1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <linux/debugfs.h> 44 #include <linux/seq_file.h> 45 #include <net/sock.h> 46 47 #include <asm/system.h> 48 #include <asm/uaccess.h> 49 50 #include <net/bluetooth/bluetooth.h> 51 #include <net/bluetooth/hci_core.h> 52 #include <net/bluetooth/l2cap.h> 53 #include <net/bluetooth/rfcomm.h> 54 55 static const struct proto_ops rfcomm_sock_ops; 56 57 static struct bt_sock_list rfcomm_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 59 }; 60 61 static void rfcomm_sock_close(struct sock *sk); 62 static void rfcomm_sock_kill(struct sock *sk); 63 64 /* ---- DLC callbacks ---- 65 * 66 * called under rfcomm_dlc_lock() 67 */ 68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 69 { 70 struct sock *sk = d->owner; 71 if (!sk) 72 return; 73 74 atomic_add(skb->len, &sk->sk_rmem_alloc); 75 skb_queue_tail(&sk->sk_receive_queue, skb); 76 sk->sk_data_ready(sk, skb->len); 77 78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 79 rfcomm_dlc_throttle(d); 80 } 81 82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 83 { 84 struct sock *sk = d->owner, *parent; 85 unsigned long flags; 86 87 if (!sk) 88 return; 89 90 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 91 92 local_irq_save(flags); 93 bh_lock_sock(sk); 94 95 if (err) 96 sk->sk_err = err; 97 98 sk->sk_state = d->state; 99 100 parent = bt_sk(sk)->parent; 101 if (parent) { 102 if (d->state == BT_CLOSED) { 103 sock_set_flag(sk, SOCK_ZAPPED); 104 bt_accept_unlink(sk); 105 } 106 parent->sk_data_ready(parent, 0); 107 } else { 108 if (d->state == BT_CONNECTED) 109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 110 sk->sk_state_change(sk); 111 } 112 113 bh_unlock_sock(sk); 114 local_irq_restore(flags); 115 116 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 117 /* We have to drop DLC lock here, otherwise 118 * rfcomm_sock_destruct() will dead lock. */ 119 rfcomm_dlc_unlock(d); 120 rfcomm_sock_kill(sk); 121 rfcomm_dlc_lock(d); 122 } 123 } 124 125 /* ---- Socket functions ---- */ 126 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 127 { 128 struct sock *sk = NULL; 129 struct hlist_node *node; 130 131 sk_for_each(sk, node, &rfcomm_sk_list.head) { 132 if (rfcomm_pi(sk)->channel == channel && 133 !bacmp(&bt_sk(sk)->src, src)) 134 break; 135 } 136 137 return node ? sk : NULL; 138 } 139 140 /* Find socket with channel and source bdaddr. 141 * Returns closest match. 142 */ 143 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 144 { 145 struct sock *sk = NULL, *sk1 = NULL; 146 struct hlist_node *node; 147 148 sk_for_each(sk, node, &rfcomm_sk_list.head) { 149 if (state && sk->sk_state != state) 150 continue; 151 152 if (rfcomm_pi(sk)->channel == channel) { 153 /* Exact match. */ 154 if (!bacmp(&bt_sk(sk)->src, src)) 155 break; 156 157 /* Closest match */ 158 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 159 sk1 = sk; 160 } 161 } 162 return node ? sk : sk1; 163 } 164 165 /* Find socket with given address (channel, src). 166 * Returns locked socket */ 167 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 168 { 169 struct sock *s; 170 read_lock(&rfcomm_sk_list.lock); 171 s = __rfcomm_get_sock_by_channel(state, channel, src); 172 if (s) bh_lock_sock(s); 173 read_unlock(&rfcomm_sk_list.lock); 174 return s; 175 } 176 177 static void rfcomm_sock_destruct(struct sock *sk) 178 { 179 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 180 181 BT_DBG("sk %p dlc %p", sk, d); 182 183 skb_queue_purge(&sk->sk_receive_queue); 184 skb_queue_purge(&sk->sk_write_queue); 185 186 rfcomm_dlc_lock(d); 187 rfcomm_pi(sk)->dlc = NULL; 188 189 /* Detach DLC if it's owned by this socket */ 190 if (d->owner == sk) 191 d->owner = NULL; 192 rfcomm_dlc_unlock(d); 193 194 rfcomm_dlc_put(d); 195 } 196 197 static void rfcomm_sock_cleanup_listen(struct sock *parent) 198 { 199 struct sock *sk; 200 201 BT_DBG("parent %p", parent); 202 203 /* Close not yet accepted dlcs */ 204 while ((sk = bt_accept_dequeue(parent, NULL))) { 205 rfcomm_sock_close(sk); 206 rfcomm_sock_kill(sk); 207 } 208 209 parent->sk_state = BT_CLOSED; 210 sock_set_flag(parent, SOCK_ZAPPED); 211 } 212 213 /* Kill socket (only if zapped and orphan) 214 * Must be called on unlocked socket. 