This source file includes following definitions.
- rfcomm_sk_data_ready
- rfcomm_sk_state_change
- __rfcomm_get_listen_sock_by_addr
- rfcomm_get_sock_by_channel
- rfcomm_sock_destruct
- rfcomm_sock_cleanup_listen
- rfcomm_sock_kill
- __rfcomm_sock_close
- rfcomm_sock_close
- rfcomm_sock_init
- rfcomm_sock_alloc
- rfcomm_sock_create
- rfcomm_sock_bind
- rfcomm_sock_connect
- rfcomm_sock_listen
- rfcomm_sock_accept
- rfcomm_sock_getname
- rfcomm_sock_sendmsg
- rfcomm_sock_recvmsg
- rfcomm_sock_setsockopt_old
- rfcomm_sock_setsockopt
- rfcomm_sock_getsockopt_old
- rfcomm_sock_getsockopt
- rfcomm_sock_ioctl
- rfcomm_sock_shutdown
- rfcomm_sock_release
- rfcomm_connect_ind
- rfcomm_sock_debugfs_show
- rfcomm_init_sockets
- rfcomm_cleanup_sockets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 #include <net/bluetooth/rfcomm.h>
36
37 static const struct proto_ops rfcomm_sock_ops;
38
39 static struct bt_sock_list rfcomm_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41 };
42
43 static void rfcomm_sock_close(struct sock *sk);
44 static void rfcomm_sock_kill(struct sock *sk);
45
46
47
48
49
50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51 {
52 struct sock *sk = d->owner;
53 if (!sk)
54 return;
55
56 atomic_add(skb->len, &sk->sk_rmem_alloc);
57 skb_queue_tail(&sk->sk_receive_queue, skb);
58 sk->sk_data_ready(sk);
59
60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61 rfcomm_dlc_throttle(d);
62 }
63
64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65 {
66 struct sock *sk = d->owner, *parent;
67 unsigned long flags;
68
69 if (!sk)
70 return;
71
72 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
73
74 local_irq_save(flags);
75 bh_lock_sock(sk);
76
77 if (err)
78 sk->sk_err = err;
79
80 sk->sk_state = d->state;
81
82 parent = bt_sk(sk)->parent;
83 if (parent) {
84 if (d->state == BT_CLOSED) {
85 sock_set_flag(sk, SOCK_ZAPPED);
86 bt_accept_unlink(sk);
87 }
88 parent->sk_data_ready(parent);
89 } else {
90 if (d->state == BT_CONNECTED)
91 rfcomm_session_getaddr(d->session,
92 &rfcomm_pi(sk)->src, NULL);
93 sk->sk_state_change(sk);
94 }
95
96 bh_unlock_sock(sk);
97 local_irq_restore(flags);
98
99 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
100
101
102 rfcomm_dlc_unlock(d);
103 rfcomm_sock_kill(sk);
104 rfcomm_dlc_lock(d);
105 }
106 }
107
108
109 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
110 {
111 struct sock *sk = NULL;
112
113 sk_for_each(sk, &rfcomm_sk_list.head) {
114 if (rfcomm_pi(sk)->channel != channel)
115 continue;
116
117 if (bacmp(&rfcomm_pi(sk)->src, src))
118 continue;
119
120 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
121 break;
122 }
123
124 return sk ? sk : NULL;
125 }
126
127
128
129
130 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
131 {
132 struct sock *sk = NULL, *sk1 = NULL;
133
134 read_lock(&rfcomm_sk_list.lock);
135
136 sk_for_each(sk, &rfcomm_sk_list.head) {
137 if (state && sk->sk_state != state)
138 continue;
139
140 if (rfcomm_pi(sk)->channel == channel) {
141
142 if (!bacmp(&rfcomm_pi(sk)->src, src))
143 break;
144
145
146 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
147 sk1 = sk;
148 }
149 }
150
151 read_unlock(&rfcomm_sk_list.lock);
152
153 return sk ? sk : sk1;
154 }
155
156 static void rfcomm_sock_destruct(struct sock *sk)
157 {
158 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
159
160 BT_DBG("sk %p dlc %p", sk, d);
161
