root/net/bluetooth/rfcomm/sock.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. rfcomm_sk_data_ready
  2. rfcomm_sk_state_change
  3. __rfcomm_get_listen_sock_by_addr
  4. rfcomm_get_sock_by_channel
  5. rfcomm_sock_destruct
  6. rfcomm_sock_cleanup_listen
  7. rfcomm_sock_kill
  8. __rfcomm_sock_close
  9. rfcomm_sock_close
  10. rfcomm_sock_init
  11. rfcomm_sock_alloc
  12. rfcomm_sock_create
  13. rfcomm_sock_bind
  14. rfcomm_sock_connect
  15. rfcomm_sock_listen
  16. rfcomm_sock_accept
  17. rfcomm_sock_getname
  18. rfcomm_sock_sendmsg
  19. rfcomm_sock_recvmsg
  20. rfcomm_sock_setsockopt_old
  21. rfcomm_sock_setsockopt
  22. rfcomm_sock_getsockopt_old
  23. rfcomm_sock_getsockopt
  24. rfcomm_sock_ioctl
  25. rfcomm_sock_shutdown
  26. rfcomm_sock_release
  27. rfcomm_connect_ind
  28. rfcomm_sock_debugfs_show
  29. rfcomm_init_sockets
  30. rfcomm_cleanup_sockets

   1 /*
   2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
   3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
   4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
   5 
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License version 2 as
   8    published by the Free Software Foundation;
   9 
  10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18 
  19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  21    SOFTWARE IS DISCLAIMED.
  22 */
  23 
  24 /*
  25  * RFCOMM sockets.
  26  */
  27 
  28 #include <linux/export.h>
  29 #include <linux/debugfs.h>
  30 #include <linux/sched/signal.h>
  31 
  32 #include <net/bluetooth/bluetooth.h>
  33 #include <net/bluetooth/hci_core.h>
  34 #include <net/bluetooth/l2cap.h>
  35 #include <net/bluetooth/rfcomm.h>
  36 
  37 static const struct proto_ops rfcomm_sock_ops;
  38 
  39 static struct bt_sock_list rfcomm_sk_list = {
  40         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
  41 };
  42 
  43 static void rfcomm_sock_close(struct sock *sk);
  44 static void rfcomm_sock_kill(struct sock *sk);
  45 
  46 /* ---- DLC callbacks ----
  47  *
  48  * called under rfcomm_dlc_lock()
  49  */
  50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
  51 {
  52         struct sock *sk = d->owner;
  53         if (!sk)
  54                 return;
  55 
  56         atomic_add(skb->len, &sk->sk_rmem_alloc);
  57         skb_queue_tail(&sk->sk_receive_queue, skb);
  58         sk->sk_data_ready(sk);
  59 
  60         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
  61                 rfcomm_dlc_throttle(d);
  62 }
  63 
  64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
  65 {
  66         struct sock *sk = d->owner, *parent;
  67         unsigned long flags;
  68 
  69         if (!sk)
  70                 return;
  71 
  72         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
  73 
  74         local_irq_save(flags);
  75         bh_lock_sock(sk);
  76 
  77         if (err)
  78                 sk->sk_err = err;
  79 
  80         sk->sk_state = d->state;
  81 
  82         parent = bt_sk(sk)->parent;
  83         if (parent) {
  84                 if (d->state == BT_CLOSED) {
  85                         sock_set_flag(sk, SOCK_ZAPPED);
  86                         bt_accept_unlink(sk);
  87                 }
  88                 parent->sk_data_ready(parent);
  89         } else {
  90                 if (d->state == BT_CONNECTED)
  91                         rfcomm_session_getaddr(d->session,
  92                                                &rfcomm_pi(sk)->src, NULL);
  93                 sk->sk_state_change(sk);
  94         }
  95 
  96         bh_unlock_sock(sk);
  97         local_irq_restore(flags);
  98 
  99         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
 100                 /* We have to drop DLC lock here, otherwise
 101                  * rfcomm_sock_destruct() will dead lock. */
 102                 rfcomm_dlc_unlock(d);
 103                 rfcomm_sock_kill(sk);
 104                 rfcomm_dlc_lock(d);
 105         }
 106 }
 107 
 108 /* ---- Socket functions ---- */
 109 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
 110 {
 111         struct sock *sk = NULL;
 112 
 113         sk_for_each(sk, &rfcomm_sk_list.head) {
 114                 if (rfcomm_pi(sk)->channel != channel)
 115                         continue;
 116 
 117                 if (bacmp(&rfcomm_pi(sk)->src, src))
 118                         continue;
 119 
 120                 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
 121                         break;
 122         }
 123 
 124         return sk ? sk : NULL;
 125 }
 126 
 127 /* Find socket with channel and source bdaddr.
