1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <linux/debugfs.h> 44 #include <linux/seq_file.h> 45 #include <net/sock.h> 46 47 #include <asm/system.h> 48 #include <asm/uaccess.h> 49 50 #include <net/bluetooth/bluetooth.h> 51 #include <net/bluetooth/hci_core.h> 52 #include <net/bluetooth/l2cap.h> 53 #include <net/bluetooth/rfcomm.h> 54 55 static const struct proto_ops rfcomm_sock_ops; 56 57 static struct bt_sock_list rfcomm_sk_list = { 58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 59 }; 60 61 static void rfcomm_sock_close(struct sock *sk); 62 static void rfcomm_sock_kill(struct sock *sk); 63 64 /* ---- DLC callbacks ---- 65 * 66 * called under rfcomm_dlc_lock() 67 */ 68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 69 { 70 struct sock *sk = d->owner; 71 if (!sk) 72 return; 73 74 atomic_add(skb->len, &sk->sk_rmem_alloc); 75 skb_queue_tail(&sk->sk_receive_queue, skb); 76 sk->sk_data_ready(sk, skb->len); 77 78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 79 rfcomm_dlc_throttle(d); 80 } 81 82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 83 { 84 struct sock *sk = d->owner, *parent; 85 if (!sk) 86 return; 87 88 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 89 90 bh_lock_sock(sk); 91 92 if (err) 93 sk->sk_err = err; 94 95 sk->sk_state = d->state; 96 97 parent = bt_sk(sk)->parent; 98 if (parent) { 99 if (d->state == BT_CLOSED) { 100 sock_set_flag(sk, SOCK_ZAPPED); 101 bt_accept_unlink(sk); 102 } 103 parent->sk_data_ready(parent, 0); 104 } else { 105 if (d->state == BT_CONNECTED) 106 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 107 sk->sk_state_change(sk); 108 } 109 110 bh_unlock_sock(sk); 111 112 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 113 /* We have to drop DLC lock here, otherwise 114 * rfcomm_sock_destruct() will dead lock. */ 115 rfcomm_dlc_unlock(d); 116 rfcomm_sock_kill(sk); 117 rfcomm_dlc_lock(d); 118 } 119 } 120 121 /* ---- Socket functions ---- */ 122 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 123 { 124 struct sock *sk = NULL; 125 struct hlist_node *node; 126 127 sk_for_each(sk, node, &rfcomm_sk_list.head) { 128 if (rfcomm_pi(sk)->channel == channel && 129 !bacmp(&bt_sk(sk)->src, src)) 130 break; 131 } 132 133 return node ? sk : NULL; 134 } 135 136 /* Find socket with channel and source bdaddr. 137 * Returns closest match. 138 */ 139 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 140 { 141 struct sock *sk = NULL, *sk1 = NULL; 142 struct hlist_node *node; 143 144 sk_for_each(sk, node, &rfcomm_sk_list.head) { 145 if (state && sk->sk_state != state) 146 continue; 147 148 if (rfcomm_pi(sk)->channel == channel) { 149 /* Exact match. */ 150 if (!bacmp(&bt_sk(sk)->src, src)) 151 break; 152 153 /* Closest match */ 154 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 155 sk1 = sk; 156 } 157 } 158 return node ? sk : sk1; 159 } 160 161 /* Find socket with given address (channel, src). 162 * Returns locked socket */ 163 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 164 { 165 struct sock *s; 166 read_lock(&rfcomm_sk_list.lock); 167 s = __rfcomm_get_sock_by_channel(state, channel, src); 168 if (s) bh_lock_sock(s); 169 read_unlock(&rfcomm_sk_list.lock); 170 return s; 171 } 172 173 static void rfcomm_sock_destruct(struct sock *sk) 174 { 175 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 176 177 BT_DBG("sk %p dlc %p", sk, d); 178 179 skb_queue_purge(&sk->sk_receive_queue); 180 skb_queue_purge(&sk->sk_write_queue); 181 182 rfcomm_dlc_lock(d); 183 rfcomm_pi(sk)->dlc = NULL; 184 185 /* Detach DLC if it's owned by this socket */ 186 if (d->owner == sk) 187 d->owner = NULL; 188 rfcomm_dlc_unlock(d); 189 190 rfcomm_dlc_put(d); 191 } 192 193 static void rfcomm_sock_cleanup_listen(struct sock *parent) 194 { 195 struct sock *sk; 196 197 BT_DBG("parent %p", parent); 198 199 /* Close not yet accepted dlcs */ 200 while ((sk = bt_accept_dequeue(parent, NULL))) { 201 rfcomm_sock_close(sk); 202 rfcomm_sock_kill(sk); 203 } 204 205 parent->sk_state = BT_CLOSED; 206 sock_set_flag(parent, SOCK_ZAPPED); 207 } 208 209 /* Kill socket (only if zapped and orphan) 210 * Must be called on unlocked socket. 