sock.c (22803B)
1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * RFCOMM sockets. 26 */ 27#include <linux/compat.h> 28#include <linux/export.h> 29#include <linux/debugfs.h> 30#include <linux/sched/signal.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/l2cap.h> 35#include <net/bluetooth/rfcomm.h> 36 37static const struct proto_ops rfcomm_sock_ops; 38 39static struct bt_sock_list rfcomm_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 41}; 42 43static void rfcomm_sock_close(struct sock *sk); 44static void rfcomm_sock_kill(struct sock *sk); 45 46/* ---- DLC callbacks ---- 47 * 48 * called under rfcomm_dlc_lock() 49 */ 50static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 51{ 52 struct sock *sk = d->owner; 53 if (!sk) 54 return; 55 56 atomic_add(skb->len, &sk->sk_rmem_alloc); 57 skb_queue_tail(&sk->sk_receive_queue, skb); 58 sk->sk_data_ready(sk); 59 60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 61 rfcomm_dlc_throttle(d); 62} 63 64static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 65{ 66 struct sock *sk = d->owner, *parent; 67 68 if (!sk) 69 return; 70 71 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 72 73 lock_sock(sk); 74 75 if (err) 76 sk->sk_err = err; 77 78 sk->sk_state = d->state; 79 80 parent = bt_sk(sk)->parent; 81 if (parent) { 82 if (d->state == BT_CLOSED) { 83 sock_set_flag(sk, SOCK_ZAPPED); 84 bt_accept_unlink(sk); 85 } 86 parent->sk_data_ready(parent); 87 } else { 88 if (d->state == BT_CONNECTED) 89 rfcomm_session_getaddr(d->session, 90 &rfcomm_pi(sk)->src, NULL); 91 sk->sk_state_change(sk); 92 } 93 94 release_sock(sk); 95 96 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 97 /* We have to drop DLC lock here, otherwise 98 * rfcomm_sock_destruct() will dead lock. */ 99 rfcomm_dlc_unlock(d); 100 rfcomm_sock_kill(sk); 101 rfcomm_dlc_lock(d); 102 } 103} 104 105/* ---- Socket functions ---- */ 106static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) 107{ 108 struct sock *sk = NULL; 109 110 sk_for_each(sk, &rfcomm_sk_list.head) { 111 if (rfcomm_pi(sk)->channel != channel) 112 continue; 113 114 if (bacmp(&rfcomm_pi(sk)->src, src)) 115 continue; 116 117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) 118 break; 119 } 120 121 return sk ? sk : NULL; 122} 123 124/* Find socket with channel and source bdaddr. 125 * Returns closest match. 126 */ 127static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 128{ 129 struct sock *sk = NULL, *sk1 = NULL; 130 131 read_lock(&rfcomm_sk_list.lock); 132 133 sk_for_each(sk, &rfcomm_sk_list.head) { 134 if (state && sk->sk_state != state) 135 continue; 136 137 if (rfcomm_pi(sk)->channel == channel) { 138 /* Exact match. */ 139 if (!bacmp(&rfcomm_pi(sk)->src, src)) 140 break; 141 142 /* Closest match */ 143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) 144 sk1 = sk; 145 } 146 } 147 148 read_unlock(&rfcomm_sk_list.lock); 149 150 return sk ? sk : sk1; 151} 152 153static void rfcomm_sock_destruct(struct sock *sk) 154{ 155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 156 157 BT_DBG("sk %p dlc %p", sk, d); 158 159 skb_queue_purge(&sk->sk_receive_queue); 160 skb_queue_purge(&sk->sk_write_queue); 161 162 rfcomm_dlc_lock(d); 163 rfcomm_pi(sk)->dlc = NULL; 164 165 /* Detach DLC if it's owned by this socket */ 166 if (d->owner == sk) 167 d->owner = NULL; 168 rfcomm_dlc_unlock(d); 169 170 rfcomm_dlc_put(d); 171} 172 173static void rfcomm_sock_cleanup_listen(struct sock *parent) 174{ 175 struct sock *sk; 176 177 BT_DBG("parent %p", parent); 178 179 /* Close not yet accepted dlcs */ 180 while ((sk = bt_accept_dequeue(parent, NULL))) { 181 rfcomm_sock_close(sk); 182 rfcomm_sock_kill(sk); 183 } 184 185 parent->sk_state = BT_CLOSED; 186 sock_set_flag(parent, SOCK_ZAPPED); 187} 188 189/* Kill socket (only if zapped and orphan) 190 * Must be called on unlocked socket. 