1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <net/sock.h> 44 45 #include <asm/system.h> 46 #include <asm/uaccess.h> 47 48 #include <net/bluetooth/bluetooth.h> 49 #include <net/bluetooth/hci_core.h> 50 #include <net/bluetooth/l2cap.h> 51 #include <net/bluetooth/rfcomm.h> 52 53 static const struct proto_ops rfcomm_sock_ops; 54 55 static struct bt_sock_list rfcomm_sk_list = { 56 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 57 }; 58 59 static void rfcomm_sock_close(struct sock *sk); 60 static void rfcomm_sock_kill(struct sock *sk); 61 62 /* ---- DLC callbacks ---- 63 * 64 * called under rfcomm_dlc_lock() 65 */ 66 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 67 { 68 struct sock *sk = d->owner; 69 if (!sk) 70 return; 71 72 atomic_add(skb->len, &sk->sk_rmem_alloc); 73 skb_queue_tail(&sk->sk_receive_queue, skb); 74 sk->sk_data_ready(sk, skb->len); 75 76 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 77 rfcomm_dlc_throttle(d); 78 } 79 80 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 81 { 82 struct sock *sk = d->owner, *parent; 83 if (!sk) 84 return; 85 86 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 87 88 bh_lock_sock(sk); 89 90 if (err) 91 sk->sk_err = err; 92 93 sk->sk_state = d->state; 94 95 parent = bt_sk(sk)->parent; 96 if (parent) { 97 if (d->state == BT_CLOSED) { 98 sock_set_flag(sk, SOCK_ZAPPED); 99 bt_accept_unlink(sk); 100 } 101 parent->sk_data_ready(parent, 0); 102 } else { 103 if (d->state == BT_CONNECTED) 104 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 105 sk->sk_state_change(sk); 106 } 107 108 bh_unlock_sock(sk); 109 110 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 111 /* We have to drop DLC lock here, otherwise 112 * rfcomm_sock_destruct() will dead lock. */ 113 rfcomm_dlc_unlock(d); 114 rfcomm_sock_kill(sk); 115 rfcomm_dlc_lock(d); 116 } 117 } 118 119 /* ---- Socket functions ---- */ 120 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 121 { 122 struct sock *sk = NULL; 123 struct hlist_node *node; 124 125 sk_for_each(sk, node, &rfcomm_sk_list.head) { 126 if (rfcomm_pi(sk)->channel == channel && 127 !bacmp(&bt_sk(sk)->src, src)) 128 break; 129 } 130 131 return node ? sk : NULL; 132 } 133 134 /* Find socket with channel and source bdaddr. 135 * Returns closest match. 136 */ 137 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 138 { 139 struct sock *sk = NULL, *sk1 = NULL; 140 struct hlist_node *node; 141 142 sk_for_each(sk, node, &rfcomm_sk_list.head) { 143 if (state && sk->sk_state != state) 144 continue; 145 146 if (rfcomm_pi(sk)->channel == channel) { 147 /* Exact match. */ 148 if (!bacmp(&bt_sk(sk)->src, src)) 149 break; 150 151 /* Closest match */ 152 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 153 sk1 = sk; 154 } 155 } 156 return node ? sk : sk1; 157 } 158 159 /* Find socket with given address (channel, src). 160 * Returns locked socket */ 161 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 162 { 163 struct sock *s; 164 read_lock(&rfcomm_sk_list.lock); 165 s = __rfcomm_get_sock_by_channel(state, channel, src); 166 if (s) bh_lock_sock(s); 167 read_unlock(&rfcomm_sk_list.lock); 168 return s; 169 } 170 171 static void rfcomm_sock_destruct(struct sock *sk) 172 { 173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 174 175 BT_DBG("sk %p dlc %p", sk, d); 176 177 skb_queue_purge(&sk->sk_receive_queue); 178 skb_queue_purge(&sk->sk_write_queue); 179 180 rfcomm_dlc_lock(d); 181 rfcomm_pi(sk)->dlc = NULL; 182 183 /* Detach DLC if it's owned by this socket */ 184 if (d->owner == sk) 