1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM sockets.
26 */
27 #include <linux/compat.h>
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
30 #include <linux/sched/signal.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 #include <net/bluetooth/rfcomm.h>
36
37 static const struct proto_ops rfcomm_sock_ops;
38
39 static struct bt_sock_list rfcomm_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41 };
42
43 static void rfcomm_sock_close(struct sock *sk);
44 static void rfcomm_sock_kill(struct sock *sk);
45
46 /* ---- DLC callbacks ----
47 *
48 * called under rfcomm_dlc_lock()
49 */
50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51 {
52 struct sock *sk = d->owner;
53 if (!sk)
54 return;
55
56 atomic_add(skb->len, &sk->sk_rmem_alloc);
57 skb_queue_tail(&sk->sk_receive_queue, skb);
58 sk->sk_data_ready(sk);
59
60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61 rfcomm_dlc_throttle(d);
62 }
63
64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65 {
66 struct sock *sk = d->owner, *parent;
67
68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73 lock_sock(sk);
74
75 if (err)
76 sk->sk_err = err;
77
78 sk->sk_state = d->state;
79
80 parent = bt_sk(sk)->parent;
81 if (parent) {
82 if (d->state == BT_CLOSED) {
83 sock_set_flag(sk, SOCK_ZAPPED);
84 bt_accept_unlink(sk);
85 }
86 parent->sk_data_ready(parent);
87 } else {
88 if (d->state == BT_CONNECTED)
89 rfcomm_session_getaddr(d->session,
90 &rfcomm_pi(sk)->src, NULL);
91 sk->sk_state_change(sk);
92 }
93
94 release_sock(sk);
95
96 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
97 /* We have to drop DLC lock here, otherwise
98 * rfcomm_sock_destruct() will dead lock. */
99 rfcomm_dlc_unlock(d);
100 rfcomm_sock_kill(sk);
101 rfcomm_dlc_lock(d);
102 }
103 }
104
105 /* ---- Socket functions ---- */
106 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
107 {
108 struct sock *sk = NULL;
109
110 sk_for_each(sk, &rfcomm_sk_list.head) {
111 if (rfcomm_pi(sk)->channel != channel)
112 continue;
113
114 if (bacmp(&rfcomm_pi(sk)->src, src))
115 continue;
116
117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
118 break;
119 }
120
121 return sk ? sk : NULL;
122 }
123
124 /* Find socket with channel and source bdaddr.
125 * Returns closest match.
126 */
127 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
128 {
129 struct sock *sk = NULL, *sk1 = NULL;
130
131 read_lock(&rfcomm_sk_list.lock);
132
133 sk_for_each(sk, &rfcomm_sk_list.head) {
134 if (state && sk->sk_state != state)
135 continue;
136
137 if (rfcomm_pi(sk)->channel == channel) {
138 /* Exact match. */
139 if (!bacmp(&rfcomm_pi(sk)->src, src))
140 break;
141
142 /* Closest match */
143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
144 sk1 = sk;
145 }
146 }
147
148 read_unlock(&rfcomm_sk_list.lock);
149
150 return sk ? sk : sk1;
151 }
152
153 static void rfcomm_sock_destruct(struct sock *sk)
154 {
155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
156
157 BT_DBG("sk %p dlc %p", sk, d);
158
159 skb_queue_purge(&sk->sk_receive_queue);
160 skb_queue_purge(&sk->sk_write_queue);
161
162 rfcomm_dlc_lock(d);
163 rfcomm_pi(sk)->dlc = NULL;
164
165 /* Detach DLC if it's owned by this socket */
166 if (d->owner == sk)
167 d->owner = NULL;
168 rfcomm_dlc_unlock(d);
169
170 rfcomm_dlc_put(d);
171 }
172
173 static void rfcomm_sock_cleanup_listen(struct sock *parent)
174 {
175 struct sock *sk;
176
177 BT_DBG("parent %p", parent);
178
179 /* Close not yet accepted dlcs */
180 while ((sk = bt_accept_dequeue(parent, NULL))) {
181 rfcomm_sock_close(sk);
182 rfcomm_sock_kill(sk);
183 }
184
185 parent->sk_state = BT_CLOSED;
186 sock_set_flag(parent, SOCK_ZAPPED);
187 }
188
189 /* Kill socket (only if zapped and orphan)
190 * Must be called on unlocked socket.