191 */ 192static void rfcomm_sock_kill(struct sock *sk) 193{ 194 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 195 return; 196 197 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 198 199 /* Kill poor orphan */ 200 bt_sock_unlink(&rfcomm_sk_list, sk); 201 sock_set_flag(sk, SOCK_DEAD); 202 sock_put(sk); 203} 204 205static void __rfcomm_sock_close(struct sock *sk) 206{ 207 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 208 209 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 210 211 switch (sk->sk_state) { 212 case BT_LISTEN: 213 rfcomm_sock_cleanup_listen(sk); 214 break; 215 216 case BT_CONNECT: 217 case BT_CONNECT2: 218 case BT_CONFIG: 219 case BT_CONNECTED: 220 rfcomm_dlc_close(d, 0); 221 fallthrough; 222 223 default: 224 sock_set_flag(sk, SOCK_ZAPPED); 225 break; 226 } 227} 228 229/* Close socket. 230 * Must be called on unlocked socket. 231 */ 232static void rfcomm_sock_close(struct sock *sk) 233{ 234 lock_sock(sk); 235 __rfcomm_sock_close(sk); 236 release_sock(sk); 237} 238 239static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 240{ 241 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 242 243 BT_DBG("sk %p", sk); 244 245 if (parent) { 246 sk->sk_type = parent->sk_type; 247 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, 248 &bt_sk(parent)->flags); 249 250 pi->sec_level = rfcomm_pi(parent)->sec_level; 251 pi->role_switch = rfcomm_pi(parent)->role_switch; 252 253 security_sk_clone(parent, sk); 254 } else { 255 pi->dlc->defer_setup = 0; 256 257 pi->sec_level = BT_SECURITY_LOW; 258 pi->role_switch = 0; 259 } 260 261 pi->dlc->sec_level = pi->sec_level; 262 pi->dlc->role_switch = pi->role_switch; 263} 264 265static struct proto rfcomm_proto = { 266 .name = "RFCOMM", 267 .owner = THIS_MODULE, 268 .obj_size = sizeof(struct rfcomm_pinfo) 269}; 270 271static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) 272{ 273 struct rfcomm_dlc *d; 274 struct sock *sk; 275 276 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); 277 if (!sk) 278 return NULL; 279 280 sock_init_data(sock, sk); 281 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 282 283 d = rfcomm_dlc_alloc(prio); 284 if (!d) { 285 sk_free(sk); 286 return NULL; 287 } 288 289 d->data_ready = rfcomm_sk_data_ready; 290 d->state_change = rfcomm_sk_state_change; 291 292 rfcomm_pi(sk)->dlc = d; 293 d->owner = sk; 294 295 sk->sk_destruct = rfcomm_sock_destruct; 296 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 297 298 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 299 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 300 301 sock_reset_flag(sk, SOCK_ZAPPED); 302 303 sk->sk_protocol = proto; 304 sk->sk_state = BT_OPEN; 305 306 bt_sock_link(&rfcomm_sk_list, sk); 307 308 BT_DBG("sk %p", sk); 309 return sk; 310} 311 312static int rfcomm_sock_create(struct net *net, struct socket *sock, 313 int protocol, int kern) 314{ 315 struct sock *sk; 316 317 BT_DBG("sock %p", sock); 318 319 sock->state = SS_UNCONNECTED; 320 321 