211 */ 212 static void rfcomm_sock_kill(struct sock *sk) 213 { 214 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 215 return; 216 217 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 218 219 /* Kill poor orphan */ 220 bt_sock_unlink(&rfcomm_sk_list, sk); 221 sock_set_flag(sk, SOCK_DEAD); 222 sock_put(sk); 223 } 224 225 static void __rfcomm_sock_close(struct sock *sk) 226 { 227 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 228 229 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 230 231 switch (sk->sk_state) { 232 case BT_LISTEN: 233 rfcomm_sock_cleanup_listen(sk); 234 break; 235 236 case BT_CONNECT: 237 case BT_CONNECT2: 238 case BT_CONFIG: 239 case BT_CONNECTED: 240 rfcomm_dlc_close(d, 0); 241 242 default: 243 sock_set_flag(sk, SOCK_ZAPPED); 244 break; 245 } 246 } 247 248 /* Close socket. 249 * Must be called on unlocked socket. 250 */ 251 static void rfcomm_sock_close(struct sock *sk) 252 { 253 lock_sock(sk); 254 __rfcomm_sock_close(sk); 255 release_sock(sk); 256 } 257 258 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 259 { 260 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 261 262 BT_DBG("sk %p", sk); 263 264 if (parent) { 265 sk->sk_type = parent->sk_type; 266 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 267 268 pi->sec_level = rfcomm_pi(parent)->sec_level; 269 pi->role_switch = rfcomm_pi(parent)->role_switch; 270 } else { 271 pi->dlc->defer_setup = 0; 272 273 pi->sec_level = BT_SECURITY_LOW; 274 pi->role_switch = 0; 275 } 276 277 pi->dlc->sec_level = pi->sec_level; 278 pi->dlc->role_switch = pi->role_switch; 279 } 280 281 static struct proto rfcomm_proto = { 282 .name = "RFCOMM", 283 .owner = THIS_MODULE, 284 .obj_size = sizeof(struct rfcomm_pinfo) 285 }; 286 287 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 288 { 289 struct rfcomm_dlc *d; 290 struct sock *sk; 291 292 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 293 if (!sk) 294 return NULL; 295 296 sock_init_data(sock, sk); 297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 298 299 d = rfcomm_dlc_alloc(prio); 300 if (!d) { 301 sk_free(sk); 302 return NULL; 303 } 304 305 d->data_ready = rfcomm_sk_data_ready; 306 d->state_change = rfcomm_sk_state_change; 307 308 rfcomm_pi(sk)->dlc = d; 309 d->owner = sk; 310 311 sk->sk_destruct = rfcomm_sock_destruct; 312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 313 314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 316 317 sock_reset_flag(sk, SOCK_ZAPPED); 318 319 sk->sk_protocol = proto; 320 sk->sk_state = BT_OPEN; 321 322 bt_sock_link(&rfcomm_sk_list, sk); 323 324 BT_DBG("sk %p", sk); 325 return sk; 326 } 327 328 static int rfcomm_sock_create(struct net *net, struct socket *sock, 329 int protocol, int kern) 330 { 331 struct sock *sk; 332 333 BT_DBG("sock %p", sock); 334 335 sock->state = SS_UNCONNECTED; 336 337 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 338 return -ESOCKTNOSUPPORT; 339 340 sock->ops = &rfcomm_sock_ops; 341 342 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 343 if (!sk) 344 return -ENOMEM; 345 346 rfcomm_sock_init(sk, NULL); 