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
164
165 rfcomm_dlc_lock(d);
166 rfcomm_pi(sk)->dlc = NULL;
167
168
169 if (d->owner == sk)
170 d->owner = NULL;
171 rfcomm_dlc_unlock(d);
172
173 rfcomm_dlc_put(d);
174 }
175
176 static void rfcomm_sock_cleanup_listen(struct sock *parent)
177 {
178 struct sock *sk;
179
180 BT_DBG("parent %p", parent);
181
182
183 while ((sk = bt_accept_dequeue(parent, NULL))) {
184 rfcomm_sock_close(sk);
185 rfcomm_sock_kill(sk);
186 }
187
188 parent->sk_state = BT_CLOSED;
189 sock_set_flag(parent, SOCK_ZAPPED);
190 }
191
192
193
194
195 static void rfcomm_sock_kill(struct sock *sk)
196 {
197 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
198 return;
199
200 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
201
202
203 bt_sock_unlink(&rfcomm_sk_list, sk);
204 sock_set_flag(sk, SOCK_DEAD);
205 sock_put(sk);
206 }
207
208 static void __rfcomm_sock_close(struct sock *sk)
209 {
210 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
211
212 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
213
214 switch (sk->sk_state) {
215 case BT_LISTEN:
216 rfcomm_sock_cleanup_listen(sk);
217 break;
218
219 case BT_CONNECT:
220 case BT_CONNECT2:
221 case BT_CONFIG:
222 case BT_CONNECTED:
223 rfcomm_dlc_close(d, 0);
224
225
226 default:
227 sock_set_flag(sk, SOCK_ZAPPED);
228 break;
229 }
230 }
231
232
233
234
235 static void rfcomm_sock_close(struct sock *sk)
236 {
237 lock_sock(sk);
238 __rfcomm_sock_close(sk);
239 release_sock(sk);
240 }
241
242 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
243 {
244 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
245
246 BT_DBG("sk %p", sk);
247
248 if (parent) {
249 sk->sk_type = parent->sk_type;
250 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
251 &bt_sk(parent)->flags);
252
253 pi->sec_level = rfcomm_pi(parent)->sec_level;
254 pi->role_switch = rfcomm_pi(parent)->role_switch;
255
256 security_sk_clone(parent, sk);
257 } else {
258 pi->dlc->defer_setup = 0;
259
260 pi->sec_level = BT_SECURITY_LOW;
261 pi->role_switch = 0;
262 }
263
264 pi->dlc->sec_level = pi->sec_level;
265 pi->dlc->role_switch = pi->role_switch;
266 }
267
268 static struct proto rfcomm_proto = {
269 .name = "RFCOMM",
270 .owner = THIS_MODULE,
271 .obj_size = sizeof(struct rfcomm_pinfo)
272 };
273
274 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
275 {
276 struct rfcomm_dlc *d;
277 struct sock *sk;
278
279 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
280 if (!sk)
281 return NULL;
282
283 sock_init_data(sock, sk);
284 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
285
286 d = rfcomm_dlc_alloc(prio);
287 if (!d) {
288 sk_free(sk);
289 return NULL;
290 }
291
292 d->data_ready = rfcomm_sk_data_ready;
293 d->state_change = rfcomm_sk_state_change;
294
295 rfcomm_pi(sk)->dlc = d;
296 d->owner = sk;
297
298 sk->sk_destruct = rfcomm_sock_destruct;
299 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
300
301 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
302 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
303
304 sock_reset_flag(sk, SOCK_ZAPPED);
305
306 sk->sk_protocol = proto;
307 sk->sk_state = BT_OPEN;
308
309 bt_sock_link(&rfcomm_sk_list, sk);
310
311 BT_DBG("sk %p", sk);
312 return sk;
313 }
314
315 static int rfcomm_sock_create(struct net *net, struct socket *sock,
316 int protocol, int kern)
317 {
318 struct sock *sk;
319
320 BT_DBG("sock %p", sock);
