1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <linux/debugfs.h> 44 #include <linux/seq_file.h> 45 #include <linux/security.h> 46 #include <net/sock.h> 47 48 #include <asm/system.h> 49 #include <linux/uaccess.h> 50 51 #include <net/bluetooth/bluetooth.h> 52 #include <net/bluetooth/hci_core.h> 53 #include <net/bluetooth/l2cap.h> 54 #include <net/bluetooth/rfcomm.h> 55 56 static const struct proto_ops rfcomm_sock_ops; 57 58 static struct bt_sock_list rfcomm_sk_list = { 59 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 60 }; 61 62 static void rfcomm_sock_close(struct sock *sk); 63 static void rfcomm_sock_kill(struct sock *sk); 64 65 /* ---- DLC callbacks ---- 66 * 67 * called under rfcomm_dlc_lock() 68 */ 69 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 70 { 71 struct sock *sk = d->owner; 72 if (!sk) 73 return; 74 75 atomic_add(skb->len, &sk->sk_rmem_alloc); 76 skb_queue_tail(&sk->sk_receive_queue, skb); 77 sk->sk_data_ready(sk, skb->len); 78 79 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 80 rfcomm_dlc_throttle(d); 81 } 82 83 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 84 { 85 struct sock *sk = d->owner, *parent; 86 unsigned long flags; 87 88 if (!sk) 89 return; 90 91 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 92 93 local_irq_save(flags); 94 bh_lock_sock(sk); 95 96 if (err) 97 sk->sk_err = err; 98 99 sk->sk_state = d->state; 100 101 parent = bt_sk(sk)->parent; 102 if (parent) { 103 if (d->state == BT_CLOSED) { 104 sock_set_flag(sk, SOCK_ZAPPED); 105 bt_accept_unlink(sk); 106 } 107 parent->sk_data_ready(parent, 0); 108 } else { 109 if (d->state == BT_CONNECTED) 110 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 111 sk->sk_state_change(sk); 112 } 113 114 bh_unlock_sock(sk); 115 local_irq_restore(flags); 116 117 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 118 /* We have to drop DLC lock here, otherwise 119 * rfcomm_sock_destruct() will dead lock. */ 120 rfcomm_dlc_unlock(d); 121 rfcomm_sock_kill(sk); 122 rfcomm_dlc_lock(d); 123 } 124 } 125 126 /* ---- Socket functions ---- */ 127 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 128 { 129 struct sock *sk = NULL; 130 struct hlist_node *node; 131 132 sk_for_each(sk, node, &rfcomm_sk_list.head) { 133 if (rfcomm_pi(sk)->channel == channel && 134 !bacmp(&bt_sk(sk)->src, src)) 135 break; 136 } 137 138 return node ? sk : NULL; 139 } 140 141 /* Find socket with channel and source bdaddr. 142 * Returns closest match. 143 */ 144 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 145 { 146 struct sock *sk = NULL, *sk1 = NULL; 147 struct hlist_node *node; 148 149 read_lock(&rfcomm_sk_list.lock); 150 151 sk_for_each(sk, node, &rfcomm_sk_list.head) { 152 if (state && sk->sk_state != state) 153 continue; 154 155 if (rfcomm_pi(sk)->channel == channel) { 156 /* Exact match. */ 157 if (!bacmp(&bt_sk(sk)->src, src)) 158 break; 159 160 /* Closest match */ 161 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 162 sk1 = sk; 163 } 164 } 165 166 read_unlock(&rfcomm_sk_list.lock); 167 168 return node ? sk : sk1; 169 } 170 171 static void rfcomm_sock_destruct(struct sock *sk) 172 { 173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 174 175 BT_DBG("sk %p dlc %p", sk, d); 176 177 skb_queue_purge(&sk->sk_receive_queue); 178 skb_queue_purge(&sk->sk_write_queue); 179 180 rfcomm_dlc_lock(d); 181 rfcomm_pi(sk)->dlc = NULL; 182 183 /* Detach DLC if it's owned by this socket */ 184 if (d->owner == sk) 185 d->owner = NULL; 186 rfcomm_dlc_unlock(d); 187 188 rfcomm_dlc_put(d); 189 } 190 191 static void rfcomm_sock_cleanup_listen(struct sock *parent) 192 { 193 struct sock *sk; 194 195 BT_DBG("parent %p", parent); 196 197 /* Close not yet accepted dlcs */ 198 while ((sk = bt_accept_dequeue(parent, NULL))) { 199 rfcomm_sock_close(sk); 200 rfcomm_sock_kill(sk); 201 } 202 203 parent->sk_state = BT_CLOSED; 204 sock_set_flag(parent, SOCK_ZAPPED); 205 } 206 207 /* Kill socket (only if zapped and orphan) 208 * Must be called on unlocked socket. 