347 return 0; 348 } 349 350 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 351 { 352 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 353 struct sock *sk = sock->sk; 354 int err = 0; 355 356 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 357 358 if (!addr || addr->sa_family != AF_BLUETOOTH) 359 return -EINVAL; 360 361 lock_sock(sk); 362 363 if (sk->sk_state != BT_OPEN) { 364 err = -EBADFD; 365 goto done; 366 } 367 368 if (sk->sk_type != SOCK_STREAM) { 369 err = -EINVAL; 370 goto done; 371 } 372 373 write_lock_bh(&rfcomm_sk_list.lock); 374 375 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 376 err = -EADDRINUSE; 377 } else { 378 /* Save source address */ 379 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 380 rfcomm_pi(sk)->channel = sa->rc_channel; 381 sk->sk_state = BT_BOUND; 382 } 383 384 write_unlock_bh(&rfcomm_sk_list.lock); 385 386 done: 387 release_sock(sk); 388 return err; 389 } 390 391 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 392 { 393 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 394 struct sock *sk = sock->sk; 395 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 396 int err = 0; 397 398 BT_DBG("sk %p", sk); 399 400 if (alen < sizeof(struct sockaddr_rc) || 401 addr->sa_family != AF_BLUETOOTH) 402 return -EINVAL; 403 404 lock_sock(sk); 405 406 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 407 err = -EBADFD; 408 goto done; 409 } 410 411 if (sk->sk_type != SOCK_STREAM) { 412 err = -EINVAL; 413 goto done; 414 } 415 416 sk->sk_state = BT_CONNECT; 417 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 418 rfcomm_pi(sk)->channel = sa->rc_channel; 419 420 d->sec_level = rfcomm_pi(sk)->sec_level; 421 d->role_switch = rfcomm_pi(sk)->role_switch; 422 423 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 424 if (!err) 425 err = bt_sock_wait_state(sk, BT_CONNECTED, 426 sock_sndtimeo(sk, flags & O_NONBLOCK)); 427 428 done: 429 release_sock(sk); 430 return err; 431 } 432 433 static int rfcomm_sock_listen(struct socket *sock, int backlog) 434 { 435 struct sock *sk = sock->sk; 436 int err = 0; 437 438 BT_DBG("sk %p backlog %d", sk, backlog); 439 440 lock_sock(sk); 441 442 if (sk->sk_state != BT_BOUND) { 443 err = -EBADFD; 444 goto done; 445 } 446 447 if (sk->sk_type != SOCK_STREAM) { 448 err = -EINVAL; 449 goto done; 450 } 451 452 if (!rfcomm_pi(sk)->channel) { 453 bdaddr_t *src = &bt_sk(sk)->src; 454 u8 channel; 455 456 err = -EINVAL; 457 458 write_lock_bh(&rfcomm_sk_list.lock); 459 460 for (channel = 1; channel < 31; channel++) 461 if (!__rfcomm_get_sock_by_addr(channel, src)) { 462 rfcomm_pi(sk)->channel = channel; 463 err = 0; 464 break; 465 } 466 467 write_unlock_bh(&rfcomm_sk_list.lock); 468 469 if (err < 0) 470 goto done; 471 } 472 473 sk->sk_max_ack_backlog = backlog; 474 sk->sk_ack_backlog = 0; 475 sk->sk_state = BT_LISTEN; 476 477 done: 478 release_sock(sk); 479 return err; 480 } 481 482 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 483 { 484 DECLARE_WAITQUEUE(wait, current); 485 struct sock *sk = sock->sk, *nsk; 486 long timeo; 487 int err = 0; 488 489 lock_sock(sk); 490 491 if (sk->sk_state != BT_LISTEN) { 492 err = -EBADFD; 493 goto done; 494 } 495 496 if (sk->sk_type != SOCK_STREAM) { 497 err = -EINVAL; 498 goto done; 499 } 500 501 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 502 503 BT_DBG("sk %p timeo %ld", sk, timeo); 504 505 /* Wait for an incoming connection. (wake-one). */ 506 add_wait_queue_exclusive(sk_sleep(sk), &wait); 507 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 508 set_current_state(TASK_INTERRUPTIBLE); 509 if (!timeo) { 