1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM sockets.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/debugfs.h>
44 #include <linux/seq_file.h>
45 #include <net/sock.h>
46
47 #include <asm/system.h>
48 #include <linux/uaccess.h>
49
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
52 #include <net/bluetooth/l2cap.h>
53 #include <net/bluetooth/rfcomm.h>
54
55 static const struct proto_ops rfcomm_sock_ops;
56
57 static struct bt_sock_list rfcomm_sk_list = {
58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
59 };
60
61 static void rfcomm_sock_close(struct sock *sk);
62 static void rfcomm_sock_kill(struct sock *sk);
63
64 /* ---- DLC callbacks ----
65 *
66 * called under rfcomm_dlc_lock()
67 */
rfcomm_sk_data_ready(struct rfcomm_dlc * d,struct sk_buff * skb)68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
69 {
70 struct sock *sk = d->owner;
71 if (!sk)
72 return;
73
74 atomic_add(skb->len, &sk->sk_rmem_alloc);
75 skb_queue_tail(&sk->sk_receive_queue, skb);
76 sk->sk_data_ready(sk, skb->len);
77
78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
79 rfcomm_dlc_throttle(d);
80 }
81
rfcomm_sk_state_change(struct rfcomm_dlc * d,int err)82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
83 {
84 struct sock *sk = d->owner, *parent;
85 unsigned long flags;
86
87 if (!sk)
88 return;
89
90 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
91
92 local_irq_save(flags);
93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
114 local_irq_restore(flags);
115
116 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
117 /* We have to drop DLC lock here, otherwise
118 * rfcomm_sock_destruct() will dead lock. */
119 rfcomm_dlc_unlock(d);
120 rfcomm_sock_kill(sk);
121 rfcomm_dlc_lock(d);
122 }
123 }
124
125 /* ---- Socket functions ---- */
__rfcomm_get_sock_by_addr(u8 channel,bdaddr_t * src)126 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
127 {
128 struct sock *sk = NULL;
129 struct hlist_node *node;
130
131 sk_for_each(sk, node, &rfcomm_sk_list.head) {
132 if (rfcomm_pi(sk)->channel == channel &&
133 !bacmp(&bt_sk(sk)->src, src))
134 break;
135 }
136
137 return node ? sk : NULL;
138 }
139
140 /* Find socket with channel and source bdaddr.
141 * Returns closest match.
142 */
rfcomm_get_sock_by_channel(int state,u8 channel,bdaddr_t * src)143 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144 {
145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node;
147
148 read_lock(&rfcomm_sk_list.lock);
149
150 sk_for_each(sk, node, &rfcomm_sk_list.head) {
151 if (state && sk->sk_state != state)
152 continue;
153
154 if (rfcomm_pi(sk)->channel == channel) {
155 /* Exact match. */
156 if (!bacmp(&bt_sk(sk)->src, src))
157 break;
158
159 /* Closest match */
160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
161 sk1 = sk;
162 }
163 }
164
165 read_unlock(&rfcomm_sk_list.lock);
166
167 return node ? sk : sk1;
168 }
169
rfcomm_sock_destruct(struct sock * sk)170 static void rfcomm_sock_destruct(struct sock *sk)
171 {
172 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
173
174 BT_DBG("sk %p dlc %p", sk, d);
175
176 skb_queue_purge(&sk->sk_receive_queue);
177 skb_queue_purge(&sk->sk_write_queue);
178
179 rfcomm_dlc_lock(d);
180 rfcomm_pi(sk)->dlc = NULL;
181
182 /* Detach DLC if it's owned by this socket */
183 if (d->owner == sk)
184 d->owner = NULL;
185 rfcomm_dlc_unlock(d);
186
187 rfcomm_dlc_put(d);
188 }
189
rfcomm_sock_cleanup_listen(struct sock * parent)190 static void rfcomm_sock_cleanup_listen(struct sock *parent)
191 {
192 struct sock *sk;
193
194 BT_DBG("parent %p", parent);
195
196 /* Close not yet accepted dlcs */
197 while ((sk = bt_accept_dequeue(parent, NULL))) {
198 rfcomm_sock_close(sk);
199 rfcomm_sock_kill(sk);
200 }
201
202 parent->sk_state = BT_CLOSED;
203 sock_set_flag(parent, SOCK_ZAPPED);
204 }
205
206 /* Kill socket (only if zapped and orphan)
207 * Must be called on unlocked socket.
