1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <linux/debugfs.h> 44 #include <linux/seq_file.h> 45 #include <net/sock.h> 46 47 #include <asm/system.h> 48 #include <asm/uaccess.h> 49 50 #include <net/bluetooth/bluetooth.h> 51 #include <net/bluetooth/hci_core.h> 52 #include <net/bluetooth/l2cap.h> 53 #include <net/bluetooth/rfcomm.h> 54 55 static const struct proto_ops rfcomm_sock_ops; 56 57 static struct bt_sock_list rfcomm_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 59 }; 60 61 static void rfcomm_sock_close(struct sock *sk); 62 static void rfcomm_sock_kill(struct sock *sk); 63 64 /* ---- DLC callbacks ---- 65 * 66 * called under rfcomm_dlc_lock() 67 */ 68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 69 { 70 struct sock *sk = d->owner; 71 if (!sk) 72 return; 73 74 atomic_add(skb->len, &sk->sk_rmem_alloc); 75 skb_queue_tail(&sk->sk_receive_queue, skb); 76 sk->sk_data_ready(sk, skb->len); 77 78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 79 rfcomm_dlc_throttle(d); 80 } 81 82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 83 { 84 struct sock *sk = d->owner, *parent; 85 unsigned long flags; 86 87 if (!sk) 88 return; 89 90 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 91 92 local_irq_save(flags); 93 bh_lock_sock(sk); 94 95 if (err) 96 sk->sk_err = err; 97 98 sk->sk_state = d->state; 99 100 parent = bt_sk(sk)->parent; 101 if (parent) { 102 if (d->state == BT_CLOSED) { 103 sock_set_flag(sk, SOCK_ZAPPED); 104 bt_accept_unlink(sk); 105 } 106 parent->sk_data_ready(parent, 0); 107 } else { 108 if (d->state == BT_CONNECTED) 109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 110 sk->sk_state_change(sk); 111 } 112 113 bh_unlock_sock(sk); 114 local_irq_restore(flags); 115 116 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 117 /* We have to drop DLC lock here, otherwise 118 * rfcomm_sock_destruct() will dead lock. */ 119 rfcomm_dlc_unlock(d); 120 rfcomm_sock_kill(sk); 121 rfcomm_dlc_lock(d); 122 } 123 } 124 125 /* ---- Socket functions ---- */ 126 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 127 { 128 struct sock *sk = NULL; 129 struct hlist_node *node; 130 131 sk_for_each(sk, node, &rfcomm_sk_list.head) { 132 if (rfcomm_pi(sk)->channel == channel && 133 !bacmp(&bt_sk(sk)->src, src)) 134 break; 135 } 136 137 return node ? sk : NULL; 138 } 139 140 /* Find socket with channel and source bdaddr. 141 * Returns closest match. 142 */ 143 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 144 { 145 struct sock *sk = NULL, *sk1 = NULL; 146 struct hlist_node *node; 147 148 sk_for_each(sk, node, &rfcomm_sk_list.head) { 149 if (state && sk->sk_state != state) 150 continue; 151 152 if (rfcomm_pi(sk)->channel == channel) { 153 /* Exact match. */ 154 if (!bacmp(&bt_sk(sk)->src, src)) 155 break; 156 157 /* Closest match */ 158 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 159 sk1 = sk; 160 } 161 } 162 return node ? sk : sk1; 163 } 164 165 /* Find socket with given address (channel, src). 166 * Returns locked socket */ 167 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 168 { 169 struct sock *s; 170 read_lock(&rfcomm_sk_list.lock); 171 s = __rfcomm_get_sock_by_channel(state, channel, src); 172 if (s) bh_lock_sock(s); 173 read_unlock(&rfcomm_sk_list.lock); 174 return s; 175 } 176 177 static void rfcomm_sock_destruct(struct sock *sk) 178 { 179 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 180 181 BT_DBG("sk %p dlc %p", sk, d); 182 183 skb_queue_purge(&sk->sk_receive_queue); 184 skb_queue_purge(&sk->sk_write_queue); 185 186 rfcomm_dlc_lock(d); 187 rfcomm_pi(sk)->dlc = NULL; 188 189 /* Detach DLC if it's owned