1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/rfcomm.h> 35 36 static const struct proto_ops rfcomm_sock_ops; 37 38 static struct bt_sock_list rfcomm_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 40 }; 41 42 static void rfcomm_sock_close(struct sock *sk); 43 static void rfcomm_sock_kill(struct sock *sk); 44 45 /* ---- DLC callbacks ---- 46 * 47 * called under rfcomm_dlc_lock() 48 */ 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 50 { 51 struct sock *sk = d->owner; 52 if (!sk) 53 return; 54 55 atomic_add(skb->len, &sk->sk_rmem_alloc); 56 skb_queue_tail(&sk->sk_receive_queue, skb); 57 sk->sk_data_ready(sk, skb->len); 58 59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 60 rfcomm_dlc_throttle(d); 61 } 62 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 64 { 65 struct sock *sk = d->owner, *parent; 66 unsigned long flags; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 local_irq_save(flags); 74 bh_lock_sock(sk); 75 76 if (err) 77 sk->sk_err = err; 78 79 sk->sk_state = d->state; 80 81 parent = bt_sk(sk)->parent; 82 if (parent) { 83 if (d->state == BT_CLOSED) { 84 sock_set_flag(sk, SOCK_ZAPPED); 85 bt_accept_unlink(sk); 86 } 87 parent->sk_data_ready(parent, 0); 88 } else { 89 if (d->state == BT_CONNECTED) 90 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 91 sk->sk_state_change(sk); 92 } 93 94 bh_unlock_sock(sk); 95 local_irq_restore(flags); 96 97 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 98 /* We have to drop DLC lock here, otherwise 99 * rfcomm_sock_destruct() will dead lock. */ 100 rfcomm_dlc_unlock(d); 101 rfcomm_sock_kill(sk); 102 rfcomm_dlc_lock(d); 103 } 104 } 105 106 /* ---- Socket functions ---- */ 107 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 108 { 109 struct sock *sk = NULL; 110 struct hlist_node *node; 111 112 sk_for_each(sk, node, &rfcomm_sk_list.head) { 113 if (rfcomm_pi(sk)->channel == channel && 114 !bacmp(&bt_sk(sk)->src, src)) 115 break; 116 } 117 118 return node ? sk : NULL; 119 } 120 121 /* Find socket with channel and source bdaddr. 122 * Returns closest match. 123 */ 124 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 125 { 126 struct sock *sk = NULL, *sk1 = NULL; 127 struct hlist_node *node; 128 129 read_lock(&rfcomm_sk_list.lock); 130 131 sk_for_each(sk, node, &rfcomm_sk_list.head) { 132 if (state && sk->sk_state != state) 133 continue; 134 135 if (rfcomm_pi(sk)->channel == channel) { 136 /* Exact match. */ 137 if (!bacmp(&bt_sk(sk)->src, src)) 138 break; 139 140 /* Closest match */ 141 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 142 sk1 = sk; 143 } 144 } 145 146 read_unlock(&rfcomm_sk_list.lock); 147 148 return node ? sk : sk1; 149 } 150 151 static void rfcomm_sock_destruct(struct sock *sk) 152 { 153 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 154 155 BT_DBG("sk %p dlc %p", sk, d); 156 157 skb_queue_purge(&sk->sk_receive_queue); 158 skb_queue_purge(&sk->sk_write_queue); 159 160 rfcomm_dlc_lock(d); 161 rfcomm_pi(sk)->dlc = NULL; 162 163 /* Detach DLC if it's owned by this socket */ 164 if (d->owner == sk) 165 d->owner = NULL; 166 rfcomm_dlc_unlock(d); 167 168 rfcomm_dlc_put(d); 169 } 170 171 static void rfcomm_sock_cleanup_listen(struct sock *parent) 172 { 173 struct sock *sk; 174 175 BT_DBG("parent %p", parent); 176 177 /* Close not yet accepted dlcs */ 178 while ((sk = bt_accept_dequeue(parent, NULL))) { 179 rfcomm_sock_close(sk); 180 rfcomm_sock_kill(sk); 181 } 182 183 parent->sk_state = BT_CLOSED; 184 sock_set_flag(parent, SOCK_ZAPPED); 185 } 186 187 /* Kill socket (only if zapped and orphan) 188 * Must be called on unlocked socket. 