321
322 sock->state = SS_UNCONNECTED;
323
324 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
325 return -ESOCKTNOSUPPORT;
326
327 sock->ops = &rfcomm_sock_ops;
328
329 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
330 if (!sk)
331 return -ENOMEM;
332
333 rfcomm_sock_init(sk, NULL);
334 return 0;
335 }
336
337 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
338 {
339 struct sockaddr_rc sa;
340 struct sock *sk = sock->sk;
341 int len, err = 0;
342
343 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
344 addr->sa_family != AF_BLUETOOTH)
345 return -EINVAL;
346
347 memset(&sa, 0, sizeof(sa));
348 len = min_t(unsigned int, sizeof(sa), addr_len);
349 memcpy(&sa, addr, len);
350
351 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
352
353 lock_sock(sk);
354
355 if (sk->sk_state != BT_OPEN) {
356 err = -EBADFD;
357 goto done;
358 }
359
360 if (sk->sk_type != SOCK_STREAM) {
361 err = -EINVAL;
362 goto done;
363 }
364
365 write_lock(&rfcomm_sk_list.lock);
366
367 if (sa.rc_channel &&
368 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
369 err = -EADDRINUSE;
370 } else {
371
372 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
373 rfcomm_pi(sk)->channel = sa.rc_channel;
374 sk->sk_state = BT_BOUND;
375 }
376
377 write_unlock(&rfcomm_sk_list.lock);
378
379 done:
380 release_sock(sk);
381 return err;
382 }
383
384 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
385 {
386 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
387 struct sock *sk = sock->sk;
388 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
389 int err = 0;
390
391 BT_DBG("sk %p", sk);
392
393 if (alen < sizeof(struct sockaddr_rc) ||
394 addr->sa_family != AF_BLUETOOTH)
395 return -EINVAL;
396
397 lock_sock(sk);
398
399 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
400 err = -EBADFD;
401 goto done;
402 }
403
404 if (sk->sk_type != SOCK_STREAM) {
405 err = -EINVAL;
406 goto done;
407 }
408
409 sk->sk_state = BT_CONNECT;
410 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
411 rfcomm_pi(sk)->channel = sa->rc_channel;
412
413 d->sec_level = rfcomm_pi(sk)->sec_level;
414 d->role_switch = rfcomm_pi(sk)->role_switch;
415
416 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
417 sa->rc_channel);
418 if (!err)
419 err = bt_sock_wait_state(sk, BT_CONNECTED,
420 sock_sndtimeo(sk, flags & O_NONBLOCK));
421
422 done:
423 release_sock(sk);
424 return err;
425 }
426
427 static int rfcomm_sock_listen(struct socket *sock, int backlog)
428 {
429 struct sock *sk = sock->sk;
430 int err = 0;
431
432 BT_DBG("sk %p backlog %d", sk, backlog);
433
434 lock_sock(sk);
435
436 if (sk->sk_state != BT_BOUND) {
437 err = -EBADFD;
438 goto done;
439 }
440
441 if (sk->sk_type != SOCK_STREAM) {
442 err = -EINVAL;
443 goto done;
444 }
445
446 if (!rfcomm_pi(sk)->channel) {
447 bdaddr_t *src = &rfcomm_pi(sk)->src;
448 u8 channel;
449
450 err = -EINVAL;
451
452 write_lock(&rfcomm_sk_list.lock);
453
454 for (channel = 1; channel < 31; channel++)
455 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
456 rfcomm_pi(sk)->channel = channel;
457 err = 0;
458 break;
459 }
460
461 write_unlock(&rfcomm_sk_list.lock);
462
463 if (err < 0)
464 goto done;
465 }
466
467 sk->sk_max_ack_backlog = backlog;
468 sk->sk_ack_backlog = 0;
469 sk->sk_state = BT_LISTEN;
470
471 done:
472 release_sock(sk);
473 return err;
474 }
475
476 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
