1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/rfcomm.h> 36 37 static const struct proto_ops rfcomm_sock_ops; 38 39 static struct bt_sock_list rfcomm_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 41 }; 42 43 static void rfcomm_sock_close(struct sock *sk); 44 static void rfcomm_sock_kill(struct sock *sk); 45 46 /* ---- DLC callbacks ---- 47 * 48 * called under rfcomm_dlc_lock() 49 */ 50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 51 { 52 struct sock *sk = d->owner; 53 if (!sk) 54 return; 55 56 atomic_add(skb->len, &sk->sk_rmem_alloc); 57 skb_queue_tail(&sk->sk_receive_queue, skb); 58 sk->sk_data_ready(sk); 59 60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 61 rfcomm_dlc_throttle(d); 62 } 63 64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 65 { 66 struct sock *sk = d->owner, *parent; 67 unsigned long flags; 68 69 if (!sk) 70 return; 71 72 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 73 74 local_irq_save(flags); 75 bh_lock_sock(sk); 76 77 if (err) 78 sk->sk_err = err; 79 80 sk->sk_state = d->state; 81 82 parent = bt_sk(sk)->parent; 83 if (parent) { 84 if (d->state == BT_CLOSED) { 85 sock_set_flag(sk, SOCK_ZAPPED); 86 bt_accept_unlink(sk); 87 } 88 parent->sk_data_ready(parent); 89 } else { 90 if (d->state == BT_CONNECTED) 91 rfcomm_session_getaddr(d->session, 92 &rfcomm_pi(sk)->src, NULL); 93 sk->sk_state_change(sk); 94 } 95 96 bh_unlock_sock(sk); 97 local_irq_restore(flags); 98 99 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 100 /* We have to drop DLC lock here, otherwise 101 * rfcomm_sock_destruct() will dead lock. */ 102 rfcomm_dlc_unlock(d); 103 rfcomm_sock_kill(sk); 104 rfcomm_dlc_lock(d); 105 } 106 } 107 108 /* ---- Socket functions ---- */ 109 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 110 { 111 struct sock *sk = NULL; 112 113 sk_for_each(sk, &rfcomm_sk_list.head) { 114 if (rfcomm_pi(sk)->channel != channel) 115 continue; 116 117 if (bacmp(&rfcomm_pi(sk)->src, src)) 118 continue; 119 120 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 121 break; 122 } 123 124 return sk ? sk : NULL; 125 } 126 127 /* Find socket with channel and source bdaddr. 128 * Returns closest match. 129 */ 130 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 131 { 132 struct sock *sk = NULL, *sk1 = NULL; 133 134 read_lock(&rfcomm_sk_list.lock); 135 136 sk_for_each(sk, &rfcomm_sk_list.head) { 137 if (state && sk->sk_state != state) 138 continue; 139 140 if (rfcomm_pi(sk)->channel == channel) { 141 /* Exact match. */ 142 if (!bacmp(&rfcomm_pi(sk)->src, src)) 143 break; 144 145 /* Closest match */ 146 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 147 sk1 = sk; 148 } 149 } 150 151 read_unlock(&rfcomm_sk_list.lock); 152 153 return sk ? sk : sk1; 154 } 155 156 static void rfcomm_sock_destruct(struct sock *sk) 157 { 158 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 159 160 BT_DBG("sk %p dlc %p", sk, d); 161 162 skb_queue_purge(&sk->sk_receive_queue); 163 skb_queue_purge(&sk->sk_write_queue); 164 165 rfcomm_dlc_lock(d); 166 rfcomm_pi(sk)->dlc = NULL; 167 168 /* Detach DLC if it's owned by this socket */ 169 if (d->owner == sk) 170 d->owner = NULL; 171 rfcomm_dlc_unlock(d); 172 173 rfcomm_dlc_put(d); 174 } 175 176 static void rfcomm_sock_cleanup_listen(struct sock *parent) 177 { 178 struct sock *sk; 179 180 BT_DBG("parent %p", parent); 181 182 /* Close not yet accepted dlcs */ 183 while ((sk = bt_accept_dequeue(parent, NULL))) { 184 rfcomm_sock_close(sk); 185 rfcomm_sock_kill(sk); 186 } 187 188 parent->sk_state = BT_CLOSED; 189 sock_set_flag(parent, SOCK_ZAPPED); 190 } 191 192 /* Kill socket (only if zapped and orphan) 193 * Must be called on unlocked socket. 