Loading...
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
26 */
27
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
45#include <linux/security.h>
46#include <net/sock.h>
47
48#include <asm/system.h>
49#include <linux/uaccess.h>
50
51#include <net/bluetooth/bluetooth.h>
52#include <net/bluetooth/hci_core.h>
53#include <net/bluetooth/l2cap.h>
54#include <net/bluetooth/rfcomm.h>
55
56static const struct proto_ops rfcomm_sock_ops;
57
58static struct bt_sock_list rfcomm_sk_list = {
59 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
60};
61
62static void rfcomm_sock_close(struct sock *sk);
63static void rfcomm_sock_kill(struct sock *sk);
64
65/* ---- DLC callbacks ----
66 *
67 * called under rfcomm_dlc_lock()
68 */
69static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
70{
71 struct sock *sk = d->owner;
72 if (!sk)
73 return;
74
75 atomic_add(skb->len, &sk->sk_rmem_alloc);
76 skb_queue_tail(&sk->sk_receive_queue, skb);
77 sk->sk_data_ready(sk, skb->len);
78
79 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
80 rfcomm_dlc_throttle(d);
81}
82
83static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
84{
85 struct sock *sk = d->owner, *parent;
86 unsigned long flags;
87
88 if (!sk)
89 return;
90
91 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
92
93 local_irq_save(flags);
94 bh_lock_sock(sk);
95
96 if (err)
97 sk->sk_err = err;
98
99 sk->sk_state = d->state;
100
101 parent = bt_sk(sk)->parent;
102 if (parent) {
103 if (d->state == BT_CLOSED) {
104 sock_set_flag(sk, SOCK_ZAPPED);
105 bt_accept_unlink(sk);
106 }
107 parent->sk_data_ready(parent, 0);
108 } else {
109 if (d->state == BT_CONNECTED)
110 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
111 sk->sk_state_change(sk);
112 }
113
114 bh_unlock_sock(sk);
115 local_irq_restore(flags);
116
117 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
118 /* We have to drop DLC lock here, otherwise
119 * rfcomm_sock_destruct() will dead lock. */
120 rfcomm_dlc_unlock(d);
121 rfcomm_sock_kill(sk);
122 rfcomm_dlc_lock(d);
123 }
124}
125
126/* ---- Socket functions ---- */
127static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
128{
129 struct sock *sk = NULL;
130 struct hlist_node *node;
131
132 sk_for_each(sk, node, &rfcomm_sk_list.head) {
133 if (rfcomm_pi(sk)->channel == channel &&
134 !bacmp(&bt_sk(sk)->src, src))
135 break;
136 }
137
138 return node ? sk : NULL;
139}
140
141/* Find socket with channel and source bdaddr.
142 * Returns closest match.
143 */
144static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
145{
146 struct sock *sk = NULL, *sk1 = NULL;
147 struct hlist_node *node;
148
149 read_lock(&rfcomm_sk_list.lock);
150
151 sk_for_each(sk, node, &rfcomm_sk_list.head) {
152 if (state && sk->sk_state != state)
153 continue;
154
155 if (rfcomm_pi(sk)->channel == channel) {
156 /* Exact match. */
157 if (!bacmp(&bt_sk(sk)->src, src))
158 break;
159
160 /* Closest match */
161 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
162 sk1 = sk;
163 }
164 }
165
166 read_unlock(&rfcomm_sk_list.lock);
167
168 return node ? sk : sk1;
169}
170
171static void rfcomm_sock_destruct(struct sock *sk)
172{
173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
174
175 BT_DBG("sk %p dlc %p", sk, d);
176
177 skb_queue_purge(&sk->sk_receive_queue);
178 skb_queue_purge(&sk->sk_write_queue);
179
180 rfcomm_dlc_lock(d);
181 rfcomm_pi(sk)->dlc = NULL;
182
183 /* Detach DLC if it's owned by this socket */
184 if (d->owner == sk)
185 d->owner = NULL;
186 rfcomm_dlc_unlock(d);
187
188 rfcomm_dlc_put(d);
189}
190
191static void rfcomm_sock_cleanup_listen(struct sock *parent)
192{
193 struct sock *sk;
194
195 BT_DBG("parent %p", parent);
196
197 /* Close not yet accepted dlcs */
198 while ((sk = bt_accept_dequeue(parent, NULL))) {
199 rfcomm_sock_close(sk);
200 rfcomm_sock_kill(sk);
201 }
202
203 parent->sk_state = BT_CLOSED;
204 sock_set_flag(parent, SOCK_ZAPPED);
205}
206
207/* Kill socket (only if zapped and orphan)
208 * Must be called on unlocked socket.
209 */
210static void rfcomm_sock_kill(struct sock *sk)
211{
212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
213 return;
214
215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
216
217 /* Kill poor orphan */
218 bt_sock_unlink(&rfcomm_sk_list, sk);
219 sock_set_flag(sk, SOCK_DEAD);
220 sock_put(sk);
221}
222
223static void __rfcomm_sock_close(struct sock *sk)
224{
225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
226
227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
228
229 switch (sk->sk_state) {
230 case BT_LISTEN:
231 rfcomm_sock_cleanup_listen(sk);
232 break;
233
234 case BT_CONNECT:
235 case BT_CONNECT2:
236 case BT_CONFIG:
237 case BT_CONNECTED:
238 rfcomm_dlc_close(d, 0);
239
240 default:
241 sock_set_flag(sk, SOCK_ZAPPED);
242 break;
243 }
244}
245
246/* Close socket.
247 * Must be called on unlocked socket.