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 322 return -ESOCKTNOSUPPORT; 323 324 sock->ops = &rfcomm_sock_ops; 325 326 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 327 if (!sk) 328 return -ENOMEM; 329 330 rfcomm_sock_init(sk, NULL); 331 return 0; 332} 333 334static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 335{ 336 struct sockaddr_rc sa; 337 struct sock *sk = sock->sk; 338 int len, err = 0; 339 340 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || 341 addr->sa_family != AF_BLUETOOTH) 342 return -EINVAL; 343 344 memset(&sa, 0, sizeof(sa)); 345 len = min_t(unsigned int, sizeof(sa), addr_len); 346 memcpy(&sa, addr, len); 347 348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); 349 350 lock_sock(sk); 351 352 if (sk->sk_state != BT_OPEN) { 353 err = -EBADFD; 354 goto done; 355 } 356 357 if (sk->sk_type != SOCK_STREAM) { 358 err = -EINVAL; 359 goto done; 360 } 361 362 write_lock(&rfcomm_sk_list.lock); 363 364 if (sa.rc_channel && 365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { 366 err = -EADDRINUSE; 367 } else { 368 /* Save source address */ 369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); 370 rfcomm_pi(sk)->channel = sa.rc_channel; 371 sk->sk_state = BT_BOUND; 372 } 373 374 write_unlock(&rfcomm_sk_list.lock); 375 376done: 377 release_sock(sk); 378 return err; 379} 380 381static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 382{ 383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 384 struct sock *sk = sock->sk; 385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 386 int err = 0; 387 388 BT_DBG("sk %p", sk); 389 390 if (alen < sizeof(struct sockaddr_rc) || 391 addr->sa_family != AF_BLUETOOTH) 392 return -EINVAL; 393 394 lock_sock(sk); 395 396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 397 err = -EBADFD; 398 goto done; 399 } 400 401 if (sk->sk_type != SOCK_STREAM) { 402 err = -EINVAL; 403 goto done; 404 } 405 406 sk->sk_state = BT_CONNECT; 407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); 408 rfcomm_pi(sk)->channel = sa->rc_channel; 409 410 d->sec_level = rfcomm_pi(sk)->sec_level; 411 d->role_switch = rfcomm_pi(sk)->role_switch; 412 413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, 414 sa->rc_channel); 415 if (!err) 416 err = bt_sock_wait_state(sk, BT_CONNECTED, 417 sock_sndtimeo(sk, flags & O_NONBLOCK)); 418 419done: 420 release_sock(sk); 421 return err; 422} 423 424static int rfcomm_sock_listen(struct socket *sock, int backlog) 425{ 426 struct sock *sk = sock->sk; 427 int err = 0; 428 429 BT_DBG("sk %p backlog %d", sk, backlog); 430 431 lock_sock(sk); 432 433 if (sk->sk_state != BT_BOUND) { 434 err = -EBADFD; 435 goto done; 436 } 437 438 if (sk->sk_type != SOCK_STREAM) { 439 err = -EINVAL; 440 goto done; 441 } 442 443 if (!rfcomm_pi(sk)->channel) { 444 bdaddr_t *src = &rfcomm_pi(sk)->src; 445 u8 channel; 446 447 err = -EINVAL; 448 449 write_lock(&rfcomm_sk_list.lock); 450 451 for (channel = 1; channel < 31; channel++) 452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { 453 rfcomm_pi(sk)->channel = channel; 454 err = 0; 455 break; 456 } 457 458 write_unlock(&rfcomm_sk_list.lock); 459 460 if (err < 0) 461 goto done; 462 } 463 464 sk->sk_max_ack_backlog = backlog; 465 sk->sk_ack_backlog = 0; 466 sk->sk_state = BT_LISTEN; 467 468done: 469 release_sock(sk); 470 return err; 471} 472 473static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags, 474 bool kern) 475{ 476 