0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027 #include <linux/compat.h>
0028 #include <linux/export.h>
0029 #include <linux/debugfs.h>
0030 #include <linux/sched/signal.h>
0031
0032 #include <net/bluetooth/bluetooth.h>
0033 #include <net/bluetooth/hci_core.h>
0034 #include <net/bluetooth/l2cap.h>
0035 #include <net/bluetooth/rfcomm.h>
0036
0037 static const struct proto_ops rfcomm_sock_ops;
0038
0039 static struct bt_sock_list rfcomm_sk_list = {
0040 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
0041 };
0042
0043 static void rfcomm_sock_close(struct sock *sk);
0044 static void rfcomm_sock_kill(struct sock *sk);
0045
0046
0047
0048
0049
0050 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
0051 {
0052 struct sock *sk = d->owner;
0053 if (!sk)
0054 return;
0055
0056 atomic_add(skb->len, &sk->sk_rmem_alloc);
0057 skb_queue_tail(&sk->sk_receive_queue, skb);
0058 sk->sk_data_ready(sk);
0059
0060 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
0061 rfcomm_dlc_throttle(d);
0062 }
0063
0064 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
0065 {
0066 struct sock *sk = d->owner, *parent;
0067
0068 if (!sk)
0069 return;
0070
0071 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
0072
0073 lock_sock(sk);
0074
0075 if (err)
0076 sk->sk_err = err;
0077
0078 sk->sk_state = d->state;
0079
0080 parent = bt_sk(sk)->parent;
0081 if (parent) {
0082 if (d->state == BT_CLOSED) {
0083 sock_set_flag(sk, SOCK_ZAPPED);
0084 bt_accept_unlink(sk);
0085 }
0086 parent->sk_data_ready(parent);
0087 } else {
0088 if (d->state == BT_CONNECTED)
0089 rfcomm_session_getaddr(d->session,
0090 &rfcomm_pi(sk)->src, NULL);
0091 sk->sk_state_change(sk);
0092 }
0093
0094 release_sock(sk);
0095
0096 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
0097
0098
0099 rfcomm_dlc_unlock(d);
0100 rfcomm_sock_kill(sk);
0101 rfcomm_dlc_lock(d);
0102 }
0103 }
0104
0105
0106 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
0107 {
0108 struct sock *sk = NULL;
0109
0110 sk_for_each(sk, &rfcomm_sk_list.head) {
0111 if (rfcomm_pi(sk)->channel != channel)
0112 continue;
0113
0114 if (bacmp(&rfcomm_pi(sk)->src, src))
0115 continue;
0116
0117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
0118 break;
0119 }
0120
0121 return sk ? sk : NULL;
0122 }
0123
0124
0125
0126
0127 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
0128 {
0129 struct sock *sk = NULL, *sk1 = NULL;
0130
0131 read_lock(&rfcomm_sk_list.lock);
0132
0133 sk_for_each(sk, &rfcomm_sk_list.head) {
0134 if (state && sk->sk_state != state)
0135 continue;
0136
0137 if (rfcomm_pi(sk)->channel == channel) {
0138
0139 if (!bacmp(&rfcomm_pi(sk)->src, src))
0140 break;
0141
0142
0143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
0144 sk1 = sk;
0145 }
0146 }
0147
0148 read_unlock(&rfcomm_sk_list.lock);
0149
0150 return sk ? sk : sk1;
0151 }
0152
0153 static void rfcomm_sock_destruct(struct sock *sk)
0154 {
0155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
0156
0157 BT_DBG("sk %p dlc %p", sk, d);
0158
0159 skb_queue_purge(&sk->sk_receive_queue);
0160 skb_queue_purge(&sk->sk_write_queue);
0161
0162 rfcomm_dlc_lock(d);
0163 rfcomm_pi(sk)->dlc = NULL;
0164
0165
0166 if (d->owner == sk)
0167 d->owner = NULL;
0168 rfcomm_dlc_unlock(d);
0169
0170 rfcomm_dlc_put(d);
0171 }
0172
0173 static void rfcomm_sock_cleanup_listen(struct sock *parent)
0174 {
0175 struct sock *sk;
0176
0177 BT_DBG("parent %p", parent);
0178
0179
