tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
26 */
27
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
45#include <linux/security.h>
46#include <net/sock.h>
47
48#include <linux/uaccess.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/l2cap.h>
53#include <net/bluetooth/rfcomm.h>
54
55static const struct proto_ops rfcomm_sock_ops;
56
57static struct bt_sock_list rfcomm_sk_list = {
58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
59};
60
61static void rfcomm_sock_close(struct sock *sk);
62static void rfcomm_sock_kill(struct sock *sk);
63
64/* ---- DLC callbacks ----
65 *
66 * called under rfcomm_dlc_lock()
67 */
68static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
69{
70 struct sock *sk = d->owner;
71 if (!sk)
72 return;
73
74 atomic_add(skb->len, &sk->sk_rmem_alloc);
75 skb_queue_tail(&sk->sk_receive_queue, skb);
76 sk->sk_data_ready(sk, skb->len);
77
78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
79 rfcomm_dlc_throttle(d);
80}
81
82static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
83{
84 struct sock *sk = d->owner, *parent;
85 unsigned long flags;
86
87 if (!sk)
88 return;
89
90 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
91
92 local_irq_save(flags);
93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
114 local_irq_restore(flags);
115
116 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
117 /* We have to drop DLC lock here, otherwise
118 * rfcomm_sock_destruct() will dead lock. */
119 rfcomm_dlc_unlock(d);
120 rfcomm_sock_kill(sk);
121 rfcomm_dlc_lock(d);
122 }
123}
124
125/* ---- Socket functions ---- */
126static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
127{
128 struct sock *sk = NULL;
129 struct hlist_node *node;
130
131 sk_for_each(sk, node, &rfcomm_sk_list.head) {
132 if (rfcomm_pi(sk)->channel == channel &&
133 !bacmp(&bt_sk(sk)->src, src))
134 break;
135 }
136
137 return node ? sk : NULL;
138}
139
140/* Find socket with channel and source bdaddr.
141 * Returns closest match.
142 */
143static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144{
145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node;
147
148 read_lock(&rfcomm_sk_list.lock);
149
150 sk_for_each(sk, node, &rfcomm_sk_list.head) {
151 if (state && sk->sk_state != state)
152 continue;
153
154 if (rfcomm_pi(sk)->channel == channel) {
155 /* Exact match. */
156 if (!bacmp(&bt_sk(sk)->src, src))
157 break;
158
159 /* Closest match */
160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
161 sk1 = sk;
162 }
163 }
164
165 read_unlock(&rfcomm_sk_list.lock);
166
167 return node ? sk : sk1;
168}
169
170static void rfcomm_sock_destruct(struct sock *sk)
171{
172 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
173
174 BT_DBG("sk %p dlc %p", sk, d);
175
176 skb_queue_purge(&sk->sk_receive_queue);
177 skb_queue_purge(&sk->sk_write_queue);
178
179 rfcomm_dlc_lock(d);
180 rfcomm_pi(sk)->dlc = NULL;
181
182 /* Detach DLC if it's owned by this socket */
183 if (d->owner == sk)
184 d->owner = NULL;
185 rfcomm_dlc_unlock(d);
186
187 rfcomm_dlc_put(d);
188}
189
190static void rfcomm_sock_cleanup_listen(struct sock *parent)
191{
192 struct sock *sk;
193
194 BT_DBG("parent %p", parent);
195
196 /* Close not yet accepted dlcs */
197 while ((sk = bt_accept_dequeue(parent, NULL))) {
198 rfcomm_sock_close(sk);
199 rfcomm_sock_kill(sk);
200 }
201
202 parent->sk_state = BT_CLOSED;
203 sock_set_flag(parent, SOCK_ZAPPED);
204}
205
206/* Kill socket (only if zapped and orphan)
207 * Must be called on unlocked socket.
208 */
209static void rfcomm_sock_kill(struct sock *sk)
210{
211 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
212 return;
213
214 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
215
216 /* Kill poor orphan */
217 bt_sock_unlink(&rfcomm_sk_list, sk);
218 sock_set_flag(sk, SOCK_DEAD);
219 sock_put(sk);
220}
221
222static void __rfcomm_sock_close(struct sock *sk)
223{
224 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
225
226 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
227
228 switch (sk->sk_state) {
229 case BT_LISTEN:
230 rfcomm_sock_cleanup_listen(sk);
231 break;
232
233 case BT_CONNECT:
234 case BT_CONNECT2:
235 case BT_CONFIG:
236 case BT_CONNECTED:
237 rfcomm_dlc_close(d, 0);
238
239 default:
240 sock_set_flag(sk, SOCK_ZAPPED);
241 break;
242 }
243}
244
245/* Close socket.