194 */ 195 static void rfcomm_sock_kill(struct sock *sk) 196 { 197 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 198 return; 199 200 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 201 202 /* Kill poor orphan */ 203 bt_sock_unlink(&rfcomm_sk_list, sk); 204 sock_set_flag(sk, SOCK_DEAD); 205 sock_put(sk); 206 } 207 208 static void __rfcomm_sock_close(struct sock *sk) 209 { 210 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 211 212 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 213 214 switch (sk->sk_state) { 215 case BT_LISTEN: 216 rfcomm_sock_cleanup_listen(sk); 217 break; 218 219 case BT_CONNECT: 220 case BT_CONNECT2: 221 case BT_CONFIG: 222 case BT_CONNECTED: 223 rfcomm_dlc_close(d, 0); 224 /* fall through */ 225 226 default: 227 sock_set_flag(sk, SOCK_ZAPPED); 228 break; 229 } 230 } 231 232 /* Close socket. 233 * Must be called on unlocked socket. 234 */ 235 static void rfcomm_sock_close(struct sock *sk) 236 { 237 lock_sock(sk); 238 __rfcomm_sock_close(sk); 239 release_sock(sk); 240 } 241 242 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 243 { 244 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 245 246 BT_DBG("sk %p", sk); 247 248 if (parent) { 249 sk->sk_type = parent->sk_type; 250 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 251 &bt_sk(parent)->flags); 252 253 pi->sec_level = rfcomm_pi(parent)->sec_level; 254 pi->role_switch = rfcomm_pi(parent)->role_switch; 255 256 security_sk_clone(parent, sk); 257 } else { 258 pi->dlc->defer_setup = 0; 259 260 pi->sec_level = BT_SECURITY_LOW; 261 pi->role_switch = 0; 262 } 263 264 pi->dlc->sec_level = pi->sec_level; 265 pi->dlc->role_switch = pi->role_switch; 266 } 267 268 static struct proto rfcomm_proto = { 269 .name = "RFCOMM", 270 .owner = THIS_MODULE, 271 .obj_size = sizeof(struct rfcomm_pinfo) 272 }; 273 274 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 275 { 276 struct rfcomm_dlc *d; 277 struct sock *sk; 278 279 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); 280 if (!sk) 281 return NULL; 282 283 sock_init_data(sock, sk); 284 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 285 286 d = rfcomm_dlc_alloc(prio); 287 if (!d) { 288 sk_free(sk); 289 return NULL; 290 } 291 292 d->data_ready = rfcomm_sk_data_ready; 293 d->state_change = rfcomm_sk_state_change; 294 295 rfcomm_pi(sk)->dlc = d; 296 d->owner = sk; 297 298 sk->sk_destruct = rfcomm_sock_destruct; 299 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 300 301 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 302 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 303 304 sock_reset_flag(sk, SOCK_ZAPPED); 305 306 sk->sk_protocol = proto; 307 sk->sk_state = BT_OPEN; 308 309 bt_sock_link(&rfcomm_sk_list, sk); 310 311 BT_DBG("sk %p", sk); 312 return sk; 313 } 314 315 static int rfcomm_sock_create(struct net *net, struct socket *sock, 316 int protocol, int kern) 317 { 318 struct sock *sk; 319 320 BT_DBG("sock %p", sock); 321 322 sock->state = SS_UNCONNECTED; 323 324 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 325 return -ESOCKTNOSUPPORT; 326 327 sock->ops = &rfcomm_sock_ops; 328 329 