 size_t len) 561 { 562 struct sock *sk = sock->sk; 563 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 564 struct sk_buff *skb; 565 int sent; 566 567 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 568 return -ENOTCONN; 569 570 if (msg->msg_flags & MSG_OOB) 571 return -EOPNOTSUPP; 572 573 if (sk->sk_shutdown & SEND_SHUTDOWN) 574 return -EPIPE; 575 576 BT_DBG("sock %p, sk %p", sock, sk); 577 578 lock_sock(sk); 579 580 sent = bt_sock_wait_ready(sk, msg->msg_flags); 581 if (sent) 582 goto done; 583 584 while (len) { 585 size_t size = min_t(size_t, len, d->mtu); 586 int err; 587 588 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 589 msg->msg_flags & MSG_DONTWAIT, &err); 590 if (!skb) { 591 if (sent == 0) 592 sent = err; 593 break; 594 } 595 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 596 597 err = memcpy_from_msg(skb_put(skb, size), msg, size); 598 if (err) { 599 kfree_skb(skb); 600 if (sent == 0) 601 sent = err; 602 break; 603 } 604 605 skb->priority = sk->sk_priority; 606 607 err = rfcomm_dlc_send(d, skb); 608 if (err < 0) { 609 kfree_skb(skb); 610 if (sent == 0) 611 sent = err; 612 break; 613 } 614 615 sent += size; 616 len -= size; 617 } 618 619 done: 620 release_sock(sk); 621 622 return sent; 623 } 624 625 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 626 size_t size, int flags) 627 { 628 struct sock *sk = sock->sk; 629 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 630 int len; 631 632 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 633 rfcomm_dlc_accept(d); 634 return 0; 635 } 636 637 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 638 639 lock_sock(sk); 640 if (!(flags & MSG_PEEK) && len > 0) 641 atomic_sub(len, &sk->sk_rmem_alloc); 642 643 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 644 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 645 release_sock(sk); 646 647 return len; 648 } 649 650 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 651 { 652 struct sock *sk = sock->sk; 653 int err = 0; 654 u32 opt; 655 656 BT_DBG("sk %p", sk); 657 658 lock_sock(sk); 659 660 switch (optname) { 661 case RFCOMM_LM: 662 if (get_user(opt, (u32 __user *) optval)) { 663 err = -EFAULT; 664 break; 665 } 666 667 if (opt & RFCOMM_LM_FIPS) { 668 err = -EINVAL; 669 break; 670 } 671 672 if (opt & RFCOMM_LM_AUTH) 673 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 674 if (opt & RFCOMM_LM_ENCRYPT) 675 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 676 if (opt & RFCOMM_LM_SECURE) 677 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 678 679 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 680 break; 681 682 default: 683 err = -ENOPROTOOPT; 684 break; 685 } 686 687 release_sock(sk); 688 return err; 689 } 690 691 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 692 { 693 struct sock *sk = sock->sk; 694 struct bt_security sec; 695 int err = 0; 696 size_t len; 697 u32 opt; 698 699 BT_DBG("sk %p", sk); 700 701 if (level == SOL_RFCOMM) 702 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 703 704 if (level != SOL_BLUETOOTH) 705 return -ENOPROTOOPT; 706 707 lock_sock(sk); 708 709 switch (optname) { 710 case BT_SECURITY: 711 if (sk->sk_type != SOCK_STREAM) { 712 err = -EINVAL; 713 break; 714 } 715 716 sec.level = BT_SECURITY_LOW; 717 718 len = min_t(unsigned int, sizeof(sec), optlen); 719 if (copy_from_user((char *) &sec, optval, len)) { 720 err = -EFAULT; 721 break; 722 } 723 724 if (sec.level > BT_SECURITY_HIGH) { 725 err = -EINVAL; 726 break; 727 } 728 729 rfcomm_pi(sk)->sec_level = sec.level; 730 break; 731 732 case BT_DEFER_SETUP: 733 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 734 err = -EINVAL; 735 break; 736 } 737 738 if (get_user(opt, (u32 __user *) optval)) { 739 err = -EFAULT; 740 break; 741 } 742 743 if (opt) 744 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 745 else 746 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 747 748 break; 749 750 default: 751 err = -ENOPROTOOPT; 752 break; 753 } 754 755 release_sock(sk); 756 return err; 757 } 758 759 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 