DEFINE_WAIT_FUNC(wait, woken_wake_function); 477 struct sock *sk = sock->sk, *nsk; 478 long timeo; 479 int err = 0; 480 481 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 482 483 if (sk->sk_type != SOCK_STREAM) { 484 err = -EINVAL; 485 goto done; 486 } 487 488 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 489 490 BT_DBG("sk %p timeo %ld", sk, timeo); 491 492 /* Wait for an incoming connection. (wake-one). */ 493 add_wait_queue_exclusive(sk_sleep(sk), &wait); 494 while (1) { 495 if (sk->sk_state != BT_LISTEN) { 496 err = -EBADFD; 497 break; 498 } 499 500 nsk = bt_accept_dequeue(sk, newsock); 501 if (nsk) 502 break; 503 504 if (!timeo) { 505 err = -EAGAIN; 506 break; 507 } 508 509 if (signal_pending(current)) { 510 err = sock_intr_errno(timeo); 511 break; 512 } 513 514 release_sock(sk); 515 516 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 517 518 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 519 } 520 remove_wait_queue(sk_sleep(sk), &wait); 521 522 if (err) 523 goto done; 524 525 newsock->state = SS_CONNECTED; 526 527 BT_DBG("new socket %p", nsk); 528 529done: 530 release_sock(sk); 531 return err; 532} 533 534static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) 535{ 536 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 537 struct sock *sk = sock->sk; 538 539 BT_DBG("sock %p, sk %p", sock, sk); 540 541 if (peer && sk->sk_state != BT_CONNECTED && 542 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 543 return -ENOTCONN; 544 545 memset(sa, 0, sizeof(*sa)); 546 sa->rc_family = AF_BLUETOOTH; 547 sa->rc_channel = rfcomm_pi(sk)->channel; 548 if (peer) 549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); 550 else 551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); 552 553 return sizeof(struct sockaddr_rc); 554} 555 556static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, 557 size_t len) 558{ 559 struct sock *sk = sock->sk; 560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 561 struct sk_buff *skb; 562 int sent; 563 564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 565 return -ENOTCONN; 566 567 if (msg->msg_flags & MSG_OOB) 568 return -EOPNOTSUPP; 569 570 if (sk->sk_shutdown & SEND_SHUTDOWN) 571 return -EPIPE; 572 573 BT_DBG("sock %p, sk %p", sock, sk); 574 575 lock_sock(sk); 576 577 sent = bt_sock_wait_ready(sk, msg->msg_flags); 578 579 release_sock(sk); 580 581 if (sent) 582 return sent; 583 584 skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE, 585 RFCOMM_SKB_TAIL_RESERVE); 586 if (IS_ERR(skb)) 587 return PTR_ERR(skb); 588 589 sent = rfcomm_dlc_send(d, skb); 590 if (sent < 0) 591 kfree_skb(skb); 592 593 return sent; 594} 595 596static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, 597 size_t size, int flags) 598{ 599 struct sock *sk = sock->sk; 600 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 601 int len; 602 603 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 604 rfcomm_dlc_accept(d); 605 return 0; 606 } 607 608 len = bt_sock_stream_recvmsg(sock, msg, size, flags); 609 610 lock_sock(sk); 611 if (!