248 */
249static void rfcomm_sock_close(struct sock *sk)
250{
251 lock_sock(sk);
252 __rfcomm_sock_close(sk);
253 release_sock(sk);
254}
255
256static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
257{
258 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
259
260 BT_DBG("sk %p", sk);
261
262 if (parent) {
263 sk->sk_type = parent->sk_type;
264 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
265
266 pi->sec_level = rfcomm_pi(parent)->sec_level;
267 pi->role_switch = rfcomm_pi(parent)->role_switch;
268
269 security_sk_clone(parent, sk);
270 } else {
271 pi->dlc->defer_setup = 0;
272
273 pi->sec_level = BT_SECURITY_LOW;
274 pi->role_switch = 0;
275 }
276
277 pi->dlc->sec_level = pi->sec_level;
278 pi->dlc->role_switch = pi->role_switch;
279}
280
281static struct proto rfcomm_proto = {
282 .name = "RFCOMM",
283 .owner = THIS_MODULE,
284 .obj_size = sizeof(struct rfcomm_pinfo)
285};
286
287static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
288{
289 struct rfcomm_dlc *d;
290 struct sock *sk;
291
292 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
293 if (!sk)
294 return NULL;
295
296 sock_init_data(sock, sk);
297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
298
299 d = rfcomm_dlc_alloc(prio);
300 if (!d) {
301 sk_free(sk);
302 return NULL;
303 }
304
305 d->data_ready = rfcomm_sk_data_ready;
306 d->state_change = rfcomm_sk_state_change;
307
308 rfcomm_pi(sk)->dlc = d;
309 d->owner = sk;
310
311 sk->sk_destruct = rfcomm_sock_destruct;
312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
313
314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
316
317 sock_reset_flag(sk, SOCK_ZAPPED);
318
319 sk->sk_protocol = proto;
320 sk->sk_state = BT_OPEN;
321
322 bt_sock_link(&rfcomm_sk_list, sk);
323
324 BT_DBG("sk %p", sk);
325 return sk;
326}
327
328static int rfcomm_sock_create(struct net *net, struct socket *sock,
329 int protocol, int kern)
330{
331 struct sock *sk;
332
333 BT_DBG("sock %p", sock);
334
335 sock->state = SS_UNCONNECTED;
336
337 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
338 return -ESOCKTNOSUPPORT;
339
340 sock->ops = &rfcomm_sock_ops;
341
342 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
343 if (!sk)
344 return -ENOMEM;
345
346 rfcomm_sock_init(sk, NULL);
347 return 0;
348}
349
350static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
351{
352 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
353 struct sock *sk = sock->sk;
354 int err = 0;
355
356 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
357
358 if (!addr || addr->sa_family != AF_BLUETOOTH)
359 return -EINVAL;
360
361 lock_sock(sk);
362
363 if (sk->sk_state != BT_OPEN) {
364 err = -EBADFD;
365 goto done;
366 }
367
368 if (sk->sk_type != SOCK_STREAM) {
369 err = -EINVAL;
370 goto done;
371 }
372
373 write_lock_bh(&rfcomm_sk_list.lock);
374
375 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
376 err = -EADDRINUSE;
377 } else {
378 /* Save source address */
379 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
380 rfcomm_pi(sk)->channel = sa->rc_channel;
381 sk->sk_state = BT_BOUND;
382 }
383
384 write_unlock_bh(&rfcomm_sk_list.lock);
385
386done:
387 release_sock(sk);
388 return err;
389}
390
391static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
392{
393 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
394 struct sock *sk = sock->sk;
395 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
396 int err = 0;
397
398 BT_DBG("sk %p", sk);
399
400 if (alen < sizeof(struct sockaddr_rc) ||
401 addr->sa_family != AF_BLUETOOTH)
402 return -EINVAL;
403
404 lock_sock(sk);
405
406 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
407 err = -EBADFD;
408 goto done;
409 }
410
411 if (sk->sk_type != SOCK_STREAM) {
412 err = -EINVAL;
413 goto done;
414 }
415
416 sk->sk_state = BT_CONNECT;
417 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
418 rfcomm_pi(sk)->channel = sa->rc_channel;
419
420 d->sec_level = rfcomm_pi(sk)->sec_level;
421 d->role_switch = rfcomm_pi(sk)->role_switch;
422
423 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
424 if (!err)
425 err = bt_sock_wait_state(sk, BT_CONNECTED,
426 sock_sndtimeo(sk, flags & O_NONBLOCK));
427
428done:
429 release_sock(sk);
430 return err;
431}
432
433static int rfcomm_sock_listen(struct socket *sock, int backlog)
434{
435 struct sock *sk = sock->sk;
436 int err = 0;
437
438 BT_DBG("sk %p backlog %d", sk, backlog);
439
440 lock_sock(sk);
441
442 if (sk->sk_state != BT_BOUND) {
443 err = -EBADFD;
444 goto done;
445 }
446
447 if (sk->sk_type != SOCK_STREAM) {
448 err = -EINVAL;
449 goto done;
450 }
451
452 if (!rfcomm_pi(sk)->channel) {
453 bdaddr_t *src = &bt_sk(sk)->src;
454 u8 channel;
455
456 err = -EINVAL;
457
458 write_lock_bh(&rfcomm_sk_list.lock);
459
460 for (channel = 1; channel < 31; channel++)
461 if (!__rfcomm_get_sock_by_addr(channel, src)) {
462 rfcomm_pi(sk)->channel = channel;
463 err = 0;
464 break;
465 }
466
467 write_unlock_bh(&rfcomm_sk_list.lock);
468
469 if (err < 0)
470 goto done;
471 }
472
473 sk->sk_max_ack_backlog = backlog;
474 sk->sk_ack_backlog = 0;
475 sk->sk_state = BT_LISTEN;
476
477done:
478 release_sock(sk);
479 return err;
480}
481
482static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
483{
484 DECLARE_WAITQUEUE(wait, current);
485 struct sock *sk = sock->sk, *nsk;
486 long timeo;
487 int err = 0;
488
489 lock_sock(sk);
490
491 if (sk->sk_type != SOCK_STREAM) {
492 err = -EINVAL;
493 goto done;
494 }
495
496 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
497
498 BT_DBG("sk %p timeo %ld", sk, timeo);
499
500 /* Wait for an incoming connection. (wake-one). */
501 add_wait_queue_exclusive(sk_sleep(sk), &wait);
502 while (1) {
503 set_current_state(TASK_INTERRUPTIBLE);