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 330 if (!sk) 331 return -ENOMEM; 332 333 rfcomm_sock_init(sk, NULL); 334 return 0; 335 } 336 337 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 338 { 339 struct sockaddr_rc sa; 340 struct sock *sk = sock->sk; 341 int len, err = 0; 342 343 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || 344 addr->sa_family != AF_BLUETOOTH) 345 return -EINVAL; 346 347 memset(&sa, 0, sizeof(sa)); 348 len = min_t(unsigned int, sizeof(sa), addr_len); 349 memcpy(&sa, addr, len); 350 351 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 352 353 lock_sock(sk); 354 355 if (sk->sk_state != BT_OPEN) { 356 err = -EBADFD; 357 goto done; 358 } 359 360 if (sk->sk_type != SOCK_STREAM) { 361 err = -EINVAL; 362 goto done; 363 } 364 365 write_lock(&rfcomm_sk_list.lock); 366 367 if (sa.rc_channel && 368 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 369 err = -EADDRINUSE; 370 } else { 371 /* Save source address */ 372 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 373 rfcomm_pi(sk)->channel = sa.rc_channel; 374 sk->sk_state = BT_BOUND; 375 } 376 377 write_unlock(&rfcomm_sk_list.lock); 378 379 done: 380 release_sock(sk); 381 return err; 382 } 383 384 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 385 { 386 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 387 struct sock *sk = sock->sk; 388 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 389 int err = 0; 390 391 BT_DBG("sk %p", sk); 392 393 if (alen < sizeof(struct sockaddr_rc) || 394 addr->sa_family != AF_BLUETOOTH) 395 return -EINVAL; 396 397 lock_sock(sk); 398 399 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 400 err = -EBADFD; 401 goto done; 402 } 403 404 if (sk->sk_type != SOCK_STREAM) { 405 err = -EINVAL; 406 goto done; 407 } 408 409 sk->sk_state = BT_CONNECT; 410 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 411 rfcomm_pi(sk)->channel = sa->rc_channel; 412 413 d->sec_level = rfcomm_pi(sk)->sec_level; 414 d->role_switch = rfcomm_pi(sk)->role_switch; 415 416 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 417 sa->rc_channel); 418 if (!err) 419 err = bt_sock_wait_state(sk, BT_CONNECTED, 420 sock_sndtimeo(sk, flags & O_NONBLOCK)); 421 422 done: 423 release_sock(sk); 424 return err; 425 } 426 427 static int rfcomm_sock_listen(struct socket *sock, int backlog) 428 { 429 struct sock *sk = sock->sk; 430 int err = 0; 431 432 BT_DBG("sk %p backlog %d", sk, backlog); 433 434 lock_sock(sk); 435 436 if (sk->sk_state != BT_BOUND) { 437 err = -EBADFD; 438 goto done; 439 } 440 441 if (sk->sk_type != SOCK_STREAM) { 442 err = -EINVAL; 443 goto done; 444 } 445 446 if (!rfcomm_pi(sk)->channel) { 447 bdaddr_t *src = &rfcomm_pi(sk)->src; 448 u8 channel; 449 450 err = -EINVAL; 451 452 write_lock(&rfcomm_sk_list.lock); 453 454 for (channel = 1; channel < 31; channel++) 455 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 456 rfcomm_pi(sk)->channel = channel; 457 err = 0; 458 break; 459 } 460 461 write_unlock(&rfcomm_sk_list.lock); 462 463 if (err < 0) 464 goto done; 465 } 466 467 sk->sk_max_ack_backlog = backlog; 468 sk->sk_ack_backlog = 0; 469 sk->sk_state = BT_LISTEN; 470 471 done: 472 release_sock(sk); 473 return err; 474 } 475 476 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags, 477 bool kern) 478 { 479 DEFINE_WAIT_FUNC(wait, woken_wake_function); 480 struct sock *sk = sock->sk, *nsk; 481 long timeo; 482 int err = 0; 483 484 