1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, 91 &rfcomm_pi(sk)->src, NULL); 92 sk->sk_state_change(sk); 93 } 94 95 bh_unlock_sock(sk); 96 local_irq_restore(flags); 97 98 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 99 /* We have to drop DLC lock here, otherwise 100 * rfcomm_sock_destruct() will dead lock. */ 101 rfcomm_dlc_unlock(d); 102 rfcomm_sock_kill(sk); 103 rfcomm_dlc_lock(d); 104 } 105 } 106 107 /* ---- Socket functions ---- */ 108 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 109 { 110 struct sock *sk = NULL; 111 112 sk_for_each(sk, &rfcomm_sk_list.head) { 113 if (rfcomm_pi(sk)->channel != channel) 114 continue; 115 116 if (bacmp(&rfcomm_pi(sk)->src, src)) 117 continue; 118 119 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 120 break; 121 } 122 123 return sk ? sk : NULL; 124 } 125 126 /* Find socket with channel and source bdaddr. 127 * Returns closest match. 128 */ 129 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 130 { 131 struct sock *sk = NULL, *sk1 = NULL; 132 133 read_lock(&rfcomm_sk_list.lock); 134 135 sk_for_each(sk, &rfcomm_sk_list.head) { 136 if (state && sk->sk_state != state) 137 continue; 138 139 if (rfcomm_pi(sk)->channel == channel) { 140 /* Exact match. */ 141 if (!bacmp(&rfcomm_pi(sk)->src, src)) 142 break; 143 144 /* Closest match */ 145 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 146 sk1 = sk; 147 } 148 } 149 150 read_unlock(&rfcomm_sk_list.lock); 151 152 return sk ? sk : sk1; 153 } 154 155 static void rfcomm_sock_destruct(struct sock *sk) 156 { 157 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 158 159 BT_DBG("sk %p dlc %p", sk, d); 160 161 skb_queue_purge(&sk->sk_receive_queue); 162 skb_queue_purge(&sk->sk_write_queue); 163 164 rfcomm_dlc_lock(d); 165 rfcomm_pi(sk)->dlc = NULL; 166 167 /* Detach DLC if it's owned by this socket */ 168 if (d->owner == sk) 169 d->owner = NULL; 170 rfcomm_dlc_unlock(d); 171 172 rfcomm_dlc_put(d); 173 } 174 175 static void rfcomm_sock_cleanup_listen(struct sock *parent) 176 { 177 struct sock *sk; 178 179 BT_DBG("parent %p", parent); 180 181 /* Close not yet accepted dlcs */ 182 while ((sk = bt_accept_dequeue(parent, NULL))) { 183 rfcomm_sock_close(sk); 184 rfcomm_sock_kill(sk); 185 } 186 187 parent->sk_state = BT_CLOSED; 188 sock_set_flag(parent, SOCK_ZAPPED); 189 } 190 191 /* Kill socket (only if zapped and orphan) 192 * Must be called on unlocked socket. 193 */ 194 static void rfcomm_sock_kill(struct sock *sk) 195 { 196 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 197 return; 198 199 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 200 201 /* Kill poor orphan */ 202 bt_sock_unlink(&rfcomm_sk_list, sk); 203 sock_set_flag(sk, SOCK_DEAD); 204 sock_put(sk); 205 } 206 207 static void __rfcomm_sock_close(struct sock *sk) 208 { 209 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 210 211 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 212 213 switch (sk->sk_state) { 214 case BT_LISTEN: 215 rfcomm_sock_cleanup_listen(sk); 216 break; 217 218 case BT_CONNECT: 219 case BT_CONNECT2: 220 case BT_CONFIG: 221 case BT_CONNECTED: 222 rfcomm_dlc_close(d, 0); 223 224 default: 225 sock_set_flag(sk, SOCK_ZAPPED); 226 break; 227 } 228 } 229 230 /* Close socket. 231 * Must be called on unlocked socket. 