504
505 if (sk->sk_state != BT_LISTEN) {
506 err = -EBADFD;
507 break;
508 }
509
510 nsk = bt_accept_dequeue(sk, newsock);
511 if (nsk)
512 break;
513
514 if (!timeo) {
515 err = -EAGAIN;
516 break;
517 }
518
519 if (signal_pending(current)) {
520 err = sock_intr_errno(timeo);
521 break;
522 }
523
524 release_sock(sk);
525 timeo = schedule_timeout(timeo);
526 lock_sock(sk);
527 }
528 __set_current_state(TASK_RUNNING);
529 remove_wait_queue(sk_sleep(sk), &wait);
530
531 if (err)
532 goto done;
533
534 newsock->state = SS_CONNECTED;
535
536 BT_DBG("new socket %p", nsk);
537
538done:
539 release_sock(sk);
540 return err;
541}
542
543static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
544{
545 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
546 struct sock *sk = sock->sk;
547
548 BT_DBG("sock %p, sk %p", sock, sk);
549
550 sa->rc_family = AF_BLUETOOTH;
551 sa->rc_channel = rfcomm_pi(sk)->channel;
552 if (peer)
553 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
554 else
555 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
556
557 *len = sizeof(struct sockaddr_rc);
558 return 0;
559}
560
561static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
562 struct msghdr *msg, size_t len)
563{
564 struct sock *sk = sock->sk;
565 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
566 struct sk_buff *skb;
567 int sent = 0;
568
569 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
570 return -ENOTCONN;
571
572 if (msg->msg_flags & MSG_OOB)
573 return -EOPNOTSUPP;
574
575 if (sk->sk_shutdown & SEND_SHUTDOWN)
576 return -EPIPE;
577
578 BT_DBG("sock %p, sk %p", sock, sk);
579
580 lock_sock(sk);
581
582 while (len) {
583 size_t size = min_t(size_t, len, d->mtu);
584 int err;
585
586 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
587 msg->msg_flags & MSG_DONTWAIT, &err);
588 if (!skb) {
589 if (sent == 0)
590 sent = err;
591 break;
592 }
593 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
594
595 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
596 if (err) {
597 kfree_skb(skb);
598 if (sent == 0)
599 sent = err;
600 break;
601 }
602
603 err = rfcomm_dlc_send(d, skb);
604 if (err < 0) {
605 kfree_skb(skb);
606 if (sent == 0)
607 sent = err;
608 break;
609 }
610
611 sent += size;
612 len -= size;
613 }
614
615 release_sock(sk);
616
617 return sent;
618}
619
620static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
621 struct msghdr *msg, size_t size, int flags)
622{
623 struct sock *sk = sock->sk;
624 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
625 int len;
626
627 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
628 rfcomm_dlc_accept(d);
629 return 0;
630 }
631
632 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
633
634 lock_sock(sk);
635 if (!(flags & MSG_PEEK) && len > 0)
636 atomic_sub(len, &sk->sk_rmem_alloc);
637
638 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
639 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
640 release_sock(sk);
641
642 return len;
643}
644
645static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
646{
647 struct sock *sk = sock->sk;
648 int err = 0;
649 u32 opt;
650
651 BT_DBG("sk %p", sk);
652
653 lock_sock(sk);
654
655 switch (optname) {
656 case RFCOMM_LM:
657 if (get_user(opt, (u32 __user *) optval)) {
658 err = -EFAULT;
659 break;
660 }
661
662 if (opt & RFCOMM_LM_AUTH)
663 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
664 if (opt & RFCOMM_LM_ENCRYPT)
665 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
666 if (opt & RFCOMM_LM_SECURE)
667 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
668
669 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
670 break;
671
672 default:
673 err = -ENOPROTOOPT;
674 break;
675 }
676
677 release_sock(sk);
678 return err;
679}
680
681static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
682{
683 struct sock *sk = sock->sk;
684 struct bt_security sec;
685 int err = 0;
686 size_t len;
687 u32 opt;
688
689 BT_DBG("sk %p", sk);
690
691 if (level == SOL_RFCOMM)
692 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
693
694 if (level != SOL_BLUETOOTH)
695 return -ENOPROTOOPT;
696
697 lock_sock(sk);
698
699 switch (optname) {
700 case BT_SECURITY:
701 if (sk->sk_type != SOCK_STREAM) {
702 err = -EINVAL;
703 break;
704 }
705
706 sec.level = BT_SECURITY_LOW;
707
708 len = min_t(unsigned int, sizeof(sec), optlen);
709 if (copy_from_user((char *) &sec, optval, len)) {
710 err = -EFAULT;
711 break;
712 }
713
714 if (sec.level > BT_SECURITY_HIGH) {
715 err = -EINVAL;
716 break;
717 }
718
719 rfcomm_pi(sk)->sec_level = sec.level;
720 break;
721
722 case BT_DEFER_SETUP:
723 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
724 err = -EINVAL;
725 break;
726 }
727
728 if (get_user(opt, (u32 __user *) optval)) {
729 err = -EFAULT;
730 break;
731 }
732
733 bt_sk(sk)->defer_setup = opt;
734 break;
735
736 default:
737 err = -ENOPROTOOPT;
738 break;
739 }
740
741 release_sock(sk);
742 return err;
743}
744
745static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
746{
747 struct sock *sk = sock->sk;
748 struct rfcomm_conninfo cinfo;
749 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
750 int len, err = 0;
751 u32 opt;
752
753 BT_DBG("sk %p", sk);
754
755 if (get_user(len, optlen))
756 return -EFAULT;
757
758 lock_sock(sk);
759
760 switch (optname) {
761 case RFCOMM_LM:
762 switch (rfcomm_pi(sk)->sec_level) {
763 case BT_SECURITY_LOW:
764 opt = RFCOMM_LM_AUTH;
765 break;
766 case BT_SECURITY_MEDIUM:
767 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
768 break;
769 case BT_SECURITY_HIGH:
770 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
771 RFCOMM_LM_SECURE;
772 break;
773 default:
774 opt = 0;
775 break;
776 }
777