215 */ 216 static void rfcomm_sock_kill(struct sock *sk) 217 { 218 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 219 return; 220 221 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 222 223 /* Kill poor orphan */ 224 bt_sock_unlink(&rfcomm_sk_list, sk); 225 sock_set_flag(sk, SOCK_DEAD); 226 sock_put(sk); 227 } 228 229 static void __rfcomm_sock_close(struct sock *sk) 230 { 231 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 232 233 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 234 235 switch (sk->sk_state) { 236 case BT_LISTEN: 237 rfcomm_sock_cleanup_listen(sk); 238 break; 239 240 case BT_CONNECT: 241 case BT_CONNECT2: 242 case BT_CONFIG: 243 case BT_CONNECTED: 244 rfcomm_dlc_close(d, 0); 245 246 default: 247 sock_set_flag(sk, SOCK_ZAPPED); 248 break; 249 } 250 } 251 252 /* Close socket. 253 * Must be called on unlocked socket. 254 */ 255 static void rfcomm_sock_close(struct sock *sk) 256 { 257 lock_sock(sk); 258 __rfcomm_sock_close(sk); 259 release_sock(sk); 260 } 261 262 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 263 { 264 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 265 266 BT_DBG("sk %p", sk); 267 268 if (parent) { 269 sk->sk_type = parent->sk_type; 270 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 271 272 pi->sec_level = rfcomm_pi(parent)->sec_level; 273 pi->role_switch = rfcomm_pi(parent)->role_switch; 274 } else { 275 pi->dlc->defer_setup = 0; 276 277 pi->sec_level = BT_SECURITY_LOW; 278 pi->role_switch = 0; 279 } 280 281 pi->dlc->sec_level = pi->sec_level; 282 pi->dlc->role_switch = pi->role_switch; 283 } 284 285 static struct proto rfcomm_proto = { 286 .name = "RFCOMM", 287 .owner = THIS_MODULE, 288 .obj_size = sizeof(struct rfcomm_pinfo) 289 }; 290 291 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 292 { 293 struct rfcomm_dlc *d; 294 struct sock *sk; 295 296 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 297 if (!sk) 298 return NULL; 299 300 sock_init_data(sock, sk); 301 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 302 303 d = rfcomm_dlc_alloc(prio); 304 if (!d) { 305 sk_free(sk); 306 return NULL; 307 } 308 309 d->data_ready = rfcomm_sk_data_ready; 310 d->state_change = rfcomm_sk_state_change; 311 312 rfcomm_pi(sk)->dlc = d; 313 d->owner = sk; 314 315 sk->sk_destruct = rfcomm_sock_destruct; 316 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 317 318 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 319 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 320 321 sock_reset_flag(sk, SOCK_ZAPPED); 322 323 sk->sk_protocol = proto; 324 sk->sk_state = BT_OPEN; 325 326 bt_sock_link(&rfcomm_sk_list, sk); 327 328 BT_DBG("sk %p", sk); 329 return sk; 330 } 331 332 static int rfcomm_sock_create(struct net *net, struct socket *sock, 333 int protocol, int kern) 334 { 335 struct sock *sk; 336 337 BT_DBG("sock %p", sock); 338 339 sock->state = SS_UNCONNECTED; 340 341 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 342 return -ESOCKTNOSUPPORT; 343 344 sock->ops = &rfcomm_sock_ops; 345 346 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 347 if (!sk) 348 return -ENOMEM; 349 350 rfcomm_sock_init(sk, NULL); 351 return 0; 352 } 353 354 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 355 { 356 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 357 struct sock *sk = sock->sk; 358 int err = 0; 359 360 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 361 362 if (!addr || addr->sa_family != AF_BLUETOOTH) 363 return -EINVAL; 364 365 lock_sock(sk); 366 367 if (sk->sk_state != BT_OPEN) { 368 err = -EBADFD; 