246 * Must be called on unlocked socket.
247 */
248static void rfcomm_sock_close(struct sock *sk)
249{
250 lock_sock(sk);
251 __rfcomm_sock_close(sk);
252 release_sock(sk);
253}
254
255static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
256{
257 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
258
259 BT_DBG("sk %p", sk);
260
261 if (parent) {
262 sk->sk_type = parent->sk_type;
263 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
264
265 pi->sec_level = rfcomm_pi(parent)->sec_level;
266 pi->role_switch = rfcomm_pi(parent)->role_switch;
267
268 security_sk_clone(parent, sk);
269 } else {
270 pi->dlc->defer_setup = 0;
271
272 pi->sec_level = BT_SECURITY_LOW;
273 pi->role_switch = 0;
274 }
275
276 pi->dlc->sec_level = pi->sec_level;
277 pi->dlc->role_switch = pi->role_switch;
278}
279
280static struct proto rfcomm_proto = {
281 .name = "RFCOMM",
282 .owner = THIS_MODULE,
283 .obj_size = sizeof(struct rfcomm_pinfo)
284};
285
286static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
287{
288 struct rfcomm_dlc *d;
289 struct sock *sk;
290
291 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
292 if (!sk)
293 return NULL;
294
295 sock_init_data(sock, sk);
296 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
297
298 d = rfcomm_dlc_alloc(prio);
299 if (!d) {
300 sk_free(sk);
301 return NULL;
302 }
303
304 d->data_ready = rfcomm_sk_data_ready;
305 d->state_change = rfcomm_sk_state_change;
306
307 rfcomm_pi(sk)->dlc = d;
308 d->owner = sk;
309
310 sk->sk_destruct = rfcomm_sock_destruct;
311 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
312
313 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
314 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
315
316 sock_reset_flag(sk, SOCK_ZAPPED);
317
318 sk->sk_protocol = proto;
319 sk->sk_state = BT_OPEN;
320
321 bt_sock_link(&rfcomm_sk_list, sk);
322
323 BT_DBG("sk %p", sk);
324 return sk;
325}
326
327static int rfcomm_sock_create(struct net *net, struct socket *sock,
328 int protocol, int kern)
329{
330 struct sock *sk;
331
332 BT_DBG("sock %p", sock);
333
334 sock->state = SS_UNCONNECTED;
335
336 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
337 return -ESOCKTNOSUPPORT;
338
339 sock->ops = &rfcomm_sock_ops;
340
341 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
342 if (!sk)
343 return -ENOMEM;
344
345 rfcomm_sock_init(sk, NULL);
346 return 0;
347}
348
349static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
350{
351 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
352 struct sock *sk = sock->sk;
353 int err = 0;
354
355 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
356
357 if (!addr || addr->sa_family != AF_BLUETOOTH)
358 return -EINVAL;
359
360 lock_sock(sk);
361
362 if (sk->sk_state != BT_OPEN) {
363 err = -EBADFD;
364 goto done;
365 }
366
367 if (sk->sk_type != SOCK_STREAM) {
368 err = -EINVAL;
369 goto done;
370 }
371
372 write_lock(&rfcomm_sk_list.lock);
373
374 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
375 err = -EADDRINUSE;
376 } else {
377 /* Save source address */
378 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
379 rfcomm_pi(sk)->channel = sa->rc_channel;
380 sk->sk_state = BT_BOUND;
381 }
382
383 write_unlock(&rfcomm_sk_list.lock);
384
385done:
386 release_sock(sk);
387 return err;
388}
389
390static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
391{
392 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
393 struct sock *sk = sock->sk;
394 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
395 int err = 0;
396
397 BT_DBG("sk %p", sk);
398
399 if (alen < sizeof(struct sockaddr_rc) ||
400 addr->sa_family != AF_BLUETOOTH)
401 return -EINVAL;
402
403 lock_sock(sk);