778 if (rfcomm_pi(sk)->role_switch)
779 opt |= RFCOMM_LM_MASTER;
780
781 if (put_user(opt, (u32 __user *) optval))
782 err = -EFAULT;
783 break;
784
785 case RFCOMM_CONNINFO:
786 if (sk->sk_state != BT_CONNECTED &&
787 !rfcomm_pi(sk)->dlc->defer_setup) {
788 err = -ENOTCONN;
789 break;
790 }
791
792 memset(&cinfo, 0, sizeof(cinfo));
793 cinfo.hci_handle = conn->hcon->handle;
794 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
795
796 len = min_t(unsigned int, len, sizeof(cinfo));
797 if (copy_to_user(optval, (char *) &cinfo, len))
798 err = -EFAULT;
799
800 break;
801
802 default:
803 err = -ENOPROTOOPT;
804 break;
805 }
806
807 release_sock(sk);
808 return err;
809}
810
811static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
812{
813 struct sock *sk = sock->sk;
814 struct bt_security sec;
815 int len, err = 0;
816
817 BT_DBG("sk %p", sk);
818
819 if (level == SOL_RFCOMM)
820 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
821
822 if (level != SOL_BLUETOOTH)
823 return -ENOPROTOOPT;
824
825 if (get_user(len, optlen))
826 return -EFAULT;
827
828 lock_sock(sk);
829
830 switch (optname) {
831 case BT_SECURITY:
832 if (sk->sk_type != SOCK_STREAM) {
833 err = -EINVAL;
834 break;
835 }
836
837 sec.level = rfcomm_pi(sk)->sec_level;
838
839 len = min_t(unsigned int, len, sizeof(sec));
840 if (copy_to_user(optval, (char *) &sec, len))
841 err = -EFAULT;
842
843 break;
844
845 case BT_DEFER_SETUP:
846 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
847 err = -EINVAL;
848 break;
849 }
850
851 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
852 err = -EFAULT;
853
854 break;
855
856 default:
857 err = -ENOPROTOOPT;
858 break;
859 }
860
861 release_sock(sk);
862 return err;
863}
864
865static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
866{
867 struct sock *sk __maybe_unused = sock->sk;
868 int err;
869
870 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
871
872 err = bt_sock_ioctl(sock, cmd, arg);
873
874 if (err == -ENOIOCTLCMD) {
875#ifdef CONFIG_BT_RFCOMM_TTY
876 lock_sock(sk);
877 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
878 release_sock(sk);
879#else
880 err = -EOPNOTSUPP;
881#endif
882 }
883
884 return err;
885}
886
887static int rfcomm_sock_shutdown(struct socket *sock, int how)
888{
889 struct sock *sk = sock->sk;
890 int err = 0;
891
892 BT_DBG("sock %p, sk %p", sock, sk);
893
894 if (!sk)
895 return 0;
896
897 lock_sock(sk);
898 if (!sk->sk_shutdown) {
899 sk->sk_shutdown = SHUTDOWN_MASK;
900 __rfcomm_sock_close(sk);
901
902 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
903 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
904 }
905 release_sock(sk);
906 return err;
907}
908
909static int rfcomm_sock_release(struct socket *sock)
910{
911 struct sock *sk = sock->sk;
912 int err;
913
914 BT_DBG("sock %p, sk %p", sock, sk);
915
916 if (!sk)
917 return 0;
918
919 err = rfcomm_sock_shutdown(sock, 2);
920
921 sock_orphan(sk);
922 rfcomm_sock_kill(sk);
923 return err;
924}
925
926/* ---- RFCOMM core layer callbacks ----
927 *
928 * called under rfcomm_lock()
929 */
930int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
931{
932 struct sock *sk, *parent;
933 bdaddr_t src, dst;
934 int result = 0;
935
936 BT_DBG("session %p channel %d", s, channel);
937
938 rfcomm_session_getaddr(s, &src, &dst);
939
940 /* Check if we have socket listening on channel */
941 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
942 if (!parent)
943 return 0;
944
945 bh_lock_sock(parent);
946
947 /* Check for backlog size */
948 if (sk_acceptq_is_full(parent)) {
949 BT_DBG("backlog full %d", parent->sk_ack_backlog);
950 goto done;
951 }
952
953 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
954 if (!sk)
955 goto done;
956
957 rfcomm_sock_init(sk, parent);
958 bacpy(&bt_sk(sk)->src, &src);
959 bacpy(&bt_sk(sk)->dst, &dst);
960 rfcomm_pi(sk)->channel = channel;
961
962 sk->sk_state = BT_CONFIG;
963 bt_accept_enqueue(parent, sk);
964
965 /* Accept connection and return socket DLC */
966 *d = rfcomm_pi(sk)->dlc;
967 result = 1;
968
969done:
970 bh_unlock_sock(parent);
971
972 if (bt_sk(parent)->defer_setup)
973 parent->sk_state_change(parent);
974
975 return result;
976}
977
978static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
979{
980 struct sock *sk;
981 struct hlist_node *node;
982
983 read_lock_bh(&rfcomm_sk_list.lock);
984
985 sk_for_each(sk, node, &rfcomm_sk_list.head) {
986 seq_printf(f, "%s %s %d %d\n",
987 batostr(&bt_sk(sk)->src),
988 batostr(&bt_sk(sk)->dst),
989 sk->sk_state, rfcomm_pi(sk)->channel);
990 }
991
992 read_unlock_bh(&rfcomm_sk_list.lock);
993
994 return 0;
995}
996
997static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
998{
999 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1000}
1001
1002static const struct file_operations rfcomm_sock_debugfs_fops = {
1003 .open = rfcomm_sock_debugfs_open,
1004 .read = seq_read,
1005 .llseek = seq_lseek,
1006 .release = single_release,
1007};
1008
1009static struct dentry *rfcomm_sock_debugfs;
1010
1011static const struct proto_ops rfcomm_sock_ops = {
1012 .family = PF_BLUETOOTH,
1013 .owner = THIS_MODULE,
1014 .release = rfcomm_sock_release,
1015 .bind = rfcomm_sock_bind,
1016 .connect = rfcomm_sock_connect,
1017 .listen = rfcomm_sock_listen,
1018 .accept = rfcomm_sock_accept,
1019 .getname = rfcomm_sock_getname,
1020 .sendmsg = rfcomm_sock_sendmsg,
1021 .recvmsg = rfcomm_sock_recvmsg,
1022 .shutdown = rfcomm_sock_shutdown,
1023 .setsockopt = rfcomm_sock_setsockopt,
1024 .getsockopt = rfcomm_sock_getsockopt,
1025 .ioctl = rfcomm_sock_ioctl,
1026 .poll = bt_sock_poll,
1027 .socketpair = sock_no_socketpair,
1028 .mmap = sock_no_mmap
1029};
1030