369 goto done; 370 } 371 372 if (sk->sk_type != SOCK_STREAM) { 373 err = -EINVAL; 374 goto done; 375 } 376 377 write_lock_bh(&rfcomm_sk_list.lock); 378 379 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 380 err = -EADDRINUSE; 381 } else { 382 /* Save source address */ 383 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 384 rfcomm_pi(sk)->channel = sa->rc_channel; 385 sk->sk_state = BT_BOUND; 386 } 387 388 write_unlock_bh(&rfcomm_sk_list.lock); 389 390 done: 391 release_sock(sk); 392 return err; 393 } 394 395 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 396 { 397 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 398 struct sock *sk = sock->sk; 399 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 400 int err = 0; 401 402 BT_DBG("sk %p", sk); 403 404 if (alen < sizeof(struct sockaddr_rc) || 405 addr->sa_family != AF_BLUETOOTH) 406 return -EINVAL; 407 408 lock_sock(sk); 409 410 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 411 err = -EBADFD; 412 goto done; 413 } 414 415 if (sk->sk_type != SOCK_STREAM) { 416 err = -EINVAL; 417 goto done; 418 } 419 420 sk->sk_state = BT_CONNECT; 421 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 422 rfcomm_pi(sk)->channel = sa->rc_channel; 423 424 d->sec_level = rfcomm_pi(sk)->sec_level; 425 d->role_switch = rfcomm_pi(sk)->role_switch; 426 427 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 428 if (!err) 429 err = bt_sock_wait_state(sk, BT_CONNECTED, 430 sock_sndtimeo(sk, flags & O_NONBLOCK)); 431 432 done: 433 release_sock(sk); 434 return err; 435 } 436 437 static int rfcomm_sock_listen(struct socket *sock, int backlog) 438 { 439 struct sock *sk = sock->sk; 440 int err = 0; 441 442 BT_DBG("sk %p backlog %d", sk, backlog); 443 444 lock_sock(sk); 445 446 if (sk->sk_state != BT_BOUND) { 447 err = -EBADFD; 448 goto done; 449 } 450 451 if (sk->sk_type != SOCK_STREAM) { 452 err = -EINVAL; 453 goto done; 454 } 455 456 if (!rfcomm_pi(sk)->channel) { 457 bdaddr_t *src = &bt_sk(sk)->src; 458 u8 channel; 459 460 err = -EINVAL; 461 462 write_lock_bh(&rfcomm_sk_list.lock); 463 464 for (channel = 1; channel < 31; channel++) 465 if (!__rfcomm_get_sock_by_addr(channel, src)) { 466 rfcomm_pi(sk)->channel = channel; 467 err = 0; 468 break; 469 } 470 471 write_unlock_bh(&rfcomm_sk_list.lock); 472 473 if (err < 0) 474 goto done; 475 } 476 477 sk->sk_max_ack_backlog = backlog; 478 sk->sk_ack_backlog = 0; 479 sk->sk_state = BT_LISTEN; 480 481 done: 482 release_sock(sk); 483 return err; 484 } 485 486 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 487 { 488 DECLARE_WAITQUEUE(wait, current); 489 struct sock *sk = sock->sk, *nsk; 490 long timeo; 491 int err = 0; 492 493 lock_sock(sk); 494 495 if (sk->sk_state != BT_LISTEN) { 496 err = -EBADFD; 497 goto done; 498 } 499 500 if (sk->sk_type != SOCK_STREAM) { 501 err = -EINVAL; 502 goto done; 503 } 504 505 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 506 507 BT_DBG("sk %p timeo %ld", sk, timeo); 508 509 /* Wait for an incoming connection. (wake-one). */ 510 add_wait_queue_exclusive(sk_sleep(sk), &wait); 511 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 512 set_current_state(TASK_INTERRUPTIBLE); 513 if (!timeo) { 514 err = -EAGAIN; 515 break; 516 } 517 518 release_sock(sk); 519 timeo = schedule_timeout(timeo); 520 lock_sock(sk); 521 522 if (sk->sk_state != BT_LISTEN) { 523 err = -EBADFD; 524 break; 525 } 526 527 if (signal_pending(current)) { 528 err = sock_intr_errno(timeo); 529 break; 530 } 531 } 532 set_current_state(TASK_RUNNING); 533 remove_wait_queue(sk_sleep(sk), &wait); 534 535 if (err) 536 goto done; 537 538 newsock->state = SS_CONNECTED; 539 540 BT_DBG("new socket %p", nsk); 541 542 done: 543 release_sock(sk); 544 return err; 545 } 546 547 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 548 { 549 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 550 struct sock *sk = sock->sk; 