1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <linux/debugfs.h> 44 #include <linux/seq_file.h> 45 #include <linux/security.h> 46 #include <net/sock.h> 47 48 #include <linux/uaccess.h> 49 50 #include <net/bluetooth/bluetooth.h> 51 #include <net/bluetooth/hci_core.h> 52 #include <net/bluetooth/l2cap.h> 53 #include <net/bluetooth/rfcomm.h> 54 55 static const struct proto_ops rfcomm_sock_ops; 56 57 static struct bt_sock_list rfcomm_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 59 }; 60 61 static void rfcomm_sock_close(struct sock *sk); 62 static void rfcomm_sock_kill(struct sock *sk); 63 64 /* ---- DLC callbacks ---- 65 * 66 * called under rfcomm_dlc_lock() 67 */ 68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 69 { 70 struct sock *sk = d->owner; 71 if (!sk) 72 return; 73 74 atomic_add(skb->len, &sk->sk_rmem_alloc); 75 skb_queue_tail(&sk->sk_receive_queue, skb); 76 sk->sk_data_ready(sk, skb->len); 77 78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 79 rfcomm_dlc_throttle(d); 80 } 81 82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 83 { 84 struct sock *sk = d->owner, *parent; 85 unsigned long flags; 86 87 if (!sk) 88 return; 89 90 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 91 92 local_irq_save(flags); 93 bh_lock_sock(sk); 94 95 if (err) 96 sk->sk_err = err; 97 98 sk->sk_state = d->state; 99 100 parent = bt_sk(sk)->parent; 101 if (parent) { 102 if (d->state == BT_CLOSED) { 103 sock_set_flag(sk, SOCK_ZAPPED); 104 bt_accept_unlink(sk); 105 } 106 parent->sk_data_ready(parent, 0); 107 } else { 108 if (d->state == BT_CONNECTED) 109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 110 sk->sk_state_change(sk); 111 } 112 113 bh_unlock_sock(sk); 114 local_irq_restore(flags); 115 116 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 117 /* We have to drop DLC lock here, otherwise 118 * rfcomm_sock_destruct() will dead lock. */ 119 rfcomm_dlc_unlock(d); 120 rfcomm_sock_kill(sk); 121 rfcomm_dlc_lock(d); 122 } 123 } 124 125 /* ---- Socket functions ---- */ 126 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 127 { 128 struct sock *sk = NULL; 129 struct hlist_node *node; 130 131 sk_for_each(sk, node, &rfcomm_sk_list.head) { 132 if (rfcomm_pi(sk)->channel == channel && 133 !bacmp(&bt_sk(sk)->src, src)) 134 break; 135 } 136 137 return node ? sk : NULL; 138 } 139 140 /* Find socket with channel and source bdaddr. 141 * Returns closest match. 142 */ 143 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 144 { 145 struct sock *sk = NULL, *sk1 = NULL; 146 struct hlist_node *node; 147 148 read_lock(&rfcomm_sk_list.lock); 149 150 sk_for_each(sk, node, &rfcomm_sk_list.head) { 151 if (state && sk->sk_state != state) 152 continue; 153 154 if (rfcomm_pi(sk)->channel == channel) { 155 /* Exact match. */ 156 if (!bacmp(&bt_sk(sk)->src, src)) 157 break; 158 159 /* Closest match */ 160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 161 sk1 = sk; 162 } 163 } 164 165 read_unlock(&rfcomm_sk_list.lock); 166 167 return node ? sk : sk1; 168 } 169 170 static void rfcomm_sock_destruct(struct sock *sk) 171 { 172 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 173 174 BT_DBG("sk %p dlc %p", sk, d); 175 176 skb_queue_purge(&sk->sk_receive_queue); 177 skb_queue_purge(&sk->sk_write_queue); 178 179 rfcomm_dlc_lock(d); 180 rfcomm_pi(sk)->dlc = NULL; 181 182 /* Detach DLC if it's owned by this socket */ 183 if (d->owner == sk) 184 d->owner = NULL; 185 rfcomm_dlc_unlock(d); 186 187 rfcomm_dlc_put(d); 188 } 189 190 static void rfcomm_sock_cleanup_listen(struct sock *parent) 191 { 192 struct sock *sk; 193 194 BT_DBG("parent %p", parent); 195 196 /* Close not yet accepted dlcs */ 197 while ((sk = bt_accept_dequeue(parent, NULL))) { 198 rfcomm_sock_close(sk); 199 rfcomm_sock_kill(sk); 200 } 201 202 parent->sk_state = BT_CLOSED; 203 sock_set_flag(parent, SOCK_ZAPPED); 204 } 205 206 /* Kill socket (only if zapped and orphan) 207 * Must be called on unlocked socket. 