189 */ 190 static void rfcomm_sock_kill(struct sock *sk) 191 { 192 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 193 return; 194 195 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 196 197 /* Kill poor orphan */ 198 bt_sock_unlink(&rfcomm_sk_list, sk); 199 sock_set_flag(sk, SOCK_DEAD); 200 sock_put(sk); 201 } 202 203 static void __rfcomm_sock_close(struct sock *sk) 204 { 205 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 206 207 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 208 209 switch (sk->sk_state) { 210 case BT_LISTEN: 211 rfcomm_sock_cleanup_listen(sk); 212 break; 213 214 case BT_CONNECT: 215 case BT_CONNECT2: 216 case BT_CONFIG: 217 case BT_CONNECTED: 218 rfcomm_dlc_close(d, 0); 219 220 default: 221 sock_set_flag(sk, SOCK_ZAPPED); 222 break; 223 } 224 } 225 226 /* Close socket. 227 * Must be called on unlocked socket. 228 */ 229 static void rfcomm_sock_close(struct sock *sk) 230 { 231 lock_sock(sk); 232 __rfcomm_sock_close(sk); 233 release_sock(sk); 234 } 235 236 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 237 { 238 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 239 240 BT_DBG("sk %p", sk); 241 242 if (parent) { 243 sk->sk_type = parent->sk_type; 244 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 245 &bt_sk(parent)->flags); 246 247 pi->sec_level = rfcomm_pi(parent)->sec_level; 248 pi->role_switch = rfcomm_pi(parent)->role_switch; 249 250 security_sk_clone(parent, sk); 251 } else { 252 pi->dlc->defer_setup = 0; 253 254 pi->sec_level = BT_SECURITY_LOW; 255 pi->role_switch = 0; 256 } 257 258 pi->dlc->sec_level = pi->sec_level; 259 pi->dlc->role_switch = pi->role_switch; 260 } 261 262 static struct proto rfcomm_proto = { 263 .name = "RFCOMM", 264 .owner = THIS_MODULE, 265 .obj_size = sizeof(struct rfcomm_pinfo) 266 }; 267 268 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 269 { 270 struct rfcomm_dlc *d; 271 struct sock *sk; 272 273 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 274 if (!sk) 275 return NULL; 276 277 sock_init_data(sock, sk); 278 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 279 280 d = rfcomm_dlc_alloc(prio); 281 if (!d) { 282 sk_free(sk); 283 return NULL; 284 } 285 286 d->data_ready = rfcomm_sk_data_ready; 287 d->state_change = rfcomm_sk_state_change; 288 289 rfcomm_pi(sk)->dlc = d; 290 d->owner = sk; 291 292 sk->sk_destruct = rfcomm_sock_destruct; 293 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 294 295 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 296 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 297 298 sock_reset_flag(sk, SOCK_ZAPPED); 299 300 sk->sk_protocol = proto; 301 sk->sk_state = BT_OPEN; 302 303 bt_sock_link(&rfcomm_sk_list, sk); 304 305 BT_DBG("sk %p", sk); 306 return sk; 307 } 308 309 static int rfcomm_sock_create(struct net *net, struct socket *sock, 310 int protocol, int kern) 311 { 312 struct sock *sk; 313 314 BT_DBG("sock %p", sock); 315 316 sock->state = SS_UNCONNECTED; 317 318 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 319 return -ESOCKTNOSUPPORT; 320 321 sock->ops = &rfcomm_sock_ops; 322 323 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 324 if (!sk) 325 return -ENOMEM; 326 327 rfcomm_sock_init(sk, NULL); 328 return 0; 329 } 330 331 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 332 { 333 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 334 struct sock *sk = sock->sk; 335 int err = 0; 336 337 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 338 339 if (!addr || addr->sa_family != AF_BLUETOOTH) 340 return -EINVAL; 341 342 lock_sock(sk); 343 344 if (sk->sk_state != BT_OPEN) { 345 err = -EBADFD; 346 goto done; 347 } 348 349 if (sk->sk_type != SOCK_STREAM) { 350 err = -EINVAL; 351 goto done; 352 } 353 354 write_lock(&rfcomm_sk_list.lock); 355 356 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 357 err = -EADDRINUSE; 358 } else { 359 /* Save source address */ 360 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 361 rfcomm_pi(sk)->channel = sa->rc_channel; 362 sk->sk_state = BT_BOUND; 363 } 364 365 