1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 #include <linux/compat.h> 28 #include <linux/export.h> 29 #include <linux/debugfs.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/l2cap.h> 35 #include <net/bluetooth/rfcomm.h> 36 37 static const struct proto_ops rfcomm_sock_ops; 38 39 static struct bt_sock_list rfcomm_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 41 }; 42 43 static void rfcomm_sock_close(struct sock *sk); 44 static void rfcomm_sock_kill(struct sock *sk); 45 46 /* ---- DLC callbacks ---- 47 * 48 * called under rfcomm_dlc_lock() 49 */ 50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 51 { 52 struct sock *sk = d->owner; 53 if (!sk) 54 return; 55 56 atomic_add(skb->len, &sk->sk_rmem_alloc); 57 skb_queue_tail(&sk->sk_receive_queue, skb); 58 sk->sk_data_ready(sk); 59 60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 61 rfcomm_dlc_throttle(d); 62 } 63 64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 65 { 66 struct sock *sk = d->owner, *parent; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 lock_sock(sk); 74 75 if (err) 76 sk->sk_err = err; 77 78 sk->sk_state = d->state; 79 80 parent = bt_sk(sk)->parent; 81 if (parent) { 82 if (d->state == BT_CLOSED) { 83 sock_set_flag(sk, SOCK_ZAPPED); 84 bt_accept_unlink(sk); 85 } 86 parent->sk_data_ready(parent); 87 } else { 88 if (d->state == BT_CONNECTED) 89 rfcomm_session_getaddr(d->session, 90 &rfcomm_pi(sk)->src, NULL); 91 sk->sk_state_change(sk); 92 } 93 94 release_sock(sk); 95 96 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 97 /* We have to drop DLC lock here, otherwise 98 * rfcomm_sock_destruct() will dead lock. */ 99 rfcomm_dlc_unlock(d); 100 rfcomm_sock_kill(sk); 101 rfcomm_dlc_lock(d); 102 } 103 } 104 105 /* ---- Socket functions ---- */ 106 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 107 { 108 struct sock *sk = NULL; 109 110 sk_for_each(sk, &rfcomm_sk_list.head) { 111 if (rfcomm_pi(sk)->channel != channel) 112 continue; 113 114 if (bacmp(&rfcomm_pi(sk)->src, src)) 115 continue; 116 117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 118 break; 119 } 120 121 return sk ? sk : NULL; 122 } 123 124 /* Find socket with channel and source bdaddr. 125 * Returns closest match. 126 */ 127 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 128 { 129 struct sock *sk = NULL, *sk1 = NULL; 130 131 read_lock(&rfcomm_sk_list.lock); 132 133 sk_for_each(sk, &rfcomm_sk_list.head) { 134 if (state && sk->sk_state != state) 135 continue; 136 137 if (rfcomm_pi(sk)->channel == channel) { 138 /* Exact match. */ 139 if (!bacmp(&rfcomm_pi(sk)->src, src)) 140 break; 141 142 /* Closest match */ 143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 144 sk1 = sk; 145 } 146 } 147 148 read_unlock(&rfcomm_sk_list.lock); 149 150 return sk ? sk : sk1; 151 } 152 153 static void rfcomm_sock_destruct(struct sock *sk) 154 { 155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 156 157 BT_DBG("sk %p dlc %p", sk, d); 158 159 skb_queue_purge(&sk->sk_receive_queue); 160 skb_queue_purge(&sk->sk_write_queue); 161 162 rfcomm_dlc_lock(d); 163 rfcomm_pi(sk)->dlc = NULL; 164 165 /* Detach DLC if it's owned by this socket */ 166 if (d->owner == sk) 167 d->owner = NULL; 168 rfcomm_dlc_unlock(d); 169 170 rfcomm_dlc_put(d); 171 } 172 173 static void rfcomm_sock_cleanup_listen(struct sock *parent) 174 { 175 struct sock *sk; 176 177 BT_DBG("parent %p", parent); 178 179 /* Close not yet accepted dlcs */ 180 while ((sk = bt_accept_dequeue(parent, NULL))) { 181 rfcomm_sock_close(sk); 182 rfcomm_sock_kill(sk); 183 /* Drop the reference handed back by bt_accept_dequeue(). */ 184 sock_put(sk); 185 } 186 187 parent->sk_state = BT_CLOSED; 188 sock_set_flag(parent, SOCK_ZAPPED); 189 } 190 191 /* Kill socket (only if zapped and orphan) 192 * Must be called on unlocked socket. 