208 */
rfcomm_sock_kill(struct sock * sk)209 static void rfcomm_sock_kill(struct sock *sk)
210 {
211 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
212 return;
213
214 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
215
216 /* Kill poor orphan */
217 bt_sock_unlink(&rfcomm_sk_list, sk);
218 sock_set_flag(sk, SOCK_DEAD);
219 sock_put(sk);
220 }
221
__rfcomm_sock_close(struct sock * sk)222 static void __rfcomm_sock_close(struct sock *sk)
223 {
224 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
225
226 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
227
228 switch (sk->sk_state) {
229 case BT_LISTEN:
230 rfcomm_sock_cleanup_listen(sk);
231 break;
232
233 case BT_CONNECT:
234 case BT_CONNECT2:
235 case BT_CONFIG:
236 case BT_CONNECTED:
237 rfcomm_dlc_close(d, 0);
238
239 default:
240 sock_set_flag(sk, SOCK_ZAPPED);
241 break;
242 }
243 }
244
245 /* Close socket.
246 * Must be called on unlocked socket.
247 */
rfcomm_sock_close(struct sock * sk)248 static void rfcomm_sock_close(struct sock *sk)
249 {
250 lock_sock(sk);
251 __rfcomm_sock_close(sk);
252 release_sock(sk);
253 }
254
rfcomm_sock_init(struct sock * sk,struct sock * parent)255 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
256 {
257 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
258
259 BT_DBG("sk %p", sk);
260
261 if (parent) {
262 sk->sk_type = parent->sk_type;
263 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
264
265 pi->sec_level = rfcomm_pi(parent)->sec_level;
266 pi->role_switch = rfcomm_pi(parent)->role_switch;
267 } else {
268 pi->dlc->defer_setup = 0;
269
270 pi->sec_level = BT_SECURITY_LOW;
271 pi->role_switch = 0;
272 }
273
274 pi->dlc->sec_level = pi->sec_level;
275 pi->dlc->role_switch = pi->role_switch;
276 }
277
278 static struct proto rfcomm_proto = {
279 .name = "RFCOMM",
280 .owner = THIS_MODULE,
281 .obj_size = sizeof(struct rfcomm_pinfo)
282 };
283
rfcomm_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio)284 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
285 {
286 struct rfcomm_dlc *d;
287 struct sock *sk;
288
289 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
290 if (!sk)
291 return NULL;
292
293 sock_init_data(sock, sk);
294 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
295
296 d = rfcomm_dlc_alloc(prio);
297 if (!d) {
298 sk_free(sk);
299 return NULL;
300 }
301
302 d->data_ready = rfcomm_sk_data_ready;
303 d->state_change = rfcomm_sk_state_change;
304
305 rfcomm_pi(sk)->dlc = d;
306 d->owner = sk;
307
308 sk->sk_destruct = rfcomm_sock_destruct;
309 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
310
311 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
312 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
313
314 sock_reset_flag(sk, SOCK_ZAPPED);
315
316 sk->sk_protocol = proto;
317 sk->sk_state = BT_OPEN;
318
319 bt_sock_link(&rfcomm_sk_list, sk);
320
321 BT_DBG("sk %p", sk);
322 return sk;
323 }
324
rfcomm_sock_create(struct net * net,struct socket * sock,int protocol,int kern)325 static int rfcomm_sock_create(struct net *net, struct socket *sock,
326 int protocol, int kern)
327 {
328 struct sock *sk;
329
330 BT_DBG("sock %p", sock);
331
332 sock->state = SS_UNCONNECTED;
333
334 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
335 return -ESOCKTNOSUPPORT;
336
337 sock->ops = &rfcomm_sock_ops;
338
339 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
340 if (!sk)
341 return -ENOMEM;
342