760 { 761 struct sock *sk = sock->sk; 762 struct sock *l2cap_sk; 763 struct l2cap_conn *conn; 764 struct rfcomm_conninfo cinfo; 765 int len, err = 0; 766 u32 opt; 767 768 BT_DBG("sk %p", sk); 769 770 if (get_user(len, optlen)) 771 return -EFAULT; 772 773 lock_sock(sk); 774 775 switch (optname) { 776 case RFCOMM_LM: 777 switch (rfcomm_pi(sk)->sec_level) { 778 case BT_SECURITY_LOW: 779 opt = RFCOMM_LM_AUTH; 780 break; 781 case BT_SECURITY_MEDIUM: 782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 783 break; 784 case BT_SECURITY_HIGH: 785 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 786 RFCOMM_LM_SECURE; 787 break; 788 case BT_SECURITY_FIPS: 789 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 790 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 791 break; 792 default: 793 opt = 0; 794 break; 795 } 796 797 if (rfcomm_pi(sk)->role_switch) 798 opt |= RFCOMM_LM_MASTER; 799 800 if (put_user(opt, (u32 __user *) optval)) 801 err = -EFAULT; 802 803 break; 804 805 case RFCOMM_CONNINFO: 806 if (sk->sk_state != BT_CONNECTED && 807 !rfcomm_pi(sk)->dlc->defer_setup) { 808 err = -ENOTCONN; 809 break; 810 } 811 812 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 813 conn = l2cap_pi(l2cap_sk)->chan->conn; 814 815 memset(&cinfo, 0, sizeof(cinfo)); 816 cinfo.hci_handle = conn->hcon->handle; 817 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 818 819 len = min_t(unsigned int, len, sizeof(cinfo)); 820 if (copy_to_user(optval, (char *) &cinfo, len)) 821 err = -EFAULT; 822 823 break; 824 825 default: 826 err = -ENOPROTOOPT; 827 break; 828 } 829 830 release_sock(sk); 831 return err; 832 } 833 834 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 835 { 836 struct sock *sk = sock->sk; 837 struct bt_security sec; 838 int len, err = 0; 839 840 BT_DBG("sk %p", sk); 841 842 if (level == SOL_RFCOMM) 843 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 844 845 if (level != SOL_BLUETOOTH) 846 return -ENOPROTOOPT; 847 848 if (get_user(len, optlen)) 849 return -EFAULT; 850 851 lock_sock(sk); 852 853 switch (optname) { 854 case BT_SECURITY: 855 if (sk->sk_type != SOCK_STREAM) { 856 err = -EINVAL; 857 break; 858 } 859 860 sec.level = rfcomm_pi(sk)->sec_level; 861 sec.key_size = 0; 862 863 len = min_t(unsigned int, len, sizeof(sec)); 864 if (copy_to_user(optval, (char *) &sec, len)) 865 err = -EFAULT; 866 867 break; 868 869 case BT_DEFER_SETUP: 870 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 871 err = -EINVAL; 872 break; 873 } 874 875 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 876 (u32 __user *) optval)) 877 err = -EFAULT; 878 879 break; 880 881 default: 882 err = -ENOPROTOOPT; 883 break; 884 } 885 886 release_sock(sk); 887 return err; 888 } 889 890 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 891 { 892 struct sock *sk __maybe_unused = sock->sk; 893 int err; 894 895 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 896 897 err = bt_sock_ioctl(sock, cmd, arg); 898 899 if (err == -ENOIOCTLCMD) { 900 #ifdef CONFIG_BT_RFCOMM_TTY 901 lock_sock(sk); 902 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 903 release_sock(sk); 904 #else 905 err = -EOPNOTSUPP; 906 #endif 907 } 908 909 return err; 910 } 911 912 static int rfcomm_sock_shutdown(struct socket *sock, int how) 913 { 914 struct sock *sk = sock->sk; 915 int err = 0; 916 917 BT_DBG("sock %p, sk %p", sock, sk); 918 919 if (!sk) 920 return 0; 921 922 lock_sock(sk); 923 if (!sk->sk_shutdown) { 924 sk->sk_shutdown = SHUTDOWN_MASK; 925 __rfcomm_sock_close(sk); 926 927 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 928 !