209 */ 210 static void rfcomm_sock_kill(struct sock *sk) 211 { 212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 213 return; 214 215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 216 217 /* Kill poor orphan */ 218 bt_sock_unlink(&rfcomm_sk_list, sk); 219 sock_set_flag(sk, SOCK_DEAD); 220 sock_put(sk); 221 } 222 223 static void __rfcomm_sock_close(struct sock *sk) 224 { 225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 226 227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 228 229 switch (sk->sk_state) { 230 case BT_LISTEN: 231 rfcomm_sock_cleanup_listen(sk); 232 break; 233 234 case BT_CONNECT: 235 case BT_CONNECT2: 236 case BT_CONFIG: 237 case BT_CONNECTED: 238 rfcomm_dlc_close(d, 0); 239 240 default: 241 sock_set_flag(sk, SOCK_ZAPPED); 242 break; 243 } 244 } 245 246 /* Close socket. 247 * Must be called on unlocked socket. 248 */ 249 static void rfcomm_sock_close(struct sock *sk) 250 { 251 lock_sock(sk); 252 __rfcomm_sock_close(sk); 253 release_sock(sk); 254 } 255 256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 257 { 258 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 259 260 BT_DBG("sk %p", sk); 261 262 if (parent) { 263 sk->sk_type = parent->sk_type; 264 pi->dlc->defer_setup = bt_sk(parent)->defer_setup; 265 266 pi->sec_level = rfcomm_pi(parent)->sec_level; 267 pi->role_switch = rfcomm_pi(parent)->role_switch; 268 269 security_sk_clone(parent, sk); 270 } else { 271 pi->dlc->defer_setup = 0; 272 273 pi->sec_level = BT_SECURITY_LOW; 274 pi->role_switch = 0; 275 } 276 277 pi->dlc->sec_level = pi->sec_level; 278 pi->dlc->role_switch = pi->role_switch; 279 } 280 281 static struct proto rfcomm_proto = { 282 .name = "RFCOMM", 283 .owner = THIS_MODULE, 284 .obj_size = sizeof(struct rfcomm_pinfo) 285 }; 286 287 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 288 { 289 struct rfcomm_dlc *d; 290 struct sock *sk; 291 292 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 293 if (!sk) 294 return NULL; 295 296 sock_init_data(sock, sk); 297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 298 299 d = rfcomm_dlc_alloc(prio); 300 if (!d) { 301 sk_free(sk); 302 return NULL; 303 } 304 305 d->data_ready = rfcomm_sk_data_ready; 306 d->state_change = rfcomm_sk_state_change; 307 308 rfcomm_pi(sk)->dlc = d; 309 d->owner = sk; 310 311 sk->sk_destruct = rfcomm_sock_destruct; 312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 313 314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 316 317 sock_reset_flag(sk, SOCK_ZAPPED); 318 319 sk->sk_protocol = proto; 320 sk->sk_state = BT_OPEN; 321 322 bt_sock_link(&rfcomm_sk_list, sk); 323 324 BT_DBG("sk %p", sk); 325 return sk; 326 } 327 328 static int rfcomm_sock_create(struct net *net, struct socket *sock, 329 int protocol, int kern) 330 { 331 struct sock *sk; 332 333 BT_DBG("sock %p", sock); 334 335 sock->state = SS_UNCONNECTED; 336 337 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 338 return -ESOCKTNOSUPPORT; 339 340 sock->ops = &rfcomm_sock_ops; 341 342 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 343 if (!sk) 344 return -ENOMEM; 345 346 rfcomm_sock_init(sk, NULL); 347 return 0; 348 } 349 350 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 351 { 352 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 353 struct sock *sk = sock->sk; 354 int err = 0; 355 356 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 357 358 if (!addr || addr->sa_family != AF_BLUETOOTH) 359 return -EINVAL; 360 361 lock_sock(sk); 362 363 if (sk->sk_state != BT_OPEN) { 364 err = -EBADFD; 365 goto done; 366 } 367 368 if (sk->sk_type != SOCK_STREAM) { 369 err = -EINVAL; 370 goto done; 371 } 372 373 write_lock_bh(&rfcomm_sk_list.lock); 374 375 