 128  * Returns closest match.
 129  */
 130 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
 131 {
 132         struct sock *sk = NULL, *sk1 = NULL;
 133 
 134         read_lock(&rfcomm_sk_list.lock);
 135 
 136         sk_for_each(sk, &rfcomm_sk_list.head) {
 137                 if (state && sk->sk_state != state)
 138                         continue;
 139 
 140                 if (rfcomm_pi(sk)->channel == channel) {
 141                         /* Exact match. */
 142                         if (!bacmp(&rfcomm_pi(sk)->src, src))
 143                                 break;
 144 
 145                         /* Closest match */
 146                         if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
 147                                 sk1 = sk;
 148                 }
 149         }
 150 
 151         read_unlock(&rfcomm_sk_list.lock);
 152 
 153         return sk ? sk : sk1;
 154 }
 155 
 156 static void rfcomm_sock_destruct(struct sock *sk)
 157 {
 158         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
 159 
 160         BT_DBG("sk %p dlc %p", sk, d);
 161 
 162         skb_queue_purge(&sk->sk_receive_queue);
 163         skb_queue_purge(&sk->sk_write_queue);
 164 
 165         rfcomm_dlc_lock(d);
 166         rfcomm_pi(sk)->dlc = NULL;
 167 
 168         /* Detach DLC if it's owned by this socket */
 169         if (d->owner == sk)
 170                 d->owner = NULL;
 171         rfcomm_dlc_unlock(d);
 172 
 173         rfcomm_dlc_put(d);
 174 }
 175 
 176 static void rfcomm_sock_cleanup_listen(struct sock *parent)
 177 {
 178         struct sock *sk;
 179 
 180         BT_DBG("parent %p", parent);
 181 
 182         /* Close not yet accepted dlcs */
 183         while ((sk = bt_accept_dequeue(parent, NULL))) {
 184                 rfcomm_sock_close(sk);
 185                 rfcomm_sock_kill(sk);
 186         }
 187 
 188         parent->sk_state  = BT_CLOSED;
 189         sock_set_flag(parent, SOCK_ZAPPED);
 190 }
 191 
 192 /* Kill socket (only if zapped and orphan)
 193  * Must be called on unlocked socket.
 194  */
 195 static void rfcomm_sock_kill(struct sock *sk)
 196 {
 197         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
 198                 return;
 199 
 200         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
 201 
 202         /* Kill poor orphan */
 203         bt_sock_unlink(&rfcomm_sk_list, sk);
 204         sock_set_flag(sk, SOCK_DEAD);
 205         sock_put(sk);
 206 }
 207 
 208 static void __rfcomm_sock_close(struct sock *sk)
 209 {
 210         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
 211 
 212         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
 213 
 214         switch (sk->sk_state) {
 215         case BT_LISTEN:
 216                 rfcomm_sock_cleanup_listen(sk);
 217                 break;
 218 
 219         case BT_CONNECT:
 220         case BT_CONNECT2:
 221         case BT_CONFIG:
 222         case BT_CONNECTED:
 223                 rfcomm_dlc_close(d, 0);
 224                 /* fall through */
 225 
 226         default:
 227                 sock_set_flag(sk, SOCK_ZAPPED);
 228                 break;
 229         }
 230 }
 231 
 232 /* Close socket.
 233  * Must be called on unlocked socket.