343 rfcomm_sock_init(sk, NULL);
344 return 0;
345 }
346
rfcomm_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)347 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
348 {
349 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
350 struct sock *sk = sock->sk;
351 int err = 0;
352
353 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
354
355 if (!addr || addr->sa_family != AF_BLUETOOTH)
356 return -EINVAL;
357
358 lock_sock(sk);
359
360 if (sk->sk_state != BT_OPEN) {
361 err = -EBADFD;
362 goto done;
363 }
364
365 if (sk->sk_type != SOCK_STREAM) {
366 err = -EINVAL;
367 goto done;
368 }
369
370 write_lock_bh(&rfcomm_sk_list.lock);
371
372 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
373 err = -EADDRINUSE;
374 } else {
375 /* Save source address */
376 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
377 rfcomm_pi(sk)->channel = sa->rc_channel;
378 sk->sk_state = BT_BOUND;
379 }
380
381 write_unlock_bh(&rfcomm_sk_list.lock);
382
383 done:
384 release_sock(sk);
385 return err;
386 }
387
rfcomm_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)388 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
389 {
390 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
391 struct sock *sk = sock->sk;
392 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
393 int err = 0;
394
395 BT_DBG("sk %p", sk);
396
397 if (alen < sizeof(struct sockaddr_rc) ||
398 addr->sa_family != AF_BLUETOOTH)
399 return -EINVAL;
400
401 lock_sock(sk);
402
403 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
404 err = -EBADFD;
405 goto done;
406 }
407
408 if (sk->sk_type != SOCK_STREAM) {
409 err = -EINVAL;
410 goto done;
411 }
412
413 sk->sk_state = BT_CONNECT;
414 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
415 rfcomm_pi(sk)->channel = sa->rc_channel;
416
417 d->sec_level = rfcomm_pi(sk)->sec_level;
418 d->role_switch = rfcomm_pi(sk)->role_switch;
419
420 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
421 if (!err)
422 err = bt_sock_wait_state(sk, BT_CONNECTED,
423 sock_sndtimeo(sk, flags & O_NONBLOCK));
424
425 done:
426 release_sock(sk);
427 return err;
428 }
429
rfcomm_sock_listen(struct socket * sock,int backlog)430 static int rfcomm_sock_listen(struct socket *sock, int backlog)
431 {
432 struct sock *sk = sock->sk;
433 int err = 0;
434
435 BT_DBG("sk %p backlog %d", sk, backlog);
436
437 lock_sock(sk);
438
439 if (sk->sk_state != BT_BOUND) {
440 err = -EBADFD;
441 goto done;
442 }
443
444 if (sk->sk_type != SOCK_STREAM) {
445 err = -EINVAL;
446 goto done;
447 }
448
449 if (!rfcomm_pi(sk)->channel) {
450 bdaddr_t *src = &bt_sk(sk)->src;
451 u8 channel;
452
453 err = -EINVAL;
454
455 write_lock_bh(&rfcomm_sk_list.lock);
456
457 for (channel = 1; channel < 31; channel++)
458 if (!__rfcomm_get_sock_by_addr(channel, src)) {
459 rfcomm_pi(sk)->channel = channel;
460 err = 0;
461 break;
462 }
463
464 write_unlock_bh(&rfcomm_sk_list.lock);
465
466 if (err < 0)
467 goto done;
468 }
469
470 sk->sk_max_ack_backlog = backlog;
471 sk->sk_ack_backlog = 0;
472 sk->sk_state = BT_LISTEN;
473
474 done:
475 release_sock(sk);
476 return err;
477 }
478
rfcomm_sock_accept(struct socket * sock,struct socket * newsock,int flags)479 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
480 {
481 DECLARE_WAITQUEUE(wait, current);
482 struct sock *sk = sock->sk, *nsk;
483 long timeo;
484 int err = 0;
485
486 lock_sock(sk);
487
488 if (sk->sk_state != BT_LISTEN) {
489 err = -EBADFD;
490 goto done;