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 485 486 if (sk->sk_type != SOCK_STREAM) { 487 err = -EINVAL; 488 goto done; 489 } 490 491 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 492 493 BT_DBG("sk %p timeo %ld", sk, timeo); 494 495 /* Wait for an incoming connection. (wake-one). */ 496 add_wait_queue_exclusive(sk_sleep(sk), &wait); 497 while (1) { 498 if (sk->sk_state != BT_LISTEN) { 499 err = -EBADFD; 500 break; 501 } 502 503 nsk = bt_accept_dequeue(sk, newsock); 504 if (nsk) 505 break; 506 507 if (!timeo) { 508 err = -EAGAIN; 509 break; 510 } 511 512 if (signal_pending(current)) { 513 err = sock_intr_errno(timeo); 514 break; 515 } 516 517 release_sock(sk); 518 519 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 520 521 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 522 } 523 remove_wait_queue(sk_sleep(sk), &wait); 524 525 if (err) 526 goto done; 527 528 newsock->state = SS_CONNECTED; 529 530 BT_DBG("new socket %p", nsk); 531 532 done: 533 release_sock(sk); 534 return err; 535 } 536 537 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) 538 { 539 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 540 struct sock *sk = sock->sk; 541 542 BT_DBG("sock %p, sk %p", sock, sk); 543 544 if (peer && sk->sk_state != BT_CONNECTED && 545 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 546 return -ENOTCONN; 547 548 memset(sa, 0, sizeof(*sa)); 549 sa->rc_family = AF_BLUETOOTH; 550 sa->rc_channel = rfcomm_pi(sk)->channel; 551 if (peer) 552 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 553 else 554 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 555 556 return sizeof(struct sockaddr_rc); 557 } 558 559 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 560 size_t len) 561 { 562 struct sock *sk = sock->sk; 563 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 564 struct sk_buff *skb; 565 int sent; 566 567 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 568 return -ENOTCONN; 569 570 if (msg->msg_flags & MSG_OOB) 571 return -EOPNOTSUPP; 572 573 if (sk->sk_shutdown & SEND_SHUTDOWN) 574 return -EPIPE; 575 576 BT_DBG("sock %p, sk %p", sock, sk); 577 578 lock_sock(sk); 579 580 sent = bt_sock_wait_ready(sk, msg->msg_flags); 581 if (sent) 582 goto done; 583 584 while (len) { 585 size_t size = min_t(size_t, len, d->mtu); 586 int err; 587 588 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 589 msg->msg_flags & MSG_DONTWAIT, &err); 590 if (!skb) { 591 if (sent == 0) 592 sent = err; 593 break; 594 } 595 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 596 597 err = memcpy_from_msg(skb_put(skb, size), msg, size); 598 if (err) { 599 kfree_skb(skb); 600 if (sent == 0) 601 sent = err; 602 break; 603 } 604 605 skb->priority = sk->sk_priority; 606 607 err = rfcomm_dlc_send(d, skb); 608 if (err < 0) { 609 kfree_skb(skb); 610 if (sent == 0) 611 sent = err; 612 break; 613 } 614 615 sent += size; 616 len -= size; 617 } 618 619 done: 620 release_sock(sk); 621 622 return sent; 623 } 624 625 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 626 size_t size, int flags) 627 { 628 struct sock *sk = sock->sk; 629 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 630 int len; 631 632 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 633 rfcomm_dlc_accept(d); 634 return 0; 635 } 636 637 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 638 639 lock_sock(sk); 640 if (!