477 bool kern)
478 {
479 DEFINE_WAIT_FUNC(wait, woken_wake_function);
480 struct sock *sk = sock->sk, *nsk;
481 long timeo;
482 int err = 0;
483
484 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
485
486 if (sk->sk_type != SOCK_STREAM) {
487 err = -EINVAL;
488 goto done;
489 }
490
491 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
492
493 BT_DBG("sk %p timeo %ld", sk, timeo);
494
495
496 add_wait_queue_exclusive(sk_sleep(sk), &wait);
497 while (1) {
498 if (sk->sk_state != BT_LISTEN) {
499 err = -EBADFD;
500 break;
501 }
502
503 nsk = bt_accept_dequeue(sk, newsock);
504 if (nsk)
505 break;
506
507 if (!timeo) {
508 err = -EAGAIN;
509 break;
510 }
511
512 if (signal_pending(current)) {
513 err = sock_intr_errno(timeo);
514 break;
515 }
516
517 release_sock(sk);
518
519 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
520
521 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
522 }
523 remove_wait_queue(sk_sleep(sk), &wait);
524
525 if (err)
526 goto done;
527
528 newsock->state = SS_CONNECTED;
529
530 BT_DBG("new socket %p", nsk);
531
532 done:
533 release_sock(sk);
534 return err;
535 }
536
537 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
538 {
539 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
540 struct sock *sk = sock->sk;
541
542 BT_DBG("sock %p, sk %p", sock, sk);
543
544 if (peer && sk->sk_state != BT_CONNECTED &&
545 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
546 return -ENOTCONN;
547
548 memset(sa, 0, sizeof(*sa));
549 sa->rc_family = AF_BLUETOOTH;
550 sa->rc_channel = rfcomm_pi(sk)->channel;
551 if (peer)
552 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
553 else
554 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
555
556 return sizeof(struct sockaddr_rc);
557 }
558
559 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
560 size_t len)
561 {
562 struct sock *sk = sock->sk;
563 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
564 struct sk_buff *skb;
565 int sent;
566
567 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
568 return -ENOTCONN;
569
570 if (msg->msg_flags & MSG_OOB)
571 return -EOPNOTSUPP;
572
573 if (sk->sk_shutdown & SEND_SHUTDOWN)
574 return -EPIPE;
575
576 BT_DBG("sock %p, sk %p", sock, sk);
577
578 lock_sock(sk);
579
580 sent = bt_sock_wait_ready(sk, msg->msg_flags);
581 if (sent)
582 goto done;
583
584 while (len) {
585 size_t size = min_t(size_t, len, d->mtu);
586 int err;
587
588 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
589 msg->msg_flags & MSG_DONTWAIT, &err);
590 if (!skb) {
591 if (sent == 0)
592 sent = err;
593 break;
594 }
595 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
596
597 err = memcpy_from_msg(skb_put(skb, size), msg, size);
598 if (err) {
599 kfree_skb(skb);
600 if (sent == 0)
601 sent = err;
602 break;
603 }
604
605 skb->priority = sk->sk_priority;
606
607 err = rfcomm_dlc_send(d, skb);
608 if (err < 0) {
609 kfree_skb(skb);
610 if (sent == 0)
611 sent = err;
612 break;
613 }
614
615 sent += size;
616 len -= size;
617 }
618
619 done:
620 release_sock(sk);
621
622 return sent;
623 }
624
625 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
626 size_t size, int flags)
627 {
628 struct sock *sk = sock->sk;
629 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
630 int len;
631
632 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
633 rfcomm_dlc_accept(d);
634 return 0;