0180 while ((sk = bt_accept_dequeue(parent, NULL))) {
0181 rfcomm_sock_close(sk);
0182 rfcomm_sock_kill(sk);
0183 }
0184
0185 parent->sk_state = BT_CLOSED;
0186 sock_set_flag(parent, SOCK_ZAPPED);
0187 }
0188
0189
0190
0191
0192 static void rfcomm_sock_kill(struct sock *sk)
0193 {
0194 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
0195 return;
0196
0197 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
0198
0199
0200 bt_sock_unlink(&rfcomm_sk_list, sk);
0201 sock_set_flag(sk, SOCK_DEAD);
0202 sock_put(sk);
0203 }
0204
0205 static void __rfcomm_sock_close(struct sock *sk)
0206 {
0207 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
0208
0209 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
0210
0211 switch (sk->sk_state) {
0212 case BT_LISTEN:
0213 rfcomm_sock_cleanup_listen(sk);
0214 break;
0215
0216 case BT_CONNECT:
0217 case BT_CONNECT2:
0218 case BT_CONFIG:
0219 case BT_CONNECTED:
0220 rfcomm_dlc_close(d, 0);
0221 fallthrough;
0222
0223 default:
0224 sock_set_flag(sk, SOCK_ZAPPED);
0225 break;
0226 }
0227 }
0228
0229
0230
0231
0232 static void rfcomm_sock_close(struct sock *sk)
0233 {
0234 lock_sock(sk);
0235 __rfcomm_sock_close(sk);
0236 release_sock(sk);
0237 }
0238
0239 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
0240 {
0241 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
0242
0243 BT_DBG("sk %p", sk);
0244
0245 if (parent) {
0246 sk->sk_type = parent->sk_type;
0247 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
0248 &bt_sk(parent)->flags);
0249
0250 pi->sec_level = rfcomm_pi(parent)->sec_level;
0251 pi->role_switch = rfcomm_pi(parent)->role_switch;
0252
0253 security_sk_clone(parent, sk);
0254 } else {
0255 pi->dlc->defer_setup = 0;
0256
0257 pi->sec_level = BT_SECURITY_LOW;
0258 pi->role_switch = 0;
0259 }
0260
0261 pi->dlc->sec_level = pi->sec_level;
0262 pi->dlc->role_switch = pi->role_switch;
0263 }
0264
0265 static struct proto rfcomm_proto = {
0266 .name = "RFCOMM",
0267 .owner = THIS_MODULE,
0268 .obj_size = sizeof(struct rfcomm_pinfo)
0269 };
0270
0271 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
0272 {
0273 struct rfcomm_dlc *d;
0274 struct sock *sk;
0275
0276 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
0277 if (!sk)
0278 return NULL;
0279
0280 sock_init_data(sock, sk);
0281 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
0282
0283 d = rfcomm_dlc_alloc(prio);
0284 if (!d) {
0285 sk_free(sk);
0286 return NULL;
0287 }
0288
0289 d->data_ready = rfcomm_sk_data_ready;
0290 d->state_change = rfcomm_sk_state_change;
0291
0292 rfcomm_pi(sk)->dlc = d;
0293 d->owner = sk;
0294
0295 sk->sk_destruct = rfcomm_sock_destruct;
0296 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
0297
0298 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
0299 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
0300
0301 sock_reset_flag(sk, SOCK_ZAPPED);
0302
0303 sk->sk_protocol = proto;
0304 sk->sk_state = BT_OPEN;
0305
0306 bt_sock_link(&rfcomm_sk_list, sk);
0307
0308 BT_DBG("sk %p", sk);
0309 return sk;
0310 }
0311
0312 static int rfcomm_sock_create(struct net *net, struct socket *sock,
0313 int protocol, int kern)
0314 {
0315 struct sock *sk;
0316
0317 BT_DBG("sock %p", sock);
0318
0319 sock->state = SS_UNCONNECTED;
0320
0321 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
0322 return -ESOCKTNOSUPPORT;
0323
0324 sock->ops = &rfcomm_sock_ops;
0325
0326 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
0327 if (!sk)
0328 return -ENOMEM;