491 }
492
493 if (sk->sk_type != SOCK_STREAM) {
494 err = -EINVAL;
495 goto done;
496 }
497
498 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
499
500 BT_DBG("sk %p timeo %ld", sk, timeo);
501
502 /* Wait for an incoming connection. (wake-one). */
503 add_wait_queue_exclusive(sk_sleep(sk), &wait);
504 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
505 set_current_state(TASK_INTERRUPTIBLE);
506 if (!timeo) {
507 err = -EAGAIN;
508 break;
509 }
510
511 release_sock(sk);
512 timeo = schedule_timeout(timeo);
513 lock_sock(sk);
514
515 if (sk->sk_state != BT_LISTEN) {
516 err = -EBADFD;
517 break;
518 }
519
520 if (signal_pending(current)) {
521 err = sock_intr_errno(timeo);
522 break;
523 }
524 }
525 set_current_state(TASK_RUNNING);
526 remove_wait_queue(sk_sleep(sk), &wait);
527
528 if (err)
529 goto done;
530
531 newsock->state = SS_CONNECTED;
532
533 BT_DBG("new socket %p", nsk);
534
535 done:
536 release_sock(sk);
537 return err;
538 }
539
rfcomm_sock_getname(struct socket * sock,struct sockaddr * addr,int * len,int peer)540 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
541 {
542 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
543 struct sock *sk = sock->sk;
544
545 BT_DBG("sock %p, sk %p", sock, sk);
546
547 sa->rc_family = AF_BLUETOOTH;
548 sa->rc_channel = rfcomm_pi(sk)->channel;
549 if (peer)
550 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
551 else
552 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
553
554 *len = sizeof(struct sockaddr_rc);
555 return 0;
556 }
557
rfcomm_sock_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len)558 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
559 struct msghdr *msg, size_t len)
560 {
561 struct sock *sk = sock->sk;
562 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
563 struct sk_buff *skb;
564 int sent = 0;
565
566 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
567 return -ENOTCONN;
568
569 if (msg->msg_flags & MSG_OOB)
570 return -EOPNOTSUPP;
571
572 if (sk->sk_shutdown & SEND_SHUTDOWN)
573 return -EPIPE;
574
575 BT_DBG("sock %p, sk %p", sock, sk);
576
577 lock_sock(sk);
578
579 while (len) {
580 size_t size = min_t(size_t, len, d->mtu);
581 int err;
582
583 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
584 msg->msg_flags & MSG_DONTWAIT, &err);
585 if (!skb) {
586 if (sent == 0)
587 sent = err;
588 break;
589 }
590 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
591
592 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
593 if (err) {
594 kfree_skb(skb);
595 if (sent == 0)
596 sent = err;
597 break;
598 }
599
600 err = rfcomm_dlc_send(d, skb);
601 if (err < 0) {
602 kfree_skb(skb);
603 if (sent == 0)
604 sent = err;
605 break;
606 }
607
608 sent += size;
609 len -= size;
610 }
611
612 release_sock(sk);
613
614 return sent;
615 }
616
rfcomm_sock_recvmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t size,int flags)617 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
618 struct msghdr *msg, size_t size, int flags)
619 {
620 struct sock *sk = sock->sk;
621 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
622 int len;
623
624 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
625 rfcomm_dlc_accept(d);
626 return 0;
627 }
628
629 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
630
631 lock_sock(sk);
632 if (!(flags & MSG_PEEK) && len > 0)
633 atomic_sub(len, &sk->sk_rmem_alloc);
634
635 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