by this socket */ 190 if (d->owner == sk) 191 d->owner = NULL; 192 rfcomm_dlc_unlock(d); 193 194 rfcomm_dlc_put(d); 195 } 196 197 static void rfcomm_sock_cleanup_listen(struct sock *parent) 198 { 199 struct sock *sk; 200 201 BT_DBG("parent %p", parent); 202 203 /* Close not yet accepted dlcs */ 204 while ((sk = bt_accept_dequeue(parent, NULL))) { 205 rfcomm_sock_close(sk); 206 rfcomm_sock_kill(sk); 207 } 208 209 parent->sk_state = BT_CLOSED; 210 sock_set_flag(parent, SOCK_ZAPPED); 211 } 212 213 /* Kill socket (only if zapped and orphan) 214 * Must be called on unlocked socket. 215 */ 216 static void rfcomm_sock_kill(struct sock *sk) 217 { 218 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 219 return; 220 221 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 222 223 /* Kill poor orphan */ 224 bt_sock_unlink(&rfcomm_sk_list, sk); 225 sock_set_flag(sk, SOCK_DEAD); 226 sock_put(sk); 227 } 228 229 static void __rfcomm_sock_close(struct sock *sk) 230 { 231 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 232 233 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 234 235 switch (sk->sk_state) { 236 case BT_LISTEN: 237 rfcomm_sock_cleanup_listen(sk); 238 break; 239 240 case BT_CONNECT: 241 case BT_CONNECT2: 242 case BT_CONFIG: 243 case BT_CONNECTED: 244 rfcomm_dlc_close(d, 0); 245 246 default: 247 sock_set_flag(sk, SOCK_ZAPPED); 248 break; 249 } 250 } 251 252 /* Close socket. 253 * Must be called on unlocked socket. 254 */ 255 static void rfcomm_sock_close(struct sock *sk) 256 { 257 lock_sock(sk); 258 __rfcomm_sock_close(sk); 259 release_sock(sk); 260 } 261 262 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 263 { 264 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 265 266 BT_DBG("sk %p", sk); 267 268 if (parent) { 269 sk->sk_type = parent->sk_type; 270 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 271 272 pi->sec_level = rfcomm_pi(parent)->sec_level; 273 pi->role_switch = rfcomm_pi(parent)->role_switch; 274 } else { 275 pi->dlc->defer_setup = 0; 276 277 pi->sec_level = BT_SECURITY_LOW; 278 pi->role_switch = 0; 279 } 280 281 pi->dlc->sec_level = pi->sec_level; 282 pi->dlc->role_switch = pi->role_switch; 283 } 284 285 static struct proto rfcomm_proto = { 286 .name = "RFCOMM", 287 .owner = THIS_MODULE, 288 .obj_size = sizeof(struct rfcomm_pinfo) 289 }; 290 291 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 292 { 293 struct rfcomm_dlc *d; 294 struct sock *sk; 295 296 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 297 if (!sk) 298 return NULL; 299 300 sock_init_data(sock, sk); 301 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 302 303 d = rfcomm_dlc_alloc(prio); 304 if (!d) { 305 sk_free(sk); 306 return NULL; 307 } 308 309 d->data_ready = rfcomm_sk_data_ready; 310 d->state_change = rfcomm_sk_state_change; 311 312 rfcomm_pi(sk)->dlc = d; 313 d->owner = sk; 314 315 sk->sk_destruct = rfcomm_sock_destruct; 316 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 317 318 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 319 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 320 321 sock_reset_flag(sk, SOCK_ZAPPED); 322 323 sk->sk_protocol = proto; 324 sk->sk_state = BT_OPEN; 325 326 bt_sock_link(&rfcomm_sk_list, sk); 327 328 BT_DBG("sk %p", sk); 329 return sk; 330 } 331 332 static int rfcomm_sock_create(struct net *net, struct socket *sock, 333 int protocol, int kern) 334 { 335 struct sock *sk; 336 337 BT_DBG("sock %p", sock); 338 339 sock->state = SS_UNCONNECTED; 340 341 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 342 return -ESOCKTNOSUPPORT; 343 344 sock->ops = &rfcomm_sock_ops; 345 346 