185 d->owner = NULL; 186 rfcomm_dlc_unlock(d); 187 188 rfcomm_dlc_put(d); 189 } 190 191 static void rfcomm_sock_cleanup_listen(struct sock *parent) 192 { 193 struct sock *sk; 194 195 BT_DBG("parent %p", parent); 196 197 /* Close not yet accepted dlcs */ 198 while ((sk = bt_accept_dequeue(parent, NULL))) { 199 rfcomm_sock_close(sk); 200 rfcomm_sock_kill(sk); 201 } 202 203 parent->sk_state = BT_CLOSED; 204 sock_set_flag(parent, SOCK_ZAPPED); 205 } 206 207 /* Kill socket (only if zapped and orphan) 208 * Must be called on unlocked socket. 209 */ 210 static void rfcomm_sock_kill(struct sock *sk) 211 { 212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 213 return; 214 215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 216 217 /* Kill poor orphan */ 218 bt_sock_unlink(&rfcomm_sk_list, sk); 219 sock_set_flag(sk, SOCK_DEAD); 220 sock_put(sk); 221 } 222 223 static void __rfcomm_sock_close(struct sock *sk) 224 { 225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 226 227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 228 229 switch (sk->sk_state) { 230 case BT_LISTEN: 231 rfcomm_sock_cleanup_listen(sk); 232 break; 233 234 case BT_CONNECT: 235 case BT_CONNECT2: 236 case BT_CONFIG: 237 case BT_CONNECTED: 238 rfcomm_dlc_close(d, 0); 239 240 default: 241 sock_set_flag(sk, SOCK_ZAPPED); 242 break; 243 } 244 } 245 246 /* Close socket. 247 * Must be called on unlocked socket. 248 */ 249 static void rfcomm_sock_close(struct sock *sk) 250 { 251 lock_sock(sk); 252 __rfcomm_sock_close(sk); 253 release_sock(sk); 254 } 255 256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 257 { 258 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 259 260 BT_DBG("sk %p", sk); 261 262 if (parent) { 263 sk->sk_type = parent->sk_type; 264 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 265 266 pi->sec_level = rfcomm_pi(parent)->sec_level; 267 pi->role_switch = rfcomm_pi(parent)->role_switch; 268 } else { 269 pi->dlc->defer_setup = 0; 270 271 pi->sec_level = BT_SECURITY_LOW; 272 pi->role_switch = 0; 273 } 274 275 pi->dlc->sec_level = pi->sec_level; 276 pi->dlc->role_switch = pi->role_switch; 277 } 278 279 static struct proto rfcomm_proto = { 280 .name = "RFCOMM", 281 .owner = THIS_MODULE, 282 .obj_size = sizeof(struct rfcomm_pinfo) 283 }; 284 285 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 286 { 287 struct rfcomm_dlc *d; 288 struct sock *sk; 289 290 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 291 if (!sk) 292 return NULL; 293 294 sock_init_data(sock, sk); 295 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 296 297 d = rfcomm_dlc_alloc(prio); 298 if (!d) { 299 sk_free(sk); 300 return NULL; 301 } 302 303 d->data_ready = rfcomm_sk_data_ready; 304 d->state_change = rfcomm_sk_state_change; 305 306 rfcomm_pi(sk)->dlc = d; 307 d->owner = sk; 308 309 sk->sk_destruct = rfcomm_sock_destruct; 310 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 311 312 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 313 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 314 315 sock_reset_flag(sk, SOCK_ZAPPED); 316 317 sk->sk_protocol = proto; 318 sk->sk_state = BT_OPEN; 319 320 bt_sock_link(&rfcomm_sk_list, sk); 321 322 BT_DBG("sk %p", sk); 323 return sk; 324 } 325 326 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) 327 { 328 struct sock *sk; 329 330 BT_DBG("sock %p", sock); 331 332 sock->state = SS_UNCONNECTED; 333 334 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 335 return -ESOCKTNOSUPPORT; 336 337 sock->ops = &rfcomm_sock_ops; 338 339 