(flags & MSG_PEEK) && len > 0) 641 atomic_sub(len, &sk->sk_rmem_alloc); 642 643 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 644 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 645 release_sock(sk); 646 647 return len; 648 } 649 650 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 651 { 652 struct sock *sk = sock->sk; 653 int err = 0; 654 u32 opt; 655 656 BT_DBG("sk %p", sk); 657 658 lock_sock(sk); 659 660 switch (optname) { 661 case RFCOMM_LM: 662 if (get_user(opt, (u32 __user *) optval)) { 663 err = -EFAULT; 664 break; 665 } 666 667 if (opt & RFCOMM_LM_FIPS) { 668 err = -EINVAL; 669 break; 670 } 671 672 if (opt & RFCOMM_LM_AUTH) 673 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 674 if (opt & RFCOMM_LM_ENCRYPT) 675 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 676 if (opt & RFCOMM_LM_SECURE) 677 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 678 679 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 680 break; 681 682 default: 683 err = -ENOPROTOOPT; 684 break; 685 } 686 687 release_sock(sk); 688 return err; 689 } 690 691 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 692 { 693 struct sock *sk = sock->sk; 694 struct bt_security sec; 695 int err = 0; 696 size_t len; 697 u32 opt; 698 699 BT_DBG("sk %p", sk); 700 701 if (level == SOL_RFCOMM) 702 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 703 704 if (level != SOL_BLUETOOTH) 705 return -ENOPROTOOPT; 706 707 lock_sock(sk); 708 709 switch (optname) { 710 case BT_SECURITY: 711 if (sk->sk_type != SOCK_STREAM) { 712 err = -EINVAL; 713 break; 714 } 715 716 sec.level = BT_SECURITY_LOW; 717 718 len = min_t(unsigned int, sizeof(sec), optlen); 719 if (copy_from_user((char *) &sec, optval, len)) { 720 err = -EFAULT; 721 break; 722 } 723 724 if (sec.level > BT_SECURITY_HIGH) { 725 err = -EINVAL; 726 break; 727 } 728 729 rfcomm_pi(sk)->sec_level = sec.level; 730 break; 731 732 case BT_DEFER_SETUP: 733 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 734 err = -EINVAL; 735 break; 736 } 737 738 if (get_user(opt, (u32 __user *) optval)) { 739 err = -EFAULT; 740 break; 741 } 742 743 if (opt) 744 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 745 else 746 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 747 748 break; 749 750 default: 751 err = -ENOPROTOOPT; 752 break; 753 } 754 755 release_sock(sk); 756 return err; 757 } 758 759 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 760 { 761 struct sock *sk = sock->sk; 762 struct sock *l2cap_sk; 763 struct l2cap_conn *conn; 764 struct rfcomm_conninfo cinfo; 765 int len, err = 0; 766 u32 opt; 767 768 BT_DBG("sk %p", sk); 769 770 if (get_user(len, optlen)) 771 return -EFAULT; 772 773 lock_sock(sk); 774 775 switch (optname) { 776 case RFCOMM_LM: 777 switch (rfcomm_pi(sk)->sec_level) { 778 case BT_SECURITY_LOW: 779 opt = RFCOMM_LM_AUTH; 780 break; 781 case BT_SECURITY_MEDIUM: 782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 783 break; 784 case BT_SECURITY_HIGH: 785 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 786 RFCOMM_LM_SECURE; 787 break; 788 case BT_SECURITY_FIPS: 789 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 790 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 791 break; 792 default: 793 opt = 0; 794 break; 795 } 796 797 if (rfcomm_pi(sk)->role_switch) 798 opt |= RFCOMM_LM_MASTER; 799 800 if (put_user(opt, (u32 __user *) optval)) 801 err = -EFAULT; 802 803 break; 804 805 case RFCOMM_CONNINFO: 806 if (sk->sk_state != BT_CONNECTED && 807 !rfcomm_pi(sk)->dlc->defer_setup) { 808 err = -ENOTCONN; 809 break; 810 } 811 812 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 813 conn = l2cap_pi(l2cap_sk)->chan->conn; 814 815 memset(&cinfo, 0, sizeof(cinfo)); 816 cinfo.hci_handle = conn->hcon->handle; 817 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 818 819 len = min_t(unsigned int, len, sizeof(cinfo)); 820 if (copy_to_user(optval, (char *) &cinfo, len)) 821 err = -EFAULT; 822 823 break; 824 825 default: 826 err = -ENOPROTOOPT; 827 break; 828 } 829 830 release_sock(sk); 831 return err; 832 } 833 834 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 835 { 836 struct sock *sk = sock->sk; 837 struct bt_security sec; 838 int len, err = 0; 839 840 BT_DBG("sk %p", sk); 841 842 if (level == SOL_RFCOMM) 843 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 844 845 if (level != SOL_BLUETOOTH) 846 return -ENOPROTOOPT; 847 848 if (get_user(len, optlen)) 849 return -EFAULT; 850 851 lock_sock(sk); 852 853 switch (optname) { 854 case BT_SECURITY: 855 if (sk->sk_type != SOCK_STREAM) { 856 err = -EINVAL; 857 break; 858 } 859 860 sec.level = rfcomm_pi(sk)->sec_level; 861 sec.key_size = 0; 862 863 len = min_t(unsigned int, len, sizeof(sec)); 864 if (copy_to_user(optval, (char *) &sec, len)) 865 err = -EFAULT; 866 867 break; 868 869 case BT_DEFER_SETUP: 870 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 871 err = -EINVAL; 872 break; 873 } 874 875 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 876 (u32 __user *) optval)) 877 err = -EFAULT; 878 879 break; 880 881 default: 882 err = -ENOPROTOOPT; 883 break; 884 } 885 886 release_sock(sk); 887 return err; 888 } 889 890 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 891 { 892 struct sock *sk __maybe_unused = sock->sk; 893 int err; 894 895 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 896 897 err = bt_sock_ioctl(sock, cmd, arg); 898 899 if (err == -ENOIOCTLCMD) { 900 #ifdef CONFIG_BT_RFCOMM_TTY 901 lock_sock(sk); 902 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 903 release_sock(sk); 904 #else 905 err = -EOPNOTSUPP; 906 #endif 907 } 908 909 return err; 910 } 911 912 static int rfcomm_sock_shutdown(struct socket *sock, int how) 913 { 914 struct sock *sk = sock->sk; 915 int err = 0; 916 917 BT_DBG("sock %p, sk %p", sock, sk); 918 919 if (!sk) 920 return 0; 921 922 lock_sock(sk); 923 if (!sk->sk_shutdown) { 924 sk->sk_shutdown = SHUTDOWN_MASK; 925 __rfcomm_sock_close(sk); 926 927 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 928 !(current->flags & PF_EXITING)) 929 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 930 } 931 release_sock(sk); 932 return err; 933 } 934 935 static int rfcomm_sock_release(struct socket *sock) 936 { 937 struct sock *sk = sock->sk; 938 int err; 939 940 BT_DBG("sock %p, sk %p", sock, sk); 941 942 if (!sk) 943 return 0; 944 945 err = rfcomm_sock_shutdown(sock, 2); 946 947 sock_orphan(sk); 948 rfcomm_sock_kill(sk); 949 return err; 950 } 951 952 /* ---- RFCOMM core layer callbacks ---- 953 * 954 * called under rfcomm_lock() 955 */ 956 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 957 { 958 struct sock *sk, *parent; 959 bdaddr_t src, dst; 960 int result = 0; 961 962 BT_DBG("session %p channel %d", s, channel); 963 964 rfcomm_session_getaddr(s, &src, &dst); 965 966 /* Check if we have socket listening on channel */ 967 