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 347 if (!sk) 348 return -ENOMEM; 349 350 rfcomm_sock_init(sk, NULL); 351 return 0; 352 } 353 354 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 355 { 356 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 357 struct sock *sk = sock->sk; 358 int err = 0; 359 360 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 361 362 if (!addr || addr->sa_family != AF_BLUETOOTH) 363 return -EINVAL; 364 365 lock_sock(sk); 366 367 if (sk->sk_state != BT_OPEN) { 368 err = -EBADFD; 369 goto done; 370 } 371 372 if (sk->sk_type != SOCK_STREAM) { 373 err = -EINVAL; 374 goto done; 375 } 376 377 write_lock_bh(&rfcomm_sk_list.lock); 378 379 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 380 err = -EADDRINUSE; 381 } else { 382 /* Save source address */ 383 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 384 rfcomm_pi(sk)->channel = sa->rc_channel; 385 sk->sk_state = BT_BOUND; 386 } 387 388 write_unlock_bh(&rfcomm_sk_list.lock); 389 390 done: 391 release_sock(sk); 392 return err; 393 } 394 395 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 396 { 397 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 398 struct sock *sk = sock->sk; 399 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 400 int err = 0; 401 402 BT_DBG("sk %p", sk); 403 404 if (alen < sizeof(struct sockaddr_rc) || 405 addr->sa_family != AF_BLUETOOTH) 406 return -EINVAL; 407 408 lock_sock(sk); 409 410 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 411 err = -EBADFD; 412 goto done; 413 } 414 415 if (sk->sk_type != SOCK_STREAM) { 416 err = -EINVAL; 417 goto done; 418 } 419 420 sk->sk_state = BT_CONNECT; 421 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 422 rfcomm_pi(sk)->channel = sa->rc_channel; 423 424 d->sec_level = rfcomm_pi(sk)->sec_level; 425 d->role_switch = rfcomm_pi(sk)->role_switch; 426 427 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 428 if (!err) 429 err = bt_sock_wait_state(sk, BT_CONNECTED, 430 sock_sndtimeo(sk, flags & O_NONBLOCK)); 431 432 done: 433 release_sock(sk); 434 return err; 435 } 436 437 static int rfcomm_sock_listen(struct socket *sock, int backlog) 438 { 439 struct sock *sk = sock->sk; 440 int err = 0; 441 442 BT_DBG("sk %p backlog %d", sk, backlog); 443 444 lock_sock(sk); 445 446 if (sk->sk_state != BT_BOUND) { 447 err = -EBADFD; 448 goto done; 449 } 450 451 if (sk->sk_type != SOCK_STREAM) { 452 err = -EINVAL; 453 goto done; 454 } 455 456 if (!rfcomm_pi(sk)->channel) { 457 bdaddr_t *src = &bt_sk(sk)->src; 458 u8 channel; 459 460 err = -EINVAL; 461 462 write_lock_bh(&rfcomm_sk_list.lock); 463 464 for (channel = 1; channel < 31; channel++) 465 if (!__rfcomm_get_sock_by_addr(channel, src)) { 466 rfcomm_pi(sk)->channel = channel; 467 err = 0; 468 break; 469 } 470 471 write_unlock_bh(&rfcomm_sk_list.lock); 472 473 if (err < 0) 474 goto done; 475 } 476 477 sk->sk_max_ack_backlog = backlog; 478 sk->sk_ack_backlog = 0; 479 sk->sk_state = BT_LISTEN; 480 481 done: 482 release_sock(sk); 483 return err; 484 } 485 486 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 487 { 488 DECLARE_WAITQUEUE(wait, current); 489 struct sock *sk = sock->sk, *nsk; 490 long timeo; 491 int err = 0; 492 493 lock_sock(sk); 494 495 if (sk->sk_state != BT_LISTEN) { 496 err = -EBADFD; 497 goto done; 498 } 499 500 if (sk->sk_type != SOCK_STREAM) { 501 err = -EINVAL; 502 goto done; 503 } 504 505 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 506 507 BT_DBG("sk %p timeo %ld", sk, timeo); 508 509 /* Wait for an incoming connection. (wake-one). */ 510 add_wait_queue_exclusive(sk_sleep(sk), &wait); 511 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 