636 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
637 release_sock(sk);
638
639 return len;
640 }
641
rfcomm_sock_setsockopt_old(struct socket * sock,int optname,char __user * optval,unsigned int optlen)642 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
643 {
644 struct sock *sk = sock->sk;
645 int err = 0;
646 u32 opt;
647
648 BT_DBG("sk %p", sk);
649
650 lock_sock(sk);
651
652 switch (optname) {
653 case RFCOMM_LM:
654 if (get_user(opt, (u32 __user *) optval)) {
655 err = -EFAULT;
656 break;
657 }
658
659 if (opt & RFCOMM_LM_AUTH)
660 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
661 if (opt & RFCOMM_LM_ENCRYPT)
662 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
663 if (opt & RFCOMM_LM_SECURE)
664 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
665
666 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
667 break;
668
669 default:
670 err = -ENOPROTOOPT;
671 break;
672 }
673
674 release_sock(sk);
675 return err;
676 }
677
rfcomm_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)678 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
679 {
680 struct sock *sk = sock->sk;
681 struct bt_security sec;
682 int len, err = 0;
683 u32 opt;
684
685 BT_DBG("sk %p", sk);
686
687 if (level == SOL_RFCOMM)
688 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
689
690 if (level != SOL_BLUETOOTH)
691 return -ENOPROTOOPT;
692
693 lock_sock(sk);
694
695 switch (optname) {
696 case BT_SECURITY:
697 if (sk->sk_type != SOCK_STREAM) {
698 err = -EINVAL;
699 break;
700 }
701
702 sec.level = BT_SECURITY_LOW;
703
704 len = min_t(unsigned int, sizeof(sec), optlen);
705 if (copy_from_user((char *) &sec, optval, len)) {
706 err = -EFAULT;
707 break;
708 }
709
710 if (sec.level > BT_SECURITY_HIGH) {
711 err = -EINVAL;
712 break;
713 }
714
715 rfcomm_pi(sk)->sec_level = sec.level;
716 break;
717
718 case BT_DEFER_SETUP:
719 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
720 err = -EINVAL;
721 break;
722 }
723
724 if (get_user(opt, (u32 __user *) optval)) {
725 err = -EFAULT;
726 break;
727 }
728
729 bt_sk(sk)->defer_setup = opt;
730 break;
731
732 default:
733 err = -ENOPROTOOPT;
734 break;
735 }
736
737 release_sock(sk);
738 return err;
739 }
740
rfcomm_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)741 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
742 {
743 struct sock *sk = sock->sk;
744 struct sock *l2cap_sk;
745 struct rfcomm_conninfo cinfo;
746 int len, err = 0;
747 u32 opt;
748
749 BT_DBG("sk %p", sk);
750
751 if (get_user(len, optlen))
752 return -EFAULT;
753
754 lock_sock(sk);
755
756 switch (optname) {
757 case RFCOMM_LM:
758 switch (rfcomm_pi(sk)->sec_level) {
759 case BT_SECURITY_LOW:
760 opt = RFCOMM_LM_AUTH;
761 break;
762 case BT_SECURITY_MEDIUM:
763 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
764 break;
765 case BT_SECURITY_HIGH:
766 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
767 RFCOMM_LM_SECURE;
768 break;
769 default:
770 opt = 0;
771 break;
772 }
773
774 if (rfcomm_pi(sk)->role_switch)
775 opt |= RFCOMM_LM_MASTER;
776
777 if (put_user(opt, (u32 __user *) optval))
778 err = -EFAULT;
779 break;
780
781 case RFCOMM_CONNINFO:
782 if (sk->sk_state != BT_CONNECTED &&
783 !rfcomm_pi(sk)->dlc->defer_setup) {
784 err = -ENOTCONN;
785 break;
786 }
787
788 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
789
790 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