 234  */
 235 static void rfcomm_sock_close(struct sock *sk)
 236 {
 237         lock_sock(sk);
 238         __rfcomm_sock_close(sk);
 239         release_sock(sk);
 240 }
 241 
 242 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
 243 {
 244         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
 245 
 246         BT_DBG("sk %p", sk);
 247 
 248         if (parent) {
 249                 sk->sk_type = parent->sk_type;
 250                 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
 251                                                 &bt_sk(parent)->flags);
 252 
 253                 pi->sec_level = rfcomm_pi(parent)->sec_level;
 254                 pi->role_switch = rfcomm_pi(parent)->role_switch;
 255 
 256                 security_sk_clone(parent, sk);
 257         } else {
 258                 pi->dlc->defer_setup = 0;
 259 
 260                 pi->sec_level = BT_SECURITY_LOW;
 261                 pi->role_switch = 0;
 262         }
 263 
 264         pi->dlc->sec_level = pi->sec_level;
 265         pi->dlc->role_switch = pi->role_switch;
 266 }
 267 
 268 static struct proto rfcomm_proto = {
 269         .name           = "RFCOMM",
 270         .owner          = THIS_MODULE,
 271         .obj_size       = sizeof(struct rfcomm_pinfo)
 272 };
 273 
 274 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
 275 {
 276         struct rfcomm_dlc *d;
 277         struct sock *sk;
 278 
 279         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
 280         if (!sk)
 281                 return NULL;
 282 
 283         sock_init_data(sock, sk);
 284         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
 285 
 286         d = rfcomm_dlc_alloc(prio);
 287         if (!d) {
 288                 sk_free(sk);
 289                 return NULL;
 290         }
 291 
 292         d->data_ready   = rfcomm_sk_data_ready;
 293         d->state_change = rfcomm_sk_state_change;
 294 
 295         rfcomm_pi(sk)->dlc = d;
 296         d->owner = sk;
 297 
 298         sk->sk_destruct = rfcomm_sock_destruct;
 299         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
 300 
 301         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
 302         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
 303 
 304         sock_reset_flag(sk, SOCK_ZAPPED);
 305 
 306         sk->sk_protocol = proto;
 307         sk->sk_state    = BT_OPEN;
 308 
 309         bt_sock_link(&rfcomm_sk_list, sk);
 310 
 311         BT_DBG("sk %p", sk);
 312         return sk;
 313 }
 314 
 315 static int rfcomm_sock_create(struct net *net, struct socket *sock,
 316                               int protocol, int kern)
 317 {
 318         struct sock *sk;
 319 
 320         BT_DBG("sock %p", sock);
 321 
 322         sock->state = SS_UNCONNECTED;
 323 
 324         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
 325                 return -ESOCKTNOSUPPORT;
 326 
 327         sock->ops = &rfcomm_sock_ops;
 328 
 329         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
 330         if (!sk)
 331                 return -ENOMEM;
 332 
 333         rfcomm_sock_init(sk, NULL);
 334         return 0;
 335 }
 336 
 337 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
 338 {
 339         struct sockaddr_rc sa;
 340         struct sock *sk = sock->sk;
 341         int len, err = 0;
 342 
 343         if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
 344             addr->sa_family != AF_BLUETOOTH)
 345                 return -EINVAL;
 346 
 347         memset(&sa, 0, sizeof(sa));
 348         len = min_t(unsigned int, sizeof(sa), addr_len);
 349         memcpy(&sa, addr, len);
 350 
 351         BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
 352 
 353         lock_sock(sk);
 354 
 355         if (sk->sk_state != BT_OPEN) {
 356                 err = -EBADFD;
 357                 goto done;
 358         }
 359 
 360         if (sk->sk_type != SOCK_STREAM) {
 361                 err = -EINVAL;
 362                 goto done;
 363         }
 364 
 365         write_lock(&rfcomm_sk_list.lock);
 366 
 367         if (sa.rc_channel &&
 368             __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
 369                 err = -EADDRINUSE;
 370         } else {
 371                 /* Save source address */
 372                 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
 373                 rfcomm_pi(sk)->channel = sa.rc_channel;
 374                 sk->sk_state = BT_BOUND;
 375         }
 376 
 377         write_unlock(&rfcomm_sk_list.lock);
 378 
 379 done:
 380         release_sock(sk);
 381         return err;
 382 }
 383 