208 */ 209 static void rfcomm_sock_kill(struct sock *sk) 210 { 211 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 212 return; 213 214 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 215 216 /* Kill poor orphan */ 217 bt_sock_unlink(&rfcomm_sk_list, sk); 218 sock_set_flag(sk, SOCK_DEAD); 219 sock_put(sk); 220 } 221 222 static void __rfcomm_sock_close(struct sock *sk) 223 { 224 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 225 226 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 227 228 switch (sk->sk_state) { 229 case BT_LISTEN: 230 rfcomm_sock_cleanup_listen(sk); 231 break; 232 233 case BT_CONNECT: 234 case BT_CONNECT2: 235 case BT_CONFIG: 236 case BT_CONNECTED: 237 rfcomm_dlc_close(d, 0); 238 239 default: 240 sock_set_flag(sk, SOCK_ZAPPED); 241 break; 242 } 243 } 244 245 /* Close socket. 246 * Must be called on unlocked socket. 247 */ 248 static void rfcomm_sock_close(struct sock *sk) 249 { 250 lock_sock(sk); 251 __rfcomm_sock_close(sk); 252 release_sock(sk); 253 } 254 255 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 256 { 257 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 258 259 BT_DBG("sk %p", sk); 260 261 if (parent) { 262 sk->sk_type = parent->sk_type; 263 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 264 &bt_sk(parent)->flags); 265 266 pi->sec_level = rfcomm_pi(parent)->sec_level; 267 pi->role_switch = rfcomm_pi(parent)->role_switch; 268 269 security_sk_clone(parent, sk); 270 } else { 271 pi->dlc->defer_setup = 0; 272 273 pi->sec_level = BT_SECURITY_LOW; 274 pi->role_switch = 0; 275 } 276 277 pi->dlc->sec_level = pi->sec_level; 278 pi->dlc->role_switch = pi->role_switch; 279 } 280 281 static struct proto rfcomm_proto = { 282 .name = "RFCOMM", 283 .owner = THIS_MODULE, 284 .obj_size = sizeof(struct rfcomm_pinfo) 285 }; 286 287 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 288 { 289 struct rfcomm_dlc *d; 290 struct sock *sk; 291 292 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 293 if (!sk) 294 return NULL; 295 296 sock_init_data(sock, sk); 297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 298 299 d = rfcomm_dlc_alloc(prio); 300 if (!d) { 301 sk_free(sk); 302 return NULL; 303 } 304 305 d->data_ready = rfcomm_sk_data_ready; 306 d->state_change = rfcomm_sk_state_change; 307 308 rfcomm_pi(sk)->dlc = d; 309 d->owner = sk; 310 311 sk->sk_destruct = rfcomm_sock_destruct; 312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 313 314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 316 317 sock_reset_flag(sk, SOCK_ZAPPED); 318 319 sk->sk_protocol = proto; 320 sk->sk_state = BT_OPEN; 321 322 bt_sock_link(&rfcomm_sk_list, sk); 323 324 BT_DBG("sk %p", sk); 325 return sk; 326 } 327 328 static int rfcomm_sock_create(struct net *net, struct socket *sock, 329 int protocol, int kern) 330 { 331 struct sock *sk; 332 333 BT_DBG("sock %p", sock); 334 335 sock->state = SS_UNCONNECTED; 336 337 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 338 return -ESOCKTNOSUPPORT; 339 340 sock->ops = &rfcomm_sock_ops; 341 342 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 343 if (!sk) 344 return -ENOMEM; 345 346 rfcomm_sock_init(sk, NULL); 347 return 0; 348 } 349 350 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 351 { 352 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 353 struct sock *sk = sock->sk; 354 int err = 0; 355 356 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 357 358 if (!addr || addr->sa_family != AF_BLUETOOTH) 359 return -EINVAL; 360 361 lock_sock(sk); 362 363 if (sk->sk_state != BT_OPEN) { 364 err = -EBADFD; 365 goto done; 366 } 367 368 if (sk->sk_type != SOCK_STREAM) { 369 err = -EINVAL; 370 goto done; 371 } 372 373 write_lock(&rfcomm_sk_list.lock); 374 375 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 376 err = -EADDRINUSE; 377 } else { 378 /* Save