1031static const struct net_proto_family rfcomm_sock_family_ops = {
1032 .family = PF_BLUETOOTH,
1033 .owner = THIS_MODULE,
1034 .create = rfcomm_sock_create
1035};
1036
1037int __init rfcomm_init_sockets(void)
1038{
1039 int err;
1040
1041 err = proto_register(&rfcomm_proto, 0);
1042 if (err < 0)
1043 return err;
1044
1045 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1046 if (err < 0)
1047 goto error;
1048
1049 if (bt_debugfs) {
1050 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1051 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1052 if (!rfcomm_sock_debugfs)
1053 BT_ERR("Failed to create RFCOMM debug file");
1054 }
1055
1056 BT_INFO("RFCOMM socket layer initialized");
1057
1058 return 0;
1059
1060error:
1061 BT_ERR("RFCOMM socket layer registration failed");
1062 proto_unregister(&rfcomm_proto);
1063 return err;
1064}
1065
1066void __exit rfcomm_cleanup_sockets(void)
1067{
1068 debugfs_remove(rfcomm_sock_debugfs);
1069
1070 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1071 BT_ERR("RFCOMM socket layer unregistration failed");
1072
1073 proto_unregister(&rfcomm_proto);
1074}
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
26 */
27
28#include <linux/export.h>
29#include <linux/debugfs.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/rfcomm.h>
35
36static const struct proto_ops rfcomm_sock_ops;
37
38static struct bt_sock_list rfcomm_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
40};
41
42static void rfcomm_sock_close(struct sock *sk);
43static void rfcomm_sock_kill(struct sock *sk);
44
45/* ---- DLC callbacks ----
46 *
47 * called under rfcomm_dlc_lock()
48 */
49static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50{
51 struct sock *sk = d->owner;
52 if (!sk)
53 return;
54
55 atomic_add(skb->len, &sk->sk_rmem_alloc);
56 skb_queue_tail(&sk->sk_receive_queue, skb);
57 sk->sk_data_ready(sk);
58
59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60 rfcomm_dlc_throttle(d);
61}
62
63static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64{
65 struct sock *sk = d->owner, *parent;
66 unsigned long flags;
67
68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73 local_irq_save(flags);
74 bh_lock_sock(sk);
75
76 if (err)
77 sk->sk_err = err;
78
79 sk->sk_state = d->state;
80
81 parent = bt_sk(sk)->parent;
82 if (parent) {
83 if (d->state == BT_CLOSED) {
84 sock_set_flag(sk, SOCK_ZAPPED);
85 bt_accept_unlink(sk);
86 }
87 parent->sk_data_ready(parent);
88 } else {
89 if (d->state == BT_CONNECTED)
90 rfcomm_session_getaddr(d->session,
91 &rfcomm_pi(sk)->src, NULL);
92 sk->sk_state_change(sk);
93 }
94
95 bh_unlock_sock(sk);
96 local_irq_restore(flags);
97
98 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
99 /* We have to drop DLC lock here, otherwise
100 * rfcomm_sock_destruct() will dead lock. */
101 rfcomm_dlc_unlock(d);
102 rfcomm_sock_kill(sk);
103 rfcomm_dlc_lock(d);
104 }
105}
106
107/* ---- Socket functions ---- */
108static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
109{
110 struct sock *sk = NULL;
111
112 sk_for_each(sk, &rfcomm_sk_list.head) {
113 if (rfcomm_pi(sk)->channel != channel)
114 continue;
115
116 if (bacmp(&rfcomm_pi(sk)->src, src))
117 continue;
118
119 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
120 break;
121 }
122
123 return sk ? sk : NULL;
124}
125
126/* Find socket with channel and source bdaddr.
127 * Returns closest match.
128 */
129static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
130{
131 struct sock *sk = NULL, *sk1 = NULL;
132
133 read_lock(&rfcomm_sk_list.lock);
134
135 sk_for_each(sk, &rfcomm_sk_list.head) {
136 if (state && sk->sk_state != state)
137 continue;
138
139 if (rfcomm_pi(sk)->channel == channel) {
140 /* Exact match. */
141 if (!bacmp(&rfcomm_pi(sk)->src, src))
142 break;
143
144 /* Closest match */
145 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
146 sk1 = sk;
147 }
148 }
149
150 read_unlock(&rfcomm_sk_list.lock);
151
152 return sk ? sk : sk1;
153}
154
155static void rfcomm_sock_destruct(struct sock *sk)
156{
157 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
158
159 BT_DBG("sk %p dlc %p", sk, d);
160
161 skb_queue_purge(&sk->sk_receive_queue);
162 skb_queue_purge(&sk->sk_write_queue);
163
164 rfcomm_dlc_lock(d);
165 rfcomm_pi(sk)->dlc = NULL;
166
167 /* Detach DLC if it's owned by this socket */
168 if (d->owner == sk)
169 d->owner = NULL;
170 rfcomm_dlc_unlock(d);
171
172 rfcomm_dlc_put(d);
173}
174
175static void rfcomm_sock_cleanup_listen(struct sock *parent)
176{
177 struct sock *sk;
178
179 BT_DBG("parent %p", parent);
180
181 /* Close not yet accepted dlcs */
182 while ((sk = bt_accept_dequeue(parent, NULL))) {
183 rfcomm_sock_close(sk);
184 rfcomm_sock_kill(sk);
185 }
186
187 parent->sk_state = BT_CLOSED;
188 sock_set_flag(parent, SOCK_ZAPPED);
189}
190
191/* Kill socket (only if zapped and orphan)
192 * Must be called on unlocked socket.
193 */
194static void rfcomm_sock_kill(struct sock *sk)
195{
196 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
197 return;
198
199 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
200
201 /* Kill poor orphan */
202 bt_sock_unlink(&rfcomm_sk_list, sk);
203 sock_set_flag(sk, SOCK_DEAD);
204 sock_put(sk);
205}
206
207static void __rfcomm_sock_close(struct sock *sk)
208{
209 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
210
211 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
212
213 switch (sk->sk_state) {
214 case BT_LISTEN:
215 rfcomm_sock_cleanup_listen(sk);
216 break;
217
218 case BT_CONNECT:
219 case BT_CONNECT2:
220 case BT_CONFIG:
221 case BT_CONNECTED:
222 rfcomm_dlc_close(d, 0);
223
224 default:
225 sock_set_flag(sk, SOCK_ZAPPED);
226 break;
227 }
228}
229
230/* Close socket.
231 * Must be called on unlocked socket.