635 }
636
637 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
638
639 lock_sock(sk);
640 if (!(flags & MSG_PEEK) && len > 0)
641 atomic_sub(len, &sk->sk_rmem_alloc);
642
643 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
644 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
645 release_sock(sk);
646
647 return len;
648 }
649
650 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
651 {
652 struct sock *sk = sock->sk;
653 int err = 0;
654 u32 opt;
655
656 BT_DBG("sk %p", sk);
657
658 lock_sock(sk);
659
660 switch (optname) {
661 case RFCOMM_LM:
662 if (get_user(opt, (u32 __user *) optval)) {
663 err = -EFAULT;
664 break;
665 }
666
667 if (opt & RFCOMM_LM_FIPS) {
668 err = -EINVAL;
669 break;
670 }
671
672 if (opt & RFCOMM_LM_AUTH)
673 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
674 if (opt & RFCOMM_LM_ENCRYPT)
675 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
676 if (opt & RFCOMM_LM_SECURE)
677 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
678
679 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
680 break;
681
682 default:
683 err = -ENOPROTOOPT;
684 break;
685 }
686
687 release_sock(sk);
688 return err;
689 }
690
691 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
692 {
693 struct sock *sk = sock->sk;
694 struct bt_security sec;
695 int err = 0;
696 size_t len;
697 u32 opt;
698
699 BT_DBG("sk %p", sk);
700
701 if (level == SOL_RFCOMM)
702 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
703
704 if (level != SOL_BLUETOOTH)
705 return -ENOPROTOOPT;
706
707 lock_sock(sk);
708
709 switch (optname) {
710 case BT_SECURITY:
711 if (sk->sk_type != SOCK_STREAM) {
712 err = -EINVAL;
713 break;
714 }
715
716 sec.level = BT_SECURITY_LOW;
717
718 len = min_t(unsigned int, sizeof(sec), optlen);
719 if (copy_from_user((char *) &sec, optval, len)) {
720 err = -EFAULT;
721 break;
722 }
723
724 if (sec.level > BT_SECURITY_HIGH) {
725 err = -EINVAL;
726 break;
727 }
728
729 rfcomm_pi(sk)->sec_level = sec.level;
730 break;
731
732 case BT_DEFER_SETUP:
733 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
734 err = -EINVAL;
735 break;
736 }
737
738 if (get_user(opt, (u32 __user *) optval)) {
739 err = -EFAULT;
740 break;
741 }
742
743 if (opt)
744 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
745 else
746 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
747
748 break;
749
750 default:
751 err = -ENOPROTOOPT;
752 break;
753 }
754
755 release_sock(sk);
756 return err;
757 }
758
759 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
760 {
761 struct sock *sk = sock->sk;
762 struct sock *l2cap_sk;
763 struct l2cap_conn *conn;
764 struct rfcomm_conninfo cinfo;
765 int len, err = 0;
766 u32 opt;
767
768 BT_DBG("sk %p", sk);
769
770 if (get_user(len, optlen))
771 return -EFAULT;
772
773 lock_sock(sk);
774
775 switch (optname) {
776 case RFCOMM_LM:
777 switch (rfcomm_pi(sk)->sec_level) {
778 case BT_SECURITY_LOW:
779 opt = RFCOMM_LM_AUTH;
780 break;
781 case BT_SECURITY_MEDIUM:
782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
783 break;
784 case BT_SECURITY_HIGH:
785 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
786 RFCOMM_LM_SECURE;
787 break;
788 case BT_SECURITY_FIPS:
789 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
790 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
791 break;
792 default:
793 opt = 0;
794 break;
795 }
796
797 if (rfcomm_pi(sk)->role_switch)