source address */ 379 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 380 rfcomm_pi(sk)->channel = sa->rc_channel; 381 sk->sk_state = BT_BOUND; 382 } 383 384 write_unlock(&rfcomm_sk_list.lock); 385 386 done: 387 release_sock(sk); 388 return err; 389 } 390 391 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 392 { 393 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 394 struct sock *sk = sock->sk; 395 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 396 int err = 0; 397 398 BT_DBG("sk %p", sk); 399 400 if (alen < sizeof(struct sockaddr_rc) || 401 addr->sa_family != AF_BLUETOOTH) 402 return -EINVAL; 403 404 lock_sock(sk); 405 406 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 407 err = -EBADFD; 408 goto done; 409 } 410 411 if (sk->sk_type != SOCK_STREAM) { 412 err = -EINVAL; 413 goto done; 414 } 415 416 sk->sk_state = BT_CONNECT; 417 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 418 rfcomm_pi(sk)->channel = sa->rc_channel; 419 420 d->sec_level = rfcomm_pi(sk)->sec_level; 421 d->role_switch = rfcomm_pi(sk)->role_switch; 422 423 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 424 if (!err) 425 err = bt_sock_wait_state(sk, BT_CONNECTED, 426 sock_sndtimeo(sk, flags & O_NONBLOCK)); 427 428 done: 429 release_sock(sk); 430 return err; 431 } 432 433 static int rfcomm_sock_listen(struct socket *sock, int backlog) 434 { 435 struct sock *sk = sock->sk; 436 int err = 0; 437 438 BT_DBG("sk %p backlog %d", sk, backlog); 439 440 lock_sock(sk); 441 442 if (sk->sk_state != BT_BOUND) { 443 err = -EBADFD; 444 goto done; 445 } 446 447 if (sk->sk_type != SOCK_STREAM) { 448 err = -EINVAL; 449 goto done; 450 } 451 452 if (!rfcomm_pi(sk)->channel) { 453 bdaddr_t *src = &bt_sk(sk)->src; 454 u8 channel; 455 456 err = -EINVAL; 457 458 write_lock(&rfcomm_sk_list.lock); 459 460 for (channel = 1; channel < 31; channel++) 461 if (!__rfcomm_get_sock_by_addr(channel, src)) { 462 rfcomm_pi(sk)->channel = channel; 463 err = 0; 464 break; 465 } 466 467 write_unlock(&rfcomm_sk_list.lock); 468 469 if (err < 0) 470 goto done; 471 } 472 473 sk->sk_max_ack_backlog = backlog; 474 sk->sk_ack_backlog = 0; 475 sk->sk_state = BT_LISTEN; 476 477 done: 478 release_sock(sk); 479 return err; 480 } 481 482 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 483 { 484 DECLARE_WAITQUEUE(wait, current); 485 struct sock *sk = sock->sk, *nsk; 486 long timeo; 487 int err = 0; 488 489 lock_sock(sk); 490 491 if (sk->sk_type != SOCK_STREAM) { 492 err = -EINVAL; 493 goto done; 494 } 495 496 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 497 498 BT_DBG("sk %p timeo %ld", sk, timeo); 499 500 /* Wait for an incoming connection. (wake-one). */ 501 add_wait_queue_exclusive(sk_sleep(sk), &wait); 502 while (1) { 503 set_current_state(TASK_INTERRUPTIBLE); 504 505 if (sk->sk_state != BT_LISTEN) { 506 err = -EBADFD; 507 break; 508 } 509 510 nsk = bt_accept_dequeue(sk, newsock); 511 if (nsk) 512 break; 513 514 if (!timeo) { 515 err = -EAGAIN; 516 break; 517 } 518 519 if (signal_pending(current)) { 520 err = sock_intr_errno(timeo); 521 break; 522 } 523 524 release_sock(sk); 525 timeo = schedule_timeout(timeo); 526 lock_sock(sk); 527 } 528 __set_current_state(TASK_RUNNING); 529 remove_wait_queue(sk_sleep(sk), &wait); 530 531 if (err) 532 goto done; 533 534 newsock->state = SS_CONNECTED; 535 536 BT_DBG("new socket %p", nsk); 537 538 done: 539 release_sock(sk); 540 return err; 541 } 542 543 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 544 { 545 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 546 struct sock *sk = sock->sk; 547 548 BT_DBG("sock %p, sk %p", sock, sk); 549 550 sa->rc_family = AF_BLUETOOTH; 551 sa->rc_channel = rfcomm_pi(sk)->channel; 552 if (peer) 553 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 554 else 555 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 556 557 *len = sizeof(struct sockaddr_rc); 