512 set_current_state(TASK_INTERRUPTIBLE); 513 if (!timeo) { 514 err = -EAGAIN; 515 break; 516 } 517 518 release_sock(sk); 519 timeo = schedule_timeout(timeo); 520 lock_sock(sk); 521 522 if (sk->sk_state != BT_LISTEN) { 523 err = -EBADFD; 524 break; 525 } 526 527 if (signal_pending(current)) { 528 err = sock_intr_errno(timeo); 529 break; 530 } 531 } 532 set_current_state(TASK_RUNNING); 533 remove_wait_queue(sk_sleep(sk), &wait); 534 535 if (err) 536 goto done; 537 538 newsock->state = SS_CONNECTED; 539 540 BT_DBG("new socket %p", nsk); 541 542 done: 543 release_sock(sk); 544 return err; 545 } 546 547 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 548 { 549 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 550 struct sock *sk = sock->sk; 551 552 BT_DBG("sock %p, sk %p", sock, sk); 553 554 sa->rc_family = AF_BLUETOOTH; 555 sa->rc_channel = rfcomm_pi(sk)->channel; 556 if (peer) 557 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 558 else 559 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 560 561 *len = sizeof(struct sockaddr_rc); 562 return 0; 563 } 564 565 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 566 struct msghdr *msg, size_t len) 567 { 568 struct sock *sk = sock->sk; 569 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 570 struct sk_buff *skb; 571 int sent = 0; 572 573 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 574 return -ENOTCONN; 575 576 if (msg->msg_flags & MSG_OOB) 577 return -EOPNOTSUPP; 578 579 if (sk->sk_shutdown & SEND_SHUTDOWN) 580 return -EPIPE; 581 582 BT_DBG("sock %p, sk %p", sock, sk); 583 584 lock_sock(sk); 585 586 while (len) { 587 size_t size = min_t(size_t, len, d->mtu); 588 int err; 589 590 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 591 msg->msg_flags & MSG_DONTWAIT, &err); 592 if (!skb) { 593 if (sent == 0) 594 sent = err; 595 break; 596 } 597 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 598 599 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 600 if (err) { 601 kfree_skb(skb); 602 if (sent == 0) 603 sent = err; 604 break; 605 } 606 607 err = rfcomm_dlc_send(d, skb); 608 if (err < 0) { 609 kfree_skb(skb); 610 if (sent == 0) 611 sent = err; 612 break; 613 } 614 615 sent += size; 616 len -= size; 617 } 618 619 release_sock(sk); 620 621 return sent; 622 } 623 624 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 625 { 626 DECLARE_WAITQUEUE(wait, current); 627 628 add_wait_queue(sk_sleep(sk), &wait); 629 for (;;) { 630 set_current_state(TASK_INTERRUPTIBLE); 631 632 if (!skb_queue_empty(&sk->sk_receive_queue) || 633 sk->sk_err || 634 (sk->sk_shutdown & RCV_SHUTDOWN) || 635 signal_pending(current) || 636 !timeo) 637 break; 638 639 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 640 release_sock(sk); 641 timeo = schedule_timeout(timeo); 642 lock_sock(sk); 643 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 644 } 645 646 __set_current_state(TASK_RUNNING); 647 remove_wait_queue(sk_sleep(sk), &wait); 648 return timeo; 649 } 650 651 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 652 struct msghdr *msg, size_t size, int flags) 653 { 654 struct sock *sk = sock->sk; 655 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 656 int err = 0; 657 size_t target, copied = 0; 658 long timeo; 659 660 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 661 rfcomm_dlc_accept(d); 662 return 0; 663 } 664 665 if (flags & MSG_OOB) 666 return -EOPNOTSUPP; 667 668 msg->msg_namelen = 0; 669 670 BT_DBG("sk %p size %zu", sk, size); 671 672 lock_sock(sk); 673 674 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 675 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 