798 opt |= RFCOMM_LM_MASTER;
799
800 if (put_user(opt, (u32 __user *) optval))
801 err = -EFAULT;
802
803 break;
804
805 case RFCOMM_CONNINFO:
806 if (sk->sk_state != BT_CONNECTED &&
807 !rfcomm_pi(sk)->dlc->defer_setup) {
808 err = -ENOTCONN;
809 break;
810 }
811
812 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
813 conn = l2cap_pi(l2cap_sk)->chan->conn;
814
815 memset(&cinfo, 0, sizeof(cinfo));
816 cinfo.hci_handle = conn->hcon->handle;
817 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
818
819 len = min_t(unsigned int, len, sizeof(cinfo));
820 if (copy_to_user(optval, (char *) &cinfo, len))
821 err = -EFAULT;
822
823 break;
824
825 default:
826 err = -ENOPROTOOPT;
827 break;
828 }
829
830 release_sock(sk);
831 return err;
832 }
833
834 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
835 {
836 struct sock *sk = sock->sk;
837 struct bt_security sec;
838 int len, err = 0;
839
840 BT_DBG("sk %p", sk);
841
842 if (level == SOL_RFCOMM)
843 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
844
845 if (level != SOL_BLUETOOTH)
846 return -ENOPROTOOPT;
847
848 if (get_user(len, optlen))
849 return -EFAULT;
850
851 lock_sock(sk);
852
853 switch (optname) {
854 case BT_SECURITY:
855 if (sk->sk_type != SOCK_STREAM) {
856 err = -EINVAL;
857 break;
858 }
859
860 sec.level = rfcomm_pi(sk)->sec_level;
861 sec.key_size = 0;
862
863 len = min_t(unsigned int, len, sizeof(sec));
864 if (copy_to_user(optval, (char *) &sec, len))
865 err = -EFAULT;
866
867 break;
868
869 case BT_DEFER_SETUP:
870 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
871 err = -EINVAL;
872 break;
873 }
874
875 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
876 (u32 __user *) optval))
877 err = -EFAULT;
878
879 break;
880
881 default:
882 err = -ENOPROTOOPT;
883 break;
884 }
885
886 release_sock(sk);
887 return err;
888 }
889
890 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
891 {
892 struct sock *sk __maybe_unused = sock->sk;
893 int err;
894
895 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
896
897 err = bt_sock_ioctl(sock, cmd, arg);
898
899 if (err == -ENOIOCTLCMD) {
900 #ifdef CONFIG_BT_RFCOMM_TTY
901 lock_sock(sk);
902 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
903 release_sock(sk);
904 #else
905 err = -EOPNOTSUPP;
906 #endif
907 }
908
909 return err;
910 }
911
912 static int rfcomm_sock_shutdown(struct socket *sock, int how)
913 {
914 struct sock *sk = sock->sk;
915 int err = 0;
916
917 BT_DBG("sock %p, sk %p", sock, sk);
918
919 if (!sk)
920 return 0;
921
922 lock_sock(sk);
923 if (!sk->sk_shutdown) {
924 sk->sk_shutdown = SHUTDOWN_MASK;
925 __rfcomm_sock_close(sk);
926
927 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
928 !(current->flags & PF_EXITING))
929 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
930 }
931 release_sock(sk);
932 return err;
933 }
934
935 static int rfcomm_sock_release(struct socket *sock)
936 {
937 struct sock *sk = sock->sk;
938 int err;
939
940 BT_DBG("sock %p, sk %p", sock, sk);
941
942 if (!sk)
943 return 0;
944
945 err = rfcomm_sock_shutdown(sock, 2);
946
947 sock_orphan(sk);
948 rfcomm_sock_kill(sk);
949 return err;
950 }
951
952
953
954
955
956 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
957 {
958 struct sock *sk, *parent;
959 bdaddr_t src, dst;
960 int result = 0;
961
962 BT_DBG("session %p channel %d", s, channel);
963
964 rfcomm_session_getaddr(s, &src, &dst);