404
405 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
406 err = -EBADFD;
407 goto done;
408 }
409
410 if (sk->sk_type != SOCK_STREAM) {
411 err = -EINVAL;
412 goto done;
413 }
414
415 sk->sk_state = BT_CONNECT;
416 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
417 rfcomm_pi(sk)->channel = sa->rc_channel;
418
419 d->sec_level = rfcomm_pi(sk)->sec_level;
420 d->role_switch = rfcomm_pi(sk)->role_switch;
421
422 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
423 if (!err)
424 err = bt_sock_wait_state(sk, BT_CONNECTED,
425 sock_sndtimeo(sk, flags & O_NONBLOCK));
426
427done:
428 release_sock(sk);
429 return err;
430}
431
432static int rfcomm_sock_listen(struct socket *sock, int backlog)
433{
434 struct sock *sk = sock->sk;
435 int err = 0;
436
437 BT_DBG("sk %p backlog %d", sk, backlog);
438
439 lock_sock(sk);
440
441 if (sk->sk_state != BT_BOUND) {
442 err = -EBADFD;
443 goto done;
444 }
445
446 if (sk->sk_type != SOCK_STREAM) {
447 err = -EINVAL;
448 goto done;
449 }
450
451 if (!rfcomm_pi(sk)->channel) {
452 bdaddr_t *src = &bt_sk(sk)->src;
453 u8 channel;
454
455 err = -EINVAL;
456
457 write_lock(&rfcomm_sk_list.lock);
458
459 for (channel = 1; channel < 31; channel++)
460 if (!__rfcomm_get_sock_by_addr(channel, src)) {
461 rfcomm_pi(sk)->channel = channel;
462 err = 0;
463 break;
464 }
465
466 write_unlock(&rfcomm_sk_list.lock);
467
468 if (err < 0)
469 goto done;
470 }
471
472 sk->sk_max_ack_backlog = backlog;
473 sk->sk_ack_backlog = 0;
474 sk->sk_state = BT_LISTEN;
475
476done:
477 release_sock(sk);
478 return err;
479}
480
481static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
482{
483 DECLARE_WAITQUEUE(wait, current);
484 struct sock *sk = sock->sk, *nsk;
485 long timeo;
486 int err = 0;
487
488 lock_sock(sk);
489
490 if (sk->sk_type != SOCK_STREAM) {
491 err = -EINVAL;
492 goto done;
493 }
494
495 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
496
497 BT_DBG("sk %p timeo %ld", sk, timeo);
498
499 /* Wait for an incoming connection. (wake-one). */
500 add_wait_queue_exclusive(sk_sleep(sk), &wait);
501 while (1) {
502 set_current_state(TASK_INTERRUPTIBLE);
503
504 if (sk->sk_state != BT_LISTEN) {
505 err = -EBADFD;
506 break;
507 }
508
509 nsk = bt_accept_dequeue(sk, newsock);
510 if (nsk)
511 break;
512
513 if (!timeo) {
514 err = -EAGAIN;
515 break;
516 }
517
518 if (signal_pending(current)) {
519 err = sock_intr_errno(timeo);
520 break;
521 }
522
523 release_sock(sk);
524 timeo = schedule_timeout(timeo);
525 lock_sock(sk);
526 }
527 __set_current_state(TASK_RUNNING);
528 remove_wait_queue(sk_sleep(sk), &wait);
529
530 if (err)
531 goto done;
532
533 newsock->state = SS_CONNECTED;
534
535 BT_DBG("new socket %p", nsk);
536
537done:
538 release_sock(sk);
539 return err;
540}
541
542static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
543{
544 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
545 struct sock *sk = sock->sk;
546
547 BT_DBG("sock %p, sk %p", sock, sk);
548
549 sa->rc_family = AF_BLUETOOTH;
550 sa->rc_channel = rfcomm_pi(sk)->channel;
551 if (peer)
552 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
553 else
554 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
555
556 *len = sizeof(struct sockaddr_rc);
557 return 0;
558}
559
560static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
561 struct msghdr *msg, size_t len)
562{
563 struct sock *sk = sock->sk;
564 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
565 struct sk_buff *skb;
566 int sent = 0;
567
568 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
569 return -ENOTCONN;
570
571 if (msg->msg_flags & MSG_OOB)
572 return -EOPNOTSUPP;
573
574 if (sk->sk_shutdown & SEND_SHUTDOWN)