0329
0330 rfcomm_sock_init(sk, NULL);
0331 return 0;
0332 }
0333
0334 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
0335 {
0336 struct sockaddr_rc sa;
0337 struct sock *sk = sock->sk;
0338 int len, err = 0;
0339
0340 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
0341 addr->sa_family != AF_BLUETOOTH)
0342 return -EINVAL;
0343
0344 memset(&sa, 0, sizeof(sa));
0345 len = min_t(unsigned int, sizeof(sa), addr_len);
0346 memcpy(&sa, addr, len);
0347
0348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
0349
0350 lock_sock(sk);
0351
0352 if (sk->sk_state != BT_OPEN) {
0353 err = -EBADFD;
0354 goto done;
0355 }
0356
0357 if (sk->sk_type != SOCK_STREAM) {
0358 err = -EINVAL;
0359 goto done;
0360 }
0361
0362 write_lock(&rfcomm_sk_list.lock);
0363
0364 if (sa.rc_channel &&
0365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
0366 err = -EADDRINUSE;
0367 } else {
0368
0369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
0370 rfcomm_pi(sk)->channel = sa.rc_channel;
0371 sk->sk_state = BT_BOUND;
0372 }
0373
0374 write_unlock(&rfcomm_sk_list.lock);
0375
0376 done:
0377 release_sock(sk);
0378 return err;
0379 }
0380
0381 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
0382 {
0383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
0384 struct sock *sk = sock->sk;
0385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
0386 int err = 0;
0387
0388 BT_DBG("sk %p", sk);
0389
0390 if (alen < sizeof(struct sockaddr_rc) ||
0391 addr->sa_family != AF_BLUETOOTH)
0392 return -EINVAL;
0393
0394 lock_sock(sk);
0395
0396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
0397 err = -EBADFD;
0398 goto done;
0399 }
0400
0401 if (sk->sk_type != SOCK_STREAM) {
0402 err = -EINVAL;
0403 goto done;
0404 }
0405
0406 sk->sk_state = BT_CONNECT;
0407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
0408 rfcomm_pi(sk)->channel = sa->rc_channel;
0409
0410 d->sec_level = rfcomm_pi(sk)->sec_level;
0411 d->role_switch = rfcomm_pi(sk)->role_switch;
0412
0413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
0414 sa->rc_channel);
0415 if (!err)
0416 err = bt_sock_wait_state(sk, BT_CONNECTED,
0417 sock_sndtimeo(sk, flags & O_NONBLOCK));
0418
0419 done:
0420 release_sock(sk);
0421 return err;
0422 }
0423
0424 static int rfcomm_sock_listen(struct socket *sock, int backlog)
0425 {
0426 struct sock *sk = sock->sk;
0427 int err = 0;
0428
0429 BT_DBG("sk %p backlog %d", sk, backlog);
0430
0431 lock_sock(sk);
0432
0433 if (sk->sk_state != BT_BOUND) {
0434 err = -EBADFD;
0435 goto done;
0436 }
0437
0438 if (sk->sk_type != SOCK_STREAM) {
0439 err = -EINVAL;
0440 goto done;
0441 }
0442
0443 if (!rfcomm_pi(sk)->channel) {
0444 bdaddr_t *src = &rfcomm_pi(sk)->src;
0445 u8 channel;
0446
0447 err = -EINVAL;
0448
0449 write_lock(&rfcomm_sk_list.lock);
0450
0451 for (channel = 1; channel < 31; channel++)
0452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
0453 rfcomm_pi(sk)->channel = channel;
0454 err = 0;
0455 break;
0456 }
0457
0458 write_unlock(&rfcomm_sk_list.lock);
0459
0460 if (err < 0)
0461 goto done;
0462 }
0463
0464 sk->sk_max_ack_backlog = backlog;
0465 sk->sk_ack_backlog = 0;
0466 sk->sk_state = BT_LISTEN;
0467
0468 done:
0469 release_sock(sk);
0470 return err;
0471 }
0472
0473 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
0474 bool kern)
0475 {
0476 DEFINE_WAIT_FUNC(wait, woken_wake_function);
0477 struct sock *sk = sock->sk, *nsk;
0478 long timeo;
0479 int err = 0;
0480