232 */
233static void rfcomm_sock_close(struct sock *sk)
234{
235 lock_sock(sk);
236 __rfcomm_sock_close(sk);
237 release_sock(sk);
238}
239
240static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
241{
242 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
243
244 BT_DBG("sk %p", sk);
245
246 if (parent) {
247 sk->sk_type = parent->sk_type;
248 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
249 &bt_sk(parent)->flags);
250
251 pi->sec_level = rfcomm_pi(parent)->sec_level;
252 pi->role_switch = rfcomm_pi(parent)->role_switch;
253
254 security_sk_clone(parent, sk);
255 } else {
256 pi->dlc->defer_setup = 0;
257
258 pi->sec_level = BT_SECURITY_LOW;
259 pi->role_switch = 0;
260 }
261
262 pi->dlc->sec_level = pi->sec_level;
263 pi->dlc->role_switch = pi->role_switch;
264}
265
266static struct proto rfcomm_proto = {
267 .name = "RFCOMM",
268 .owner = THIS_MODULE,
269 .obj_size = sizeof(struct rfcomm_pinfo)
270};
271
272static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
273{
274 struct rfcomm_dlc *d;
275 struct sock *sk;
276
277 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
278 if (!sk)
279 return NULL;
280
281 sock_init_data(sock, sk);
282 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
283
284 d = rfcomm_dlc_alloc(prio);
285 if (!d) {
286 sk_free(sk);
287 return NULL;
288 }
289
290 d->data_ready = rfcomm_sk_data_ready;
291 d->state_change = rfcomm_sk_state_change;
292
293 rfcomm_pi(sk)->dlc = d;
294 d->owner = sk;
295
296 sk->sk_destruct = rfcomm_sock_destruct;
297 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
298
299 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
300 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
301
302 sock_reset_flag(sk, SOCK_ZAPPED);
303
304 sk->sk_protocol = proto;
305 sk->sk_state = BT_OPEN;
306
307 bt_sock_link(&rfcomm_sk_list, sk);
308
309 BT_DBG("sk %p", sk);
310 return sk;
311}
312
313static int rfcomm_sock_create(struct net *net, struct socket *sock,
314 int protocol, int kern)
315{
316 struct sock *sk;
317
318 BT_DBG("sock %p", sock);
319
320 sock->state = SS_UNCONNECTED;
321
322 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
323 return -ESOCKTNOSUPPORT;
324
325 sock->ops = &rfcomm_sock_ops;
326
327 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
328 if (!sk)
329 return -ENOMEM;
330
331 rfcomm_sock_init(sk, NULL);
332 return 0;
333}
334
335static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
336{
337 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
338 struct sock *sk = sock->sk;
339 int chan = sa->rc_channel;
340 int err = 0;
341
342 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
343
344 if (!addr || addr->sa_family != AF_BLUETOOTH)
345 return -EINVAL;
346
347 lock_sock(sk);
348
349 if (sk->sk_state != BT_OPEN) {
350 err = -EBADFD;
351 goto done;
352 }
353
354 if (sk->sk_type != SOCK_STREAM) {
355 err = -EINVAL;
356 goto done;
357 }
358
359 write_lock(&rfcomm_sk_list.lock);
360
361 if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) {
362 err = -EADDRINUSE;
363 } else {
364 /* Save source address */
365 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr);
366 rfcomm_pi(sk)->channel = chan;
367 sk->sk_state = BT_BOUND;
368 }
369
370 write_unlock(&rfcomm_sk_list.lock);
371
372done:
373 release_sock(sk);
374 return err;
375}
376
377static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
378{
379 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
380 struct sock *sk = sock->sk;
381 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
382 int err = 0;
383
384 BT_DBG("sk %p", sk);
385
386 if (alen < sizeof(struct sockaddr_rc) ||
387 addr->sa_family != AF_BLUETOOTH)
388 return -EINVAL;
389
390 lock_sock(sk);
391
392 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
393 err = -EBADFD;
394 goto done;
395 }
396
397 if (sk->sk_type != SOCK_STREAM) {
398 err = -EINVAL;
399 goto done;
400 }
401
402 sk->sk_state = BT_CONNECT;
403 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
404 rfcomm_pi(sk)->channel = sa->rc_channel;
405
406 d->sec_level = rfcomm_pi(sk)->sec_level;
407 d->role_switch = rfcomm_pi(sk)->role_switch;
408
409 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
410 sa->rc_channel);
411 if (!err)
412 err = bt_sock_wait_state(sk, BT_CONNECTED,
413 sock_sndtimeo(sk, flags & O_NONBLOCK));
414
415done:
416 release_sock(sk);
417 return err;
418}
419
420static int rfcomm_sock_listen(struct socket *sock, int backlog)
421{
422 struct sock *sk = sock->sk;
423 int err = 0;
424
425 BT_DBG("sk %p backlog %d", sk, backlog);
426
427 lock_sock(sk);
428
429 if (sk->sk_state != BT_BOUND) {
430 err = -EBADFD;
431 goto done;
432 }
433
434 if (sk->sk_type != SOCK_STREAM) {
435 err = -EINVAL;
436 goto done;
437 }
438
439 if (!rfcomm_pi(sk)->channel) {
440 bdaddr_t *src = &rfcomm_pi(sk)->src;
441 u8 channel;
442
443 err = -EINVAL;
444
445 write_lock(&rfcomm_sk_list.lock);
446
447 for (channel = 1; channel < 31; channel++)
448 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
449 rfcomm_pi(sk)->channel = channel;
450 err = 0;
451 break;
452 }
453
454 write_unlock(&rfcomm_sk_list.lock);
455
456 if (err < 0)
457 goto done;
458 }
459
460 sk->sk_max_ack_backlog = backlog;
461 sk->sk_ack_backlog = 0;
462 sk->sk_state = BT_LISTEN;
463
464done:
465 release_sock(sk);
466 return err;
467}
468
469static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
470{
471 DECLARE_WAITQUEUE(wait, current);
472 struct sock *sk = sock->sk, *nsk;
473 long timeo;
474 int err = 0;
475
476 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
477
478 if (sk->sk_type != SOCK_STREAM) {
479 err = -EINVAL;
480 goto done;
481 }
482
483 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
484
485 BT_DBG("sk %p timeo %ld", sk, timeo);
486
487 /* Wait for an incoming connection. (wake-one). */
488 add_wait_queue_exclusive(sk_sleep(sk), &wait);
489 while (1) {
490 set_current_state(TASK_INTERRUPTIBLE);
491
492 if (sk->sk_state != BT_LISTEN) {
493 err = -EBADFD;
494 break;
495 }
496
497 nsk = bt_accept_dequeue(sk, newsock);
498 if (nsk)
499 break;
500
501 if (!timeo) {
502 err = -EAGAIN;
503 break;
504 }
505
506 if (signal_pending(current)) {
507 err = sock_intr_errno(timeo);
508 break;
509 }
510
511 release_sock(sk);
512 timeo = schedule_timeout(timeo);
513 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
514 }
515 __set_current_state(TASK_RUNNING);
516 remove_wait_queue(sk_sleep(sk), &wait);
517
518 if (err)
519 goto done;
520
521 newsock->state = SS_CONNECTED;