232 */ 233 static void rfcomm_sock_close(struct sock *sk) 234 { 235 lock_sock(sk); 236 __rfcomm_sock_close(sk); 237 release_sock(sk); 238 } 239 240 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 241 { 242 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 243 244 BT_DBG("sk %p", sk); 245 246 if (parent) { 247 sk->sk_type = parent->sk_type; 248 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 249 &bt_sk(parent)->flags); 250 251 pi->sec_level = rfcomm_pi(parent)->sec_level; 252 pi->role_switch = rfcomm_pi(parent)->role_switch; 253 254 security_sk_clone(parent, sk); 255 } else { 256 pi->dlc->defer_setup = 0; 257 258 pi->sec_level = BT_SECURITY_LOW; 259 pi->role_switch = 0; 260 } 261 262 pi->dlc->sec_level = pi->sec_level; 263 pi->dlc->role_switch = pi->role_switch; 264 } 265 266 static struct proto rfcomm_proto = { 267 .name = "RFCOMM", 268 .owner = THIS_MODULE, 269 .obj_size = sizeof(struct rfcomm_pinfo) 270 }; 271 272 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 273 { 274 struct rfcomm_dlc *d; 275 struct sock *sk; 276 277 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); 278 if (!sk) 279 return NULL; 280 281 sock_init_data(sock, sk); 282 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 283 284 d = rfcomm_dlc_alloc(prio); 285 if (!d) { 286 sk_free(sk); 287 return NULL; 288 } 289 290 d->data_ready = rfcomm_sk_data_ready; 291 d->state_change = rfcomm_sk_state_change; 292 293 rfcomm_pi(sk)->dlc = d; 294 d->owner = sk; 295 296 sk->sk_destruct = rfcomm_sock_destruct; 297 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 298 299 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 300 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 301 302 sock_reset_flag(sk, SOCK_ZAPPED); 303 304 sk->sk_protocol = proto; 305 sk->sk_state = BT_OPEN; 306 307 bt_sock_link(&rfcomm_sk_list, sk); 308 309 BT_DBG("sk %p", sk); 310 return sk; 311 } 312 313 static int rfcomm_sock_create(struct net *net, struct socket *sock, 314 int protocol, int kern) 315 { 316 struct sock *sk; 317 318 BT_DBG("sock %p", sock); 319 320 sock->state = SS_UNCONNECTED; 321 322 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 323 return -ESOCKTNOSUPPORT; 324 325 sock->ops = &rfcomm_sock_ops; 326 327 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 328 if (!sk) 329 return -ENOMEM; 330 331 rfcomm_sock_init(sk, NULL); 332 return 0; 333 } 334 335 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 336 { 337 struct sockaddr_rc sa; 338 struct sock *sk = sock->sk; 339 int len, err = 0; 340 341 if (!addr || addr->sa_family != AF_BLUETOOTH) 342 return -EINVAL; 343 344 memset(&sa, 0, sizeof(sa)); 345 len = min_t(unsigned int, sizeof(sa), addr_len); 346 memcpy(&sa, addr, len); 347 348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 349 350 lock_sock(sk); 351 352 if (sk->sk_state != BT_OPEN) { 353 err = -EBADFD; 354 goto done; 355 } 356 357 if (sk->sk_type != SOCK_STREAM) { 358 err = -EINVAL; 359 goto done; 360 } 361 362 write_lock(&rfcomm_sk_list.lock); 363 364 if (sa.rc_channel && 365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 366 err = -EADDRINUSE; 367 } else { 368 /* Save source address */ 369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 370 rfcomm_pi(sk)->channel = sa.rc_channel; 371 sk->sk_state = BT_BOUND; 372 } 373 374 write_unlock(&rfcomm_sk_list.lock); 375 376 done: 377 release_sock(sk); 378 return err; 379 } 380 381 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 382 { 383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 384 struct sock *sk = sock->sk; 385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 386 int err = 0; 387 388 BT_DBG("sk %p", sk); 389 390 if (alen < sizeof(struct sockaddr_rc) || 391 addr->sa_family != AF_BLUETOOTH) 392 return -EINVAL; 393 394 lock_sock(sk); 395 396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 397 err = -EBADFD; 398 goto done; 399 } 400 401 if (sk->sk_type != SOCK_STREAM) { 402 err = -EINVAL; 403 goto done; 404 } 405 406 sk->sk_state = BT_CONNECT; 407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 408 rfcomm_pi(sk)->channel = sa->rc_channel; 409 410 d->sec_level = rfcomm_pi(sk)->sec_level; 411 d->role_switch = rfcomm_pi(sk)->role_switch; 412 413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 414 sa->rc_channel); 415 if (!err) 416 err = bt_sock_wait_state(sk, BT_CONNECTED, 417 sock_sndtimeo(sk, flags & O_NONBLOCK)); 418 419 done: 420 release_sock(sk); 421 return err; 422 } 423 424 static int rfcomm_sock_listen(struct socket *sock, int backlog) 425 { 426 struct sock *sk = sock->sk; 427 int err = 0; 428 429 BT_DBG("sk %p backlog %d", sk, backlog); 430 431 lock_sock(sk); 432 433 if (sk->sk_state != BT_BOUND) { 434 err = -EBADFD; 435 goto done; 436 } 437 438 if (sk->sk_type != SOCK_STREAM) { 439 err = -EINVAL; 440 goto done; 441 } 442 443 if (!rfcomm_pi(sk)->channel) { 444 bdaddr_t *src = &rfcomm_pi(sk)->src; 445 u8 channel; 446 447 err = -EINVAL; 448 449 write_lock(&rfcomm_sk_list.lock); 450 451 for (channel = 1; channel < 31; channel++) 452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 453 rfcomm_pi(sk)->channel = channel; 454 err = 0; 455 break; 456 } 457 458 write_unlock(&rfcomm_sk_list.lock); 459 460 if (err < 0) 461 goto done; 462 } 463 464 sk->sk_max_ack_backlog = backlog; 465 sk->sk_ack_backlog = 0; 466 sk->sk_state = BT_LISTEN; 467 468 done: 469 release_sock(sk); 470 return err; 471 } 472 473 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 474 { 475 DEFINE_WAIT_FUNC(wait, woken_wake_function); 476 struct sock *sk = sock->sk, *nsk; 477 long timeo; 478 int err = 0; 479 480 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 481 482 if (sk->sk_type != SOCK_STREAM) { 483 err = -EINVAL; 484 goto done; 485 } 486 487 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 488 489 BT_DBG("sk %p timeo %ld", sk, timeo); 490 491 /* Wait for an incoming connection. (wake-one). */ 492 add_wait_queue_exclusive(sk_sleep(sk), &wait); 493 while (1) { 494 if (sk->sk_state != BT_LISTEN) { 495 err = -EBADFD; 496 break; 497 } 498 499 nsk = bt_accept_dequeue(sk, newsock); 500 if (nsk) 501 break; 502 503 if (!timeo) { 504 err = -EAGAIN; 505 break; 506 } 507 508 if (signal_pending(current)) { 509 err = sock_intr_errno(timeo); 510 break; 511 } 512 513 release_sock(sk); 514 515 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 516 517 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 518 } 519 remove_wait_queue(sk_sleep(sk), &wait); 520 521 if (err) 522 goto done; 523 524 newsock->state = SS_CONNECTED; 525 526 BT_DBG("new socket %p", nsk); 527 528 done: 529 release_sock(sk); 530 return err; 531 } 532 533 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 534 { 535 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 536 struct sock *sk = sock->sk; 537 538 BT_DBG("sock %p, sk %p", sock, sk); 539 540 if (peer && sk->sk_state != BT_CONNECTED && 541 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 542 return -ENOTCONN; 543 544 memset(sa, 0, sizeof(*sa)); 545 sa->rc_family = AF_BLUETOOTH; 546 sa->rc_channel = rfcomm_pi(sk)->channel; 547 if (peer) 548 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 549 else 550 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 551 552 *len = sizeof(struct sockaddr_rc); 553 return 0; 554 } 555 556 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 557 size_t len) 558 { 559 struct sock *sk = sock->sk; 560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 561 struct sk_buff *skb; 562 int sent; 563 564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 565 return -ENOTCONN; 566 567 if (msg->msg_flags & MSG_OOB) 568 return -EOPNOTSUPP; 569 570 if (sk->sk_shutdown & SEND_SHUTDOWN) 571 return -EPIPE; 572 573 BT_DBG("sock %p, sk %p", sock, sk); 574 575 lock_sock(sk); 576 577 sent = bt_sock_wait_ready(sk, msg->msg_flags); 578 if (sent) 579 goto done; 580 581 while (len) { 582 size_t size = min_t(size_t, len, d->mtu); 583 int err; 584 585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 586 msg->msg_flags & MSG_DONTWAIT, &err); 587 if (!skb) { 588 if (sent == 0) 589 sent = err; 590 break; 591 } 592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 