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 376 err = -EADDRINUSE; 377 } else { 378 /* Save source address */ 379 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 380 rfcomm_pi(sk)->channel = sa->rc_channel; 381 sk->sk_state = BT_BOUND; 382 } 383 384 write_unlock_bh(&rfcomm_sk_list.lock); 385 386 done: 387 release_sock(sk); 388 return err; 389 } 390 391 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 392 { 393 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 394 struct sock *sk = sock->sk; 395 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 396 int err = 0; 397 398 BT_DBG("sk %p", sk); 399 400 if (alen < sizeof(struct sockaddr_rc) || 401 addr->sa_family != AF_BLUETOOTH) 402 return -EINVAL; 403 404 lock_sock(sk); 405 406 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 407 err = -EBADFD; 408 goto done; 409 } 410 411 if (sk->sk_type != SOCK_STREAM) { 412 err = -EINVAL; 413 goto done; 414 } 415 416 sk->sk_state = BT_CONNECT; 417 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 418 rfcomm_pi(sk)->channel = sa->rc_channel; 419 420 d->sec_level = rfcomm_pi(sk)->sec_level; 421 d->role_switch = rfcomm_pi(sk)->role_switch; 422 423 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 424 if (!err) 425 err = bt_sock_wait_state(sk, BT_CONNECTED, 426 sock_sndtimeo(sk, flags & O_NONBLOCK)); 427 428 done: 429 release_sock(sk); 430 return err; 431 } 432 433 static int rfcomm_sock_listen(struct socket *sock, int backlog) 434 { 435 struct sock *sk = sock->sk; 436 int err = 0; 437 438 BT_DBG("sk %p backlog %d", sk, backlog); 439 440 lock_sock(sk); 441 442 if (sk->sk_state != BT_BOUND) { 443 err = -EBADFD; 444 goto done; 445 } 446 447 if (sk->sk_type != SOCK_STREAM) { 448 err = -EINVAL; 449 goto done; 450 } 451 452 if (!rfcomm_pi(sk)->channel) { 453 bdaddr_t *src = &bt_sk(sk)->src; 454 u8 channel; 455 456 err = -EINVAL; 457 458 write_lock_bh(&rfcomm_sk_list.lock); 459 460 for (channel = 1; channel < 31; channel++) 461 if (!__rfcomm_get_sock_by_addr(channel, src)) { 462 rfcomm_pi(sk)->channel = channel; 463 err = 0; 464 break; 465 } 466 467 write_unlock_bh(&rfcomm_sk_list.lock); 468 469 if (err < 0) 470 goto done; 471 } 472 473 sk->sk_max_ack_backlog = backlog; 474 sk->sk_ack_backlog = 0; 475 sk->sk_state = BT_LISTEN; 476 477 done: 478 release_sock(sk); 479 return err; 480 } 481 482 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 483 { 484 DECLARE_WAITQUEUE(wait, current); 485 struct sock *sk = sock->sk, *nsk; 486 long timeo; 487 int err = 0; 488 489 lock_sock(sk); 490 491 if (sk->sk_type != SOCK_STREAM) { 492 err = -EINVAL; 493 goto done; 494 } 495 496 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 497 498 BT_DBG("sk %p timeo %ld", sk, timeo); 499 500 /* Wait for an incoming connection. (wake-one). */ 501 add_wait_queue_exclusive(sk_sleep(sk), &wait); 502 while (1) { 503 set_current_state(TASK_INTERRUPTIBLE); 504 505 if (sk->sk_state != BT_LISTEN) { 506 err = -EBADFD; 507 break; 508 } 509 510 nsk = bt_accept_dequeue(sk, newsock); 511 if (nsk) 512 break; 513 514 if (!timeo) { 515 err = -EAGAIN; 516 break; 517 } 518 519 if (signal_pending(current)) { 520 err = sock_intr_errno(timeo); 521 break; 522 } 523 524 release_sock(sk); 525 timeo = schedule_timeout(timeo); 526 lock_sock(sk); 527 } 528 __set_current_state(TASK_RUNNING); 529 remove_wait_queue(sk_sleep(sk), &wait); 530 531 if (err) 532 goto done; 533 534 newsock->state = SS_CONNECTED; 535 536 BT_DBG("new socket %p", nsk); 537 538 done: 539 release_sock(sk); 540 return err; 541 } 542 543 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 544 { 545 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 546 struct sock *sk = sock->sk; 547 548 BT_DBG("sock %p, sk %p", sock, sk); 549 550 sa->rc_family = AF_BLUETOOTH; 551 sa->rc_channel = rfcomm_pi(sk)->channel; 552 if (peer) 553 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 