791 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
792
793 len = min_t(unsigned int, len, sizeof(cinfo));
794 if (copy_to_user(optval, (char *) &cinfo, len))
795 err = -EFAULT;
796
797 break;
798
799 default:
800 err = -ENOPROTOOPT;
801 break;
802 }
803
804 release_sock(sk);
805 return err;
806 }
807
rfcomm_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)808 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
809 {
810 struct sock *sk = sock->sk;
811 struct bt_security sec;
812 int len, err = 0;
813
814 BT_DBG("sk %p", sk);
815
816 if (level == SOL_RFCOMM)
817 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
818
819 if (level != SOL_BLUETOOTH)
820 return -ENOPROTOOPT;
821
822 if (get_user(len, optlen))
823 return -EFAULT;
824
825 lock_sock(sk);
826
827 switch (optname) {
828 case BT_SECURITY:
829 if (sk->sk_type != SOCK_STREAM) {
830 err = -EINVAL;
831 break;
832 }
833
834 sec.level = rfcomm_pi(sk)->sec_level;
835
836 len = min_t(unsigned int, len, sizeof(sec));
837 if (copy_to_user(optval, (char *) &sec, len))
838 err = -EFAULT;
839
840 break;
841
842 case BT_DEFER_SETUP:
843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
844 err = -EINVAL;
845 break;
846 }
847
848 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
849 err = -EFAULT;
850
851 break;
852
853 default:
854 err = -ENOPROTOOPT;
855 break;
856 }
857
858 release_sock(sk);
859 return err;
860 }
861
rfcomm_sock_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)862 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
863 {
864 struct sock *sk __maybe_unused = sock->sk;
865 int err;
866
867 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
868
869 err = bt_sock_ioctl(sock, cmd, arg);
870
871 if (err == -ENOIOCTLCMD) {
872 #ifdef CONFIG_BT_RFCOMM_TTY
873 lock_sock(sk);
874 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
875 release_sock(sk);
876 #else
877 err = -EOPNOTSUPP;
878 #endif
879 }
880
881 return err;
882 }
883
rfcomm_sock_shutdown(struct socket * sock,int how)884 static int rfcomm_sock_shutdown(struct socket *sock, int how)
885 {
886 struct sock *sk = sock->sk;
887 int err = 0;
888
889 BT_DBG("sock %p, sk %p", sock, sk);
890
891 if (!sk)
892 return 0;
893
894 lock_sock(sk);
895 if (!sk->sk_shutdown) {
896 sk->sk_shutdown = SHUTDOWN_MASK;
897 __rfcomm_sock_close(sk);
898
899 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
900 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
901 }
902 release_sock(sk);
903 return err;
904 }
905
rfcomm_sock_release(struct socket * sock)906 static int rfcomm_sock_release(struct socket *sock)
907 {
908 struct sock *sk = sock->sk;
909 int err;
910
911 BT_DBG("sock %p, sk %p", sock, sk);
912
913 if (!sk)
914 return 0;
915
916 err = rfcomm_sock_shutdown(sock, 2);
917
918 sock_orphan(sk);
919 rfcomm_sock_kill(sk);
920 return err;
921 }
922
923 /* ---- RFCOMM core layer callbacks ----
924 *
925 * called under rfcomm_lock()
926 */
rfcomm_connect_ind(struct rfcomm_session * s,u8 channel,struct rfcomm_dlc ** d)927 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
928 {
929 struct sock *sk, *parent;
930 bdaddr_t src, dst;
931 int result = 0;
932
933 BT_DBG("session %p channel %d", s, channel);
934
935 rfcomm_session_getaddr(s, &src, &dst);
936
937 /* Check if we have socket listening on channel */
938 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
939 if (!parent)
940 return 0;
941
942 bh_lock_sock(parent);
943
944 /* Check for backlog size */