593 594 err = memcpy_from_msg(skb_put(skb, size), msg, size); 595 if (err) { 596 kfree_skb(skb); 597 if (sent == 0) 598 sent = err; 599 break; 600 } 601 602 skb->priority = sk->sk_priority; 603 604 err = rfcomm_dlc_send(d, skb); 605 if (err < 0) { 606 kfree_skb(skb); 607 if (sent == 0) 608 sent = err; 609 break; 610 } 611 612 sent += size; 613 len -= size; 614 } 615 616 done: 617 release_sock(sk); 618 619 return sent; 620 } 621 622 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 623 size_t size, int flags) 624 { 625 struct sock *sk = sock->sk; 626 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 627 int len; 628 629 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 630 rfcomm_dlc_accept(d); 631 return 0; 632 } 633 634 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 635 636 lock_sock(sk); 637 if (!(flags & MSG_PEEK) && len > 0) 638 atomic_sub(len, &sk->sk_rmem_alloc); 639 640 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 641 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 642 release_sock(sk); 643 644 return len; 645 } 646 647 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 648 { 649 struct sock *sk = sock->sk; 650 int err = 0; 651 u32 opt; 652 653 BT_DBG("sk %p", sk); 654 655 lock_sock(sk); 656 657 switch (optname) { 658 case RFCOMM_LM: 659 if (get_user(opt, (u32 __user *) optval)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opt & RFCOMM_LM_FIPS) { 665 err = -EINVAL; 666 break; 667 } 668 669 if (opt & RFCOMM_LM_AUTH) 670 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 671 if (opt & RFCOMM_LM_ENCRYPT) 672 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 673 if (opt & RFCOMM_LM_SECURE) 674 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 675 676 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 677 break; 678 679 default: 680 err = -ENOPROTOOPT; 681 break; 682 } 683 684 release_sock(sk); 685 return err; 686 } 687 688 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 689 { 690 struct sock *sk = sock->sk; 691 struct bt_security sec; 692 int err = 0; 693 size_t len; 694 u32 opt; 695 696 BT_DBG("sk %p", sk); 697 698 if (level == SOL_RFCOMM) 699 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 700 701 if (level != SOL_BLUETOOTH) 702 return -ENOPROTOOPT; 703 704 lock_sock(sk); 705 706 switch (optname) { 707 case BT_SECURITY: 708 if (sk->sk_type != SOCK_STREAM) { 709 err = -EINVAL; 710 break; 711 } 712 713 sec.level = BT_SECURITY_LOW; 714 715 len = min_t(unsigned int, sizeof(sec), optlen); 716 if (copy_from_user((char *) &sec, optval, len)) { 717 err = -EFAULT; 718 break; 719 } 720 721 if (sec.level > BT_SECURITY_HIGH) { 722 err = -EINVAL; 723 break; 724 } 725 726 rfcomm_pi(sk)->sec_level = sec.level; 727 break; 728 729 case BT_DEFER_SETUP: 730 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 731 err = -EINVAL; 732 break; 733 } 734 735 if (get_user(opt, (u32 __user *) optval)) { 736 err = -EFAULT; 737 break; 738 } 739 740 if (opt) 741 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 742 else 743 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 744 745 break; 746 747 default: 748 err = -ENOPROTOOPT; 749 break; 750 } 751 752 release_sock(sk); 753 return err; 754 } 755 756 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 757 { 758 struct sock *sk = sock->sk; 759 struct sock *l2cap_sk; 760 struct l2cap_conn *conn; 761 struct rfcomm_conninfo cinfo; 762 int len, err = 0; 763 u32 opt; 764 765 BT_DBG("sk %p", sk); 766 767 if (get_user(len, optlen)) 768 return -EFAULT; 769 770 lock_sock(sk); 771 772 switch (optname) { 773 case RFCOMM_LM: 774 switch (rfcomm_pi(sk)->sec_level) { 775 case BT_SECURITY_LOW: 776 opt = RFCOMM_LM_AUTH; 777 break; 778 case BT_SECURITY_MEDIUM: 779 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 780 