193 */ 194 static void rfcomm_sock_kill(struct sock *sk) 195 { 196 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 197 return; 198 199 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 200 201 /* Kill poor orphan */ 202 bt_sock_unlink(&rfcomm_sk_list, sk); 203 sock_set_flag(sk, SOCK_DEAD); 204 sock_put(sk); 205 } 206 207 static void __rfcomm_sock_close(struct sock *sk) 208 { 209 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 210 211 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 212 213 switch (sk->sk_state) { 214 case BT_LISTEN: 215 rfcomm_sock_cleanup_listen(sk); 216 break; 217 218 case BT_CONNECT: 219 case BT_CONNECT2: 220 case BT_CONFIG: 221 case BT_CONNECTED: 222 rfcomm_dlc_close(d, 0); 223 fallthrough; 224 225 default: 226 sock_set_flag(sk, SOCK_ZAPPED); 227 break; 228 } 229 } 230 231 /* Close socket. 232 * Must be called on unlocked socket. 233 */ 234 static void rfcomm_sock_close(struct sock *sk) 235 { 236 lock_sock(sk); 237 __rfcomm_sock_close(sk); 238 release_sock(sk); 239 } 240 241 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 242 { 243 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 244 245 BT_DBG("sk %p", sk); 246 247 if (parent) { 248 sk->sk_type = parent->sk_type; 249 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 250 &bt_sk(parent)->flags); 251 252 pi->sec_level = rfcomm_pi(parent)->sec_level; 253 pi->role_switch = rfcomm_pi(parent)->role_switch; 254 255 security_sk_clone(parent, sk); 256 } else { 257 pi->dlc->defer_setup = 0; 258 259 pi->sec_level = BT_SECURITY_LOW; 260 pi->role_switch = 0; 261 } 262 263 pi->dlc->sec_level = pi->sec_level; 264 pi->dlc->role_switch = pi->role_switch; 265 } 266 267 static struct proto rfcomm_proto = { 268 .name = "RFCOMM", 269 .owner = THIS_MODULE, 270 .obj_size = sizeof(struct rfcomm_pinfo) 271 }; 272 273 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, 274 int proto, gfp_t prio, int kern) 275 { 276 struct rfcomm_dlc *d; 277 struct sock *sk; 278 279 d = rfcomm_dlc_alloc(prio); 280 if (!d) 281 return NULL; 282 283 sk = bt_sock_alloc(net, sock, &rfcomm_proto, proto, prio, kern); 284 if (!sk) { 285 rfcomm_dlc_free(d); 286 return NULL; 287 } 288 289 d->data_ready = rfcomm_sk_data_ready; 290 d->state_change = rfcomm_sk_state_change; 291 292 rfcomm_pi(sk)->dlc = d; 293 d->owner = sk; 294 295 sk->sk_destruct = rfcomm_sock_destruct; 296 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 297 298 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 299 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 300 301 bt_sock_link(&rfcomm_sk_list, sk); 302 303 BT_DBG("sk %p", sk); 304 return sk; 305 } 306 307 static int rfcomm_sock_create(struct net *net, struct socket *sock, 308 int protocol, int kern) 309 { 310 struct sock *sk; 311 312 BT_DBG("sock %p", sock); 313 314 sock->state = SS_UNCONNECTED; 315 316 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 317 return -ESOCKTNOSUPPORT; 318 319 sock->ops = &rfcomm_sock_ops; 320 321 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 322 if (!sk) 323 return -ENOMEM; 324 325 