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 340 if (!sk) 341 return -ENOMEM; 342 343 rfcomm_sock_init(sk, NULL); 344 return 0; 345 } 346 347 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 348 { 349 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 350 struct sock *sk = sock->sk; 351 int err = 0; 352 353 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 354 355 if (!addr || addr->sa_family != AF_BLUETOOTH) 356 return -EINVAL; 357 358 lock_sock(sk); 359 360 if (sk->sk_state != BT_OPEN) { 361 err = -EBADFD; 362 goto done; 363 } 364 365 if (sk->sk_type != SOCK_STREAM) { 366 err = -EINVAL; 367 goto done; 368 } 369 370 write_lock_bh(&rfcomm_sk_list.lock); 371 372 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 373 err = -EADDRINUSE; 374 } else { 375 /* Save source address */ 376 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 377 rfcomm_pi(sk)->channel = sa->rc_channel; 378 sk->sk_state = BT_BOUND; 379 } 380 381 write_unlock_bh(&rfcomm_sk_list.lock); 382 383 done: 384 release_sock(sk); 385 return err; 386 } 387 388 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 389 { 390 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 391 struct sock *sk = sock->sk; 392 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 393 int err = 0; 394 395 BT_DBG("sk %p", sk); 396 397 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 398 return -EINVAL; 399 400 lock_sock(sk); 401 402 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 403 err = -EBADFD; 404 goto done; 405 } 406 407 if (sk->sk_type != SOCK_STREAM) { 408 err = -EINVAL; 409 goto done; 410 } 411 412 sk->sk_state = BT_CONNECT; 413 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 414 rfcomm_pi(sk)->channel = sa->rc_channel; 415 416 d->sec_level = rfcomm_pi(sk)->sec_level; 417 d->role_switch = rfcomm_pi(sk)->role_switch; 418 419 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 420 if (!err) 421 err = bt_sock_wait_state(sk, BT_CONNECTED, 422 sock_sndtimeo(sk, flags & O_NONBLOCK)); 423 424 done: 425 release_sock(sk); 426 return err; 427 } 428 429 static int rfcomm_sock_listen(struct socket *sock, int backlog) 430 { 431 struct sock *sk = sock->sk; 432 int err = 0; 433 434 BT_DBG("sk %p backlog %d", sk, backlog); 435 436 lock_sock(sk); 437 438 if (sk->sk_state != BT_BOUND) { 439 err = -EBADFD; 440 goto done; 441 } 442 443 if (sk->sk_type != SOCK_STREAM) { 444 err = -EINVAL; 445 goto done; 446 } 447 448 if (!rfcomm_pi(sk)->channel) { 449 bdaddr_t *src = &bt_sk(sk)->src; 450 u8 channel; 451 452 err = -EINVAL; 453 454 write_lock_bh(&rfcomm_sk_list.lock); 455 456 for (channel = 1; channel < 31; channel++) 457 if (!__rfcomm_get_sock_by_addr(channel, src)) { 458 rfcomm_pi(sk)->channel = channel; 459 err = 0; 460 break; 461 } 462 463 write_unlock_bh(&rfcomm_sk_list.lock); 464 465 if (err < 0) 466 goto done; 467 } 468 469 sk->sk_max_ack_backlog = backlog; 470 sk->sk_ack_backlog = 0; 471 sk->sk_state = BT_LISTEN; 472 473 done: 474 release_sock(sk); 475 return err; 476 } 477 478 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 479 { 480 DECLARE_WAITQUEUE(wait, current); 481 struct sock *sk = sock->sk, *nsk; 482 long timeo; 483 int err = 0; 484 485 lock_sock(sk); 486 487 if (sk->sk_state != BT_LISTEN) { 488 err = -EBADFD; 489 goto done; 490 } 491 492 if (sk->sk_type != SOCK_STREAM) { 493 err = -EINVAL; 494 goto done; 495 } 496 497 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 498 499 BT_DBG("sk %p timeo %ld", sk, timeo); 500 501 /* Wait for an incoming connection. (wake-one). */ 502 add_wait_queue_exclusive(sk->sk_sleep, &wait); 