(flags & MSG_PEEK) && len > 0) 612 atomic_sub(len, &sk->sk_rmem_alloc); 613 614 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 615 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 616 release_sock(sk); 617 618 return len; 619} 620 621static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, 622 sockptr_t optval, unsigned int optlen) 623{ 624 struct sock *sk = sock->sk; 625 int err = 0; 626 u32 opt; 627 628 BT_DBG("sk %p", sk); 629 630 lock_sock(sk); 631 632 switch (optname) { 633 case RFCOMM_LM: 634 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 635 err = -EFAULT; 636 break; 637 } 638 639 if (opt & RFCOMM_LM_FIPS) { 640 err = -EINVAL; 641 break; 642 } 643 644 if (opt & RFCOMM_LM_AUTH) 645 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; 646 if (opt & RFCOMM_LM_ENCRYPT) 647 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 648 if (opt & RFCOMM_LM_SECURE) 649 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; 650 651 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); 652 break; 653 654 default: 655 err = -ENOPROTOOPT; 656 break; 657 } 658 659 release_sock(sk); 660 return err; 661} 662 663static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, 664 sockptr_t optval, unsigned int optlen) 665{ 666 struct sock *sk = sock->sk; 667 struct bt_security sec; 668 int err = 0; 669 size_t len; 670 u32 opt; 671 672 BT_DBG("sk %p", sk); 673 674 if (level == SOL_RFCOMM) 675 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); 676 677 if (level != SOL_BLUETOOTH) 678 return -ENOPROTOOPT; 679 680 lock_sock(sk); 681 682 switch (optname) { 683 case BT_SECURITY: 684 if (sk->sk_type != SOCK_STREAM) { 685 err = -EINVAL; 686 break; 687 } 688 689 sec.level = BT_SECURITY_LOW; 690 691 len = min_t(unsigned int, sizeof(sec), optlen); 692 if (copy_from_sockptr(&sec, optval, len)) { 693 err = -EFAULT; 694 break; 695 } 696 697 if (sec.level > BT_SECURITY_HIGH) { 698 err = -EINVAL; 699 break; 700 } 701 702 rfcomm_pi(sk)->sec_level = sec.level; 703 break; 704 705 case BT_DEFER_SETUP: 706 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 707 err = -EINVAL; 708 break; 709 } 710 711 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 712 err = -EFAULT; 713 break; 714 } 715 716 if (opt) 717 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 718 else 719 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 720 721 break; 722 723 default: 724 err = -ENOPROTOOPT; 725 break; 726 } 727 728 release_sock(sk); 729 return err; 730} 731 732static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 733{ 734 struct sock *sk = sock->sk; 735 struct sock *l2cap_sk; 736 struct l2cap_conn *conn; 737 struct rfcomm_conninfo cinfo; 738 int len, err = 0; 739 u32 opt; 740 741 BT_DBG("sk %p", sk); 742 743 if (get_user(len, optlen)) 744 return -EFAULT; 745 746 lock_sock(sk); 747 748 switch (optname) { 749 case RFCOMM_LM: 750 switch (rfcomm_pi(sk)->sec_level) { 751 case BT_SECURITY_LOW: 752 opt = RFCOMM_LM_AUTH; 753 break; 754 case BT_SECURITY_MEDIUM: 755 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; 756 break; 757 case BT_SECURITY_HIGH: 758 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 759 RFCOMM_LM_SECURE; 760 break; 761 case BT_SECURITY_FIPS: 762 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | 763 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; 764 break; 765 default: 766 opt = 0; 767 break; 768 } 769 770 if (rfcomm_pi(sk)->role_switch) 771 opt |= RFCOMM_LM_MASTER; 772 773 if (put_user(opt, (u32 __user *) optval)) 774 err = -EFAULT; 775 776 break; 777 778 case RFCOMM_CONNINFO: 779 if (sk->sk_state != BT_CONNECTED && 780 !rfcomm_pi(sk)->dlc->defer_setup) { 781 err = -ENOTCONN; 782 break; 783 } 784 785 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 786 conn = l2cap_pi(l2cap_sk)->chan->conn; 787 788 memset(&cinfo, 