(current->flags & PF_EXITING)) 929 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 930 } 931 release_sock(sk); 932 return err; 933 } 934 935 static int rfcomm_sock_release(struct socket *sock) 936 { 937 struct sock *sk = sock->sk; 938 int err; 939 940 BT_DBG("sock %p, sk %p", sock, sk); 941 942 if (!sk) 943 return 0; 944 945 err = rfcomm_sock_shutdown(sock, 2); 946 947 sock_orphan(sk); 948 rfcomm_sock_kill(sk); 949 return err; 950 } 951 952 /* ---- RFCOMM core layer callbacks ---- 953 * 954 * called under rfcomm_lock() 955 */ 956 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 957 { 958 struct sock *sk, *parent; 959 bdaddr_t src, dst; 960 int result = 0; 961 962 BT_DBG("session %p channel %d", s, channel); 963 964 rfcomm_session_getaddr(s, &src, &dst); 965 966 /* Check if we have socket listening on channel */ 967 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 968 if (!parent) 969 return 0; 970 971 bh_lock_sock(parent); 972 973 /* Check for backlog size */ 974 if (sk_acceptq_is_full(parent)) { 975 BT_DBG("backlog full %d", parent->sk_ack_backlog); 976 goto done; 977 } 978 979 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 980 if (!sk) 981 goto done; 982 983 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 984 985 rfcomm_sock_init(sk, parent); 986 bacpy(&rfcomm_pi(sk)->src, &src); 987 bacpy(&rfcomm_pi(sk)->dst, &dst); 988 rfcomm_pi(sk)->channel = channel; 989 990 sk->sk_state = BT_CONFIG; 991 bt_accept_enqueue(parent, sk); 992 993 /* Accept connection and return socket DLC */ 994 *d = rfcomm_pi(sk)->dlc; 995 result = 1; 996 997 done: 998 bh_unlock_sock(parent); 999 1000 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1001 parent->sk_state_change(parent); 1002 1003 return result; 1004 } 1005 1006 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1007 { 1008 struct sock *sk; 1009 1010 read_lock(&rfcomm_sk_list.lock); 1011 1012 sk_for_each(sk, &rfcomm_sk_list.head) { 1013 seq_printf(f, "%pMR %pMR %d %d\n", 1014 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1015 sk->sk_state, rfcomm_pi(sk)->channel); 1016 } 1017 1018 read_unlock(&rfcomm_sk_list.lock); 1019 1020 return 0; 1021 } 1022 1023 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1024 { 1025 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1026 } 1027 1028 static const struct file_operations rfcomm_sock_debugfs_fops = { 1029 .open = rfcomm_sock_debugfs_open, 1030 .read = seq_read, 1031 .llseek = seq_lseek, 1032 .release = single_release, 1033 }; 1034 1035 static struct dentry *rfcomm_sock_debugfs; 1036 1037 static const struct proto_ops rfcomm_sock_ops = { 1038 .family = PF_BLUETOOTH, 1039 .owner = THIS_MODULE, 1040 .release = rfcomm_sock_release, 1041 .bind = rfcomm_sock_bind, 1042 .connect = rfcomm_sock_connect, 1043 .listen = rfcomm_sock_listen, 1044 .accept = rfcomm_sock_accept, 1045 .getname = rfcomm_sock_getname, 1046 .sendmsg = rfcomm_sock_sendmsg, 1047 .recvmsg = rfcomm_sock_recvmsg, 1048 .shutdown = rfcomm_sock_shutdown, 1049 .setsockopt = rfcomm_sock_setsockopt, 1050 .getsockopt = rfcomm_sock_getsockopt, 1051 .ioctl = rfcomm_sock_ioctl, 1052 .poll = bt_sock_poll, 1053 .socketpair = sock_no_socketpair, 1054 .mmap = sock_no_mmap 1055 }; 1056 1057 static const struct net_proto_family rfcomm_sock_family_ops = { 1058 .family = PF_BLUETOOTH, 1059 .owner = THIS_MODULE, 1060 .create = rfcomm_sock_create 1061 }; 1062 1063 int __init rfcomm_init_sockets(void) 1064 { 1065 int err; 1066 1067 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1068 1069 err = proto_register(&rfcomm_proto, 0); 1070 if (err < 0) 1071 return err; 1072 1073 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1074 if (err < 0) { 1075 BT_ERR("RFCOMM socket layer registration failed"); 1076 goto error; 1077 } 1078 1079 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1080 if (err < 0) { 1081 BT_ERR("Failed to create RFCOMM proc file"); 1082 bt_sock_unregister(BTPROTO_RFCOMM); 1083 goto error; 1084 } 1085 1086 BT_INFO("RFCOMM socket layer initialized"); 1087 1088 if (IS_ERR_OR_NULL(bt_debugfs)) 1089 return 0; 1090 1091 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1092 bt_debugfs, NULL, 1093 &rfcomm_sock_debugfs_fops); 1094 1095 return 0; 1096 1097 error: 1098 proto_unregister(&rfcomm_proto); 1099 return err; 1100 } 1101 1102 void __exit rfcomm_cleanup_sockets(void) 1103 { 1104 bt_procfs_cleanup(&init_net, "rfcomm"); 1105 1106 debugfs_remove(rfcomm_sock_debugfs); 1107 1108 bt_sock_unregister(BTPROTO_RFCOMM); 1109 1110 proto_unregister(&rfcomm_proto); 1111 } 1112