 384 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
 385 {
 386         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
 387         struct sock *sk = sock->sk;
 388         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
 389         int err = 0;
 390 
 391         BT_DBG("sk %p", sk);
 392 
 393         if (alen < sizeof(struct sockaddr_rc) ||
 394             addr->sa_family != AF_BLUETOOTH)
 395                 return -EINVAL;
 396 
 397         lock_sock(sk);
 398 
 399         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
 400                 err = -EBADFD;
 401                 goto done;
 402         }
 403 
 404         if (sk->sk_type != SOCK_STREAM) {
 405                 err = -EINVAL;
 406                 goto done;
 407         }
 408 
 409         sk->sk_state = BT_CONNECT;
 410         bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
 411         rfcomm_pi(sk)->channel = sa->rc_channel;
 412 
 413         d->sec_level = rfcomm_pi(sk)->sec_level;
 414         d->role_switch = rfcomm_pi(sk)->role_switch;
 415 
 416         err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
 417                               sa->rc_channel);
 418         if (!err)
 419                 err = bt_sock_wait_state(sk, BT_CONNECTED,
 420                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
 421 
 422 done:
 423         release_sock(sk);
 424         return err;
 425 }
 426 
 427 static int rfcomm_sock_listen(struct socket *sock, int backlog)
 428 {
 429         struct sock *sk = sock->sk;
 430         int err = 0;
 431 
 432         BT_DBG("sk %p backlog %d", sk, backlog);
 433 
 434         lock_sock(sk);
 435 
 436         if (sk->sk_state != BT_BOUND) {
 437                 err = -EBADFD;
 438                 goto done;
 439         }
 440 
 441         if (sk->sk_type != SOCK_STREAM) {
 442                 err = -EINVAL;
 443                 goto done;
 444         }
 445 
 446         if (!rfcomm_pi(sk)->channel) {
 447                 bdaddr_t *src = &rfcomm_pi(sk)->src;
 448                 u8 channel;
 449 
 450                 err = -EINVAL;
 451 
 452                 write_lock(&rfcomm_sk_list.lock);
 453 
 454                 for (channel = 1; channel < 31; channel++)
 455                         if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
 456                                 rfcomm_pi(sk)->channel = channel;
 457                                 err = 0;
 458                                 break;
 459                         }
 460 
 461                 write_unlock(&rfcomm_sk_list.lock);
 462 
 463                 if (err < 0)
 464                         goto done;
 465         }
 466 
 467         sk->sk_max_ack_backlog = backlog;
 468         sk->sk_ack_backlog = 0;
 469         sk->sk_state = BT_LISTEN;
 470 
 471 done:
 472         release_sock(sk);
 473         return err;
 474 }
 475 
 476 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
 477                               bool kern)
 478 {
 479         DEFINE_WAIT_FUNC(wait, woken_wake_function);
 480         struct sock *sk = sock->sk, *nsk;
 481         long timeo;
 482         int err = 0;
 483 
 484         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
 485 
 486         if (sk->sk_type != SOCK_STREAM) {
 487                 err = -EINVAL;
 488                 goto done;
 489         }
 490 
 491         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
 492 
 493         BT_DBG("sk %p timeo %ld", sk, timeo);
 494 
 495         /* Wait for an incoming connection. (wake-one). */
 496         add_wait_queue_exclusive(sk_sleep(sk), &wait);
 497         while (1) {
 498                 if (sk->sk_state != BT_LISTEN) {
 499                         err = -EBADFD;
 500                         break;
 501                 }
 502 
 503                 nsk = bt_accept_dequeue(sk, newsock);
 504                 if (nsk)
 505                         break;
 506 
 507                 if (!timeo) {
 508                         err = -EAGAIN;
 509                         break;
 510                 }
 511 
 512                 if (signal_pending(current)) {
 513                         err = sock_intr_errno(timeo);
 514                         break;
 515                 }
 516 
 517                 release_sock(sk);
 518 
 519                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
 520 
 521                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
 522         }
 523         remove_wait_queue(sk_sleep(sk), &wait);
 524 
 525         if (err)
 526                 goto done;
 527 
 528         newsock->state = SS_CONNECTED;
 529 