522
523 BT_DBG("new socket %p", nsk);
524
525done:
526 release_sock(sk);
527 return err;
528}
529
530static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
531{
532 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
533 struct sock *sk = sock->sk;
534
535 BT_DBG("sock %p, sk %p", sock, sk);
536
537 if (peer && sk->sk_state != BT_CONNECTED &&
538 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
539 return -ENOTCONN;
540
541 memset(sa, 0, sizeof(*sa));
542 sa->rc_family = AF_BLUETOOTH;
543 sa->rc_channel = rfcomm_pi(sk)->channel;
544 if (peer)
545 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
546 else
547 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
548
549 *len = sizeof(struct sockaddr_rc);
550 return 0;
551}
552
553static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
554 struct msghdr *msg, size_t len)
555{
556 struct sock *sk = sock->sk;
557 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
558 struct sk_buff *skb;
559 int sent;
560
561 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
562 return -ENOTCONN;
563
564 if (msg->msg_flags & MSG_OOB)
565 return -EOPNOTSUPP;
566
567 if (sk->sk_shutdown & SEND_SHUTDOWN)
568 return -EPIPE;
569
570 BT_DBG("sock %p, sk %p", sock, sk);
571
572 lock_sock(sk);
573
574 sent = bt_sock_wait_ready(sk, msg->msg_flags);
575 if (sent)
576 goto done;
577
578 while (len) {
579 size_t size = min_t(size_t, len, d->mtu);
580 int err;
581
582 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
583 msg->msg_flags & MSG_DONTWAIT, &err);
584 if (!skb) {
585 if (sent == 0)
586 sent = err;
587 break;
588 }
589 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
590
591 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
592 if (err) {
593 kfree_skb(skb);
594 if (sent == 0)
595 sent = err;
596 break;
597 }
598
599 skb->priority = sk->sk_priority;
600
601 err = rfcomm_dlc_send(d, skb);
602 if (err < 0) {
603 kfree_skb(skb);
604 if (sent == 0)
605 sent = err;
606 break;
607 }
608
609 sent += size;
610 len -= size;
611 }
612
613done:
614 release_sock(sk);
615
616 return sent;
617}
618
619static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
620 struct msghdr *msg, size_t size, int flags)
621{
622 struct sock *sk = sock->sk;
623 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
624 int len;
625
626 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
627 rfcomm_dlc_accept(d);
628 return 0;
629 }
630
631 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
632
633 lock_sock(sk);
634 if (!(flags & MSG_PEEK) && len > 0)
635 atomic_sub(len, &sk->sk_rmem_alloc);
636
637 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
638 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
639 release_sock(sk);
640
641 return len;
642}
643
644static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
645{
646 struct sock *sk = sock->sk;
647 int err = 0;
648 u32 opt;
649
650 BT_DBG("sk %p", sk);
651
652 lock_sock(sk);
653
654 switch (optname) {
655 case RFCOMM_LM:
656 if (get_user(opt, (u32 __user *) optval)) {
657 err = -EFAULT;
658 break;
659 }
660
661 if (opt & RFCOMM_LM_FIPS) {
662 err = -EINVAL;
663 break;
664 }
665
666 if (opt & RFCOMM_LM_AUTH)
667 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
668 if (opt & RFCOMM_LM_ENCRYPT)
669 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
670 if (opt & RFCOMM_LM_SECURE)
671 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
672
673 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
674 break;
675
676 default:
677 err = -ENOPROTOOPT;
678 break;
679 }
680
681 release_sock(sk);
682 return err;
683}
684
685static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
686{
687 struct sock *sk = sock->sk;
688 struct bt_security sec;
689 int err = 0;
690 size_t len;
691 u32 opt;
692
693 BT_DBG("sk %p", sk);
694
695 if (level == SOL_RFCOMM)
696 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
697
698 if (level != SOL_BLUETOOTH)
699 return -ENOPROTOOPT;
700
701 lock_sock(sk);
702
703 switch (optname) {
704 case BT_SECURITY:
705 if (sk->sk_type != SOCK_STREAM) {
706 err = -EINVAL;
707 break;
708 }
709
710 sec.level = BT_SECURITY_LOW;
711
712 len = min_t(unsigned int, sizeof(sec), optlen);
713 if (copy_from_user((char *) &sec, optval, len)) {
714 err = -EFAULT;
715 break;
716 }
717
718 if (sec.level > BT_SECURITY_HIGH) {
719 err = -EINVAL;
720 break;
721 }
722
723 rfcomm_pi(sk)->sec_level = sec.level;
724 break;
725
726 case BT_DEFER_SETUP:
727 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
728 err = -EINVAL;
729 break;
730 }
731
732 if (get_user(opt, (u32 __user *) optval)) {
733 err = -EFAULT;
734 break;
735 }
736
737 if (opt)
738 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
739 else
740 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
741
742 break;
743
744 default:
745 err = -ENOPROTOOPT;
746 break;
747 }
748
749 release_sock(sk);
750 return err;
751}
752
753static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
754{
755 struct sock *sk = sock->sk;
756 struct sock *l2cap_sk;
757 struct l2cap_conn *conn;
758 struct rfcomm_conninfo cinfo;
759 int len, err = 0;
760 u32 opt;
761
762 BT_DBG("sk %p", sk);
763
764 if (get_user(len, optlen))
765 return -EFAULT;
766
767 lock_sock(sk);
768
769 switch (optname) {
770 case RFCOMM_LM:
771 switch (rfcomm_pi(sk)->sec_level) {
772 case BT_SECURITY_LOW:
773 opt = RFCOMM_LM_AUTH;
774 break;
775 case BT_SECURITY_MEDIUM:
776 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
777 break;
778 case BT_SECURITY_HIGH:
779 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
780 RFCOMM_LM_SECURE;
781 break;
782 case BT_SECURITY_FIPS:
783 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
784 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
785 break;
786 default:
787 opt = 0;
788 break;
789 }
790
791 if (rfcomm_pi(sk)->role_switch)
792 opt |= RFCOMM_LM_MASTER;
793
794 if (put_user(opt, (u32 __user *) optval))
795 err = -EFAULT;
796
797 break;
798
799 case RFCOMM_CONNINFO:
800 if (sk->sk_state != BT_CONNECTED &&
801 !rfcomm_pi(sk)->dlc->defer_setup) {
802 err = -ENOTCONN;
803 break;
804 }
805
806 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
807 conn = l2cap_pi(l2cap_sk)->chan->conn;
808
809 memset(&cinfo, 0, sizeof(cinfo));
810 cinfo.hci_handle = conn->hcon->handle;
811 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
812
813 len = min_t(unsigned int, len, sizeof(cinfo));
814 if (copy_to_user(optval, (char *) &cinfo, len))
815 err = -EFAULT;
816