503 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 504 set_current_state(TASK_INTERRUPTIBLE); 505 if (!timeo) { 506 err = -EAGAIN; 507 break; 508 } 509 510 release_sock(sk); 511 timeo = schedule_timeout(timeo); 512 lock_sock(sk); 513 514 if (sk->sk_state != BT_LISTEN) { 515 err = -EBADFD; 516 break; 517 } 518 519 if (signal_pending(current)) { 520 err = sock_intr_errno(timeo); 521 break; 522 } 523 } 524 set_current_state(TASK_RUNNING); 525 remove_wait_queue(sk->sk_sleep, &wait); 526 527 if (err) 528 goto done; 529 530 newsock->state = SS_CONNECTED; 531 532 BT_DBG("new socket %p", nsk); 533 534 done: 535 release_sock(sk); 536 return err; 537 } 538 539 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 540 { 541 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 542 struct sock *sk = sock->sk; 543 544 BT_DBG("sock %p, sk %p", sock, sk); 545 546 sa->rc_family = AF_BLUETOOTH; 547 sa->rc_channel = rfcomm_pi(sk)->channel; 548 if (peer) 549 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 550 else 551 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 552 553 *len = sizeof(struct sockaddr_rc); 554 return 0; 555 } 556 557 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 558 struct msghdr *msg, size_t len) 559 { 560 struct sock *sk = sock->sk; 561 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 562 struct sk_buff *skb; 563 int sent = 0; 564 565 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 566 return -ENOTCONN; 567 568 if (msg->msg_flags & MSG_OOB) 569 return -EOPNOTSUPP; 570 571 if (sk->sk_shutdown & SEND_SHUTDOWN) 572 return -EPIPE; 573 574 BT_DBG("sock %p, sk %p", sock, sk); 575 576 lock_sock(sk); 577 578 while (len) { 579 size_t size = min_t(size_t, len, d->mtu); 580 int err; 581 582 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 583 msg->msg_flags & MSG_DONTWAIT, &err); 584 if (!skb) { 585 if (sent == 0) 586 sent = err; 587 break; 588 } 589 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 590 591 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 592 if (err) { 593 kfree_skb(skb); 594 if (sent == 0) 595 sent = err; 596 break; 597 } 598 599 err = rfcomm_dlc_send(d, skb); 600 if (err < 0) { 601 kfree_skb(skb); 602 if (sent == 0) 603 sent = err; 604 break; 605 } 606 607 sent += size; 608 len -= size; 609 } 610 611 release_sock(sk); 612 613 return sent; 614 } 615 616 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 617 { 618 DECLARE_WAITQUEUE(wait, current); 619 620 add_wait_queue(sk->sk_sleep, &wait); 621 for (;;) { 622 set_current_state(TASK_INTERRUPTIBLE); 623 624 if (!skb_queue_empty(&sk->sk_receive_queue) || 625 sk->sk_err || 626 (sk->sk_shutdown & RCV_SHUTDOWN) || 627 signal_pending(current) || 628 !timeo) 629 break; 630 631 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 632 release_sock(sk); 633 timeo = schedule_timeout(timeo); 634 lock_sock(sk); 635 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 636 } 637 638 __set_current_state(TASK_RUNNING); 639 remove_wait_queue(sk->sk_sleep, &wait); 640 return timeo; 641 } 642 643 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 644 struct msghdr *msg, size_t size, int flags) 645 { 646 struct sock *sk = sock->sk; 647 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 648 int err = 0; 649 size_t target, copied = 0; 650 long timeo; 651 652 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 653 rfcomm_dlc_accept(d); 654 return 0; 655 } 656 657 if (flags & MSG_OOB) 658 return -EOPNOTSUPP; 659 660 msg->msg_namelen = 0; 661 662 BT_DBG("sk %p