558 return 0; 559 } 560 561 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 562 struct msghdr *msg, size_t len) 563 { 564 struct sock *sk = sock->sk; 565 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 566 struct sk_buff *skb; 567 int sent = 0; 568 569 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 570 return -ENOTCONN; 571 572 if (msg->msg_flags & MSG_OOB) 573 return -EOPNOTSUPP; 574 575 if (sk->sk_shutdown & SEND_SHUTDOWN) 576 return -EPIPE; 577 578 BT_DBG("sock %p, sk %p", sock, sk); 579 580 lock_sock(sk); 581 582 while (len) { 583 size_t size = min_t(size_t, len, d->mtu); 584 int err; 585 586 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 587 msg->msg_flags & MSG_DONTWAIT, &err); 588 if (!skb) { 589 if (sent == 0) 590 sent = err; 591 break; 592 } 593 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 594 595 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 596 if (err) { 597 kfree_skb(skb); 598 if (sent == 0) 599 sent = err; 600 break; 601 } 602 603 skb->priority = sk->sk_priority; 604 605 err = rfcomm_dlc_send(d, skb); 606 if (err < 0) { 607 kfree_skb(skb); 608 if (sent == 0) 609 sent = err; 610 break; 611 } 612 613 sent += size; 614 len -= size; 615 } 616 617 release_sock(sk); 618 619 return sent; 620 } 621 622 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 623 struct msghdr *msg, size_t size, int flags) 624 { 625 struct sock *sk = sock->sk; 626 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 627 int len; 628 629 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 630 rfcomm_dlc_accept(d); 631 return 0; 632 } 633 634 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 635 636 lock_sock(sk); 637 if (!(flags & MSG_PEEK) && len > 0) 638 atomic_sub(len, &sk->sk_rmem_alloc); 639 640 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 641 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 642 release_sock(sk); 643 644 return len; 645 } 646 647 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 648 { 649 struct sock *sk = sock->sk; 650 int err = 0; 651 u32 opt; 652 653 BT_DBG("sk %p", sk); 654 655 lock_sock(sk); 656 657 switch (optname) { 658 case RFCOMM_LM: 659 if (get_user(opt, (u32 __user *) optval)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opt & RFCOMM_LM_AUTH) 665 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 666 if (opt & RFCOMM_LM_ENCRYPT) 667 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 668 if (opt & RFCOMM_LM_SECURE) 669 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 670 671 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 672 break; 673 674 default: 675 err = -ENOPROTOOPT; 676 break; 677 } 678 679 release_sock(sk); 680 return err; 681 } 682 683 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 684 { 685 struct sock *sk = sock->sk; 686 struct bt_security sec; 687 int err = 0; 688 size_t len; 689 u32 opt; 690 691 BT_DBG("sk %p", sk); 692 693 if (level == SOL_RFCOMM) 694 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 695 696 if (level != SOL_BLUETOOTH) 697 return -ENOPROTOOPT; 698 699 lock_sock(sk); 700 701 switch (optname) { 702 case BT_SECURITY: 703 if (sk->sk_type != SOCK_STREAM) { 704 err = -EINVAL; 705 break; 706 } 707 708 sec.level = BT_SECURITY_LOW; 709 710 len = min_t(unsigned int, sizeof(sec), optlen); 711 if (copy_from_user((char *) &sec, optval, len)) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (sec.level > BT_SECURITY_HIGH) { 717 err = -EINVAL; 718 break; 719 } 720 721 rfcomm_pi(sk)->sec_level = sec.level; 722 break; 723 724 case BT_DEFER_SETUP: 725 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 726 err = -EINVAL; 727 break; 728 } 729 730 if (get_user(opt, (u32 __user *) optval)) { 731 err = -EFAULT; 732 break; 733 } 734 735 if (opt) 736 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 737 else 738 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 739 740 break; 741 742 