break; 781 case BT_SECURITY_HIGH: 782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 783 RFCOMM_LM_SECURE; 784 break; 785 case BT_SECURITY_FIPS: 786 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 787 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 788 break; 789 default: 790 opt = 0; 791 break; 792 } 793 794 if (rfcomm_pi(sk)->role_switch) 795 opt |= RFCOMM_LM_MASTER; 796 797 if (put_user(opt, (u32 __user *) optval)) 798 err = -EFAULT; 799 800 break; 801 802 case RFCOMM_CONNINFO: 803 if (sk->sk_state != BT_CONNECTED && 804 !rfcomm_pi(sk)->dlc->defer_setup) { 805 err = -ENOTCONN; 806 break; 807 } 808 809 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 810 conn = l2cap_pi(l2cap_sk)->chan->conn; 811 812 memset(&cinfo, 0, sizeof(cinfo)); 813 cinfo.hci_handle = conn->hcon->handle; 814 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 815 816 len = min_t(unsigned int, len, sizeof(cinfo)); 817 if (copy_to_user(optval, (char *) &cinfo, len)) 818 err = -EFAULT; 819 820 break; 821 822 default: 823 err = -ENOPROTOOPT; 824 break; 825 } 826 827 release_sock(sk); 828 return err; 829 } 830 831 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 832 { 833 struct sock *sk = sock->sk; 834 struct bt_security sec; 835 int len, err = 0; 836 837 BT_DBG("sk %p", sk); 838 839 if (level == SOL_RFCOMM) 840 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 841 842 if (level != SOL_BLUETOOTH) 843 return -ENOPROTOOPT; 844 845 if (get_user(len, optlen)) 846 return -EFAULT; 847 848 lock_sock(sk); 849 850 switch (optname) { 851 case BT_SECURITY: 852 if (sk->sk_type != SOCK_STREAM) { 853 err = -EINVAL; 854 break; 855 } 856 857 sec.level = rfcomm_pi(sk)->sec_level; 858 sec.key_size = 0; 859 860 len = min_t(unsigned int, len, sizeof(sec)); 861 if (copy_to_user(optval, (char *) &sec, len)) 862 err = -EFAULT; 863 864 break; 865 866 case BT_DEFER_SETUP: 867 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 868 err = -EINVAL; 869 break; 870 } 871 872 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 873 (u32 __user *) optval)) 874 err = -EFAULT; 875 876 break; 877 878 default: 879 err = -ENOPROTOOPT; 880 break; 881 } 882 883 release_sock(sk); 884 return err; 885 } 886 887 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 888 { 889 struct sock *sk __maybe_unused = sock->sk; 890 int err; 891 892 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 893 894 err = bt_sock_ioctl(sock, cmd, arg); 895 896 if (err == -ENOIOCTLCMD) { 897 #ifdef CONFIG_BT_RFCOMM_TTY 898 lock_sock(sk); 899 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 900 release_sock(sk); 901 #else 902 err = -EOPNOTSUPP; 903 #endif 904 } 905 906 return err; 907 } 908 909 static int rfcomm_sock_shutdown(struct socket *sock, int how) 910 { 911 struct sock *sk = sock->sk; 912 int err = 0; 913 914 BT_DBG("sock %p, sk %p", sock, sk); 915 916 if (!sk) 917 return 0; 918 919 lock_sock(sk); 920 if (!sk->sk_shutdown) { 921 sk->sk_shutdown = SHUTDOWN_MASK; 922 __rfcomm_sock_close(sk); 923 924 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 925 !(current->flags & PF_EXITING)) 926 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 927 } 928 release_sock(sk); 929 return err; 930 } 931 932 static int rfcomm_sock_release(struct socket *sock) 933 { 934 struct sock *sk = sock->sk; 935 int err; 936 937 BT_DBG("sock %p, sk %p", sock, sk); 938 939 if (!sk) 940 return 0; 941 942 err = rfcomm_sock_shutdown(sock, 2); 943 944 sock_orphan(sk); 945 rfcomm_sock_kill(sk); 946 return err; 947 } 948 949 /* ---- RFCOMM core layer callbacks ---- 950 * 951 * called under rfcomm_lock() 952 */ 953 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 954 { 955 struct sock *sk, *parent; 956 bdaddr_t src, dst; 957 int result = 0; 958 959 BT_DBG("session %p channel %d", s, channel); 960 