551 552 BT_DBG("sock %p, sk %p", sock, sk); 553 554 sa->rc_family = AF_BLUETOOTH; 555 sa->rc_channel = rfcomm_pi(sk)->channel; 556 if (peer) 557 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 558 else 559 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 560 561 *len = sizeof(struct sockaddr_rc); 562 return 0; 563 } 564 565 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 566 struct msghdr *msg, size_t len) 567 { 568 struct sock *sk = sock->sk; 569 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 570 struct sk_buff *skb; 571 int sent = 0; 572 573 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 574 return -ENOTCONN; 575 576 if (msg->msg_flags & MSG_OOB) 577 return -EOPNOTSUPP; 578 579 if (sk->sk_shutdown & SEND_SHUTDOWN) 580 return -EPIPE; 581 582 BT_DBG("sock %p, sk %p", sock, sk); 583 584 lock_sock(sk); 585 586 while (len) { 587 size_t size = min_t(size_t, len, d->mtu); 588 int err; 589 590 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 591 msg->msg_flags & MSG_DONTWAIT, &err); 592 if (!skb) { 593 if (sent == 0) 594 sent = err; 595 break; 596 } 597 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 598 599 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 600 if (err) { 601 kfree_skb(skb); 602 if (sent == 0) 603 sent = err; 604 break; 605 } 606 607 err = rfcomm_dlc_send(d, skb); 608 if (err < 0) { 609 kfree_skb(skb); 610 if (sent == 0) 611 sent = err; 612 break; 613 } 614 615 sent += size; 616 len -= size; 617 } 618 619 release_sock(sk); 620 621 return sent; 622 } 623 624 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 625 struct msghdr *msg, size_t size, int flags) 626 { 627 struct sock *sk = sock->sk; 628 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 629 int len; 630 631 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 632 rfcomm_dlc_accept(d); 633 return 0; 634 } 635 636 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 637 638 lock_sock(sk); 639 if (!(flags & MSG_PEEK) && len > 0) 640 atomic_sub(len, &sk->sk_rmem_alloc); 641 642 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 643 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 644 release_sock(sk); 645 646 return len; 647 } 648 649 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 650 { 651 struct sock *sk = sock->sk; 652 int err = 0; 653 u32 opt; 654 655 BT_DBG("sk %p", sk); 656 657 lock_sock(sk); 658 659 switch (optname) { 660 case RFCOMM_LM: 661 if (get_user(opt, (u32 __user *) optval)) { 662 err = -EFAULT; 663 break; 664 } 665 666 if (opt & RFCOMM_LM_AUTH) 667 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 668 if (opt & RFCOMM_LM_ENCRYPT) 669 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 670 if (opt & RFCOMM_LM_SECURE) 671 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 672 673 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 674 break; 675 676 default: 677 err = -ENOPROTOOPT; 678 break; 679 } 680 681 release_sock(sk); 682 return err; 683 } 684 685 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 686 { 687 struct sock *sk = sock->sk; 688 struct bt_security sec; 689 int len, err = 0; 690 u32 opt; 691 692 BT_DBG("sk %p", sk); 693 694 if (level == SOL_RFCOMM) 695 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 696 697 if (level != SOL_BLUETOOTH) 698 return -ENOPROTOOPT; 699 700 lock_sock(sk); 701 702 switch (optname) { 703 case BT_SECURITY: 704 if (sk->sk_type != SOCK_STREAM) { 705 err = -EINVAL; 706 break; 707 } 708 709 sec.level = BT_SECURITY_LOW; 710 711 len = min_t(unsigned int, sizeof(sec), optlen); 712 if (copy_from_user((char *) &sec, optval, len)) { 713 err = -EFAULT; 714 break; 715 } 716 717 if (sec.level > BT_SECURITY_HIGH) { 718 err = -EINVAL; 719 break; 720 } 721 722 rfcomm_pi(sk)->sec_level = sec.level; 723 break; 724 725 case BT_DEFER_SETUP: 726 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 727 err = -EINVAL; 728 break; 729 } 