575 return -EPIPE;
576
577 BT_DBG("sock %p, sk %p", sock, sk);
578
579 lock_sock(sk);
580
581 while (len) {
582 size_t size = min_t(size_t, len, d->mtu);
583 int err;
584
585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
586 msg->msg_flags & MSG_DONTWAIT, &err);
587 if (!skb) {
588 if (sent == 0)
589 sent = err;
590 break;
591 }
592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
593
594 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
595 if (err) {
596 kfree_skb(skb);
597 if (sent == 0)
598 sent = err;
599 break;
600 }
601
602 skb->priority = sk->sk_priority;
603
604 err = rfcomm_dlc_send(d, skb);
605 if (err < 0) {
606 kfree_skb(skb);
607 if (sent == 0)
608 sent = err;
609 break;
610 }
611
612 sent += size;
613 len -= size;
614 }
615
616 release_sock(sk);
617
618 return sent;
619}
620
621static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
622 struct msghdr *msg, size_t size, int flags)
623{
624 struct sock *sk = sock->sk;
625 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
626 int len;
627
628 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
629 rfcomm_dlc_accept(d);
630 return 0;
631 }
632
633 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
634
635 lock_sock(sk);
636 if (!(flags & MSG_PEEK) && len > 0)
637 atomic_sub(len, &sk->sk_rmem_alloc);
638
639 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
640 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
641 release_sock(sk);
642
643 return len;
644}
645
646static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
647{
648 struct sock *sk = sock->sk;
649 int err = 0;
650 u32 opt;
651
652 BT_DBG("sk %p", sk);
653
654 lock_sock(sk);
655
656 switch (optname) {
657 case RFCOMM_LM:
658 if (get_user(opt, (u32 __user *) optval)) {
659 err = -EFAULT;
660 break;
661 }
662
663 if (opt & RFCOMM_LM_AUTH)
664 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
665 if (opt & RFCOMM_LM_ENCRYPT)
666 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
667 if (opt & RFCOMM_LM_SECURE)
668 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
669
670 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
671 break;
672
673 default:
674 err = -ENOPROTOOPT;
675 break;
676 }
677
678 release_sock(sk);
679 return err;
680}
681
682static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
683{
684 struct sock *sk = sock->sk;
685 struct bt_security sec;
686 int err = 0;
687 size_t len;
688 u32 opt;
689
690 BT_DBG("sk %p", sk);
691
692 if (level == SOL_RFCOMM)
693 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
694
695 if (level != SOL_BLUETOOTH)
696 return -ENOPROTOOPT;
697
698 lock_sock(sk);
699
700 switch (optname) {
701 case BT_SECURITY:
702 if (sk->sk_type != SOCK_STREAM) {
703 err = -EINVAL;
704 break;
705 }
706
707 sec.level = BT_SECURITY_LOW;
708
709 len = min_t(unsigned int, sizeof(sec), optlen);
710 if (copy_from_user((char *) &sec, optval, len)) {
711 err = -EFAULT;
712 break;
713 }
714
715 if (sec.level > BT_SECURITY_HIGH) {
716 err = -EINVAL;
717 break;
718 }
719
720 rfcomm_pi(sk)->sec_level = sec.level;
721 break;
722
723 case BT_DEFER_SETUP:
724 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
725 err = -EINVAL;
726 break;
727 }
728
729 if (get_user(opt, (u32 __user *) optval)) {
730 err = -EFAULT;
731 break;
732 }
733
734 bt_sk(sk)->defer_setup = opt;
735 break;
736
737 default:
738 err = -ENOPROTOOPT;
739 break;
740 }
741
742 release_sock(sk);
743 return err;
744}
745
746static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
747{
748 struct sock *sk = sock->sk;
749 struct rfcomm_conninfo cinfo;
750 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
751 int len, err = 0;
752 u32 opt;
753