write_unlock(&rfcomm_sk_list.lock); 366 367 done: 368 release_sock(sk); 369 return err; 370 } 371 372 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 373 { 374 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 375 struct sock *sk = sock->sk; 376 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 377 int err = 0; 378 379 BT_DBG("sk %p", sk); 380 381 if (alen < sizeof(struct sockaddr_rc) || 382 addr->sa_family != AF_BLUETOOTH) 383 return -EINVAL; 384 385 lock_sock(sk); 386 387 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 388 err = -EBADFD; 389 goto done; 390 } 391 392 if (sk->sk_type != SOCK_STREAM) { 393 err = -EINVAL; 394 goto done; 395 } 396 397 sk->sk_state = BT_CONNECT; 398 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 399 rfcomm_pi(sk)->channel = sa->rc_channel; 400 401 d->sec_level = rfcomm_pi(sk)->sec_level; 402 d->role_switch = rfcomm_pi(sk)->role_switch; 403 404 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 405 if (!err) 406 err = bt_sock_wait_state(sk, BT_CONNECTED, 407 sock_sndtimeo(sk, flags & O_NONBLOCK)); 408 409 done: 410 release_sock(sk); 411 return err; 412 } 413 414 static int rfcomm_sock_listen(struct socket *sock, int backlog) 415 { 416 struct sock *sk = sock->sk; 417 int err = 0; 418 419 BT_DBG("sk %p backlog %d", sk, backlog); 420 421 lock_sock(sk); 422 423 if (sk->sk_state != BT_BOUND) { 424 err = -EBADFD; 425 goto done; 426 } 427 428 if (sk->sk_type != SOCK_STREAM) { 429 err = -EINVAL; 430 goto done; 431 } 432 433 if (!rfcomm_pi(sk)->channel) { 434 bdaddr_t *src = &bt_sk(sk)->src; 435 u8 channel; 436 437 err = -EINVAL; 438 439 write_lock(&rfcomm_sk_list.lock); 440 441 for (channel = 1; channel < 31; channel++) 442 if (!__rfcomm_get_sock_by_addr(channel, src)) { 443 rfcomm_pi(sk)->channel = channel; 444 err = 0; 445 break; 446 } 447 448 write_unlock(&rfcomm_sk_list.lock); 449 450 if (err < 0) 451 goto done; 452 } 453 454 sk->sk_max_ack_backlog = backlog; 455 sk->sk_ack_backlog = 0; 456 sk->sk_state = BT_LISTEN; 457 458 done: 459 release_sock(sk); 460 return err; 461 } 462 463 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 464 { 465 DECLARE_WAITQUEUE(wait, current); 466 struct sock *sk = sock->sk, *nsk; 467 long timeo; 468 int err = 0; 469 470 lock_sock(sk); 471 472 if (sk->sk_type != SOCK_STREAM) { 473 err = -EINVAL; 474 goto done; 475 } 476 477 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 478 479 BT_DBG("sk %p timeo %ld", sk, timeo); 480 481 /* Wait for an incoming connection. (wake-one). */ 482 add_wait_queue_exclusive(sk_sleep(sk), &wait); 483 while (1) { 484 set_current_state(TASK_INTERRUPTIBLE); 485 486 if (sk->sk_state != BT_LISTEN) { 487 err = -EBADFD; 488 break; 489 } 490 491 nsk = bt_accept_dequeue(sk, newsock); 492 if (nsk) 493 break; 494 495 if (!timeo) { 496 err = -EAGAIN; 497 break; 498 } 499 500 if (signal_pending(current)) { 501 err = sock_intr_errno(timeo); 502 break; 503 } 504 505 release_sock(sk); 506 timeo = schedule_timeout(timeo); 507 lock_sock(sk); 508 } 509 __set_current_state(TASK_RUNNING); 510 remove_wait_queue(sk_sleep(sk), &wait); 511 512 if (err) 513 goto done; 514 515 newsock->state = SS_CONNECTED; 516 517 BT_DBG("new socket %p", nsk); 518 519 done: 520 release_sock(sk); 521 return err; 522 } 523 524 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 525 { 526 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 527 struct sock *sk = sock->sk; 528 529 BT_DBG("sock %p, sk %p", sock, sk); 530 531 sa->rc_family = AF_BLUETOOTH; 532 sa->rc_channel = rfcomm_pi(sk)->channel; 533 if (peer) 534 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 535 else 536 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 537 538 *len = sizeof(struct sockaddr_rc); 539 return 0; 540 } 541 542 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 543 struct msghdr *msg, size_t len) 544 { 545 struct