676 677 do { 678 struct sk_buff *skb; 679 int chunk; 680 681 skb = skb_dequeue(&sk->sk_receive_queue); 682 if (!skb) { 683 if (copied >= target) 684 break; 685 686 if ((err = sock_error(sk)) != 0) 687 break; 688 if (sk->sk_shutdown & RCV_SHUTDOWN) 689 break; 690 691 err = -EAGAIN; 692 if (!timeo) 693 break; 694 695 timeo = rfcomm_sock_data_wait(sk, timeo); 696 697 if (signal_pending(current)) { 698 err = sock_intr_errno(timeo); 699 goto out; 700 } 701 continue; 702 } 703 704 chunk = min_t(unsigned int, skb->len, size); 705 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 706 skb_queue_head(&sk->sk_receive_queue, skb); 707 if (!copied) 708 copied = -EFAULT; 709 break; 710 } 711 copied += chunk; 712 size -= chunk; 713 714 sock_recv_ts_and_drops(msg, sk, skb); 715 716 if (!(flags & MSG_PEEK)) { 717 atomic_sub(chunk, &sk->sk_rmem_alloc); 718 719 skb_pull(skb, chunk); 720 if (skb->len) { 721 skb_queue_head(&sk->sk_receive_queue, skb); 722 break; 723 } 724 kfree_skb(skb); 725 726 } else { 727 /* put message back and return */ 728 skb_queue_head(&sk->sk_receive_queue, skb); 729 break; 730 } 731 } while (size); 732 733 out: 734 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 735 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 736 737 release_sock(sk); 738 return copied ? : err; 739 } 740 741 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 742 { 743 struct sock *sk = sock->sk; 744 int err = 0; 745 u32 opt; 746 747 BT_DBG("sk %p", sk); 748 749 lock_sock(sk); 750 751 switch (optname) { 752 case RFCOMM_LM: 753 if (get_user(opt, (u32 __user *) optval)) { 754 err = -EFAULT; 755 break; 756 } 757 758 if (opt & RFCOMM_LM_AUTH) 759 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 760 if (opt & RFCOMM_LM_ENCRYPT) 761 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 762 if (opt & RFCOMM_LM_SECURE) 763 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 764 765 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 766 break; 767 768 default: 769 err = -ENOPROTOOPT; 770 break; 771 } 772 773 release_sock(sk); 774 return err; 775 } 776 777 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 778 { 779 struct sock *sk = sock->sk; 780 struct bt_security sec; 781 int len, err = 0; 782 u32 opt; 783 784 BT_DBG("sk %p", sk); 785 786 if (level == SOL_RFCOMM) 787 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 788 789 if (level != SOL_BLUETOOTH) 790 return -ENOPROTOOPT; 791 792 lock_sock(sk); 793 794 switch (optname) { 795 case BT_SECURITY: 796 if (sk->sk_type != SOCK_STREAM) { 797 err = -EINVAL; 798 break; 799 } 800 801 sec.level = BT_SECURITY_LOW; 802 803 len = min_t(unsigned int, sizeof(sec), optlen); 804 if (copy_from_user((char *) &sec, optval, len)) { 805 err = -EFAULT; 806 break; 807 } 808 809 if (sec.level > BT_SECURITY_HIGH) { 810 err = -EINVAL; 811 break; 812 } 813 814 rfcomm_pi(sk)->sec_level = sec.level; 815 break; 816 817 case BT_DEFER_SETUP: 818 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 819 err = -EINVAL; 820 break; 821 } 822 823 if (get_user(opt, (u32 __user *) optval)) { 824 err = -EFAULT; 825 break; 826 } 827 828 bt_sk(sk)->defer_setup = opt; 829 break; 830 831 default: 832 err = -ENOPROTOOPT; 833 break; 834 } 835 836 release_sock(sk); 837 return err; 838 } 839 840 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 841 { 842 struct sock *sk = sock->sk; 843 struct sock *l2cap_sk; 844 struct rfcomm_conninfo cinfo; 845 int len, err = 0; 846 u32 opt; 847 848 BT_DBG("sk %p", sk); 849 850 if (get_user(len, optlen)) 851 return -EFAULT; 852 853 lock_sock(sk); 854 855 switch (optname) { 856 case RFCOMM_LM: 857 switch (rfcomm_pi(sk)->sec_level) { 858 case BT_SECURITY_LOW: 859 opt = RFCOMM_LM_AUTH; 860 break; 861 case BT_SECURITY_MEDIUM: 862 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 863 break; 864 case BT_SECURITY_HIGH: 865 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 866 RFCOMM_LM_SECURE; 867 break; 868 default: 869 opt = 0; 870 break; 871 } 872 873 if (rfcomm_pi(sk)->role_switch) 874 opt |= RFCOMM_LM_MASTER; 875 876 if (put_user(opt, (u32 __user *) optval)) 877 err = -EFAULT; 878 break; 879 880 case RFCOMM_CONNINFO: 881 if (sk->sk_state != BT_CONNECTED && 882 !rfcomm_pi(sk)->dlc->defer_setup) { 883 err = -ENOTCONN; 884 break; 885 } 886 887 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 888 889 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 890 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 891 892 len = min_t(unsigned int, len, sizeof(cinfo)); 893 if (copy_to_user(optval, (char *) &cinfo, len)) 894 err = -EFAULT; 895 896 break; 897 898 default: 899 err = -ENOPROTOOPT; 900 break; 901 } 902 903 release_sock(sk); 904 return err; 905 } 906 907 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 908 { 909 struct sock *sk = sock->sk; 910 struct bt_security sec; 911 int len, err = 0; 912 913 BT_DBG("sk %p", sk); 914 915 if (level == SOL_RFCOMM) 916 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 917 918 if (level != SOL_BLUETOOTH) 919 return -ENOPROTOOPT; 920 921 if (get_user(len, optlen)) 922 return -EFAULT; 923 924 lock_sock(sk); 925 926 switch (optname) { 927 case BT_SECURITY: 928 if (sk->sk_type != SOCK_STREAM) { 929 err = -EINVAL; 930 break; 931 } 932 933 sec.level = rfcomm_pi(sk)->sec_level; 934 935 len = min_t(unsigned int, len, sizeof(sec)); 936 if (copy_to_user(optval, (char *) &sec, len)) 937 err = -EFAULT; 938 939 break; 940 941 case BT_DEFER_SETUP: 942 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 943 err = -EINVAL; 944 break; 945 } 946 947 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 948 err = -EFAULT; 949 950 break; 951 952 default: 953 err = -ENOPROTOOPT; 954 break; 955 } 956 957 release_sock(sk); 958 return err; 959 } 960 961 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 962 { 963 struct sock *sk __maybe_unused = sock->sk; 964 int err; 965 966 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 967 968 err = bt_sock_ioctl(sock, cmd, arg); 969 970 if (err == -ENOIOCTLCMD) { 971 #ifdef CONFIG_BT_RFCOMM_TTY 972 lock_sock(sk); 973 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 974 release_sock(sk); 975 #else 976 err = -EOPNOTSUPP; 977 #endif 978 } 979 980 return err; 981 } 982 983 static int rfcomm_sock_shutdown(struct socket *sock, int how) 984 { 985 struct sock *sk = sock->sk; 986 int err = 0; 987 988 BT_DBG("sock %p, sk %p", sock, sk); 989 990 if (!sk) return 0; 991 992 lock_sock(sk); 993 if (!sk->sk_shutdown) { 994 sk->sk_shutdown = SHUTDOWN_MASK; 995 __rfcomm_sock_close(sk); 996 997 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 998 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 999 } 1000 release_sock(sk); 1001 return err; 1002 } 1003 1004 static int rfcomm_sock_release(struct socket *sock) 1005 { 1006 struct sock *sk = sock->sk; 1007 int err; 1008 1009 BT_DBG("sock %p, sk %p", sock, sk); 1010 1011 if (!sk) 1012 return 0; 1013 1014 err = rfcomm_sock_shutdown(sock, 2); 1015 1016 sock_orphan(sk); 1017 rfcomm_sock_kill(sk); 1018 return err; 1019 } 1020 1021 /* ---- RFCOMM core layer callbacks ---- 1022 * 1023 * called under rfcomm_lock() 1024 */ 1025 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 1026 { 1027 struct sock *sk, *parent; 1028 bdaddr_t src, dst; 1029 int result = 