510 err = -EAGAIN; 511 break; 512 } 513 514 release_sock(sk); 515 timeo = schedule_timeout(timeo); 516 lock_sock(sk); 517 518 if (sk->sk_state != BT_LISTEN) { 519 err = -EBADFD; 520 break; 521 } 522 523 if (signal_pending(current)) { 524 err = sock_intr_errno(timeo); 525 break; 526 } 527 } 528 set_current_state(TASK_RUNNING); 529 remove_wait_queue(sk_sleep(sk), &wait); 530 531 if (err) 532 goto done; 533 534 newsock->state = SS_CONNECTED; 535 536 BT_DBG("new socket %p", nsk); 537 538 done: 539 release_sock(sk); 540 return err; 541 } 542 543 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 544 { 545 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 546 struct sock *sk = sock->sk; 547 548 BT_DBG("sock %p, sk %p", sock, sk); 549 550 sa->rc_family = AF_BLUETOOTH; 551 sa->rc_channel = rfcomm_pi(sk)->channel; 552 if (peer) 553 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 554 else 555 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 556 557 *len = sizeof(struct sockaddr_rc); 558 return 0; 559 } 560 561 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 562 struct msghdr *msg, size_t len) 563 { 564 struct sock *sk = sock->sk; 565 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 566 struct sk_buff *skb; 567 int sent = 0; 568 569 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 570 return -ENOTCONN; 571 572 if (msg->msg_flags & MSG_OOB) 573 return -EOPNOTSUPP; 574 575 if (sk->sk_shutdown & SEND_SHUTDOWN) 576 return -EPIPE; 577 578 BT_DBG("sock %p, sk %p", sock, sk); 579 580 lock_sock(sk); 581 582 while (len) { 583 size_t size = min_t(size_t, len, d->mtu); 584 int err; 585 586 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 587 msg->msg_flags & MSG_DONTWAIT, &err); 588 if (!skb) { 589 if (sent == 0) 590 sent = err; 591 break; 592 } 593 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 594 595 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 596 if (err) { 597 kfree_skb(skb); 598 if (sent == 0) 599 sent = err; 600 break; 601 } 602 603 err = rfcomm_dlc_send(d, skb); 604 if (err < 0) { 605 kfree_skb(skb); 606 if (sent == 0) 607 sent = err; 608 break; 609 } 610 611 sent += size; 612 len -= size; 613 } 614 615 release_sock(sk); 616 617 return sent; 618 } 619 620 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 621 { 622 DECLARE_WAITQUEUE(wait, current); 623 624 add_wait_queue(sk_sleep(sk), &wait); 625 for (;;) { 626 set_current_state(TASK_INTERRUPTIBLE); 627 628 if (!skb_queue_empty(&sk->sk_receive_queue) || 629 sk->sk_err || 630 (sk->sk_shutdown & RCV_SHUTDOWN) || 631 signal_pending(current) || 632 !timeo) 633 break; 634 635 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 636 release_sock(sk); 637 timeo = schedule_timeout(timeo); 638 lock_sock(sk); 639 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 640 } 641 642 __set_current_state(TASK_RUNNING); 643 remove_wait_queue(sk_sleep(sk), &wait); 644 return timeo; 645 } 646 647 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 648 struct msghdr *msg, size_t size, int flags) 649 { 650 struct sock *sk = sock->sk; 651 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 652 int err = 0; 653 size_t target, copied = 0; 654 long timeo; 655 656 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 657 rfcomm_dlc_accept(d); 658 return 0; 659 } 660 661 if (flags & MSG_OOB) 662 return -EOPNOTSUPP; 663 664 msg->msg_namelen = 0; 665 666 BT_DBG("sk %p size %zu", sk, size); 667 668 lock_sock(sk); 669 670 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 671 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 672 673 do { 674 struct sk_buff *skb; 675 int