0481 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
0482
0483 if (sk->sk_type != SOCK_STREAM) {
0484 err = -EINVAL;
0485 goto done;
0486 }
0487
0488 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
0489
0490 BT_DBG("sk %p timeo %ld", sk, timeo);
0491
0492
0493 add_wait_queue_exclusive(sk_sleep(sk), &wait);
0494 while (1) {
0495 if (sk->sk_state != BT_LISTEN) {
0496 err = -EBADFD;
0497 break;
0498 }
0499
0500 nsk = bt_accept_dequeue(sk, newsock);
0501 if (nsk)
0502 break;
0503
0504 if (!timeo) {
0505 err = -EAGAIN;
0506 break;
0507 }
0508
0509 if (signal_pending(current)) {
0510 err = sock_intr_errno(timeo);
0511 break;
0512 }
0513
0514 release_sock(sk);
0515
0516 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
0517
0518 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
0519 }
0520 remove_wait_queue(sk_sleep(sk), &wait);
0521
0522 if (err)
0523 goto done;
0524
0525 newsock->state = SS_CONNECTED;
0526
0527 BT_DBG("new socket %p", nsk);
0528
0529 done:
0530 release_sock(sk);
0531 return err;
0532 }
0533
0534 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
0535 {
0536 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
0537 struct sock *sk = sock->sk;
0538
0539 BT_DBG("sock %p, sk %p", sock, sk);
0540
0541 if (peer && sk->sk_state != BT_CONNECTED &&
0542 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
0543 return -ENOTCONN;
0544
0545 memset(sa, 0, sizeof(*sa));
0546 sa->rc_family = AF_BLUETOOTH;
0547 sa->rc_channel = rfcomm_pi(sk)->channel;
0548 if (peer)
0549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
0550 else
0551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
0552
0553 return sizeof(struct sockaddr_rc);
0554 }
0555
0556 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
0557 size_t len)
0558 {
0559 struct sock *sk = sock->sk;
0560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
0561 struct sk_buff *skb;
0562 int sent;
0563
0564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
0565 return -ENOTCONN;
0566
0567 if (msg->msg_flags & MSG_OOB)
0568 return -EOPNOTSUPP;
0569
0570 if (sk->sk_shutdown & SEND_SHUTDOWN)
0571 return -EPIPE;
0572
0573 BT_DBG("sock %p, sk %p", sock, sk);
0574
0575 lock_sock(sk);
0576
0577 sent = bt_sock_wait_ready(sk, msg->msg_flags);
0578
0579 release_sock(sk);
0580
0581 if (sent)
0582 return sent;
0583
0584 skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE,
0585 RFCOMM_SKB_TAIL_RESERVE);
0586 if (IS_ERR(skb))
0587 return PTR_ERR(skb);
0588
0589 sent = rfcomm_dlc_send(d, skb);
0590 if (sent < 0)
0591 kfree_skb(skb);
0592
0593 return sent;
0594 }
0595
0596 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
0597 size_t size, int flags)
0598 {
0599 struct sock *sk = sock->sk;
0600 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
0601 int len;
0602
0603 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
0604 rfcomm_dlc_accept(d);
0605 return 0;
0606 }
0607
0608 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
0609
0610 lock_sock(sk);
0611 if (!(flags & MSG_PEEK) && len > 0)
0612 atomic_sub(len, &sk->sk_rmem_alloc);
0613
0614 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
0615 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
0616 release_sock(sk);
0617
0618 return len;
0619 }
0620
0621 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname,
0622 sockptr_t optval, unsigned int optlen)
0623 {
0624 struct sock *sk = sock->sk;
0625 int err = 0;
0626 u32 opt;
0627
0628 BT_DBG("sk %p", sk);
0629