rfcomm_sock_init(sk, NULL); 326 return 0; 327 } 328 329 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr_unsized *addr, int addr_len) 330 { 331 struct sockaddr_rc sa; 332 struct sock *sk = sock->sk; 333 int len, err = 0; 334 335 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || 336 addr->sa_family != AF_BLUETOOTH) 337 return -EINVAL; 338 339 memset(&sa, 0, sizeof(sa)); 340 len = min_t(unsigned int, sizeof(sa), addr_len); 341 memcpy(&sa, addr, len); 342 343 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 344 345 lock_sock(sk); 346 347 if (sk->sk_state != BT_OPEN) { 348 err = -EBADFD; 349 goto done; 350 } 351 352 if (sk->sk_type != SOCK_STREAM) { 353 err = -EINVAL; 354 goto done; 355 } 356 357 write_lock(&rfcomm_sk_list.lock); 358 359 if (sa.rc_channel && 360 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 361 err = -EADDRINUSE; 362 } else { 363 /* Save source address */ 364 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 365 rfcomm_pi(sk)->channel = sa.rc_channel; 366 sk->sk_state = BT_BOUND; 367 } 368 369 write_unlock(&rfcomm_sk_list.lock); 370 371 done: 372 release_sock(sk); 373 return err; 374 } 375 376 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, 377 int alen, int flags) 378 { 379 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 380 struct sock *sk = sock->sk; 381 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 382 int err = 0; 383 384 BT_DBG("sk %p", sk); 385 386 if (alen < sizeof(struct sockaddr_rc) || 387 addr->sa_family != AF_BLUETOOTH) 388 return -EINVAL; 389 390 sock_hold(sk); 391 lock_sock(sk); 392 393 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 394 err = -EBADFD; 395 goto done; 396 } 397 398 if (sk->sk_type != SOCK_STREAM) { 399 err = -EINVAL; 400 goto done; 401 } 402 403 sk->sk_state = BT_CONNECT; 404 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 405 rfcomm_pi(sk)->channel = sa->rc_channel; 406 407 d->sec_level = rfcomm_pi(sk)->sec_level; 408 d->role_switch = rfcomm_pi(sk)->role_switch; 409 410 /* Drop sock lock to avoid potential deadlock with the RFCOMM lock */ 411 release_sock(sk); 412 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 413 sa->rc_channel); 414 lock_sock(sk); 415 if (!err && !sock_flag(sk, SOCK_ZAPPED)) 416 err = bt_sock_wait_state(sk, BT_CONNECTED, 417 sock_sndtimeo(sk, flags & O_NONBLOCK)); 418 419 done: 420 release_sock(sk); 421 sock_put(sk); 422 return err; 423 } 424 425 static int rfcomm_sock_listen(struct socket *sock, int backlog) 426 { 427 struct sock *sk = sock->sk; 428 int err = 0; 429 430 BT_DBG("sk %p backlog %d", sk, backlog); 431 432 lock_sock(sk); 433 434 if (sk->sk_state != BT_BOUND) { 435 err = -EBADFD; 436 goto done; 437 } 438 439 if (sk->sk_type != SOCK_STREAM) { 440 err = -EINVAL; 441 goto done; 442 } 443 444 if (!rfcomm_pi(sk)->channel) { 445 bdaddr_t *src = &rfcomm_pi(sk)->src; 446 u8 channel; 447 448 err = -EINVAL; 449 450 write_lock(&rfcomm_sk_list.lock); 451 452 for (channel = 1; channel < 31; channel++) 453 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 454 rfcomm_pi(sk)->channel = channel; 455 err = 0; 456 break; 457 } 458 459 write_unlock(&rfcomm_sk_list.lock); 460 461 if (err < 0) 462 goto done; 463 } 464 465 sk->sk_max_ack_backlog = backlog; 466 sk->sk_ack_backlog = 0; 467 sk->sk_state = BT_LISTEN; 468 469 done: 470 release_sock(sk); 471 return err; 472 } 473 474 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, 475 struct proto_accept_arg *arg) 476 { 477 DEFINE_WAIT_FUNC(wait, woken_wake_function); 478 struct sock *sk = sock->sk, *nsk; 479 long timeo; 480 int err = 0; 481 482 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 483 484 if (sk->sk_type != SOCK_STREAM) { 485 err = -EINVAL; 486 goto done; 487 } 488 489 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 490 491 BT_DBG("sk %p timeo %ld", sk, timeo); 492 493 /* Wait for an incoming connection. (wake-one). */ 494 add_wait_queue_exclusive(sk_sleep(sk), &wait); 495 while (1) { 496 if (sk->sk_state != BT_LISTEN) { 497 err = -EBADFD; 498 break; 499 } 500 501 nsk = bt_accept_dequeue(sk, newsock); 502 if (nsk) { 503 /* Drop the bridging ref from bt_accept_dequeue(); 504 * the grafted socket keeps nsk alive from here. 505 */ 506 sock_put(nsk); 507 break; 508 } 509 510 if (!timeo) { 511 err = -EAGAIN; 512 break; 513 } 514 515 if (signal_pending(current)) { 516 err = sock_intr_errno(timeo); 517 break; 518 } 519 520 release_sock(sk); 521 522 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 523 524 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 525 } 526 remove_wait_queue(sk_sleep(sk), &wait); 527 528 if (err) 529 goto done; 530 531 newsock->state = SS_CONNECTED; 532 533 BT_DBG("new socket %p", nsk); 534 535 done: 536 release_sock(sk); 537 return err; 538 } 539 540 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) 541 { 542 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 543 struct sock *sk = sock->sk; 544 545 BT_DBG("sock %p, sk %p", sock, sk); 546 547 if (peer && sk->sk_state != BT_CONNECTED && 548 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 549 return -ENOTCONN; 550 551 memset(sa, 0, sizeof(*sa)); 552 sa->rc_family = AF_BLUETOOTH; 553 sa->rc_channel = rfcomm_pi(sk)->channel; 554 if (peer) 555 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 556 else 557 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 558 559 return sizeof(struct sockaddr_rc); 560 } 561 562 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 563 size_t len) 564 { 565 struct sock *sk = sock->sk; 566 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 567 struct sk_buff *skb; 568 int sent; 569 570 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 571 return -ENOTCONN; 572 573 if (msg->msg_flags & MSG_OOB) 574 return -EOPNOTSUPP; 575 576 if (sk->sk_shutdown & SEND_SHUTDOWN) 577 return -EPIPE; 578 579 BT_DBG("sock %p, sk %p", sock, sk); 580 581 lock_sock(sk); 582 583 sent = bt_sock_wait_ready(sk, msg->msg_flags); 584 585 release_sock(sk); 586 587 if (sent) 588 return sent; 589 590 skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE, 591 RFCOMM_SKB_TAIL_RESERVE); 592 if (IS_ERR(skb)) 593 return PTR_ERR(skb); 594 595 sent = rfcomm_dlc_send(d, skb); 596 if (sent < 0) 597 kfree_skb(skb); 598 599 return sent; 600 } 601 602 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 603 size_t size, int flags) 604 { 605 struct sock *sk = sock->sk; 606 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 607 int len; 608 609 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 610 rfcomm_dlc_accept(d); 611 return 0; 612 } 613 614 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 615 616 lock_sock(sk); 617 if (!