size %zu", sk, size); 663 664 lock_sock(sk); 665 666 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 667 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 668 669 do { 670 struct sk_buff *skb; 671 int chunk; 672 673 skb = skb_dequeue(&sk->sk_receive_queue); 674 if (!skb) { 675 if (copied >= target) 676 break; 677 678 if ((err = sock_error(sk)) != 0) 679 break; 680 if (sk->sk_shutdown & RCV_SHUTDOWN) 681 break; 682 683 err = -EAGAIN; 684 if (!timeo) 685 break; 686 687 timeo = rfcomm_sock_data_wait(sk, timeo); 688 689 if (signal_pending(current)) { 690 err = sock_intr_errno(timeo); 691 goto out; 692 } 693 continue; 694 } 695 696 chunk = min_t(unsigned int, skb->len, size); 697 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 698 skb_queue_head(&sk->sk_receive_queue, skb); 699 if (!copied) 700 copied = -EFAULT; 701 break; 702 } 703 copied += chunk; 704 size -= chunk; 705 706 sock_recv_timestamp(msg, sk, skb); 707 708 if (!(flags & MSG_PEEK)) { 709 atomic_sub(chunk, &sk->sk_rmem_alloc); 710 711 skb_pull(skb, chunk); 712 if (skb->len) { 713 skb_queue_head(&sk->sk_receive_queue, skb); 714 break; 715 } 716 kfree_skb(skb); 717 718 } else { 719 /* put message back and return */ 720 skb_queue_head(&sk->sk_receive_queue, skb); 721 break; 722 } 723 } while (size); 724 725 out: 726 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 727 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 728 729 release_sock(sk); 730 return copied ? : err; 731 } 732 733 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 734 { 735 struct sock *sk = sock->sk; 736 int err = 0; 737 u32 opt; 738 739 BT_DBG("sk %p", sk); 740 741 lock_sock(sk); 742 743 switch (optname) { 744 case RFCOMM_LM: 745 if (get_user(opt, (u32 __user *) optval)) { 746 err = -EFAULT; 747 break; 748 } 749 750 if (opt & RFCOMM_LM_AUTH) 751 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 752 if (opt & RFCOMM_LM_ENCRYPT) 753 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 754 if (opt & RFCOMM_LM_SECURE) 755 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 756 757 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 758 break; 759 760 default: 761 err = -ENOPROTOOPT; 762 break; 763 } 764 765 release_sock(sk); 766 return err; 767 } 768 769 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 770 { 771 struct sock *sk = sock->sk; 772 struct bt_security sec; 773 int len, err = 0; 774 u32 opt; 775 776 BT_DBG("sk %p", sk); 777 778 if (level == SOL_RFCOMM) 779 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 780 781 if (level != SOL_BLUETOOTH) 782 return -ENOPROTOOPT; 783 784 lock_sock(sk); 785 786 switch (optname) { 787 case BT_SECURITY: 788 if (sk->sk_type != SOCK_STREAM) { 789 err = -EINVAL; 790 break; 791 } 792 793 sec.level = BT_SECURITY_LOW; 794 795 len = min_t(unsigned int, sizeof(sec), optlen); 796 if (copy_from_user((char *) &sec, optval, len)) { 797 err = -EFAULT; 798 break; 799 } 800 801 if (sec.level > BT_SECURITY_HIGH) { 802 err = -EINVAL; 803 break; 804 } 805 806 rfcomm_pi(sk)->sec_level = sec.level; 807 break; 808 809 case BT_DEFER_SETUP: 810 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 811 err = -EINVAL; 812 break; 813 } 814 815 if (get_user(opt, (u32 __user *) optval)) { 816 err = -EFAULT; 817 break; 818 } 819 820 bt_sk(sk)->defer_setup = opt; 821 break; 822 823 default: 824 err = -ENOPROTOOPT; 825 break; 826 } 827 828 release_sock(sk); 829 return err; 830 } 831 832 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 833 { 834 struct sock *sk = sock->sk; 835 struct sock *l2cap_sk; 