0630 lock_sock(sk);
0631
0632 switch (optname) {
0633 case RFCOMM_LM:
0634 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0635 err = -EFAULT;
0636 break;
0637 }
0638
0639 if (opt & RFCOMM_LM_FIPS) {
0640 err = -EINVAL;
0641 break;
0642 }
0643
0644 if (opt & RFCOMM_LM_AUTH)
0645 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
0646 if (opt & RFCOMM_LM_ENCRYPT)
0647 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
0648 if (opt & RFCOMM_LM_SECURE)
0649 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
0650
0651 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
0652 break;
0653
0654 default:
0655 err = -ENOPROTOOPT;
0656 break;
0657 }
0658
0659 release_sock(sk);
0660 return err;
0661 }
0662
0663 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname,
0664 sockptr_t optval, unsigned int optlen)
0665 {
0666 struct sock *sk = sock->sk;
0667 struct bt_security sec;
0668 int err = 0;
0669 size_t len;
0670 u32 opt;
0671
0672 BT_DBG("sk %p", sk);
0673
0674 if (level == SOL_RFCOMM)
0675 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
0676
0677 if (level != SOL_BLUETOOTH)
0678 return -ENOPROTOOPT;
0679
0680 lock_sock(sk);
0681
0682 switch (optname) {
0683 case BT_SECURITY:
0684 if (sk->sk_type != SOCK_STREAM) {
0685 err = -EINVAL;
0686 break;
0687 }
0688
0689 sec.level = BT_SECURITY_LOW;
0690
0691 len = min_t(unsigned int, sizeof(sec), optlen);
0692 if (copy_from_sockptr(&sec, optval, len)) {
0693 err = -EFAULT;
0694 break;
0695 }
0696
0697 if (sec.level > BT_SECURITY_HIGH) {
0698 err = -EINVAL;
0699 break;
0700 }
0701
0702 rfcomm_pi(sk)->sec_level = sec.level;
0703 break;
0704
0705 case BT_DEFER_SETUP:
0706 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
0707 err = -EINVAL;
0708 break;
0709 }
0710
0711 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0712 err = -EFAULT;
0713 break;
0714 }
0715
0716 if (opt)
0717 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
0718 else
0719 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
0720
0721 break;
0722
0723 default:
0724 err = -ENOPROTOOPT;
0725 break;
0726 }
0727
0728 release_sock(sk);
0729 return err;
0730 }
0731
0732 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
0733 {
0734 struct sock *sk = sock->sk;
0735 struct sock *l2cap_sk;
0736 struct l2cap_conn *conn;
0737 struct rfcomm_conninfo cinfo;
0738 int len, err = 0;
0739 u32 opt;
0740
0741 BT_DBG("sk %p", sk);
0742
0743 if (get_user(len, optlen))
0744 return -EFAULT;
0745
0746 lock_sock(sk);
0747
0748 switch (optname) {
0749 case RFCOMM_LM:
0750 switch (rfcomm_pi(sk)->sec_level) {
0751 case BT_SECURITY_LOW:
0752 opt = RFCOMM_LM_AUTH;
0753 break;
0754 case BT_SECURITY_MEDIUM:
0755 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
0756 break;
0757 case BT_SECURITY_HIGH:
0758 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
0759 RFCOMM_LM_SECURE;
0760 break;
0761 case BT_SECURITY_FIPS:
0762 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
0763 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
0764 break;
0765 default:
0766 opt = 0;
0767 break;
0768 }
0769
0770 if (rfcomm_pi(sk)->role_switch)
0771 opt |= RFCOMM_LM_MASTER;
0772
0773 if (put_user(opt, (u32 __user *) optval))
0774 err = -EFAULT;
0775
0776 break;
0777
0778 case RFCOMM_CONNINFO:
0779 if (sk->sk_state != BT_CONNECTED &&
0780 !rfcomm_pi(sk)->dlc->defer_setup) {
0781 err = -ENOTCONN;
0782 break;
0783 }
0784
0785 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