chunk; 676 677 skb = skb_dequeue(&sk->sk_receive_queue); 678 if (!skb) { 679 if (copied >= target) 680 break; 681 682 if ((err = sock_error(sk)) != 0) 683 break; 684 if (sk->sk_shutdown & RCV_SHUTDOWN) 685 break; 686 687 err = -EAGAIN; 688 if (!timeo) 689 break; 690 691 timeo = rfcomm_sock_data_wait(sk, timeo); 692 693 if (signal_pending(current)) { 694 err = sock_intr_errno(timeo); 695 goto out; 696 } 697 continue; 698 } 699 700 chunk = min_t(unsigned int, skb->len, size); 701 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 702 skb_queue_head(&sk->sk_receive_queue, skb); 703 if (!copied) 704 copied = -EFAULT; 705 break; 706 } 707 copied += chunk; 708 size -= chunk; 709 710 sock_recv_ts_and_drops(msg, sk, skb); 711 712 if (!(flags & MSG_PEEK)) { 713 atomic_sub(chunk, &sk->sk_rmem_alloc); 714 715 skb_pull(skb, chunk); 716 if (skb->len) { 717 skb_queue_head(&sk->sk_receive_queue, skb); 718 break; 719 } 720 kfree_skb(skb); 721 722 } else { 723 /* put message back and return */ 724 skb_queue_head(&sk->sk_receive_queue, skb); 725 break; 726 } 727 } while (size); 728 729 out: 730 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 731 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 732 733 release_sock(sk); 734 return copied ? : err; 735 } 736 737 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 738 { 739 struct sock *sk = sock->sk; 740 int err = 0; 741 u32 opt; 742 743 BT_DBG("sk %p", sk); 744 745 lock_sock(sk); 746 747 switch (optname) { 748 case RFCOMM_LM: 749 if (get_user(opt, (u32 __user *) optval)) { 750 err = -EFAULT; 751 break; 752 } 753 754 if (opt & RFCOMM_LM_AUTH) 755 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 756 if (opt & RFCOMM_LM_ENCRYPT) 757 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 758 if (opt & RFCOMM_LM_SECURE) 759 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 760 761 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 762 break; 763 764 default: 765 err = -ENOPROTOOPT; 766 break; 767 } 768 769 release_sock(sk); 770 return err; 771 } 772 773 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 774 { 775 struct sock *sk = sock->sk; 776 struct bt_security sec; 777 int len, err = 0; 778 u32 opt; 779 780 BT_DBG("sk %p", sk); 781 782 if (level == SOL_RFCOMM) 783 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 784 785 if (level != SOL_BLUETOOTH) 786 return -ENOPROTOOPT; 787 788 lock_sock(sk); 789 790 switch (optname) { 791 case BT_SECURITY: 792 if (sk->sk_type != SOCK_STREAM) { 793 err = -EINVAL; 794 break; 795 } 796 797 sec.level = BT_SECURITY_LOW; 798 799 len = min_t(unsigned int, sizeof(sec), optlen); 800 if (copy_from_user((char *) &sec, optval, len)) { 801 err = -EFAULT; 802 break; 803 } 804 805 if (sec.level > BT_SECURITY_HIGH) { 806 err = -EINVAL; 807 break; 808 } 809 810 rfcomm_pi(sk)->sec_level = sec.level; 811 break; 812 813 case BT_DEFER_SETUP: 814 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 815 err = -EINVAL; 816 break; 817 } 818 819 if (get_user(opt, (u32 __user *) optval)) { 820 err = -EFAULT; 821 break; 822 } 823 824 bt_sk(sk)->defer_setup = opt; 825 break; 826 827 default: 828 err = -ENOPROTOOPT; 829 break; 830 } 831 832 release_sock(sk); 833 return err; 834 } 835 836 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 837 { 838 struct sock *sk = sock->sk; 839 struct sock *l2cap_sk; 840 struct rfcomm_conninfo cinfo; 841 int len, err = 0; 842 u32 opt; 843 844 BT_DBG("sk %p", sk); 845 846 if (get_user(len, optlen)) 847 return -EFAULT; 848 849 lock_sock(sk); 850 851 switch (optname) { 852 case RFCOMM_LM: 853 switch (rfcomm_pi(sk)->sec_level) { 854 case