0, sizeof(cinfo)); 789 cinfo.hci_handle = conn->hcon->handle; 790 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 791 792 len = min_t(unsigned int, len, sizeof(cinfo)); 793 if (copy_to_user(optval, (char *) &cinfo, len)) 794 err = -EFAULT; 795 796 break; 797 798 default: 799 err = -ENOPROTOOPT; 800 break; 801 } 802 803 release_sock(sk); 804 return err; 805} 806 807static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 808{ 809 struct sock *sk = sock->sk; 810 struct bt_security sec; 811 int len, err = 0; 812 813 BT_DBG("sk %p", sk); 814 815 if (level == SOL_RFCOMM) 816 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); 817 818 if (level != SOL_BLUETOOTH) 819 return -ENOPROTOOPT; 820 821 if (get_user(len, optlen)) 822 return -EFAULT; 823 824 lock_sock(sk); 825 826 switch (optname) { 827 case BT_SECURITY: 828 if (sk->sk_type != SOCK_STREAM) { 829 err = -EINVAL; 830 break; 831 } 832 833 sec.level = rfcomm_pi(sk)->sec_level; 834 sec.key_size = 0; 835 836 len = min_t(unsigned int, len, sizeof(sec)); 837 if (copy_to_user(optval, (char *) &sec, len)) 838 err = -EFAULT; 839 840 break; 841 842 case BT_DEFER_SETUP: 843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 844 err = -EINVAL; 845 break; 846 } 847 848 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 849 (u32 __user *) optval)) 850 err = -EFAULT; 851 852 break; 853 854 default: 855 err = -ENOPROTOOPT; 856 break; 857 } 858 859 release_sock(sk); 860 return err; 861} 862 863static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 864{ 865 struct sock *sk __maybe_unused = sock->sk; 866 int err; 867 868 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 869 870 err = bt_sock_ioctl(sock, cmd, arg); 871 872 if (err == -ENOIOCTLCMD) { 873#ifdef CONFIG_BT_RFCOMM_TTY 874 lock_sock(sk); 875 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 876 release_sock(sk); 877#else 878 err = -EOPNOTSUPP; 879#endif 880 } 881 882 return err; 883} 884 885#ifdef CONFIG_COMPAT 886static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 887{ 888 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); 889} 890#endif 891 892static int rfcomm_sock_shutdown(struct socket *sock, int how) 893{ 894 struct sock *sk = sock->sk; 895 int err = 0; 896 897 BT_DBG("sock %p, sk %p", sock, sk); 898 899 if (!sk) 900 return 0; 901 902 lock_sock(sk); 903 if (!sk->sk_shutdown) { 904 sk->sk_shutdown = SHUTDOWN_MASK; 905 __rfcomm_sock_close(sk); 906 907 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 908 !(current->flags & PF_EXITING)) 909 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 910 } 911 release_sock(sk); 912 return err; 913} 914 915static int rfcomm_sock_release(struct socket *sock) 916{ 917 struct sock *sk = sock->sk; 918 int err; 919 920 BT_DBG("sock %p, sk %p", sock, sk); 921 922 if (!sk) 923 return 0; 924 925 err = rfcomm_sock_shutdown(sock, 2); 926 927 sock_orphan(sk); 928 rfcomm_sock_kill(sk); 929 return err; 930} 931 932/* ---- RFCOMM core layer callbacks ---- 933 * 934 * called under rfcomm_lock() 935 */ 936int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 937{ 938 struct sock *sk, *parent; 939 bdaddr_t src, dst; 940 int result = 0; 941 942 BT_DBG("session %p channel %d", s, channel); 943 944 rfcomm_session_getaddr(s, &src, &dst); 945 946 /* Check if we have socket listening on channel */ 947 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 948 if (!parent) 949 return 0; 950 951 