754 BT_DBG("sk %p", sk);
755
756 if (get_user(len, optlen))
757 return -EFAULT;
758
759 lock_sock(sk);
760
761 switch (optname) {
762 case RFCOMM_LM:
763 switch (rfcomm_pi(sk)->sec_level) {
764 case BT_SECURITY_LOW:
765 opt = RFCOMM_LM_AUTH;
766 break;
767 case BT_SECURITY_MEDIUM:
768 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
769 break;
770 case BT_SECURITY_HIGH:
771 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
772 RFCOMM_LM_SECURE;
773 break;
774 default:
775 opt = 0;
776 break;
777 }
778
779 if (rfcomm_pi(sk)->role_switch)
780 opt |= RFCOMM_LM_MASTER;
781
782 if (put_user(opt, (u32 __user *) optval))
783 err = -EFAULT;
784 break;
785
786 case RFCOMM_CONNINFO:
787 if (sk->sk_state != BT_CONNECTED &&
788 !rfcomm_pi(sk)->dlc->defer_setup) {
789 err = -ENOTCONN;
790 break;
791 }
792
793 memset(&cinfo, 0, sizeof(cinfo));
794 cinfo.hci_handle = conn->hcon->handle;
795 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
796
797 len = min_t(unsigned int, len, sizeof(cinfo));
798 if (copy_to_user(optval, (char *) &cinfo, len))
799 err = -EFAULT;
800
801 break;
802
803 default:
804 err = -ENOPROTOOPT;
805 break;
806 }
807
808 release_sock(sk);
809 return err;
810}
811
812static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
813{
814 struct sock *sk = sock->sk;
815 struct bt_security sec;
816 int len, err = 0;
817
818 BT_DBG("sk %p", sk);
819
820 if (level == SOL_RFCOMM)
821 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
822
823 if (level != SOL_BLUETOOTH)
824 return -ENOPROTOOPT;
825
826 if (get_user(len, optlen))
827 return -EFAULT;
828
829 lock_sock(sk);
830
831 switch (optname) {
832 case BT_SECURITY:
833 if (sk->sk_type != SOCK_STREAM) {
834 err = -EINVAL;
835 break;
836 }
837
838 sec.level = rfcomm_pi(sk)->sec_level;
839
840 len = min_t(unsigned int, len, sizeof(sec));
841 if (copy_to_user(optval, (char *) &sec, len))
842 err = -EFAULT;
843
844 break;
845
846 case BT_DEFER_SETUP:
847 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
848 err = -EINVAL;
849 break;
850 }
851
852 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
853 err = -EFAULT;
854
855 break;
856
857 default:
858 err = -ENOPROTOOPT;
859 break;
860 }
861
862 release_sock(sk);
863 return err;
864}
865
866static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
867{
868 struct sock *sk __maybe_unused = sock->sk;
869 int err;
870
871 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
872
873 err = bt_sock_ioctl(sock, cmd, arg);
874
875 if (err == -ENOIOCTLCMD) {
876#ifdef CONFIG_BT_RFCOMM_TTY
877 lock_sock(sk);
878 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
879 release_sock(sk);
880#else
881 err = -EOPNOTSUPP;
882#endif
883 }
884
885 return err;
886}
887
888static int rfcomm_sock_shutdown(struct socket *sock, int how)
889{
890 struct sock *sk = sock->sk;
891 int err = 0;
892
893 BT_DBG("sock %p, sk %p", sock, sk);
894
895 if (!sk)
896 return 0;
897
898 lock_sock(sk);
899 if (!sk->sk_shutdown) {
900 sk->sk_shutdown = SHUTDOWN_MASK;
901 __rfcomm_sock_close(sk);
902
903 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
904 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
905 }
906 release_sock(sk);
907 return err;
908}
909
910static int rfcomm_sock_release(struct socket *sock)
911{
912 struct sock *sk = sock->sk;
913 int err;
914
915 BT_DBG("sock %p, sk %p", sock, sk);
916
917 if (!sk)
918 return 0;
919
920 err = rfcomm_sock_shutdown(sock, 2);
921
922 sock_orphan(sk);
923 rfcomm_sock_kill(sk);
924 return err;
925}
926
927/* ---- RFCOMM core layer callbacks ----
928 *
929 * called under rfcomm_lock()
930 */
931int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
932{
933 struct sock *sk, *parent;