BT_SECURITY_LOW: 855 opt = RFCOMM_LM_AUTH; 856 break; 857 case BT_SECURITY_MEDIUM: 858 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 859 break; 860 case BT_SECURITY_HIGH: 861 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 862 RFCOMM_LM_SECURE; 863 break; 864 default: 865 opt = 0; 866 break; 867 } 868 869 if (rfcomm_pi(sk)->role_switch) 870 opt |= RFCOMM_LM_MASTER; 871 872 if (put_user(opt, (u32 __user *) optval)) 873 err = -EFAULT; 874 break; 875 876 case RFCOMM_CONNINFO: 877 if (sk->sk_state != BT_CONNECTED && 878 !rfcomm_pi(sk)->dlc->defer_setup) { 879 err = -ENOTCONN; 880 break; 881 } 882 883 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 884 885 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 886 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 887 888 len = min_t(unsigned int, len, sizeof(cinfo)); 889 if (copy_to_user(optval, (char *) &cinfo, len)) 890 err = -EFAULT; 891 892 break; 893 894 default: 895 err = -ENOPROTOOPT; 896 break; 897 } 898 899 release_sock(sk); 900 return err; 901 } 902 903 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 904 { 905 struct sock *sk = sock->sk; 906 struct bt_security sec; 907 int len, err = 0; 908 909 BT_DBG("sk %p", sk); 910 911 if (level == SOL_RFCOMM) 912 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 913 914 if (level != SOL_BLUETOOTH) 915 return -ENOPROTOOPT; 916 917 if (get_user(len, optlen)) 918 return -EFAULT; 919 920 lock_sock(sk); 921 922 switch (optname) { 923 case BT_SECURITY: 924 if (sk->sk_type != SOCK_STREAM) { 925 err = -EINVAL; 926 break; 927 } 928 929 sec.level = rfcomm_pi(sk)->sec_level; 930 931 len = min_t(unsigned int, len, sizeof(sec)); 932 if (copy_to_user(optval, (char *) &sec, len)) 933 err = -EFAULT; 934 935 break; 936 937 case BT_DEFER_SETUP: 938 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 939 err = -EINVAL; 940 break; 941 } 942 943 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 944 err = -EFAULT; 945 946 break; 947 948 default: 949 err = -ENOPROTOOPT; 950 break; 951 } 952 953 release_sock(sk); 954 return err; 955 } 956 957 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 958 { 959 struct sock *sk __maybe_unused = sock->sk; 960 int err; 961 962 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 963 964 err = bt_sock_ioctl(sock, cmd, arg); 965 966 if (err == -ENOIOCTLCMD) { 967 #ifdef CONFIG_BT_RFCOMM_TTY 968 lock_sock(sk); 969 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 970 release_sock(sk); 971 #else 972 err = -EOPNOTSUPP; 973 #endif 974 } 975 976 return err; 977 } 978 979 static int rfcomm_sock_shutdown(struct socket *sock, int how) 980 { 981 struct sock *sk = sock->sk; 982 int err = 0; 983 984 BT_DBG("sock %p, sk %p", sock, sk); 985 986 if (!sk) return 0; 987 988 lock_sock(sk); 989 if (!sk->sk_shutdown) { 990 sk->sk_shutdown = SHUTDOWN_MASK; 991 __rfcomm_sock_close(sk); 992 993 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 994 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 995 } 996 release_sock(sk); 997 return err; 998 } 999 1000 static int rfcomm_sock_release(struct socket *sock) 1001 { 1002 struct sock *sk = sock->sk; 1003 int err; 1004 1005 BT_DBG("sock %p, sk %p", sock, sk); 1006 1007 if (!sk) 1008 return 0; 1009 1010 err = rfcomm_sock_shutdown(sock, 2); 1011 1012 sock_orphan(sk); 1013 rfcomm_sock_kill(sk); 1014 return err; 1015 } 1016 1017 /* ---- RFCOMM core layer callbacks ---- 1018 * 1019 * called under rfcomm_lock() 1020 */ 1021 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 1022 { 1023 struct sock *sk, *parent; 1024 bdaddr_t src, dst; 1025 int result = 0; 1026 1027 