lock_sock(parent); 952 953 /* Check for backlog size */ 954 if (sk_acceptq_is_full(parent)) { 955 BT_DBG("backlog full %d", parent->sk_ack_backlog); 956 goto done; 957 } 958 959 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); 960 if (!sk) 961 goto done; 962 963 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 964 965 rfcomm_sock_init(sk, parent); 966 bacpy(&rfcomm_pi(sk)->src, &src); 967 bacpy(&rfcomm_pi(sk)->dst, &dst); 968 rfcomm_pi(sk)->channel = channel; 969 970 sk->sk_state = BT_CONFIG; 971 bt_accept_enqueue(parent, sk, true); 972 973 /* Accept connection and return socket DLC */ 974 *d = rfcomm_pi(sk)->dlc; 975 result = 1; 976 977done: 978 release_sock(parent); 979 980 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 981 parent->sk_state_change(parent); 982 983 return result; 984} 985 986static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) 987{ 988 struct sock *sk; 989 990 read_lock(&rfcomm_sk_list.lock); 991 992 sk_for_each(sk, &rfcomm_sk_list.head) { 993 seq_printf(f, "%pMR %pMR %d %d\n", 994 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, 995 sk->sk_state, rfcomm_pi(sk)->channel); 996 } 997 998 read_unlock(&rfcomm_sk_list.lock); 999 1000 return 0; 1001} 1002 1003DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs); 1004 1005static struct dentry *rfcomm_sock_debugfs; 1006 1007static const struct proto_ops rfcomm_sock_ops = { 1008 .family = PF_BLUETOOTH, 1009 .owner = THIS_MODULE, 1010 .release = rfcomm_sock_release, 1011 .bind = rfcomm_sock_bind, 1012 .connect = rfcomm_sock_connect, 1013 .listen = rfcomm_sock_listen, 1014 .accept = rfcomm_sock_accept, 1015 .getname = rfcomm_sock_getname, 1016 .sendmsg = rfcomm_sock_sendmsg, 1017 .recvmsg = rfcomm_sock_recvmsg, 1018 .shutdown = rfcomm_sock_shutdown, 1019 .setsockopt = rfcomm_sock_setsockopt, 1020 .getsockopt = rfcomm_sock_getsockopt, 1021 .ioctl = rfcomm_sock_ioctl, 1022 .gettstamp = sock_gettstamp, 1023 .poll = bt_sock_poll, 1024 .socketpair = sock_no_socketpair, 1025 .mmap = sock_no_mmap, 1026#ifdef CONFIG_COMPAT 1027 .compat_ioctl = rfcomm_sock_compat_ioctl, 1028#endif 1029}; 1030 1031static const struct net_proto_family rfcomm_sock_family_ops = { 1032 .family = PF_BLUETOOTH, 1033 .owner = THIS_MODULE, 1034 .create = rfcomm_sock_create 1035}; 1036 1037int __init rfcomm_init_sockets(void) 1038{ 1039 int err; 1040 1041 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); 1042 1043 err = proto_register(&rfcomm_proto, 0); 1044 if (err < 0) 1045 return err; 1046 1047 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1048 if (err < 0) { 1049 BT_ERR("RFCOMM socket layer registration failed"); 1050 goto error; 1051 } 1052 1053 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); 1054 if (err < 0) { 1055 BT_ERR("Failed to create RFCOMM proc file"); 1056 bt_sock_unregister(BTPROTO_RFCOMM); 1057 goto error; 1058 } 1059 1060 BT_INFO("RFCOMM socket layer initialized"); 1061 1062 if (IS_ERR_OR_NULL(bt_debugfs)) 1063 return 0; 1064 1065 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, 1066 bt_debugfs, NULL, 1067 &rfcomm_sock_debugfs_fops); 1068 1069 return 0; 1070 1071error: 1072 proto_unregister(&rfcomm_proto); 1073 return err; 1074} 1075 1076void __exit rfcomm_cleanup_sockets(void) 1077{ 1078 bt_procfs_cleanup(&init_net, "rfcomm"); 1079 1080 debugfs_remove(rfcomm_sock_debugfs); 1081 1082 bt_sock_unregister(BTPROTO_RFCOMM); 1083 1084 proto_unregister(&rfcomm_proto); 1085}