(flags & MSG_PEEK) && len > 0) 618 atomic_sub(len, &sk->sk_rmem_alloc); 619 620 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 621 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 622 release_sock(sk); 623 624 return len; 625 } 626 627 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, 628 sockptr_t optval, unsigned int optlen) 629 { 630 struct sock *sk = sock->sk; 631 int err = 0; 632 u32 opt; 633 634 BT_DBG("sk %p", sk); 635 636 lock_sock(sk); 637 638 switch (optname) { 639 case RFCOMM_LM: 640 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 641 if (err) 642 break; 643 644 if (opt & RFCOMM_LM_FIPS) { 645 err = -EINVAL; 646 break; 647 } 648 649 if (opt & RFCOMM_LM_AUTH) 650 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 651 if (opt & RFCOMM_LM_ENCRYPT) 652 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 653 if (opt & RFCOMM_LM_SECURE) 654 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 655 656 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 657 break; 658 659 default: 660 err = -ENOPROTOOPT; 661 break; 662 } 663 664 release_sock(sk); 665 return err; 666 } 667 668 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, 669 sockptr_t optval, unsigned int optlen) 670 { 671 struct sock *sk = sock->sk; 672 struct bt_security sec; 673 int err = 0; 674 u32 opt; 675 676 BT_DBG("sk %p", sk); 677 678 if (level == SOL_RFCOMM) 679 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 680 681 if (level != SOL_BLUETOOTH) 682 return -ENOPROTOOPT; 683 684 lock_sock(sk); 685 686 switch (optname) { 687 case BT_SECURITY: 688 if (sk->sk_type != SOCK_STREAM) { 689 err = -EINVAL; 690 break; 691 } 692 693 sec.level = BT_SECURITY_LOW; 694 695 err = copy_safe_from_sockptr(&sec, sizeof(sec), optval, optlen); 696 if (err) 697 break; 698 699 if (sec.level > BT_SECURITY_HIGH) { 700 err = -EINVAL; 701 break; 702 } 703 704 rfcomm_pi(sk)->sec_level = sec.level; 705 break; 706 707 case BT_DEFER_SETUP: 708 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 709 err = -EINVAL; 710 break; 711 } 712 713 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 714 if (err) 715 break; 716 717 if (opt) 718 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 719 else 720 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 721 722 break; 723 724 default: 725 err = -ENOPROTOOPT; 726 break; 727 } 728 729 release_sock(sk); 730 return err; 731 } 732 733 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 734 { 735 struct sock *sk = sock->sk; 736 struct sock *l2cap_sk; 737 struct l2cap_conn *conn; 738 struct rfcomm_conninfo cinfo; 739 int err = 0; 740 size_t len; 741 u32 opt; 742 743 BT_DBG("sk %p", sk); 744 745 if (get_user(len, optlen)) 746 return -EFAULT; 747 748 lock_sock(sk); 749 750 switch (optname) { 751 case RFCOMM_LM: 752 switch (rfcomm_pi(sk)->sec_level) { 753 case BT_SECURITY_LOW: 754 opt = RFCOMM_LM_AUTH; 755 break; 756 case BT_SECURITY_MEDIUM: 757 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 758 break; 759 case BT_SECURITY_HIGH: 760 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 761 RFCOMM_LM_SECURE; 762 break; 763 case BT_SECURITY_FIPS: 764 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 765 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 766 break; 767 default: 768 opt = 0; 769 break; 770 } 771 772 if (rfcomm_pi(sk)->role_switch) 773 opt |= RFCOMM_LM_MASTER; 774 775 if (put_user(opt, (u32 __user *) optval)) 776 err = -EFAULT; 777 778 break; 779 780 case RFCOMM_CONNINFO: 781 if (sk->sk_state != BT_CONNECTED && 782 !rfcomm_pi(sk)->dlc->defer_setup) { 783 err = -ENOTCONN; 784 break; 785 } 786 787 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 788 conn = l2cap_pi(l2cap_sk)->chan->conn; 