945 if (sk_acceptq_is_full(parent)) {
946 BT_DBG("backlog full %d", parent->sk_ack_backlog);
947 goto done;
948 }
949
950 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
951 if (!sk)
952 goto done;
953
954 rfcomm_sock_init(sk, parent);
955 bacpy(&bt_sk(sk)->src, &src);
956 bacpy(&bt_sk(sk)->dst, &dst);
957 rfcomm_pi(sk)->channel = channel;
958
959 sk->sk_state = BT_CONFIG;
960 bt_accept_enqueue(parent, sk);
961
962 /* Accept connection and return socket DLC */
963 *d = rfcomm_pi(sk)->dlc;
964 result = 1;
965
966 done:
967 bh_unlock_sock(parent);
968
969 if (bt_sk(parent)->defer_setup)
970 parent->sk_state_change(parent);
971
972 return result;
973 }
974
rfcomm_sock_debugfs_show(struct seq_file * f,void * p)975 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
976 {
977 struct sock *sk;
978 struct hlist_node *node;
979
980 read_lock_bh(&rfcomm_sk_list.lock);
981
982 sk_for_each(sk, node, &rfcomm_sk_list.head) {
983 seq_printf(f, "%s %s %d %d\n",
984 batostr(&bt_sk(sk)->src),
985 batostr(&bt_sk(sk)->dst),
986 sk->sk_state, rfcomm_pi(sk)->channel);
987 }
988
989 read_unlock_bh(&rfcomm_sk_list.lock);
990
991 return 0;
992 }
993
rfcomm_sock_debugfs_open(struct inode * inode,struct file * file)994 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
995 {
996 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
997 }
998
999 static const struct file_operations rfcomm_sock_debugfs_fops = {
1000 .open = rfcomm_sock_debugfs_open,
1001 .read = seq_read,
1002 .llseek = seq_lseek,
1003 .release = single_release,
1004 };
1005
1006 static struct dentry *rfcomm_sock_debugfs;
1007
1008 static const struct proto_ops rfcomm_sock_ops = {
1009 .family = PF_BLUETOOTH,
1010 .owner = THIS_MODULE,
1011 .release = rfcomm_sock_release,
1012 .bind = rfcomm_sock_bind,
1013 .connect = rfcomm_sock_connect,
1014 .listen = rfcomm_sock_listen,
1015 .accept = rfcomm_sock_accept,
1016 .getname = rfcomm_sock_getname,
1017 .sendmsg = rfcomm_sock_sendmsg,
1018 .recvmsg = rfcomm_sock_recvmsg,
1019 .shutdown = rfcomm_sock_shutdown,
1020 .setsockopt = rfcomm_sock_setsockopt,
1021 .getsockopt = rfcomm_sock_getsockopt,
1022 .ioctl = rfcomm_sock_ioctl,
1023 .poll = bt_sock_poll,
1024 .socketpair = sock_no_socketpair,
1025 .mmap = sock_no_mmap
1026 };
1027
1028 static const struct net_proto_family rfcomm_sock_family_ops = {
1029 .family = PF_BLUETOOTH,
1030 .owner = THIS_MODULE,
1031 .create = rfcomm_sock_create
1032 };
1033
rfcomm_init_sockets(void)1034 int __init rfcomm_init_sockets(void)
1035 {
1036 int err;
1037
1038 err = proto_register(&rfcomm_proto, 0);
1039 if (err < 0)
1040 return err;
1041
1042 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1043 if (err < 0)
1044 goto error;
1045
1046 if (bt_debugfs) {
1047 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1048 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1049 if (!rfcomm_sock_debugfs)
1050 BT_ERR("Failed to create RFCOMM debug file");
1051 }
1052
1053 BT_INFO("RFCOMM socket layer initialized");
1054
1055 return 0;
1056
1057 error:
1058 BT_ERR("RFCOMM socket layer registration failed");
1059 proto_unregister(&rfcomm_proto);
1060 return err;
1061 }
1062
rfcomm_cleanup_sockets(void)1063 void __exit rfcomm_cleanup_sockets(void)
1064 {
1065 debugfs_remove(rfcomm_sock_debugfs);
1066
1067 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1068 BT_ERR("RFCOMM socket layer unregistration failed");
1069
1070 proto_unregister(&rfcomm_proto);
1071 }
1072