sock *sk = sock->sk; 546 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 547 struct sk_buff *skb; 548 int sent = 0; 549 550 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 551 return -ENOTCONN; 552 553 if (msg->msg_flags & MSG_OOB) 554 return -EOPNOTSUPP; 555 556 if (sk->sk_shutdown & SEND_SHUTDOWN) 557 return -EPIPE; 558 559 BT_DBG("sock %p, sk %p", sock, sk); 560 561 lock_sock(sk); 562 563 while (len) { 564 size_t size = min_t(size_t, len, d->mtu); 565 int err; 566 567 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 568 msg->msg_flags & MSG_DONTWAIT, &err); 569 if (!skb) { 570 if (sent == 0) 571 sent = err; 572 break; 573 } 574 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 575 576 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 577 if (err) { 578 kfree_skb(skb); 579 if (sent == 0) 580 sent = err; 581 break; 582 } 583 584 skb->priority = sk->sk_priority; 585 586 err = rfcomm_dlc_send(d, skb); 587 if (err < 0) { 588 kfree_skb(skb); 589 if (sent == 0) 590 sent = err; 591 break; 592 } 593 594 sent += size; 595 len -= size; 596 } 597 598 release_sock(sk); 599 600 return sent; 601 } 602 603 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 604 struct msghdr *msg, size_t size, int flags) 605 { 606 struct sock *sk = sock->sk; 607 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 608 int len; 609 610 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 611 rfcomm_dlc_accept(d); 612 return 0; 613 } 614 615 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 616 617 lock_sock(sk); 618 if (!(flags & MSG_PEEK) && len > 0) 619 atomic_sub(len, &sk->sk_rmem_alloc); 620 621 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 622 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 623 release_sock(sk); 624 625 return len; 626 } 627 628 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 629 { 630 struct sock *sk = sock->sk; 631 int err = 0; 632 u32 opt; 633 634 BT_DBG("sk %p", sk); 635 636 lock_sock(sk); 637 638 switch (optname) { 639 case RFCOMM_LM: 640 if (get_user(opt, (u32 __user *) optval)) { 641 err = -EFAULT; 642 break; 643 } 644 645 if (opt & RFCOMM_LM_AUTH) 646 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 647 if (opt & RFCOMM_LM_ENCRYPT) 648 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 649 if (opt & RFCOMM_LM_SECURE) 650 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 651 652 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 653 break; 654 655 default: 656 err = -ENOPROTOOPT; 657 break; 658 } 659 660 release_sock(sk); 661 return err; 662 } 663 664 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 665 { 666 struct sock *sk = sock->sk; 667 struct bt_security sec; 668 int err = 0; 669 size_t len; 670 u32 opt; 671 672 BT_DBG("sk %p", sk); 673 674 if (level == SOL_RFCOMM) 675 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 676 677 if (level != SOL_BLUETOOTH) 678 return -ENOPROTOOPT; 679 680 lock_sock(sk); 681 682 switch (optname) { 683 case BT_SECURITY: 684 if (sk->sk_type != SOCK_STREAM) { 685 err = -EINVAL; 686 break; 687 } 688 689 sec.level = BT_SECURITY_LOW; 690 691 len = min_t(unsigned int, sizeof(sec), optlen); 692 if (copy_from_user((char *) &sec, optval, len)) { 693 err = -EFAULT; 694 break; 695 } 696 697 if (sec.level > BT_SECURITY_HIGH) { 698 err = -EINVAL; 699 break; 700 } 701 702 rfcomm_pi(sk)->sec_level = sec.level; 703 break; 704 705 case BT_DEFER_SETUP: 706 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 707 err = -EINVAL; 708 break; 709 } 710 711 if (get_user(opt, (u32 __user *) optval)) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (opt) 717 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 718 else 719 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 720 721 break; 722 723 default: 724 err = -ENOPROTOOPT; 725 break; 726 } 727 728 release_sock(sk); 729 