789 790 memset(&cinfo, 0, sizeof(cinfo)); 791 cinfo.hci_handle = conn->hcon->handle; 792 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 793 794 len = min(len, sizeof(cinfo)); 795 if (copy_to_user(optval, (char *) &cinfo, len)) 796 err = -EFAULT; 797 798 break; 799 800 default: 801 err = -ENOPROTOOPT; 802 break; 803 } 804 805 release_sock(sk); 806 return err; 807 } 808 809 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 810 { 811 struct sock *sk = sock->sk; 812 struct bt_security sec; 813 int err = 0; 814 size_t len; 815 816 BT_DBG("sk %p", sk); 817 818 if (level == SOL_RFCOMM) 819 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 820 821 if (level != SOL_BLUETOOTH) 822 return -ENOPROTOOPT; 823 824 if (get_user(len, optlen)) 825 return -EFAULT; 826 827 lock_sock(sk); 828 829 switch (optname) { 830 case BT_SECURITY: 831 if (sk->sk_type != SOCK_STREAM) { 832 err = -EINVAL; 833 break; 834 } 835 836 sec.level = rfcomm_pi(sk)->sec_level; 837 sec.key_size = 0; 838 839 len = min(len, sizeof(sec)); 840 if (copy_to_user(optval, (char *) &sec, len)) 841 err = -EFAULT; 842 843 break; 844 845 case BT_DEFER_SETUP: 846 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 847 err = -EINVAL; 848 break; 849 } 850 851 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 852 (u32 __user *) optval)) 853 err = -EFAULT; 854 855 break; 856 857 default: 858 err = -ENOPROTOOPT; 859 break; 860 } 861 862 release_sock(sk); 863 return err; 864 } 865 866 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 867 { 868 struct sock *sk __maybe_unused = sock->sk; 869 int err; 870 871 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 872 873 err = bt_sock_ioctl(sock, cmd, arg); 874 875 if (err == -ENOIOCTLCMD) { 876 #ifdef CONFIG_BT_RFCOMM_TTY 877 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 878 #else 879 err = -EOPNOTSUPP; 880 #endif 881 } 882 883 return err; 884 } 885 886 #ifdef CONFIG_COMPAT 887 static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 888 { 889 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); 890 } 891 #endif 892 893 static int rfcomm_sock_shutdown(struct socket *sock, int how) 894 { 895 struct sock *sk = sock->sk; 896 int err = 0; 897 898 BT_DBG("sock %p, sk %p", sock, sk); 899 900 if (!sk) 901 return 0; 902 903 lock_sock(sk); 904 if (!sk->sk_shutdown) { 905 sk->sk_shutdown = SHUTDOWN_MASK; 906 907 release_sock(sk); 908 __rfcomm_sock_close(sk); 909 lock_sock(sk); 910 911 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 912 !(current->flags & PF_EXITING)) 913 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 914 } 915 release_sock(sk); 916 return err; 917 } 918 919 static int rfcomm_sock_release(struct socket *sock) 920 { 921 struct sock *sk = sock->sk; 922 int err; 923 924 BT_DBG("sock %p, sk %p", sock, sk); 925 926 if (!sk) 927 return 0; 928 929 err = rfcomm_sock_shutdown(sock, 2); 930 931 sock_orphan(sk); 932 rfcomm_sock_kill(sk); 933 return err; 934 } 935 936 /* ---- RFCOMM core layer callbacks ---- 937 * 938 * called under rfcomm_lock() 939 */ 940 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 941 { 942 struct sock *sk, *parent; 943 bdaddr_t src, dst; 944 int result = 0; 945 946 BT_DBG("session %p channel %d", s, channel); 947 948 rfcomm_session_getaddr(s, &src, &dst); 949 950 /* Check if we have socket listening on channel */ 951 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 952 if (!parent) 953 return 0; 954 