0786 conn = l2cap_pi(l2cap_sk)->chan->conn;
0787
0788 memset(&cinfo, 0, sizeof(cinfo));
0789 cinfo.hci_handle = conn->hcon->handle;
0790 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
0791
0792 len = min_t(unsigned int, len, sizeof(cinfo));
0793 if (copy_to_user(optval, (char *) &cinfo, len))
0794 err = -EFAULT;
0795
0796 break;
0797
0798 default:
0799 err = -ENOPROTOOPT;
0800 break;
0801 }
0802
0803 release_sock(sk);
0804 return err;
0805 }
0806
0807 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
0808 {
0809 struct sock *sk = sock->sk;
0810 struct bt_security sec;
0811 int len, err = 0;
0812
0813 BT_DBG("sk %p", sk);
0814
0815 if (level == SOL_RFCOMM)
0816 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
0817
0818 if (level != SOL_BLUETOOTH)
0819 return -ENOPROTOOPT;
0820
0821 if (get_user(len, optlen))
0822 return -EFAULT;
0823
0824 lock_sock(sk);
0825
0826 switch (optname) {
0827 case BT_SECURITY:
0828 if (sk->sk_type != SOCK_STREAM) {
0829 err = -EINVAL;
0830 break;
0831 }
0832
0833 sec.level = rfcomm_pi(sk)->sec_level;
0834 sec.key_size = 0;
0835
0836 len = min_t(unsigned int, len, sizeof(sec));
0837 if (copy_to_user(optval, (char *) &sec, len))
0838 err = -EFAULT;
0839
0840 break;
0841
0842 case BT_DEFER_SETUP:
0843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
0844 err = -EINVAL;
0845 break;
0846 }
0847
0848 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
0849 (u32 __user *) optval))
0850 err = -EFAULT;
0851
0852 break;
0853
0854 default:
0855 err = -ENOPROTOOPT;
0856 break;
0857 }
0858
0859 release_sock(sk);
0860 return err;
0861 }
0862
0863 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
0864 {
0865 struct sock *sk __maybe_unused = sock->sk;
0866 int err;
0867
0868 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
0869
0870 err = bt_sock_ioctl(sock, cmd, arg);
0871
0872 if (err == -ENOIOCTLCMD) {
0873 #ifdef CONFIG_BT_RFCOMM_TTY
0874 lock_sock(sk);
0875 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
0876 release_sock(sk);
0877 #else
0878 err = -EOPNOTSUPP;
0879 #endif
0880 }
0881
0882 return err;
0883 }
0884
0885 #ifdef CONFIG_COMPAT
0886 static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
0887 {
0888 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
0889 }
0890 #endif
0891
0892 static int rfcomm_sock_shutdown(struct socket *sock, int how)
0893 {
0894 struct sock *sk = sock->sk;
0895 int err = 0;
0896
0897 BT_DBG("sock %p, sk %p", sock, sk);
0898
0899 if (!sk)
0900 return 0;
0901
0902 lock_sock(sk);
0903 if (!sk->sk_shutdown) {
0904 sk->sk_shutdown = SHUTDOWN_MASK;
0905 __rfcomm_sock_close(sk);
0906
0907 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
0908 !(current->flags & PF_EXITING))
0909 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
0910 }
0911 release_sock(sk);
0912 return err;
0913 }
0914
0915 static int rfcomm_sock_release(struct socket *sock)
0916 {
0917 struct sock *sk = sock->sk;
0918 int err;
0919
0920 BT_DBG("sock %p, sk %p", sock, sk);
0921
0922 if (!sk)
0923 return 0;
0924
0925 err = rfcomm_sock_shutdown(sock, 2);
0926
0927 sock_orphan(sk);
0928 rfcomm_sock_kill(sk);
0929 return err;
0930 }
0931
0932
0933
0934
0935
0936 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
0937 {
0938 struct sock *sk, *parent;
0939 bdaddr_t src, dst;
0940 int result = 0;
0941
0942 BT_DBG("session %p channel %d", s, channel);
0943
0944 rfcomm_session_getaddr(s, &src, &dst);
0945
0946
0947 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