836 struct rfcomm_conninfo cinfo; 837 int len, err = 0; 838 u32 opt; 839 840 BT_DBG("sk %p", sk); 841 842 if (get_user(len, optlen)) 843 return -EFAULT; 844 845 lock_sock(sk); 846 847 switch (optname) { 848 case RFCOMM_LM: 849 switch (rfcomm_pi(sk)->sec_level) { 850 case BT_SECURITY_LOW: 851 opt = RFCOMM_LM_AUTH; 852 break; 853 case BT_SECURITY_MEDIUM: 854 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 855 break; 856 case BT_SECURITY_HIGH: 857 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 858 RFCOMM_LM_SECURE; 859 break; 860 default: 861 opt = 0; 862 break; 863 } 864 865 if (rfcomm_pi(sk)->role_switch) 866 opt |= RFCOMM_LM_MASTER; 867 868 if (put_user(opt, (u32 __user *) optval)) 869 err = -EFAULT; 870 break; 871 872 case RFCOMM_CONNINFO: 873 if (sk->sk_state != BT_CONNECTED && 874 !rfcomm_pi(sk)->dlc->defer_setup) { 875 err = -ENOTCONN; 876 break; 877 } 878 879 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 880 881 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 882 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 883 884 len = min_t(unsigned int, len, sizeof(cinfo)); 885 if (copy_to_user(optval, (char *) &cinfo, len)) 886 err = -EFAULT; 887 888 break; 889 890 default: 891 err = -ENOPROTOOPT; 892 break; 893 } 894 895 release_sock(sk); 896 return err; 897 } 898 899 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 900 { 901 struct sock *sk = sock->sk; 902 struct bt_security sec; 903 int len, err = 0; 904 905 BT_DBG("sk %p", sk); 906 907 if (level == SOL_RFCOMM) 908 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 909 910 if (level != SOL_BLUETOOTH) 911 return -ENOPROTOOPT; 912 913 if (get_user(len, optlen)) 914 return -EFAULT; 915 916 lock_sock(sk); 917 918 switch (optname) { 919 case BT_SECURITY: 920 if (sk->sk_type != SOCK_STREAM) { 921 err = -EINVAL; 922 break; 923 } 924 925 sec.level = rfcomm_pi(sk)->sec_level; 926 927 len = min_t(unsigned int, len, sizeof(sec)); 928 if (copy_to_user(optval, (char *) &sec, len)) 929 err = -EFAULT; 930 931 break; 932 933 case BT_DEFER_SETUP: 934 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 935 err = -EINVAL; 936 break; 937 } 938 939 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 940 err = -EFAULT; 941 942 break; 943 944 default: 945 err = -ENOPROTOOPT; 946 break; 947 } 948 949 release_sock(sk); 950 return err; 951 } 952 953 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 954 { 955 struct sock *sk __maybe_unused = sock->sk; 956 int err; 957 958 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 959 960 err = bt_sock_ioctl(sock, cmd, arg); 961 962 if (err == -ENOIOCTLCMD) { 963 #ifdef CONFIG_BT_RFCOMM_TTY 964 lock_sock(sk); 965 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 966 release_sock(sk); 967 #else 968 err = -EOPNOTSUPP; 969 #endif 970 } 971 972 return err; 973 } 974 975 static int rfcomm_sock_shutdown(struct socket *sock, int how) 976 { 977 struct sock *sk = sock->sk; 978 int err = 0; 979 980 BT_DBG("sock %p, sk %p", sock, sk); 981 982 if (!sk) return 0; 983 984 lock_sock(sk); 985 if (!sk->sk_shutdown) { 986 sk->sk_shutdown = SHUTDOWN_MASK; 987 __rfcomm_sock_close(sk); 988 989 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 990 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 991 } 992 release_sock(sk); 993 return err; 994 } 995 996 static int rfcomm_sock_release(struct socket *sock) 997 { 998 struct sock *sk = sock->sk; 999 int err; 1000 1001 BT_DBG("sock %p, sk %p", sock, sk); 1002 1003 if (!sk) 1004 return 0; 1005 1006 err = rfcomm_sock_shutdown(sock, 