554 else 555 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 556 557 *len = sizeof(struct sockaddr_rc); 558 return 0; 559 } 560 561 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 562 struct msghdr *msg, size_t len) 563 { 564 struct sock *sk = sock->sk; 565 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 566 struct sk_buff *skb; 567 int sent = 0; 568 569 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 570 return -ENOTCONN; 571 572 if (msg->msg_flags & MSG_OOB) 573 return -EOPNOTSUPP; 574 575 if (sk->sk_shutdown & SEND_SHUTDOWN) 576 return -EPIPE; 577 578 BT_DBG("sock %p, sk %p", sock, sk); 579 580 lock_sock(sk); 581 582 while (len) { 583 size_t size = min_t(size_t, len, d->mtu); 584 int err; 585 586 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 587 msg->msg_flags & MSG_DONTWAIT, &err); 588 if (!skb) { 589 if (sent == 0) 590 sent = err; 591 break; 592 } 593 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 594 595 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 596 if (err) { 597 kfree_skb(skb); 598 if (sent == 0) 599 sent = err; 600 break; 601 } 602 603 err = rfcomm_dlc_send(d, skb); 604 if (err < 0) { 605 kfree_skb(skb); 606 if (sent == 0) 607 sent = err; 608 break; 609 } 610 611 sent += size; 612 len -= size; 613 } 614 615 release_sock(sk); 616 617 return sent; 618 } 619 620 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 621 struct msghdr *msg, size_t size, int flags) 622 { 623 struct sock *sk = sock->sk; 624 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 625 int len; 626 627 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 628 rfcomm_dlc_accept(d); 629 return 0; 630 } 631 632 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); 633 634 lock_sock(sk); 635 if (!(flags & MSG_PEEK) && len > 0) 636 atomic_sub(len, &sk->sk_rmem_alloc); 637 638 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 639 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 640 release_sock(sk); 641 642 return len; 643 } 644 645 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 646 { 647 struct sock *sk = sock->sk; 648 int err = 0; 649 u32 opt; 650 651 BT_DBG("sk %p", sk); 652 653 lock_sock(sk); 654 655 switch (optname) { 656 case RFCOMM_LM: 657 if (get_user(opt, (u32 __user *) optval)) { 658 err = -EFAULT; 659 break; 660 } 661 662 if (opt & RFCOMM_LM_AUTH) 663 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 664 if (opt & RFCOMM_LM_ENCRYPT) 665 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 666 if (opt & RFCOMM_LM_SECURE) 667 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 668 669 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 670 break; 671 672 default: 673 err = -ENOPROTOOPT; 674 break; 675 } 676 677 release_sock(sk); 678 return err; 679 } 680 681 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 682 { 683 struct sock *sk = sock->sk; 684 struct bt_security sec; 685 int err = 0; 686 size_t len; 687 u32 opt; 688 689 BT_DBG("sk %p", sk); 690 691 if (level == SOL_RFCOMM) 692 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 693 694 if (level != SOL_BLUETOOTH) 695 return -ENOPROTOOPT; 696 697 lock_sock(sk); 698 699 switch (optname) { 700 case BT_SECURITY: 701 if (sk->sk_type != SOCK_STREAM) { 702 err = -EINVAL; 703 break; 704 } 705 706 sec.level = BT_SECURITY_LOW; 707 708 len = min_t(unsigned int, sizeof(sec), optlen); 709 if (copy_from_user((char *) &sec, optval, len)) { 710 err = -EFAULT; 711 break; 712 } 713 714 if (sec.level > BT_SECURITY_HIGH) { 715 err = -EINVAL; 716 break; 717 } 718 719 rfcomm_pi(sk)->sec_level = sec.level; 720 break; 721 722 case BT_DEFER_SETUP: 723 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 724 err = -EINVAL; 725 break; 726 } 727 728 if (get_user(opt, (u32 __user *) optval)) { 729 err = -EFAULT; 730 break; 731 } 732 733 bt_sk(sk)->defer_setup = opt; 