955 lock_sock(parent); 956 957 /* Check for backlog size */ 958 if (sk_acceptq_is_full(parent)) { 959 BT_DBG("backlog full %d", parent->sk_ack_backlog); 960 goto done; 961 } 962 963 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 964 if (!sk) 965 goto done; 966 967 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 968 969 rfcomm_sock_init(sk, parent); 970 bacpy(&rfcomm_pi(sk)->src, &src); 971 bacpy(&rfcomm_pi(sk)->dst, &dst); 972 rfcomm_pi(sk)->channel = channel; 973 974 sk->sk_state = BT_CONFIG; 975 bt_accept_enqueue(parent, sk, true); 976 977 /* Accept connection and return socket DLC */ 978 *d = rfcomm_pi(sk)->dlc; 979 result = 1; 980 981 done: 982 release_sock(parent); 983 984 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 985 parent->sk_state_change(parent); 986 987 return result; 988 } 989 990 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 991 { 992 struct sock *sk; 993 994 read_lock(&rfcomm_sk_list.lock); 995 996 sk_for_each(sk, &rfcomm_sk_list.head) { 997 seq_printf(f, "%pMR %pMR %d %d\n", 998 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 999 sk->sk_state, rfcomm_pi(sk)->channel); 1000 } 1001 1002 read_unlock(&rfcomm_sk_list.lock); 1003 1004 return 0; 1005 } 1006 1007 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs); 1008 1009 static struct dentry *rfcomm_sock_debugfs; 1010 1011 static const struct proto_ops rfcomm_sock_ops = { 1012 .family = PF_BLUETOOTH, 1013 .owner = THIS_MODULE, 1014 .release = rfcomm_sock_release, 1015 .bind = rfcomm_sock_bind, 1016 .connect = rfcomm_sock_connect, 1017 .listen = rfcomm_sock_listen, 1018 .accept = rfcomm_sock_accept, 1019 .getname = rfcomm_sock_getname, 1020 .sendmsg = rfcomm_sock_sendmsg, 1021 .recvmsg = rfcomm_sock_recvmsg, 1022 .shutdown = rfcomm_sock_shutdown, 1023 .setsockopt = rfcomm_sock_setsockopt, 1024 .getsockopt = rfcomm_sock_getsockopt, 1025 .ioctl = rfcomm_sock_ioctl, 1026 .gettstamp = sock_gettstamp, 1027 .poll = bt_sock_poll, 1028 .socketpair = sock_no_socketpair, 1029 .mmap = sock_no_mmap, 1030 #ifdef CONFIG_COMPAT 1031 .compat_ioctl = rfcomm_sock_compat_ioctl, 1032 #endif 1033 }; 1034 1035 static const struct net_proto_family rfcomm_sock_family_ops = { 1036 .family = PF_BLUETOOTH, 1037 .owner = THIS_MODULE, 1038 .create = rfcomm_sock_create 1039 }; 1040 1041 int __init rfcomm_init_sockets(void) 1042 { 1043 int err; 1044 1045 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1046 1047 err = proto_register(&rfcomm_proto, 0); 1048 if (err < 0) 1049 return err; 1050 1051 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1052 if (err < 0) { 1053 BT_ERR("RFCOMM socket layer registration failed"); 1054 goto error; 1055 } 1056 1057 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1058 if (err < 0) { 1059 BT_ERR("Failed to create RFCOMM proc file"); 1060 bt_sock_unregister(BTPROTO_RFCOMM); 1061 goto error; 1062 } 1063 1064 BT_INFO("RFCOMM socket layer initialized"); 1065 1066 if (IS_ERR_OR_NULL(bt_debugfs)) 1067 return 0; 1068 1069 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1070 bt_debugfs, NULL, 1071 &rfcomm_sock_debugfs_fops); 1072 1073 return 0; 1074 1075 error: 1076 proto_unregister(&rfcomm_proto); 1077 return err; 1078 } 1079 1080 void __exit rfcomm_cleanup_sockets(void) 1081 { 1082 bt_procfs_cleanup(&init_net, "rfcomm"); 1083 1084 debugfs_remove(rfcomm_sock_debugfs); 1085 1086 bt_sock_unregister(BTPROTO_RFCOMM); 1087 1088 proto_unregister(&rfcomm_proto); 1089 } 1090