BT_DBG("session %p channel %d", s, channel); 1028 1029 rfcomm_session_getaddr(s, &src, &dst); 1030 1031 /* Check if we have socket listening on channel */ 1032 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 1033 if (!parent) 1034 return 0; 1035 1036 /* Check for backlog size */ 1037 if (sk_acceptq_is_full(parent)) { 1038 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1039 goto done; 1040 } 1041 1042 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 1043 if (!sk) 1044 goto done; 1045 1046 rfcomm_sock_init(sk, parent); 1047 bacpy(&bt_sk(sk)->src, &src); 1048 bacpy(&bt_sk(sk)->dst, &dst); 1049 rfcomm_pi(sk)->channel = channel; 1050 1051 sk->sk_state = BT_CONFIG; 1052 bt_accept_enqueue(parent, sk); 1053 1054 /* Accept connection and return socket DLC */ 1055 *d = rfcomm_pi(sk)->dlc; 1056 result = 1; 1057 1058 done: 1059 bh_unlock_sock(parent); 1060 1061 if (bt_sk(parent)->defer_setup) 1062 parent->sk_state_change(parent); 1063 1064 return result; 1065 } 1066 1067 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 1068 { 1069 struct sock *sk; 1070 struct hlist_node *node; 1071 1072 read_lock_bh(&rfcomm_sk_list.lock); 1073 1074 sk_for_each(sk, node, &rfcomm_sk_list.head) { 1075 seq_printf(f, "%s %s %d %d\n", 1076 batostr(&bt_sk(sk)->src), 1077 batostr(&bt_sk(sk)->dst), 1078 sk->sk_state, rfcomm_pi(sk)->channel); 1079 } 1080 1081 read_unlock_bh(&rfcomm_sk_list.lock); 1082 1083 return 0; 1084 } 1085 1086 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 1087 { 1088 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1089 } 1090 1091 static const struct file_operations rfcomm_sock_debugfs_fops = { 1092 .open = rfcomm_sock_debugfs_open, 1093 .read = seq_read, 1094 .llseek = seq_lseek, 1095 .release = single_release, 1096 }; 1097 1098 static struct dentry *rfcomm_sock_debugfs; 1099 1100 static const struct proto_ops rfcomm_sock_ops = { 1101 .family = PF_BLUETOOTH, 1102 .owner = THIS_MODULE, 1103 .release = rfcomm_sock_release, 1104 .bind = rfcomm_sock_bind, 1105 .connect = rfcomm_sock_connect, 1106 .listen = rfcomm_sock_listen, 1107 .accept = rfcomm_sock_accept, 1108 .getname = rfcomm_sock_getname, 1109 .sendmsg = rfcomm_sock_sendmsg, 1110 .recvmsg = rfcomm_sock_recvmsg, 1111 .shutdown = rfcomm_sock_shutdown, 1112 .setsockopt = rfcomm_sock_setsockopt, 1113 .getsockopt = rfcomm_sock_getsockopt, 1114 .ioctl = rfcomm_sock_ioctl, 1115 .poll = bt_sock_poll, 1116 .socketpair = sock_no_socketpair, 1117 .mmap = sock_no_mmap 1118 }; 1119 1120 static const struct net_proto_family rfcomm_sock_family_ops = { 1121 .family = PF_BLUETOOTH, 1122 .owner = THIS_MODULE, 1123 .create = rfcomm_sock_create 1124 }; 1125 1126 int __init rfcomm_init_sockets(void) 1127 { 1128 int err; 1129 1130 err = proto_register(&rfcomm_proto, 0); 1131 if (err < 0) 1132 return err; 1133 1134 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1135 if (err < 0) 1136 goto error; 1137 1138 if (bt_debugfs) { 1139 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1140 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1141 if (!rfcomm_sock_debugfs) 1142 BT_ERR("Failed to create RFCOMM debug file"); 1143 } 1144 1145 BT_INFO("RFCOMM socket layer initialized"); 1146 1147 return 0; 1148 1149 error: 1150 BT_ERR("RFCOMM socket layer registration failed"); 1151 proto_unregister(&rfcomm_proto); 1152 return err; 1153 } 1154 1155 void __exit rfcomm_cleanup_sockets(void) 1156 { 1157 debugfs_remove(rfcomm_sock_debugfs); 1158 1159 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1160 BT_ERR("RFCOMM socket layer unregistration failed"); 1161 1162 proto_unregister(&rfcomm_proto); 1163 } 1164