 530         BT_DBG("new socket %p", nsk);
 531 
 532 done:
 533         release_sock(sk);
 534         return err;
 535 }
 536 
 537 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
 538 {
 539         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
 540         struct sock *sk = sock->sk;
 541 
 542         BT_DBG("sock %p, sk %p", sock, sk);
 543 
 544         if (peer && sk->sk_state != BT_CONNECTED &&
 545             sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
 546                 return -ENOTCONN;
 547 
 548         memset(sa, 0, sizeof(*sa));
 549         sa->rc_family  = AF_BLUETOOTH;
 550         sa->rc_channel = rfcomm_pi(sk)->channel;
 551         if (peer)
 552                 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
 553         else
 554                 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
 555 
 556         return sizeof(struct sockaddr_rc);
 557 }
 558 
 559 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 560                                size_t len)
 561 {
 562         struct sock *sk = sock->sk;
 563         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
 564         struct sk_buff *skb;
 565         int sent;
 566 
 567         if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
 568                 return -ENOTCONN;
 569 
 570         if (msg->msg_flags & MSG_OOB)
 571                 return -EOPNOTSUPP;
 572 
 573         if (sk->sk_shutdown & SEND_SHUTDOWN)
 574                 return -EPIPE;
 575 
 576         BT_DBG("sock %p, sk %p", sock, sk);
 577 
 578         lock_sock(sk);
 579 
 580         sent = bt_sock_wait_ready(sk, msg->msg_flags);
 581         if (sent)
 582                 goto done;
 583 
 584         while (len) {
 585                 size_t size = min_t(size_t, len, d->mtu);
 586                 int err;
 587 
 588                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
 589                                 msg->msg_flags & MSG_DONTWAIT, &err);
 590                 if (!skb) {
 591                         if (sent == 0)
 592                                 sent = err;
 593                         break;
 594                 }
 595                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
 596 
 597                 err = memcpy_from_msg(skb_put(skb, size), msg, size);
 598                 if (err) {
 599                         kfree_skb(skb);
 600                         if (sent == 0)
 601                                 sent = err;
 602                         break;
 603                 }
 604 
 605                 skb->priority = sk->sk_priority;
 606 
 607                 err = rfcomm_dlc_send(d, skb);
 608                 if (err < 0) {
 609                         kfree_skb(skb);
 610                         if (sent == 0)
 611                                 sent = err;
 612                         break;
 613                 }
 614 
 615                 sent += size;
 616                 len  -= size;
 617         }
 618 
 619 done:
 620         release_sock(sk);
 621 
 622         return sent;
 623 }
 624 
 625 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 626                                size_t size, int flags)
 627 {
 628         struct sock *sk = sock->sk;
 629         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
 630         int len;
 631 
 632         if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
 633                 rfcomm_dlc_accept(d);
 634                 return 0;
 635         }
 636 
 637         len = bt_sock_stream_recvmsg(sock, msg, size, flags);
 638 
 639         lock_sock(sk);
 640         if (!(flags & MSG_PEEK) && len > 0)
 641                 atomic_sub(len, &sk->sk_rmem_alloc);
 642 
 643         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
 644                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
 645         release_sock(sk);
 646 
 647         return len;
 648 }
 649 
 650 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
 651 {
 652         struct sock *sk = sock->sk;
 653         int err = 0;
 654         u32 opt;
 655 
 656         BT_DBG("sk %p", sk);
 657 
 658         lock_sock(sk);
 659 
 660         switch (optname) {
 661         case RFCOMM_LM:
 662                 if (get_user(opt, (u32 __user *) optval)) {
 663                         err = -EFAULT;
 664                         break;
 665                 }
 666 
 667                 if (opt & RFCOMM_LM_FIPS) {
 668                         err = -EINVAL;
 669                         break;
 670                 }
 671 
 672                 if (opt & RFCOMM_LM_AUTH)