934 bdaddr_t src, dst;
935 int result = 0;
936
937 BT_DBG("session %p channel %d", s, channel);
938
939 rfcomm_session_getaddr(s, &src, &dst);
940
941 /* Check if we have socket listening on channel */
942 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
943 if (!parent)
944 return 0;
945
946 bh_lock_sock(parent);
947
948 /* Check for backlog size */
949 if (sk_acceptq_is_full(parent)) {
950 BT_DBG("backlog full %d", parent->sk_ack_backlog);
951 goto done;
952 }
953
954 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
955 if (!sk)
956 goto done;
957
958 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
959
960 rfcomm_sock_init(sk, parent);
961 bacpy(&bt_sk(sk)->src, &src);
962 bacpy(&bt_sk(sk)->dst, &dst);
963 rfcomm_pi(sk)->channel = channel;
964
965 sk->sk_state = BT_CONFIG;
966 bt_accept_enqueue(parent, sk);
967
968 /* Accept connection and return socket DLC */
969 *d = rfcomm_pi(sk)->dlc;
970 result = 1;
971
972done:
973 bh_unlock_sock(parent);
974
975 if (bt_sk(parent)->defer_setup)
976 parent->sk_state_change(parent);
977
978 return result;
979}
980
981static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
982{
983 struct sock *sk;
984 struct hlist_node *node;
985
986 read_lock(&rfcomm_sk_list.lock);
987
988 sk_for_each(sk, node, &rfcomm_sk_list.head) {
989 seq_printf(f, "%s %s %d %d\n",
990 batostr(&bt_sk(sk)->src),
991 batostr(&bt_sk(sk)->dst),
992 sk->sk_state, rfcomm_pi(sk)->channel);
993 }
994
995 read_unlock(&rfcomm_sk_list.lock);
996
997 return 0;
998}
999
1000static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1001{
1002 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1003}
1004
1005static const struct file_operations rfcomm_sock_debugfs_fops = {
1006 .open = rfcomm_sock_debugfs_open,
1007 .read = seq_read,
1008 .llseek = seq_lseek,
1009 .release = single_release,
1010};
1011
1012static struct dentry *rfcomm_sock_debugfs;
1013
1014static const struct proto_ops rfcomm_sock_ops = {
1015 .family = PF_BLUETOOTH,
1016 .owner = THIS_MODULE,
1017 .release = rfcomm_sock_release,
1018 .bind = rfcomm_sock_bind,
1019 .connect = rfcomm_sock_connect,
1020 .listen = rfcomm_sock_listen,
1021 .accept = rfcomm_sock_accept,
1022 .getname = rfcomm_sock_getname,
1023 .sendmsg = rfcomm_sock_sendmsg,
1024 .recvmsg = rfcomm_sock_recvmsg,
1025 .shutdown = rfcomm_sock_shutdown,
1026 .setsockopt = rfcomm_sock_setsockopt,
1027 .getsockopt = rfcomm_sock_getsockopt,
1028 .ioctl = rfcomm_sock_ioctl,
1029 .poll = bt_sock_poll,
1030 .socketpair = sock_no_socketpair,
1031 .mmap = sock_no_mmap
1032};
1033
1034static const struct net_proto_family rfcomm_sock_family_ops = {
1035 .family = PF_BLUETOOTH,
1036 .owner = THIS_MODULE,
1037 .create = rfcomm_sock_create
1038};
1039
1040int __init rfcomm_init_sockets(void)
1041{
1042 int err;
1043
1044 err = proto_register(&rfcomm_proto, 0);
1045 if (err < 0)
1046 return err;
1047
1048 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1049 if (err < 0)
1050 goto error;
1051
1052 if (bt_debugfs) {
1053 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1054 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1055 if (!rfcomm_sock_debugfs)
1056 BT_ERR("Failed to create RFCOMM debug file");
1057 }
1058
1059 BT_INFO("RFCOMM socket layer initialized");
1060
1061 return 0;
1062
1063error:
1064 BT_ERR("RFCOMM socket layer registration failed");
1065 proto_unregister(&rfcomm_proto);
1066 return err;
1067}
1068
1069void __exit rfcomm_cleanup_sockets(void)
1070{
1071 debugfs_remove(rfcomm_sock_debugfs);
1072
1073 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1074 BT_ERR("RFCOMM socket layer unregistration failed");
1075
1076 proto_unregister(&rfcomm_proto);
1077}