return err; 730 } 731 732 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 733 { 734 struct sock *sk = sock->sk; 735 struct rfcomm_conninfo cinfo; 736 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 737 int len, err = 0; 738 u32 opt; 739 740 BT_DBG("sk %p", sk); 741 742 if (get_user(len, optlen)) 743 return -EFAULT; 744 745 lock_sock(sk); 746 747 switch (optname) { 748 case RFCOMM_LM: 749 switch (rfcomm_pi(sk)->sec_level) { 750 case BT_SECURITY_LOW: 751 opt = RFCOMM_LM_AUTH; 752 break; 753 case BT_SECURITY_MEDIUM: 754 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 755 break; 756 case BT_SECURITY_HIGH: 757 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 758 RFCOMM_LM_SECURE; 759 break; 760 default: 761 opt = 0; 762 break; 763 } 764 765 if (rfcomm_pi(sk)->role_switch) 766 opt |= RFCOMM_LM_MASTER; 767 768 if (put_user(opt, (u32 __user *) optval)) 769 err = -EFAULT; 770 break; 771 772 case RFCOMM_CONNINFO: 773 if (sk->sk_state != BT_CONNECTED && 774 !rfcomm_pi(sk)->dlc->defer_setup) { 775 err = -ENOTCONN; 776 break; 777 } 778 779 memset(&cinfo, 0, sizeof(cinfo)); 780 cinfo.hci_handle = conn->hcon->handle; 781 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 782 783 len = min_t(unsigned int, len, sizeof(cinfo)); 784 if (copy_to_user(optval, (char *) &cinfo, len)) 785 err = -EFAULT; 786 787 break; 788 789 default: 790 err = -ENOPROTOOPT; 791 break; 792 } 793 794 release_sock(sk); 795 return err; 796 } 797 798 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 799 { 800 struct sock *sk = sock->sk; 801 struct bt_security sec; 802 int len, err = 0; 803 804 BT_DBG("sk %p", sk); 805 806 if (level == SOL_RFCOMM) 807 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 808 809 if (level != SOL_BLUETOOTH) 810 return -ENOPROTOOPT; 811 812 if (get_user(len, optlen)) 813 return -EFAULT; 814 815 lock_sock(sk); 816 817 switch (optname) { 818 case BT_SECURITY: 819 if (sk->sk_type != SOCK_STREAM) { 820 err = -EINVAL; 821 break; 822 } 823 824 sec.level = rfcomm_pi(sk)->sec_level; 825 826 len = min_t(unsigned int, len, sizeof(sec)); 827 if (copy_to_user(optval, (char *) &sec, len)) 828 err = -EFAULT; 829 830 break; 831 832 case BT_DEFER_SETUP: 833 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 834 err = -EINVAL; 835 break; 836 } 837 838 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 839 (u32 __user *) optval)) 840 err = -EFAULT; 841 842 break; 843 844 default: 845 err = -ENOPROTOOPT; 846 break; 847 } 848 849 release_sock(sk); 850 return err; 851 } 852 853 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 854 { 855 struct sock *sk __maybe_unused = sock->sk; 856 int err; 857 858 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 859 860 err = bt_sock_ioctl(sock, cmd, arg); 861 862 if (err == -ENOIOCTLCMD) { 863 #ifdef CONFIG_BT_RFCOMM_TTY 864 lock_sock(sk); 865 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 866 release_sock(sk); 867 #else 868 err = -EOPNOTSUPP; 869 #endif 870 } 871 872 return err; 873 } 874 875 static int rfcomm_sock_shutdown(struct socket *sock, int how) 876 { 877 struct sock *sk = sock->sk; 878 int err = 0; 879 880 BT_DBG("sock %p, sk %p", sock, sk); 881 882 if (!sk) 883 return 0; 884 885 lock_sock(sk); 886 if (!sk->sk_shutdown) { 887 sk->sk_shutdown = SHUTDOWN_MASK; 888 __rfcomm_sock_close(sk); 889 890 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 891 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 892 } 893 release_sock(sk); 894 return err; 895 } 896 897 static int rfcomm_sock_release(struct socket *sock) 898 { 899 struct sock *sk = sock->sk; 900 int err; 901 902 BT_DBG("sock %p, sk %p", sock, sk); 903 904 if (!sk) 905 return 0; 906 907 err = rfcomm_sock_shutdown(sock, 2); 908 909 sock_orphan(sk); 910 rfcomm_sock_kill(sk); 911 return err; 912 } 913 914 /* ---- RFCOMM core layer callbacks ---- 915 * 916 * called under rfcomm_lock() 917 */ 918 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 919 { 920 struct sock *sk, *parent; 921 bdaddr_t src, dst; 922 int result = 0; 923 924 BT_DBG("session %p channel %d", s, channel); 925 926 rfcomm_session_getaddr(s, &src, &dst); 927 928 /* Check if we have socket listening on channel */ 929 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 930 if (!parent) 931 return 0; 932 933 bh_lock_sock(parent); 934 935 /* Check for backlog size */ 936 if (sk_acceptq_is_full(parent)) { 937 BT_DBG("backlog full %d", parent->sk_ack_backlog); 938 goto done; 939 } 940 941 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 942 if (!sk) 943 goto done; 944 945 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 946 947 rfcomm_sock_init(sk, parent); 948 bacpy(&bt_sk(sk)->src, &src); 949 bacpy(&bt_sk(sk)->dst, &dst); 950 rfcomm_pi(sk)->channel = channel; 951 952 sk->sk_state = BT_CONFIG; 953 bt_accept_enqueue(parent, sk); 954 955 /* Accept connection and return socket DLC */ 956 *d = rfcomm_pi(sk)->dlc; 957 result = 1; 958 959 done: 960 bh_unlock_sock(parent); 961 962 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 963 parent->sk_state_change(parent); 964 965 return result; 966 } 967 968 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 969 { 970 struct sock *sk; 971 struct hlist_node *node; 972 973 read_lock(&rfcomm_sk_list.lock); 974 975 sk_for_each(sk, node, &rfcomm_sk_list.head) { 976 seq_printf(f, "%s %s %d %d\n", 977 batostr(&bt_sk(sk)->src), 978 batostr(&bt_sk(sk)->dst), 979 sk->sk_state, rfcomm_pi(sk)->channel); 980 } 981 982 read_unlock(&rfcomm_sk_list.lock); 983 984 return 0; 985 } 986 987 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 988 { 989 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 990 } 991 992 static const struct file_operations rfcomm_sock_debugfs_fops = { 993 .open = rfcomm_sock_debugfs_open, 994 .read = seq_read, 995 .llseek = seq_lseek, 996 .release = single_release, 997 }; 998 999 static struct dentry *rfcomm_sock_debugfs; 1000 1001 static const struct proto_ops rfcomm_sock_ops = { 1002 .family = PF_BLUETOOTH, 1003 .owner = THIS_MODULE, 1004 .release = rfcomm_sock_release, 1005 .bind = rfcomm_sock_bind, 1006 .connect = rfcomm_sock_connect, 1007 .listen = rfcomm_sock_listen, 1008 .accept = rfcomm_sock_accept, 1009 .getname = rfcomm_sock_getname, 1010 .sendmsg = rfcomm_sock_sendmsg, 1011 .recvmsg = rfcomm_sock_recvmsg, 1012 .shutdown = rfcomm_sock_shutdown, 1013 .setsockopt = rfcomm_sock_setsockopt, 1014 .getsockopt = rfcomm_sock_getsockopt, 1015 .ioctl = rfcomm_sock_ioctl, 1016 .poll = bt_sock_poll, 1017 .socketpair = sock_no_socketpair, 1018 .mmap = sock_no_mmap 1019 }; 1020 1021 static const struct net_proto_family rfcomm_sock_family_ops = { 1022 .family = PF_BLUETOOTH, 1023 .owner = THIS_MODULE, 1024 .create = rfcomm_sock_create 1025 }; 1026 1027 int __init rfcomm_init_sockets(void) 1028 { 1029 int err; 1030 1031 err = proto_register(&rfcomm_proto, 0); 1032 if (err < 0) 1033 return err; 1034 1035 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1036 if (err < 0) 1037 goto error; 1038 1039 if (bt_debugfs) { 1040 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1041 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1042 if (!rfcomm_sock_debugfs) 1043 BT_ERR("Failed to create RFCOMM debug file"); 1044 } 1045 1046 BT_INFO("RFCOMM socket layer initialized"); 1047 1048 return 0; 1049 1050 error: 1051 BT_ERR("RFCOMM socket layer registration failed"); 1052 proto_unregister(&rfcomm_proto); 1053 return err; 1054 } 1055 1056 void __exit rfcomm_cleanup_sockets(void) 1057 { 1058 debugfs_remove(rfcomm_sock_debugfs); 1059 1060 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1061 BT_ERR("RFCOMM socket layer unregistration failed"); 1062 1063 proto_unregister(&rfcomm_proto); 1064 } 1065