 673                         rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
 674                 if (opt & RFCOMM_LM_ENCRYPT)
 675                         rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
 676                 if (opt & RFCOMM_LM_SECURE)
 677                         rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
 678 
 679                 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
 680                 break;
 681 
 682         default:
 683                 err = -ENOPROTOOPT;
 684                 break;
 685         }
 686 
 687         release_sock(sk);
 688         return err;
 689 }
 690 
 691 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
 692 {
 693         struct sock *sk = sock->sk;
 694         struct bt_security sec;
 695         int err = 0;
 696         size_t len;
 697         u32 opt;
 698 
 699         BT_DBG("sk %p", sk);
 700 
 701         if (level == SOL_RFCOMM)
 702                 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
 703 
 704         if (level != SOL_BLUETOOTH)
 705                 return -ENOPROTOOPT;
 706 
 707         lock_sock(sk);
 708 
 709         switch (optname) {
 710         case BT_SECURITY:
 711                 if (sk->sk_type != SOCK_STREAM) {
 712                         err = -EINVAL;
 713                         break;
 714                 }
 715 
 716                 sec.level = BT_SECURITY_LOW;
 717 
 718                 len = min_t(unsigned int, sizeof(sec), optlen);
 719                 if (copy_from_user((char *) &sec, optval, len)) {
 720                         err = -EFAULT;
 721                         break;
 722                 }
 723 
 724                 if (sec.level > BT_SECURITY_HIGH) {
 725                         err = -EINVAL;
 726                         break;
 727                 }
 728 
 729                 rfcomm_pi(sk)->sec_level = sec.level;
 730                 break;
 731 
 732         case BT_DEFER_SETUP:
 733                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 734                         err = -EINVAL;
 735                         break;
 736                 }
 737 
 738                 if (get_user(opt, (u32 __user *) optval)) {
 739                         err = -EFAULT;
 740                         break;
 741                 }
 742 
 743                 if (opt)
 744                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 745                 else
 746                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 747 
 748                 break;
 749 
 750         default:
 751                 err = -ENOPROTOOPT;
 752                 break;
 753         }
 754 
 755         release_sock(sk);
 756         return err;
 757 }
 758 
 759 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
 760 {
 761         struct sock *sk = sock->sk;
 762         struct sock *l2cap_sk;
 763         struct l2cap_conn *conn;
 764         struct rfcomm_conninfo cinfo;
 765         int len, err = 0;
 766         u32 opt;
 767 
 768         BT_DBG("sk %p", sk);
 769 
 770         if (get_user(len, optlen))
 771                 return -EFAULT;
 772 
 773         lock_sock(sk);
 774 
 775         switch (optname) {
 776         case RFCOMM_LM:
 777                 switch (rfcomm_pi(sk)->sec_level) {
 778                 case BT_SECURITY_LOW:
 779                         opt = RFCOMM_LM_AUTH;
 780                         break;
 781                 case BT_SECURITY_MEDIUM:
 782                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
 783                         break;
 784                 case BT_SECURITY_HIGH:
 785                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
 786                               RFCOMM_LM_SECURE;
 787                         break;
 788                 case BT_SECURITY_FIPS:
 789                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
 790                               RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
 791                         break;
 792                 default:
 793                         opt = 0;
 794                         break;
 795                 }
 796 
 797                 if (rfcomm_pi(sk)->role_switch)
 798                         opt |= RFCOMM_LM_MASTER;
 799 
 800                 if (put_user(opt, (u32 __user *) optval))
 801                         err = -EFAULT;
 802 
 803                 break;
 804 
 805         case RFCOMM_CONNINFO:
 806                 if (sk->sk_state != BT_CONNECTED &&
 807                                         !rfcomm_pi(sk)->dlc->defer_setup) {
 808                         err = -ENOTCONN;
 809                         break;