734 break; 735 736 default: 737 err = -ENOPROTOOPT; 738 break; 739 } 740 741 release_sock(sk); 742 return err; 743 } 744 745 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 746 { 747 struct sock *sk = sock->sk; 748 struct rfcomm_conninfo cinfo; 749 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 750 int len, err = 0; 751 u32 opt; 752 753 BT_DBG("sk %p", sk); 754 755 if (get_user(len, optlen)) 756 return -EFAULT; 757 758 lock_sock(sk); 759 760 switch (optname) { 761 case RFCOMM_LM: 762 switch (rfcomm_pi(sk)->sec_level) { 763 case BT_SECURITY_LOW: 764 opt = RFCOMM_LM_AUTH; 765 break; 766 case BT_SECURITY_MEDIUM: 767 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 768 break; 769 case BT_SECURITY_HIGH: 770 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 771 RFCOMM_LM_SECURE; 772 break; 773 default: 774 opt = 0; 775 break; 776 } 777 778 if (rfcomm_pi(sk)->role_switch) 779 opt |= RFCOMM_LM_MASTER; 780 781 if (put_user(opt, (u32 __user *) optval)) 782 err = -EFAULT; 783 break; 784 785 case RFCOMM_CONNINFO: 786 if (sk->sk_state != BT_CONNECTED && 787 !rfcomm_pi(sk)->dlc->defer_setup) { 788 err = -ENOTCONN; 789 break; 790 } 791 792 memset(&cinfo, 0, sizeof(cinfo)); 793 cinfo.hci_handle = conn->hcon->handle; 794 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 795 796 len = min_t(unsigned int, len, sizeof(cinfo)); 797 if (copy_to_user(optval, (char *) &cinfo, len)) 798 err = -EFAULT; 799 800 break; 801 802 default: 803 err = -ENOPROTOOPT; 804 break; 805 } 806 807 release_sock(sk); 808 return err; 809 } 810 811 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 812 { 813 struct sock *sk = sock->sk; 814 struct bt_security sec; 815 int len, err = 0; 816 817 BT_DBG("sk %p", sk); 818 819 if (level == SOL_RFCOMM) 820 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 821 822 if (level != SOL_BLUETOOTH) 823 return -ENOPROTOOPT; 824 825 if (get_user(len, optlen)) 826 return -EFAULT; 827 828 lock_sock(sk); 829 830 switch (optname) { 831 case BT_SECURITY: 832 if (sk->sk_type != SOCK_STREAM) { 833 err = -EINVAL; 834 break; 835 } 836 837 sec.level = rfcomm_pi(sk)->sec_level; 838 839 len = min_t(unsigned int, len, sizeof(sec)); 840 if (copy_to_user(optval, (char *) &sec, len)) 841 err = -EFAULT; 842 843 break; 844 845 case BT_DEFER_SETUP: 846 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 847 err = -EINVAL; 848 break; 849 } 850 851 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 852 err = -EFAULT; 853 854 break; 855 856 default: 857 err = -ENOPROTOOPT; 858 break; 859 } 860 861 release_sock(sk); 862 return err; 863 } 864 865 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 866 { 867 struct sock *sk __maybe_unused = sock->sk; 868 int err; 869 870 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 871 872 err = bt_sock_ioctl(sock, cmd, arg); 873 874 if (err == -ENOIOCTLCMD) { 875 #ifdef CONFIG_BT_RFCOMM_TTY 876 lock_sock(sk); 877 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 878 release_sock(sk); 879 #else 880 err = -EOPNOTSUPP; 881 #endif 882 } 883 884 return err; 885 } 886 887 static int rfcomm_sock_shutdown(struct socket *sock, int how) 888 { 889 struct sock *sk = sock->sk; 890 int err = 0; 891 892 BT_DBG("sock %p, sk %p", sock, sk); 893 894 if (!sk) 895 return 0; 896 897 lock_sock(sk); 898 if (!sk->sk_shutdown) { 899 sk->sk_shutdown = SHUTDOWN_MASK; 900 __rfcomm_sock_close(sk); 901 902 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 903 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 904 } 905 release_sock(sk); 906 return err; 907 } 908 909 static int rfcomm_sock_release(struct socket *sock) 910 { 911 struct sock *sk = sock->sk; 912 int err; 913 914 BT_DBG("sock %p, sk %p", sock, sk); 915 916 if (!sk) 917 return 0; 918 919 err = rfcomm_sock_shutdown(sock, 2); 920 921 sock_orphan(sk); 922 rfcomm_sock_kill(sk); 923 return err; 924 } 925 926 /* ---- RFCOMM core layer callbacks ---- 927 * 928 * called under rfcomm_lock() 929 */ 930 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 931 { 932 struct sock *sk, *parent; 933 bdaddr_t src, dst; 934 int result = 0; 935 936 BT_DBG("session %p channel %d", s, channel); 937 938 rfcomm_session_getaddr(s, &src, &dst); 939 940 /* Check if we have socket listening on channel */ 941 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 942 if (!parent) 943 return 0; 944 945 bh_lock_sock(parent); 946 947 /* Check for backlog size */ 948 if (sk_acceptq_is_full(parent)) { 949 BT_DBG("backlog full %d", parent->sk_ack_backlog); 950 goto done; 951 } 952 953 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 954 if (!sk) 955 goto done; 956 957 rfcomm_sock_init(sk, parent); 958 bacpy(&bt_sk(sk)->src, &src); 959 bacpy(&bt_sk(sk)->dst, &dst); 960 rfcomm_pi(sk)->channel = channel; 961 962 sk->sk_state = BT_CONFIG; 963 bt_accept_enqueue(parent, sk); 964 965 /* Accept connection and return socket DLC */ 966 *d = rfcomm_pi(sk)->dlc; 967 result = 1; 968 969 done: 970 bh_unlock_sock(parent); 971 972 if (bt_sk(parent)->defer_setup) 973 parent->sk_state_change(parent); 974 975 return result; 976 } 977 978 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 979 { 980 struct sock *sk; 981 struct hlist_node *node; 982 983 read_lock_bh(&rfcomm_sk_list.lock); 984 985 sk_for_each(sk, node, &rfcomm_sk_list.head) { 986 seq_printf(f, "%s %s %d %d\n", 987 batostr(&bt_sk(sk)->src), 988 batostr(&bt_sk(sk)->dst), 989 sk->sk_state, rfcomm_pi(sk)->channel); 990 } 991 992 read_unlock_bh(&rfcomm_sk_list.lock); 993 994 return 0; 995 } 996 997 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file) 998 { 999 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private); 1000 } 1001 1002 static const struct file_operations rfcomm_sock_debugfs_fops = { 1003 .open = rfcomm_sock_debugfs_open, 1004 .read = seq_read, 1005 .llseek = seq_lseek, 1006 .release = single_release, 1007 }; 1008 1009 static struct dentry *rfcomm_sock_debugfs; 1010 1011 static const struct proto_ops rfcomm_sock_ops = { 1012 .family = PF_BLUETOOTH, 1013 .owner = THIS_MODULE, 1014 .release = rfcomm_sock_release, 1015 .bind = rfcomm_sock_bind, 1016 .connect = rfcomm_sock_connect, 1017 .listen = rfcomm_sock_listen, 1018 .accept = rfcomm_sock_accept, 1019 .getname = rfcomm_sock_getname, 1020 .sendmsg = rfcomm_sock_sendmsg, 1021 .recvmsg = rfcomm_sock_recvmsg, 1022 .shutdown = rfcomm_sock_shutdown, 1023 .setsockopt = rfcomm_sock_setsockopt, 1024 .getsockopt = rfcomm_sock_getsockopt, 1025 .ioctl = rfcomm_sock_ioctl, 1026 .poll = bt_sock_poll, 1027 .socketpair = sock_no_socketpair, 1028 .mmap = sock_no_mmap 1029 }; 1030 1031 static const struct net_proto_family rfcomm_sock_family_ops = { 1032 .family = PF_BLUETOOTH, 1033 .owner = THIS_MODULE, 1034 .create = rfcomm_sock_create 1035 }; 1036 1037 int __init rfcomm_init_sockets(void) 1038 { 1039 int err; 1040 1041 err = proto_register(&rfcomm_proto, 0); 1042 if (err < 0) 1043 return err; 1044 1045 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1046 if (err < 0) 1047 goto error; 1048 1049 if (bt_debugfs) { 1050 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1051 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops); 1052 if (!rfcomm_sock_debugfs) 1053 BT_ERR("Failed to create RFCOMM debug file"); 1054 } 1055 1056 BT_INFO("RFCOMM socket layer initialized"); 1057 1058 return 0; 1059 1060 error: 1061 BT_ERR("RFCOMM socket layer registration failed"); 1062 proto_unregister(&rfcomm_proto); 1063 return err; 1064 } 1065 1066 void __exit rfcomm_cleanup_sockets(void) 1067 { 1068 debugfs_remove(rfcomm_sock_debugfs); 1069 1070 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1071 BT_ERR("RFCOMM socket layer unregistration failed"); 1072 1073 proto_unregister(&rfcomm_proto); 1074 } 1075