2); 1007 1008 sock_orphan(sk); 1009 rfcomm_sock_kill(sk); 1010 return err; 1011 } 1012 1013 /* ---- RFCOMM core layer callbacks ---- 1014 * 1015 * called under rfcomm_lock() 1016 */ 1017 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 1018 { 1019 struct sock *sk, *parent; 1020 bdaddr_t src, dst; 1021 int result = 0; 1022 1023 BT_DBG("session %p channel %d", s, channel); 1024 1025 rfcomm_session_getaddr(s, &src, &dst); 1026 1027 /* Check if we have socket listening on channel */ 1028 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 1029 if (!parent) 1030 return 0; 1031 1032 /* Check for backlog size */ 1033 if (sk_acceptq_is_full(parent)) { 1034 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1035 goto done; 1036 } 1037 1038 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 1039 if (!sk) 1040 goto done; 1041 1042 rfcomm_sock_init(sk, parent); 1043 bacpy(&bt_sk(sk)->src, &src); 1044 bacpy(&bt_sk(sk)->dst, &dst); 1045 rfcomm_pi(sk)->channel = channel; 1046 1047 sk->sk_state = BT_CONFIG; 1048 bt_accept_enqueue(parent, sk); 1049 1050 /* Accept connection and return socket DLC */ 1051 *d = rfcomm_pi(sk)->dlc; 1052 result = 1; 1053 1054 done: 1055 bh_unlock_sock(parent); 1056 1057 if (bt_sk(parent)->defer_setup) 1058 parent->sk_state_change(parent); 1059 1060 return result; 1061 } 1062 1063 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 1064 { 1065 struct sock *sk; 1066 struct hlist_node *node; 1067 char *str = buf; 1068 1069 read_lock_bh(&rfcomm_sk_list.lock); 1070 1071 sk_for_each(sk, node, &rfcomm_sk_list.head) { 1072 str += sprintf(str, "%s %s %d %d\n", 1073 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 1074 sk->sk_state, rfcomm_pi(sk)->channel); 1075 } 1076 1077 read_unlock_bh(&rfcomm_sk_list.lock); 1078 1079 return (str - buf); 1080 } 1081 1082 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 1083 1084 static const struct proto_ops rfcomm_sock_ops = { 1085 .family = PF_BLUETOOTH, 1086 .owner = THIS_MODULE, 1087 .release = rfcomm_sock_release, 1088 .bind = rfcomm_sock_bind, 1089 .connect = rfcomm_sock_connect, 1090 .listen = rfcomm_sock_listen, 1091 .accept = rfcomm_sock_accept, 1092 .getname = rfcomm_sock_getname, 1093 .sendmsg = rfcomm_sock_sendmsg, 1094 .recvmsg = rfcomm_sock_recvmsg, 1095 .shutdown = rfcomm_sock_shutdown, 1096 .setsockopt = rfcomm_sock_setsockopt, 1097 .getsockopt = rfcomm_sock_getsockopt, 1098 .ioctl = rfcomm_sock_ioctl, 1099 .poll = bt_sock_poll, 1100 .socketpair = sock_no_socketpair, 1101 .mmap = sock_no_mmap 1102 }; 1103 1104 static struct net_proto_family rfcomm_sock_family_ops = { 1105 .family = PF_BLUETOOTH, 1106 .owner = THIS_MODULE, 1107 .create = rfcomm_sock_create 1108 }; 1109 1110 int __init rfcomm_init_sockets(void) 1111 { 1112 int err; 1113 1114 err = proto_register(&rfcomm_proto, 0); 1115 if (err < 0) 1116 return err; 1117 1118 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1119 if (err < 0) 1120 goto error; 1121 1122 if (class_create_file(bt_class, &class_attr_rfcomm) < 0) 1123 BT_ERR("Failed to create RFCOMM info file"); 1124 1125 BT_INFO("RFCOMM socket layer initialized"); 1126 1127 return 0; 1128 1129 error: 1130 BT_ERR("RFCOMM socket layer registration failed"); 1131 proto_unregister(&rfcomm_proto); 1132 return err; 1133 } 1134 1135 void rfcomm_cleanup_sockets(void) 1136 { 1137 class_remove_file(bt_class, &class_attr_rfcomm); 1138 1139 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1140 BT_ERR("RFCOMM socket layer unregistration failed"); 1141 1142 proto_unregister(&rfcomm_proto); 1143 } 1144