 810                 }
 811 
 812                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
 813                 conn = l2cap_pi(l2cap_sk)->chan->conn;
 814 
 815                 memset(&cinfo, 0, sizeof(cinfo));
 816                 cinfo.hci_handle = conn->hcon->handle;
 817                 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
 818 
 819                 len = min_t(unsigned int, len, sizeof(cinfo));
 820                 if (copy_to_user(optval, (char *) &cinfo, len))
 821                         err = -EFAULT;
 822 
 823                 break;
 824 
 825         default:
 826                 err = -ENOPROTOOPT;
 827                 break;
 828         }
 829 
 830         release_sock(sk);
 831         return err;
 832 }
 833 
 834 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
 835 {
 836         struct sock *sk = sock->sk;
 837         struct bt_security sec;
 838         int len, err = 0;
 839 
 840         BT_DBG("sk %p", sk);
 841 
 842         if (level == SOL_RFCOMM)
 843                 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
 844 
 845         if (level != SOL_BLUETOOTH)
 846                 return -ENOPROTOOPT;
 847 
 848         if (get_user(len, optlen))
 849                 return -EFAULT;
 850 
 851         lock_sock(sk);
 852 
 853         switch (optname) {
 854         case BT_SECURITY:
 855                 if (sk->sk_type != SOCK_STREAM) {
 856                         err = -EINVAL;
 857                         break;
 858                 }
 859 
 860                 sec.level = rfcomm_pi(sk)->sec_level;
 861                 sec.key_size = 0;
 862 
 863                 len = min_t(unsigned int, len, sizeof(sec));
 864                 if (copy_to_user(optval, (char *) &sec, len))
 865                         err = -EFAULT;
 866 
 867                 break;
 868 
 869         case BT_DEFER_SETUP:
 870                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 871                         err = -EINVAL;
 872                         break;
 873                 }
 874 
 875                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
 876                              (u32 __user *) optval))
 877                         err = -EFAULT;
 878 
 879                 break;
 880 
 881         default:
 882                 err = -ENOPROTOOPT;
 883                 break;
 884         }
 885 
 886         release_sock(sk);
 887         return err;
 888 }
 889 
 890 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 891 {
 892         struct sock *sk __maybe_unused = sock->sk;
 893         int err;
 894 
 895         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
 896 
 897         err = bt_sock_ioctl(sock, cmd, arg);
 898 
 899         if (err == -ENOIOCTLCMD) {
 900 #ifdef CONFIG_BT_RFCOMM_TTY
 901                 lock_sock(sk);
 902                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
 903                 release_sock(sk);
 904 #else
 905                 err = -EOPNOTSUPP;
 906 #endif
 907         }
 908 
 909         return err;
 910 }
 911 
 912 static int rfcomm_sock_shutdown(struct socket *sock, int how)
 913 {
 914         struct sock *sk = sock->sk;
 915         int err = 0;
 916 
 917         BT_DBG("sock %p, sk %p", sock, sk);
 918 
 919         if (!sk)
 920                 return 0;
 921 
 922         lock_sock(sk);
 923         if (!sk->sk_shutdown) {
 924                 sk->sk_shutdown = SHUTDOWN_MASK;
 925                 __rfcomm_sock_close(sk);
 926 
 927                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
 928                     !(current->flags & PF_EXITING))
 929                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
 930         }
 931         release_sock(sk);
 932         return err;
 933 }
 934 
 935 static int rfcomm_sock_release(struct socket *sock)
 936 {
 937         struct sock *sk = sock->sk;
 938         int err;
 939 
 940         BT_DBG("sock %p, sk %p", sock, sk);
 941 
 942         if (!sk)
 943                 return 0;
 944 
 945         err = rfcomm_sock_shutdown(sock, 2);
 946 
 947         sock_orphan(sk);
 948         rfcomm_sock_kill(sk);
 949         return err;
 950 }
 951 
 952 /* ---- RFCOMM core layer callbacks ----
 953  *
 954  * called under rfcomm_lock()
 955  */
 956 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
 957 {
 958         struct sock *sk, *parent;
 959         bdaddr_t src, dst;
 960         int result = 0;
 961 
 962         BT_DBG("session %p channel %d", s, channel);
 963 
 964         rfcomm_session_getaddr(s, &src, &dst);
 965 
 966         /* Check if we have socket listening on channel */