default: 743 err = -ENOPROTOOPT; 744 break; 745 } 746 747 release_sock(sk); 748 return err; 749 } 750 751 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 752 { 753 struct sock *sk = sock->sk; 754 struct rfcomm_conninfo cinfo; 755 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 756 int len, err = 0; 757 u32 opt; 758 759 BT_DBG("sk %p", sk); 760 761 if (get_user(len, optlen)) 762 return -EFAULT; 763 764 lock_sock(sk); 765 766 switch (optname) { 767 case RFCOMM_LM: 768 switch (rfcomm_pi(sk)->sec_level) { 769 case BT_SECURITY_LOW: 770 opt = RFCOMM_LM_AUTH; 771 break; 772 case BT_SECURITY_MEDIUM: 773 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 774 break; 775 case BT_SECURITY_HIGH: 776 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 777 RFCOMM_LM_SECURE; 778 break; 779 default: 780 opt = 0; 781 break; 782 } 783 784 if (rfcomm_pi(sk)->role_switch) 785 opt |= RFCOMM_LM_MASTER; 786 787 if (put_user(opt, (u32 __user *) optval)) 788 err = -EFAULT; 789 break; 790 791 case RFCOMM_CONNINFO: 792 if (sk->sk_state != BT_CONNECTED && 793 !rfcomm_pi(sk)->dlc->defer_setup) { 794 err = -ENOTCONN; 795 break; 796 } 797 798 memset(&cinfo, 0, sizeof(cinfo)); 799 cinfo.hci_handle = conn->hcon->handle; 800 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 801 802 len = min_t(unsigned int, len, sizeof(cinfo)); 803 if (copy_to_user(optval, (char *) &cinfo, len)) 804 err = -EFAULT; 805 806 break; 807 808 default: 809 err = -ENOPROTOOPT; 810 break; 811 } 812 813 release_sock(sk); 814 return err; 815 } 816 817 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 818 { 819 struct sock *sk = sock->sk; 820 struct bt_security sec; 821 int len, err = 0; 822 823 BT_DBG("sk %p", sk); 824 825 if (level == SOL_RFCOMM) 826 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 827 828 if (level != SOL_BLUETOOTH) 829 return -ENOPROTOOPT; 830 831 if (get_user(len, optlen)) 832 return -EFAULT; 833 834 lock_sock(sk); 835 836 switch (optname) { 837 case BT_SECURITY: 838 if (sk->sk_type != SOCK_STREAM) { 839 err = -EINVAL; 840 break; 841 } 842 843 sec.level = rfcomm_pi(sk)->sec_level; 844 845 len = min_t(unsigned int, len, sizeof(sec)); 846 if (copy_to_user(optval, (char *) &sec, len)) 847 err = -EFAULT; 848 849 break; 850 851 case BT_DEFER_SETUP: 852 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 853 err = -EINVAL; 854 break; 855 } 856 857 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 858 (u32 __user *) optval)) 859 err = -EFAULT; 860 861 break; 862 863 default: 864 err = -ENOPROTOOPT; 865 break; 866 } 867 868 release_sock(sk); 869 return err; 870 } 871 872 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 873 { 874 struct sock *sk __maybe_unused = sock->sk; 875 int err; 876 877 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 878 879 err = bt_sock_ioctl(sock, cmd, arg); 880 881 if (err == -ENOIOCTLCMD) { 882 #ifdef CONFIG_BT_RFCOMM_TTY 883 lock_sock(sk); 884 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 885 release_sock(sk); 886 #else 887 err = -EOPNOTSUPP; 888 #endif 889 } 890 891 return err; 892 } 893 894 static int rfcomm_sock_shutdown(struct socket *sock, int how) 895 { 896 struct sock *sk = sock->sk; 897 int err = 0; 898 899 BT_DBG("sock %p, sk %p", sock, sk); 900 901 if (!sk) 902 return 0; 903 904 lock_sock(sk); 905 if (!sk->sk_shutdown) { 906 sk->sk_shutdown = SHUTDOWN_MASK; 907 __rfcomm_sock_close(sk); 908 909 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 910 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 911 } 912 release_sock(sk); 913 return err; 914 } 915 916 static int rfcomm_sock_release(struct socket *sock) 917 { 918 struct sock *sk = sock->sk; 919 int err; 920 921 BT_DBG("sock %p, sk %p", sock, sk); 922 923 if (!sk) 924 return 0; 925 926 err = rfcomm_sock_shutdown(sock, 2); 927 928 sock_orphan(sk); 929 rfcomm_sock_kill(sk); 930 return err; 931 } 932 933 /* ---- RFCOMM