817 break;
818
819 default:
820 err = -ENOPROTOOPT;
821 break;
822 }
823
824 release_sock(sk);
825 return err;
826}
827
828static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
829{
830 struct sock *sk = sock->sk;
831 struct bt_security sec;
832 int len, err = 0;
833
834 BT_DBG("sk %p", sk);
835
836 if (level == SOL_RFCOMM)
837 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
838
839 if (level != SOL_BLUETOOTH)
840 return -ENOPROTOOPT;
841
842 if (get_user(len, optlen))
843 return -EFAULT;
844
845 lock_sock(sk);
846
847 switch (optname) {
848 case BT_SECURITY:
849 if (sk->sk_type != SOCK_STREAM) {
850 err = -EINVAL;
851 break;
852 }
853
854 sec.level = rfcomm_pi(sk)->sec_level;
855 sec.key_size = 0;
856
857 len = min_t(unsigned int, len, sizeof(sec));
858 if (copy_to_user(optval, (char *) &sec, len))
859 err = -EFAULT;
860
861 break;
862
863 case BT_DEFER_SETUP:
864 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
865 err = -EINVAL;
866 break;
867 }
868
869 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
870 (u32 __user *) optval))
871 err = -EFAULT;
872
873 break;
874
875 default:
876 err = -ENOPROTOOPT;
877 break;
878 }
879
880 release_sock(sk);
881 return err;
882}
883
884static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
885{
886 struct sock *sk __maybe_unused = sock->sk;
887 int err;
888
889 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
890
891 err = bt_sock_ioctl(sock, cmd, arg);
892
893 if (err == -ENOIOCTLCMD) {
894#ifdef CONFIG_BT_RFCOMM_TTY
895 lock_sock(sk);
896 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
897 release_sock(sk);
898#else
899 err = -EOPNOTSUPP;
900#endif
901 }
902
903 return err;
904}
905
906static int rfcomm_sock_shutdown(struct socket *sock, int how)
907{
908 struct sock *sk = sock->sk;
909 int err = 0;
910
911 BT_DBG("sock %p, sk %p", sock, sk);
912
913 if (!sk)
914 return 0;
915
916 lock_sock(sk);
917 if (!sk->sk_shutdown) {
918 sk->sk_shutdown = SHUTDOWN_MASK;
919 __rfcomm_sock_close(sk);
920
921 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
922 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
923 }
924 release_sock(sk);
925 return err;
926}
927
928static int rfcomm_sock_release(struct socket *sock)
929{
930 struct sock *sk = sock->sk;
931 int err;
932
933 BT_DBG("sock %p, sk %p", sock, sk);
934
935 if (!sk)
936 return 0;
937
938 err = rfcomm_sock_shutdown(sock, 2);
939
940 sock_orphan(sk);
941 rfcomm_sock_kill(sk);
942 return err;
943}
944
945/* ---- RFCOMM core layer callbacks ----
946 *
947 * called under rfcomm_lock()
948 */
949int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
950{
951 struct sock *sk, *parent;
952 bdaddr_t src, dst;
953 int result = 0;
954
955 BT_DBG("session %p channel %d", s, channel);
956
957 rfcomm_session_getaddr(s, &src, &dst);
958
959 /* Check if we have socket listening on channel */
960 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
961 if (!parent)
962 return 0;
963
964 bh_lock_sock(parent);
965
966 /* Check for backlog size */
967 if (sk_acceptq_is_full(parent)) {
968 BT_DBG("backlog full %d", parent->sk_ack_backlog);
969 goto done;
970 }
971
972 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
973 if (!sk)
974 goto done;
975
976 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
977
978 rfcomm_sock_init(sk, parent);
979 bacpy(&rfcomm_pi(sk)->src, &src);
980 bacpy(&rfcomm_pi(sk)->dst, &dst);
981 rfcomm_pi(sk)->channel = channel;
982
983 sk->sk_state = BT_CONFIG;
984 bt_accept_enqueue(parent, sk);
985
986 /* Accept connection and return socket DLC */
987 *d = rfcomm_pi(sk)->dlc;
988 result = 1;
989
990done:
991 bh_unlock_sock(parent);
992
993 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
994 parent->sk_state_change(parent);
995
996 return result;
997}
998
999static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1000{
1001 struct sock *sk;
1002
1003 read_lock(&rfcomm_sk_list.lock);
1004
1005 sk_for_each(sk, &rfcomm_sk_list.head) {
1006 seq_printf(f, "%pMR %pMR %d %d\n",
1007 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1008 sk->sk_state, rfcomm_pi(sk)->channel);
1009 }
1010
1011 read_unlock(&rfcomm_sk_list.lock);
1012
1013 return 0;
1014}
1015
1016static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1017{
1018 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1019}
1020
1021static const struct file_operations rfcomm_sock_debugfs_fops = {
1022 .open = rfcomm_sock_debugfs_open,
1023 .read = seq_read,
1024 .llseek = seq_lseek,
1025 .release = single_release,
1026};
1027
1028static struct dentry *rfcomm_sock_debugfs;
1029
1030static const struct proto_ops rfcomm_sock_ops = {
1031 .family = PF_BLUETOOTH,
1032 .owner = THIS_MODULE,
1033 .release = rfcomm_sock_release,
1034 .bind = rfcomm_sock_bind,
1035 .connect = rfcomm_sock_connect,
1036 .listen = rfcomm_sock_listen,
1037 .accept = rfcomm_sock_accept,
1038 .getname = rfcomm_sock_getname,
1039 .sendmsg = rfcomm_sock_sendmsg,
1040 .recvmsg = rfcomm_sock_recvmsg,
1041 .shutdown = rfcomm_sock_shutdown,
1042 .setsockopt = rfcomm_sock_setsockopt,
1043 .getsockopt = rfcomm_sock_getsockopt,
1044 .ioctl = rfcomm_sock_ioctl,
1045 .poll = bt_sock_poll,
1046 .socketpair = sock_no_socketpair,
1047 .mmap = sock_no_mmap
1048};
1049
1050static const struct net_proto_family rfcomm_sock_family_ops = {
1051 .family = PF_BLUETOOTH,
1052 .owner = THIS_MODULE,
1053 .create = rfcomm_sock_create
1054};
1055
1056int __init rfcomm_init_sockets(void)
1057{
1058 int err;
1059
1060 err = proto_register(&rfcomm_proto, 0);
1061 if (err < 0)
1062 return err;
1063
1064 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1065 if (err < 0) {
1066 BT_ERR("RFCOMM socket layer registration failed");
1067 goto error;
1068 }
1069
1070 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1071 if (err < 0) {
1072 BT_ERR("Failed to create RFCOMM proc file");
1073 bt_sock_unregister(BTPROTO_RFCOMM);
1074 goto error;
1075 }
1076
1077 BT_INFO("RFCOMM socket layer initialized");
1078
1079 if (IS_ERR_OR_NULL(bt_debugfs))
1080 return 0;
1081
1082 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1083 bt_debugfs, NULL,
1084 &rfcomm_sock_debugfs_fops);
1085
1086 return 0;
1087
1088error:
1089 proto_unregister(&rfcomm_proto);
1090 return err;
1091}
1092
1093void __exit rfcomm_cleanup_sockets(void)
1094{
1095 bt_procfs_cleanup(&init_net, "rfcomm");
1096
1097 debugfs_remove(rfcomm_sock_debugfs);
1098
1099 bt_sock_unregister(BTPROTO_RFCOMM);
1100
1101 proto_unregister(&rfcomm_proto);
1102}