 967         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
 968         if (!parent)
 969                 return 0;
 970 
 971         bh_lock_sock(parent);
 972 
 973         /* Check for backlog size */
 974         if (sk_acceptq_is_full(parent)) {
 975                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
 976                 goto done;
 977         }
 978 
 979         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
 980         if (!sk)
 981                 goto done;
 982 
 983         bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
 984 
 985         rfcomm_sock_init(sk, parent);
 986         bacpy(&rfcomm_pi(sk)->src, &src);
 987         bacpy(&rfcomm_pi(sk)->dst, &dst);
 988         rfcomm_pi(sk)->channel = channel;
 989 
 990         sk->sk_state = BT_CONFIG;
 991         bt_accept_enqueue(parent, sk, true);
 992 
 993         /* Accept connection and return socket DLC */
 994         *d = rfcomm_pi(sk)->dlc;
 995         result = 1;
 996 
 997 done:
 998         bh_unlock_sock(parent);
 999 
1000         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1001                 parent->sk_state_change(parent);
1002 
1003         return result;
1004 }
1005 
1006 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1007 {
1008         struct sock *sk;
1009 
1010         read_lock(&rfcomm_sk_list.lock);
1011 
1012         sk_for_each(sk, &rfcomm_sk_list.head) {
1013                 seq_printf(f, "%pMR %pMR %d %d\n",
1014                            &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1015                            sk->sk_state, rfcomm_pi(sk)->channel);
1016         }
1017 
1018         read_unlock(&rfcomm_sk_list.lock);
1019 
1020         return 0;
1021 }
1022 
1023 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1024 
1025 static struct dentry *rfcomm_sock_debugfs;
1026 
1027 static const struct proto_ops rfcomm_sock_ops = {
1028         .family         = PF_BLUETOOTH,
1029         .owner          = THIS_MODULE,
1030         .release        = rfcomm_sock_release,
1031         .bind           = rfcomm_sock_bind,
1032         .connect        = rfcomm_sock_connect,
1033         .listen         = rfcomm_sock_listen,
1034         .accept         = rfcomm_sock_accept,
1035         .getname        = rfcomm_sock_getname,
1036         .sendmsg        = rfcomm_sock_sendmsg,
1037         .recvmsg        = rfcomm_sock_recvmsg,
1038         .shutdown       = rfcomm_sock_shutdown,
1039         .setsockopt     = rfcomm_sock_setsockopt,
1040         .getsockopt     = rfcomm_sock_getsockopt,
1041         .ioctl          = rfcomm_sock_ioctl,
1042         .gettstamp      = sock_gettstamp,
1043         .poll           = bt_sock_poll,
1044         .socketpair     = sock_no_socketpair,
1045         .mmap           = sock_no_mmap
1046 };
1047 
1048 static const struct net_proto_family rfcomm_sock_family_ops = {
1049         .family         = PF_BLUETOOTH,
1050         .owner          = THIS_MODULE,
1051         .create         = rfcomm_sock_create
1052 };
1053 
1054 int __init rfcomm_init_sockets(void)
1055 {
1056         int err;
1057 
1058         BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1059 
1060         err = proto_register(&rfcomm_proto, 0);
1061         if (err < 0)
1062                 return err;
1063 
1064         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1065         if (err < 0) {
1066                 BT_ERR("RFCOMM socket layer registration failed");
1067                 goto error;
1068         }
1069 
1070         err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1071         if (err < 0) {
1072                 BT_ERR("Failed to create RFCOMM proc file");
1073                 bt_sock_unregister(BTPROTO_RFCOMM);
1074                 goto error;
1075         }
1076 
1077         BT_INFO("RFCOMM socket layer initialized");
1078 
1079         if (IS_ERR_OR_NULL(bt_debugfs))
1080                 return 0;
1081 
1082         rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1083                                                   bt_debugfs, NULL,
1084                                                   &rfcomm_sock_debugfs_fops);
1085 
1086         return 0;
1087 
1088 error:
1089         proto_unregister(&rfcomm_proto);
1090         return err;
1091 }
1092 
1093 void __exit rfcomm_cleanup_sockets(void)
1094 {
1095         bt_procfs_cleanup(&init_net, "rfcomm");
1096 
1097         debugfs_remove(rfcomm_sock_debugfs);
1098 
1099         bt_sock_unregister(BTPROTO_RFCOMM);
1100 
1101         proto_unregister(&rfcomm_proto);
1102 }

/* [<][>][^][v][top][bottom][index][help] */