0; 1030 1031 BT_DBG("session %p channel %d", s, channel); 1032 1033 rfcomm_session_getaddr(s, &src, &dst); 1034 1035 /* Check if we have socket listening on channel */ 1036 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 1037 if (!parent) 1038 return 0; 1039 1040 /* Check for backlog size */ 1041 if (sk_acceptq_is_full(parent)) { 1042 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1043 goto done; 1044 } 1045 1046 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 1047 if (!sk) 1048 goto done; 1049 1050 rfcomm_sock_init(sk, parent); 1051 bacpy(&bt_sk(sk)->src, &src); 1052 bacpy(&bt_sk(sk)->dst, &dst); 1053 rfcomm_pi(sk)->channel = channel; 1054 1055 sk->sk_state = BT_CONFIG; 1056 bt_accept_enqueue(parent, sk); 1057 1058 /* Accept connection and return socket DLC */ 1059 *d = rfcomm_pi(sk)->dlc; 1060 result = 1; 1061 1062 done: 1063 bh_unlock_sock(parent); 1064 1065 if (bt_sk(parent)->defer_setup) 1066 parent->sk_state_change(parent); 1067 1068 return result; 1069 } 1070 1071 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1072 { 1073 struct sock *sk; 1074 struct hlist_node *node; 1075 1076 read_lock_bh(&rfcomm_sk_list.lock); 1077 1078 sk_for_each(sk, node, &rfcomm_sk_list.head) { 1079 seq_printf(f, "%s %s %d %d\n", 1080 batostr(&bt_sk(sk)->src), 1081 batostr(&bt_sk(sk)->dst), 1082 sk->sk_state, rfcomm_pi(sk)->channel); 1083 } 1084 1085 read_unlock_bh(&rfcomm_sk_list.lock); 1086 1087 return 0; 1088 } 1089 1090 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1091 { 1092 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1093 } 1094 1095 static const struct file_operations rfcomm_sock_debugfs_fops = { 1096 .open = rfcomm_sock_debugfs_open, 1097 .read = seq_read, 1098 .llseek = seq_lseek, 1099 .release = single_release, 1100 }; 1101 1102 static struct dentry *rfcomm_sock_debugfs; 1103 1104 static const struct proto_ops rfcomm_sock_ops = { 1105 .family = PF_BLUETOOTH, 1106 .owner = THIS_MODULE, 1107 .release = rfcomm_sock_release, 1108 .bind = rfcomm_sock_bind, 1109 .connect = rfcomm_sock_connect, 1110 .listen = rfcomm_sock_listen, 1111 .accept = rfcomm_sock_accept, 1112 .getname = rfcomm_sock_getname, 1113 .sendmsg = rfcomm_sock_sendmsg, 1114 .recvmsg = rfcomm_sock_recvmsg, 1115 .shutdown = rfcomm_sock_shutdown, 1116 .setsockopt = rfcomm_sock_setsockopt, 1117 .getsockopt = rfcomm_sock_getsockopt, 1118 .ioctl = rfcomm_sock_ioctl, 1119 .poll = bt_sock_poll, 1120 .socketpair = sock_no_socketpair, 1121 .mmap = sock_no_mmap 1122 }; 1123 1124 static const struct net_proto_family rfcomm_sock_family_ops = { 1125 .family = PF_BLUETOOTH, 1126 .owner = THIS_MODULE, 1127 .create = rfcomm_sock_create 1128 }; 1129 1130 int __init rfcomm_init_sockets(void) 1131 { 1132 int err; 1133 1134 err = proto_register(&rfcomm_proto, 0); 1135 if (err < 0) 1136 return err; 1137 1138 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1139 if (err < 0) 1140 goto error; 1141 1142 if (bt_debugfs) { 1143 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1144 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1145 if (!rfcomm_sock_debugfs) 1146 BT_ERR("Failed to create RFCOMM debug file"); 1147 } 1148 1149 BT_INFO("RFCOMM socket layer initialized"); 1150 1151 return 0; 1152 1153 error: 1154 BT_ERR("RFCOMM socket layer registration failed"); 1155 proto_unregister(&rfcomm_proto); 1156 return err; 1157 } 1158 1159 void __exit rfcomm_cleanup_sockets(void) 1160 { 1161 debugfs_remove(rfcomm_sock_debugfs); 1162 1163 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1164 BT_ERR("RFCOMM socket layer unregistration failed"); 1165 1166 proto_unregister(&rfcomm_proto); 1167 } 1168