730 731 if (get_user(opt, (u32 __user *) optval)) { 732 err = -EFAULT; 733 break; 734 } 735 736 bt_sk(sk)->defer_setup = opt; 737 break; 738 739 default: 740 err = -ENOPROTOOPT; 741 break; 742 } 743 744 release_sock(sk); 745 return err; 746 } 747 748 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 749 { 750 struct sock *sk = sock->sk; 751 struct sock *l2cap_sk; 752 struct rfcomm_conninfo cinfo; 753 int len, err = 0; 754 u32 opt; 755 756 BT_DBG("sk %p", sk); 757 758 if (get_user(len, optlen)) 759 return -EFAULT; 760 761 lock_sock(sk); 762 763 switch (optname) { 764 case RFCOMM_LM: 765 switch (rfcomm_pi(sk)->sec_level) { 766 case BT_SECURITY_LOW: 767 opt = RFCOMM_LM_AUTH; 768 break; 769 case BT_SECURITY_MEDIUM: 770 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 771 break; 772 case BT_SECURITY_HIGH: 773 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 774 RFCOMM_LM_SECURE; 775 break; 776 default: 777 opt = 0; 778 break; 779 } 780 781 if (rfcomm_pi(sk)->role_switch) 782 opt |= RFCOMM_LM_MASTER; 783 784 if (put_user(opt, (u32 __user *) optval)) 785 err = -EFAULT; 786 break; 787 788 case RFCOMM_CONNINFO: 789 if (sk->sk_state != BT_CONNECTED && 790 !rfcomm_pi(sk)->dlc->defer_setup) { 791 err = -ENOTCONN; 792 break; 793 } 794 795 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 796 797 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 798 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 799 800 len = min_t(unsigned int, len, sizeof(cinfo)); 801 if (copy_to_user(optval, (char *) &cinfo, len)) 802 err = -EFAULT; 803 804 break; 805 806 default: 807 err = -ENOPROTOOPT; 808 break; 809 } 810 811 release_sock(sk); 812 return err; 813 } 814 815 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 816 { 817 struct sock *sk = sock->sk; 818 struct bt_security sec; 819 int len, err = 0; 820 821 BT_DBG("sk %p", sk); 822 823 if (level == SOL_RFCOMM) 824 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 825 826 if (level != SOL_BLUETOOTH) 827 return -ENOPROTOOPT; 828 829 if (get_user(len, optlen)) 830 return -EFAULT; 831 832 lock_sock(sk); 833 834 switch (optname) { 835 case BT_SECURITY: 836 if (sk->sk_type != SOCK_STREAM) { 837 err = -EINVAL; 838 break; 839 } 840 841 sec.level = rfcomm_pi(sk)->sec_level; 842 843 len = min_t(unsigned int, len, sizeof(sec)); 844 if (copy_to_user(optval, (char *) &sec, len)) 845 err = -EFAULT; 846 847 break; 848 849 case BT_DEFER_SETUP: 850 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 851 err = -EINVAL; 852 break; 853 } 854 855 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 856 err = -EFAULT; 857 858 break; 859 860 default: 861 err = -ENOPROTOOPT; 862 break; 863 } 864 865 release_sock(sk); 866 return err; 867 } 868 869 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 870 { 871 struct sock *sk __maybe_unused = sock->sk; 872 int err; 873 874 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 875 876 err = bt_sock_ioctl(sock, cmd, arg); 877 878 if (err == -ENOIOCTLCMD) { 879 #ifdef CONFIG_BT_RFCOMM_TTY 880 lock_sock(sk); 881 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 882 release_sock(sk); 883 #else 884 err = -EOPNOTSUPP; 885 #endif 886 } 887 888 return err; 889 } 890 891 static int rfcomm_sock_shutdown(struct socket *sock, int how) 892 { 893 struct sock *sk = sock->sk; 894 int err = 0; 895 896 BT_DBG("sock %p, sk %p", sock, sk); 897 898 if (!sk) return 0; 899 900 lock_sock(sk); 901 if (!sk->sk_shutdown) { 902 sk->sk_shutdown = SHUTDOWN_MASK; 903 __rfcomm_sock_close(sk); 904 905 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 906 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 907 } 908 release_sock(sk); 909 return err; 910 } 911 912 static int rfcomm_sock_release(struct socket *sock) 913 { 914 struct sock *sk = sock->sk; 915 int err; 916 917 BT_DBG("sock %p, sk %p", sock, sk); 918 919 if (!sk) 920 return 0; 921 922 err = rfcomm_sock_shutdown(sock, 2); 923 924 sock_orphan(sk); 925 rfcomm_sock_kill(sk); 926 return err; 927 } 928 929 /* ---- RFCOMM core layer callbacks ---- 930 * 931 * called under rfcomm_lock() 932 */ 933 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 934 { 935 struct sock *sk, *parent; 936 bdaddr_t src, dst; 937 int result = 0; 938 939 BT_DBG("session %p channel %d", s, channel); 940 941 rfcomm_session_getaddr(s, &src, &dst); 942 943 /* Check if we have socket listening on channel */ 944 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 945 if (!parent) 946 return 0; 947 948 /* Check for backlog size */ 949 if (sk_acceptq_is_full(parent)) { 950 BT_DBG("backlog full %d", parent->sk_ack_backlog); 951 goto done; 952 } 953 954 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 955 if (!sk) 956 goto done; 957 958 rfcomm_sock_init(sk, parent); 959 bacpy(&bt_sk(sk)->src, &src); 960 bacpy(&bt_sk(sk)->dst, &dst); 961 rfcomm_pi(sk)->channel = channel; 962 963 sk->sk_state = BT_CONFIG; 964 bt_accept_enqueue(parent, sk); 965 966 /* Accept connection and return socket DLC */ 967 *d = rfcomm_pi(sk)->dlc; 968 result = 1; 969 970 done: 971 bh_unlock_sock(parent); 972 973 if (bt_sk(parent)->defer_setup) 974 parent->sk_state_change(parent); 975 976 return result; 977 } 978 979 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 980 { 981 struct sock *sk; 982 struct hlist_node *node; 983 984 read_lock_bh(&rfcomm_sk_list.lock); 985 986 sk_for_each(sk, node, &rfcomm_sk_list.head) { 987 seq_printf(f, "%s %s %d %d\n", 988 batostr(&bt_sk(sk)->src), 989 batostr(&bt_sk(sk)->dst), 990 sk->sk_state, rfcomm_pi(sk)->channel); 991 } 992 993 read_unlock_bh(&rfcomm_sk_list.lock); 994 995 return 0; 996 } 997 998 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 999 { 1000 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1001 } 1002 1003 static const struct file_operations rfcomm_sock_debugfs_fops = { 1004 .open = rfcomm_sock_debugfs_open, 1005 .read = seq_read, 1006 .llseek = seq_lseek, 1007 .release = single_release, 1008 }; 1009 1010 static struct dentry *rfcomm_sock_debugfs; 1011 1012 static const struct proto_ops rfcomm_sock_ops = { 1013 .family = PF_BLUETOOTH, 1014 .owner = THIS_MODULE, 1015 .release = rfcomm_sock_release, 1016 .bind = rfcomm_sock_bind, 1017 .connect = rfcomm_sock_connect, 1018 .listen = rfcomm_sock_listen, 1019 .accept = rfcomm_sock_accept, 1020 .getname = rfcomm_sock_getname, 1021 .sendmsg = rfcomm_sock_sendmsg, 1022 .recvmsg = rfcomm_sock_recvmsg, 1023 .shutdown = rfcomm_sock_shutdown, 1024 .setsockopt = rfcomm_sock_setsockopt, 1025 .getsockopt = rfcomm_sock_getsockopt, 1026 .ioctl = rfcomm_sock_ioctl, 1027 .poll = bt_sock_poll, 1028 .socketpair = sock_no_socketpair, 1029 .mmap = sock_no_mmap 1030 }; 1031 1032 static const struct net_proto_family rfcomm_sock_family_ops = { 1033 .family = PF_BLUETOOTH, 1034 .owner = THIS_MODULE, 1035 .create = rfcomm_sock_create 1036 }; 1037 1038 int __init rfcomm_init_sockets(void) 1039 { 1040 int err; 1041 1042 err = proto_register(&rfcomm_proto, 0); 1043 if (err < 0) 1044 return err; 1045 1046 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1047 if (err < 0) 1048 goto error; 1049 1050 if (bt_debugfs) { 1051 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1052 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1053 if (!rfcomm_sock_debugfs) 1054 BT_ERR("Failed to create RFCOMM debug file"); 1055 } 1056 1057 BT_INFO("RFCOMM socket layer initialized"); 1058 1059 return 0; 1060 1061 error: 1062 BT_ERR("RFCOMM socket layer registration failed"); 1063 proto_unregister(&rfcomm_proto); 1064 return err; 1065 } 1066 1067 void __exit rfcomm_cleanup_sockets(void) 1068 { 1069 debugfs_remove(rfcomm_sock_debugfs); 1070 1071 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1072 BT_ERR("RFCOMM socket layer unregistration failed"); 1073 1074 proto_unregister(&rfcomm_proto); 1075 } 1076