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 968 if (!parent) 969 return 0; 970 971 bh_lock_sock(parent); 972 973 /* Check for backlog size */ 974 if (sk_acceptq_is_full(parent)) { 975 BT_DBG("backlog full %d", parent->sk_ack_backlog); 976 goto done; 977 } 978 979 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 980 if (!sk) 981 goto done; 982 983 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 984 985 rfcomm_sock_init(sk, parent); 986 bacpy(&rfcomm_pi(sk)->src, &src); 987 bacpy(&rfcomm_pi(sk)->dst, &dst); 988 rfcomm_pi(sk)->channel = channel; 989 990 sk->sk_state = BT_CONFIG; 991 bt_accept_enqueue(parent, sk, true); 992 993 /* Accept connection and return socket DLC */ 994 *d = rfcomm_pi(sk)->dlc; 995 result = 1; 996 997 done: 998 bh_unlock_sock(parent); 999 1000 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1001 parent->sk_state_change(parent); 1002 1003 return result; 1004 } 1005 1006 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1007 { 1008 struct sock *sk; 1009 1010 read_lock(&rfcomm_sk_list.lock); 1011 1012 sk_for_each(sk, &rfcomm_sk_list.head) { 1013 seq_printf(f, "%pMR %pMR %d %d\n", 1014 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 1015 sk->sk_state, rfcomm_pi(sk)->channel); 1016 } 1017 1018 read_unlock(&rfcomm_sk_list.lock); 1019 1020 return 0; 1021 } 1022 1023 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs); 1024 1025 static struct dentry *rfcomm_sock_debugfs; 1026 1027 static const struct proto_ops rfcomm_sock_ops = { 1028 .family = PF_BLUETOOTH, 1029 .owner = THIS_MODULE, 1030 .release = rfcomm_sock_release, 1031 .bind = rfcomm_sock_bind, 1032 .connect = rfcomm_sock_connect, 1033 .listen = rfcomm_sock_listen, 1034 .accept = rfcomm_sock_accept, 1035 .getname = rfcomm_sock_getname, 1036 .sendmsg = rfcomm_sock_sendmsg, 1037 .recvmsg = rfcomm_sock_recvmsg, 1038 .shutdown = rfcomm_sock_shutdown, 1039 .setsockopt = rfcomm_sock_setsockopt, 1040 .getsockopt = rfcomm_sock_getsockopt, 1041 .ioctl = rfcomm_sock_ioctl, 1042 .poll = bt_sock_poll, 1043 .socketpair = sock_no_socketpair, 1044 .mmap = sock_no_mmap 1045 }; 1046 1047 static const struct net_proto_family rfcomm_sock_family_ops = { 1048 .family = PF_BLUETOOTH, 1049 .owner = THIS_MODULE, 1050 .create = rfcomm_sock_create 1051 }; 1052 1053 int __init rfcomm_init_sockets(void) 1054 { 1055 int err; 1056 1057 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1058 1059 err = proto_register(&rfcomm_proto, 0); 1060 if (err < 0) 1061 return err; 1062 1063 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1064 if (err < 0) { 1065 BT_ERR("RFCOMM socket layer registration failed"); 1066 goto error; 1067 } 1068 1069 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1070 if (err < 0) { 1071 BT_ERR("Failed to create RFCOMM proc file"); 1072 bt_sock_unregister(BTPROTO_RFCOMM); 1073 goto error; 1074 } 1075 1076 BT_INFO("RFCOMM socket layer initialized"); 1077 1078 if (IS_ERR_OR_NULL(bt_debugfs)) 1079 return 0; 1080 1081 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1082 bt_debugfs, NULL, 1083 &rfcomm_sock_debugfs_fops); 1084 1085 return 0; 1086 1087 error: 1088 proto_unregister(&rfcomm_proto); 1089 return err; 1090 } 1091 1092 void __exit rfcomm_cleanup_sockets(void) 1093 { 1094 bt_procfs_cleanup(&init_net, "rfcomm"); 1095 1096 debugfs_remove(rfcomm_sock_debugfs); 1097 1098 bt_sock_unregister(BTPROTO_RFCOMM); 1099 1100 proto_unregister(&rfcomm_proto); 1101 } 1102