0948 if (!parent)
0949 return 0;
0950
0951 lock_sock(parent);
0952
0953
0954 if (sk_acceptq_is_full(parent)) {
0955 BT_DBG("backlog full %d", parent->sk_ack_backlog);
0956 goto done;
0957 }
0958
0959 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
0960 if (!sk)
0961 goto done;
0962
0963 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
0964
0965 rfcomm_sock_init(sk, parent);
0966 bacpy(&rfcomm_pi(sk)->src, &src);
0967 bacpy(&rfcomm_pi(sk)->dst, &dst);
0968 rfcomm_pi(sk)->channel = channel;
0969
0970 sk->sk_state = BT_CONFIG;
0971 bt_accept_enqueue(parent, sk, true);
0972
0973
0974 *d = rfcomm_pi(sk)->dlc;
0975 result = 1;
0976
0977 done:
0978 release_sock(parent);
0979
0980 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
0981 parent->sk_state_change(parent);
0982
0983 return result;
0984 }
0985
0986 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
0987 {
0988 struct sock *sk;
0989
0990 read_lock(&rfcomm_sk_list.lock);
0991
0992 sk_for_each(sk, &rfcomm_sk_list.head) {
0993 seq_printf(f, "%pMR %pMR %d %d\n",
0994 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
0995 sk->sk_state, rfcomm_pi(sk)->channel);
0996 }
0997
0998 read_unlock(&rfcomm_sk_list.lock);
0999
1000 return 0;
1001 }
1002
1003 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1004
1005 static struct dentry *rfcomm_sock_debugfs;
1006
1007 static const struct proto_ops rfcomm_sock_ops = {
1008 .family = PF_BLUETOOTH,
1009 .owner = THIS_MODULE,
1010 .release = rfcomm_sock_release,
1011 .bind = rfcomm_sock_bind,
1012 .connect = rfcomm_sock_connect,
1013 .listen = rfcomm_sock_listen,
1014 .accept = rfcomm_sock_accept,
1015 .getname = rfcomm_sock_getname,
1016 .sendmsg = rfcomm_sock_sendmsg,
1017 .recvmsg = rfcomm_sock_recvmsg,
1018 .shutdown = rfcomm_sock_shutdown,
1019 .setsockopt = rfcomm_sock_setsockopt,
1020 .getsockopt = rfcomm_sock_getsockopt,
1021 .ioctl = rfcomm_sock_ioctl,
1022 .gettstamp = sock_gettstamp,
1023 .poll = bt_sock_poll,
1024 .socketpair = sock_no_socketpair,
1025 .mmap = sock_no_mmap,
1026 #ifdef CONFIG_COMPAT
1027 .compat_ioctl = rfcomm_sock_compat_ioctl,
1028 #endif
1029 };
1030
1031 static const struct net_proto_family rfcomm_sock_family_ops = {
1032 .family = PF_BLUETOOTH,
1033 .owner = THIS_MODULE,
1034 .create = rfcomm_sock_create
1035 };
1036
1037 int __init rfcomm_init_sockets(void)
1038 {
1039 int err;
1040
1041 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1042
1043 err = proto_register(&rfcomm_proto, 0);
1044 if (err < 0)
1045 return err;
1046
1047 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1048 if (err < 0) {
1049 BT_ERR("RFCOMM socket layer registration failed");
1050 goto error;
1051 }
1052
1053 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1054 if (err < 0) {
1055 BT_ERR("Failed to create RFCOMM proc file");
1056 bt_sock_unregister(BTPROTO_RFCOMM);
1057 goto error;
1058 }
1059
1060 BT_INFO("RFCOMM socket layer initialized");
1061
1062 if (IS_ERR_OR_NULL(bt_debugfs))
1063 return 0;
1064
1065 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1066 bt_debugfs, NULL,
1067 &rfcomm_sock_debugfs_fops);
1068
1069 return 0;
1070
1071 error:
1072 proto_unregister(&rfcomm_proto);
1073 return err;
1074 }
1075
1076 void __exit rfcomm_cleanup_sockets(void)
1077 {
1078 bt_procfs_cleanup(&init_net, "rfcomm");
1079
1080 debugfs_remove(rfcomm_sock_debugfs);
1081
1082 bt_sock_unregister(BTPROTO_RFCOMM);
1083
1084 proto_unregister(&rfcomm_proto);
1085 }