961 rfcomm_session_getaddr(s, &src, &dst); 962 963 /* Check if we have socket listening on channel */ 964 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 965 if (!parent) 966 return 0; 967 968 bh_lock_sock(parent); 969 970 /* Check for backlog size */ 971 if (sk_acceptq_is_full(parent)) { 972 BT_DBG("backlog full %d", parent->sk_ack_backlog); 973 goto done; 974 } 975 976 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 977 if (!sk) 978 goto done; 979 980 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 981 982 rfcomm_sock_init(sk, parent); 983 bacpy(&rfcomm_pi(sk)->src, &src); 984 bacpy(&rfcomm_pi(sk)->dst, &dst); 985 rfcomm_pi(sk)->channel = channel; 986 987 sk->sk_state = BT_CONFIG; 988 bt_accept_enqueue(parent, sk); 989 990 /* Accept connection and return socket DLC */ 991 *d = rfcomm_pi(sk)->dlc; 992 result = 1; 993 994 done: 995 bh_unlock_sock(parent); 996 997 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 998 parent->sk_state_change(parent); 999 1000 return result; 1001 } 1002 1003 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1004 { 1005 struct sock *sk; 1006 1007 read_lock(&rfcomm_sk_list.lock); 1008 1009 sk_for_each(sk, &rfcomm_sk_list.head) { 1010 seq_printf(f, "%pMR %pMR %d %d\n", 1011 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1012 sk->sk_state, rfcomm_pi(sk)->channel); 1013 } 1014 1015 read_unlock(&rfcomm_sk_list.lock); 1016 1017 return 0; 1018 } 1019 1020 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1021 { 1022 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1023 } 1024 1025 static const struct file_operations rfcomm_sock_debugfs_fops = { 1026 .open = rfcomm_sock_debugfs_open, 1027 .read = seq_read, 1028 .llseek = seq_lseek, 1029 .release = single_release, 1030 }; 1031 1032 static struct dentry *rfcomm_sock_debugfs; 1033 1034 static const struct proto_ops rfcomm_sock_ops = { 1035 .family = PF_BLUETOOTH, 1036 .owner = THIS_MODULE, 1037 .release = rfcomm_sock_release, 1038 .bind = rfcomm_sock_bind, 1039 .connect = rfcomm_sock_connect, 1040 .listen = rfcomm_sock_listen, 1041 .accept = rfcomm_sock_accept, 1042 .getname = rfcomm_sock_getname, 1043 .sendmsg = rfcomm_sock_sendmsg, 1044 .recvmsg = rfcomm_sock_recvmsg, 1045 .shutdown = rfcomm_sock_shutdown, 1046 .setsockopt = rfcomm_sock_setsockopt, 1047 .getsockopt = rfcomm_sock_getsockopt, 1048 .ioctl = rfcomm_sock_ioctl, 1049 .poll = bt_sock_poll, 1050 .socketpair = sock_no_socketpair, 1051 .mmap = sock_no_mmap 1052 }; 1053 1054 static const struct net_proto_family rfcomm_sock_family_ops = { 1055 .family = PF_BLUETOOTH, 1056 .owner = THIS_MODULE, 1057 .create = rfcomm_sock_create 1058 }; 1059 1060 int __init rfcomm_init_sockets(void) 1061 { 1062 int err; 1063 1064 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1065 1066 err = proto_register(&rfcomm_proto, 0); 1067 if (err < 0) 1068 return err; 1069 1070 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1071 if (err < 0) { 1072 BT_ERR("RFCOMM socket layer registration failed"); 1073 goto error; 1074 } 1075 1076 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1077 if (err < 0) { 1078 BT_ERR("Failed to create RFCOMM proc file"); 1079 bt_sock_unregister(BTPROTO_RFCOMM); 1080 goto error; 1081 } 1082 1083 BT_INFO("RFCOMM socket layer initialized"); 1084 1085 if (IS_ERR_OR_NULL(bt_debugfs)) 1086 return 0; 1087 1088 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1089 bt_debugfs, NULL, 1090 &rfcomm_sock_debugfs_fops); 1091 1092 return 0; 1093 1094 error: 1095 proto_unregister(&rfcomm_proto); 1096 return err; 1097 } 1098 1099 void __exit rfcomm_cleanup_sockets(void) 1100 { 1101 bt_procfs_cleanup(&init_net, "rfcomm"); 1102 1103 debugfs_remove(rfcomm_sock_debugfs); 1104 1105 bt_sock_unregister(BTPROTO_RFCOMM); 1106 1107 proto_unregister(&rfcomm_proto); 1108 } 1109