965
966
967 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
968 if (!parent)
969 return 0;
970
971 bh_lock_sock(parent);
972
973
974 if (sk_acceptq_is_full(parent)) {
975 BT_DBG("backlog full %d", parent->sk_ack_backlog);
976 goto done;
977 }
978
979 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
980 if (!sk)
981 goto done;
982
983 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
984
985 rfcomm_sock_init(sk, parent);
986 bacpy(&rfcomm_pi(sk)->src, &src);
987 bacpy(&rfcomm_pi(sk)->dst, &dst);
988 rfcomm_pi(sk)->channel = channel;
989
990 sk->sk_state = BT_CONFIG;
991 bt_accept_enqueue(parent, sk, true);
992
993
994 *d = rfcomm_pi(sk)->dlc;
995 result = 1;
996
997 done:
998 bh_unlock_sock(parent);
999
1000 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1001 parent->sk_state_change(parent);
1002
1003 return result;
1004 }
1005
1006 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1007 {
1008 struct sock *sk;
1009
1010 read_lock(&rfcomm_sk_list.lock);
1011
1012 sk_for_each(sk, &rfcomm_sk_list.head) {
1013 seq_printf(f, "%pMR %pMR %d %d\n",
1014 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1015 sk->sk_state, rfcomm_pi(sk)->channel);
1016 }
1017
1018 read_unlock(&rfcomm_sk_list.lock);
1019
1020 return 0;
1021 }
1022
1023 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1024
1025 static struct dentry *rfcomm_sock_debugfs;
1026
1027 static const struct proto_ops rfcomm_sock_ops = {
1028 .family = PF_BLUETOOTH,
1029 .owner = THIS_MODULE,
1030 .release = rfcomm_sock_release,
1031 .bind = rfcomm_sock_bind,
1032 .connect = rfcomm_sock_connect,
1033 .listen = rfcomm_sock_listen,
1034 .accept = rfcomm_sock_accept,
1035 .getname = rfcomm_sock_getname,
1036 .sendmsg = rfcomm_sock_sendmsg,
1037 .recvmsg = rfcomm_sock_recvmsg,
1038 .shutdown = rfcomm_sock_shutdown,
1039 .setsockopt = rfcomm_sock_setsockopt,
1040 .getsockopt = rfcomm_sock_getsockopt,
1041 .ioctl = rfcomm_sock_ioctl,
1042 .gettstamp = sock_gettstamp,
1043 .poll = bt_sock_poll,
1044 .socketpair = sock_no_socketpair,
1045 .mmap = sock_no_mmap
1046 };
1047
1048 static const struct net_proto_family rfcomm_sock_family_ops = {
1049 .family = PF_BLUETOOTH,
1050 .owner = THIS_MODULE,
1051 .create = rfcomm_sock_create
1052 };
1053
1054 int __init rfcomm_init_sockets(void)
1055 {
1056 int err;
1057
1058 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1059
1060 err = proto_register(&rfcomm_proto, 0);
1061 if (err < 0)
1062 return err;
1063
1064 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1065 if (err < 0) {
1066 BT_ERR("RFCOMM socket layer registration failed");
1067 goto error;
1068 }
1069
1070 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1071 if (err < 0) {
1072 BT_ERR("Failed to create RFCOMM proc file");
1073 bt_sock_unregister(BTPROTO_RFCOMM);
1074 goto error;
1075 }
1076
1077 BT_INFO("RFCOMM socket layer initialized");
1078
1079 if (IS_ERR_OR_NULL(bt_debugfs))
1080 return 0;
1081
1082 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1083 bt_debugfs, NULL,
1084 &rfcomm_sock_debugfs_fops);
1085
1086 return 0;
1087
1088 error:
1089 proto_unregister(&rfcomm_proto);
1090 return err;
1091 }
1092
1093 void __exit rfcomm_cleanup_sockets(void)
1094 {
1095 bt_procfs_cleanup(&init_net, "rfcomm");
1096
1097 debugfs_remove(rfcomm_sock_debugfs);
1098
1099 bt_sock_unregister(BTPROTO_RFCOMM);
1100
1101 proto_unregister(&rfcomm_proto);
1102 }