core layer callbacks ---- 934 * 935 * called under rfcomm_lock() 936 */ 937 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 938 { 939 struct sock *sk, *parent; 940 bdaddr_t src, dst; 941 int result = 0; 942 943 BT_DBG("session %p channel %d", s, channel); 944 945 rfcomm_session_getaddr(s, &src, &dst); 946 947 /* Check if we have socket listening on channel */ 948 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 949 if (!parent) 950 return 0; 951 952 bh_lock_sock(parent); 953 954 /* Check for backlog size */ 955 if (sk_acceptq_is_full(parent)) { 956 BT_DBG("backlog full %d", parent->sk_ack_backlog); 957 goto done; 958 } 959 960 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 961 if (!sk) 962 goto done; 963 964 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 965 966 rfcomm_sock_init(sk, parent); 967 bacpy(&bt_sk(sk)->src, &src); 968 bacpy(&bt_sk(sk)->dst, &dst); 969 rfcomm_pi(sk)->channel = channel; 970 971 sk->sk_state = BT_CONFIG; 972 bt_accept_enqueue(parent, sk); 973 974 /* Accept connection and return socket DLC */ 975 *d = rfcomm_pi(sk)->dlc; 976 result = 1; 977 978 done: 979 bh_unlock_sock(parent); 980 981 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 982 parent->sk_state_change(parent); 983 984 return result; 985 } 986 987 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 988 { 989 struct sock *sk; 990 struct hlist_node *node; 991 992 read_lock(&rfcomm_sk_list.lock); 993 994 sk_for_each(sk, node, &rfcomm_sk_list.head) { 995 seq_printf(f, "%s %s %d %d\n", 996 batostr(&bt_sk(sk)->src), 997 batostr(&bt_sk(sk)->dst), 998 sk->sk_state, rfcomm_pi(sk)->channel); 999 } 1000 1001 read_unlock(&rfcomm_sk_list.lock); 1002 1003 return 0; 1004 } 1005 1006 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1007 { 1008 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1009 } 1010 1011 static const struct file_operations rfcomm_sock_debugfs_fops = { 1012 .open = rfcomm_sock_debugfs_open, 1013 .read = seq_read, 1014 .llseek = seq_lseek, 1015 .release = single_release, 1016 }; 1017 1018 static struct dentry *rfcomm_sock_debugfs; 1019 1020 static const struct proto_ops rfcomm_sock_ops = { 1021 .family = PF_BLUETOOTH, 1022 .owner = THIS_MODULE, 1023 .release = rfcomm_sock_release, 1024 .bind = rfcomm_sock_bind, 1025 .connect = rfcomm_sock_connect, 1026 .listen = rfcomm_sock_listen, 1027 .accept = rfcomm_sock_accept, 1028 .getname = rfcomm_sock_getname, 1029 .sendmsg = rfcomm_sock_sendmsg, 1030 .recvmsg = rfcomm_sock_recvmsg, 1031 .shutdown = rfcomm_sock_shutdown, 1032 .setsockopt = rfcomm_sock_setsockopt, 1033 .getsockopt = rfcomm_sock_getsockopt, 1034 .ioctl = rfcomm_sock_ioctl, 1035 .poll = bt_sock_poll, 1036 .socketpair = sock_no_socketpair, 1037 .mmap = sock_no_mmap 1038 }; 1039 1040 static const struct net_proto_family rfcomm_sock_family_ops = { 1041 .family = PF_BLUETOOTH, 1042 .owner = THIS_MODULE, 1043 .create = rfcomm_sock_create 1044 }; 1045 1046 int __init rfcomm_init_sockets(void) 1047 { 1048 int err; 1049 1050 err = proto_register(&rfcomm_proto, 0); 1051 if (err < 0) 1052 return err; 1053 1054 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1055 if (err < 0) 1056 goto error; 1057 1058 if (bt_debugfs) { 1059 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1060 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1061 if (!rfcomm_sock_debugfs) 1062 BT_ERR("Failed to create RFCOMM debug file"); 1063 } 1064 1065 BT_INFO("RFCOMM socket layer initialized"); 1066 1067 return 0; 1068 1069 error: 1070 BT_ERR("RFCOMM socket layer registration failed"); 1071 proto_unregister(&rfcomm_proto); 1072 return err; 1073 } 1074 1075 void __exit rfcomm_cleanup_sockets(void) 1076 { 1077 debugfs_remove(rfcomm_sock_debugfs); 1078 1079 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1080 BT_ERR("RFCOMM socket layer unregistration failed"); 1081 1082 proto_unregister(&rfcomm_proto); 1083 } 1084