191 */
192 static void rfcomm_sock_kill(struct sock *sk)
193 {
194 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
195 return;
196
197 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
198
199 /* Kill poor orphan */
200 bt_sock_unlink(&rfcomm_sk_list, sk);
201 sock_set_flag(sk, SOCK_DEAD);
202 sock_put(sk);
203 }
204
205 static void __rfcomm_sock_close(struct sock *sk)
206 {
207 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
208
209 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
210
211 switch (sk->sk_state) {
212 case BT_LISTEN:
213 rfcomm_sock_cleanup_listen(sk);
214 break;
215
216 case BT_CONNECT:
217 case BT_CONNECT2:
218 case BT_CONFIG:
219 case BT_CONNECTED:
220 rfcomm_dlc_close(d, 0);
221 fallthrough;
222
223 default:
224 sock_set_flag(sk, SOCK_ZAPPED);
225 break;
226 }
227 }
228
229 /* Close socket.
230 * Must be called on unlocked socket.
231 */
232 static void rfcomm_sock_close(struct sock *sk)
233 {
234 lock_sock(sk);
235 __rfcomm_sock_close(sk);
236 release_sock(sk);
237 }
238
239 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
240 {
241 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
242
243 BT_DBG("sk %p", sk);
244
245 if (parent) {
246 sk->sk_type = parent->sk_type;
247 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
248 &bt_sk(parent)->flags);
249
250 pi->sec_level = rfcomm_pi(parent)->sec_level;
251 pi->role_switch = rfcomm_pi(parent)->role_switch;
252
253 security_sk_clone(parent, sk);
254 } else {
255 pi->dlc->defer_setup = 0;
256
257 pi->sec_level = BT_SECURITY_LOW;
258 pi->role_switch = 0;
259 }
260
261 pi->dlc->sec_level = pi->sec_level;
262 pi->dlc->role_switch = pi->role_switch;
263 }
264
265 static struct proto rfcomm_proto = {
266 .name = "RFCOMM",
267 .owner = THIS_MODULE,
268 .obj_size = sizeof(struct rfcomm_pinfo)
269 };
270
271 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock,
272 int proto, gfp_t prio, int kern)
273 {
274 struct rfcomm_dlc *d;
275 struct sock *sk;
276
277 sk = bt_sock_alloc(net, sock, &rfcomm_proto, proto, prio, kern);
278 if (!sk)
279 return NULL;
280
281 d = rfcomm_dlc_alloc(prio);
282 if (!d) {
283 sk_free(sk);
284 return NULL;
285 }
286
287 d->data_ready = rfcomm_sk_data_ready;
288 d->state_change = rfcomm_sk_state_change;
289
290 rfcomm_pi(sk)->dlc = d;
291 d->owner = sk;
292
293 sk->sk_destruct = rfcomm_sock_destruct;
294 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
295
296 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
297 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
298
299 bt_sock_link(&rfcomm_sk_list, sk);
300
301 BT_DBG("sk %p", sk);
302 return sk;
303 }
304
305 static int rfcomm_sock_create(struct net *net, struct socket *sock,
306 int protocol, int kern)
307 {
308 struct sock *sk;
309
310 BT_DBG("sock %p", sock);
311
312 sock->state = SS_UNCONNECTED;
313
314 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
315 return -ESOCKTNOSUPPORT;
316
317 sock->ops = &rfcomm_sock_ops;
318
319 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
320 if (!sk)
321 return -ENOMEM;
322
323 rfcomm_sock_init(sk, NULL);
324 return 0;
325 }
326
327 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
328 {
329 struct sockaddr_rc sa;
330 struct sock *sk = sock->sk;
331 int len, err = 0;
332
333 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
334 addr->sa_family != AF_BLUETOOTH)
335 return -EINVAL;
336
337 memset(&sa, 0, sizeof(sa));
338 len = min_t(unsigned int, sizeof(sa), addr_len);
339 memcpy(&sa, addr, len);
340
341 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
342
343 lock_sock(sk);
344
345 if (sk->sk_state != BT_OPEN) {
346 err = -EBADFD;
347 goto done;
348 }
349
350 if (sk->sk_type != SOCK_STREAM) {
351 err = -EINVAL;
352 goto done;
353 }
354
355 write_lock(&rfcomm_sk_list.lock);
356
357 if (sa.rc_channel &&
358 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
359 err = -EADDRINUSE;
360 } else {
361 /* Save source address */
362 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
363 rfcomm_pi(sk)->channel = sa.rc_channel;
364 sk->sk_state = BT_BOUND;
365 }
366
367 write_unlock(&rfcomm_sk_list.lock);
368
369 done:
370 release_sock(sk);
371 return err;
372 }
373
374 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
375 {
376 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
377 struct sock *sk = sock->sk;
378 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
379 int err = 0;
380
381 BT_DBG("sk %p", sk);
382
383 if (alen < sizeof(struct sockaddr_rc) ||
384 addr->sa_family != AF_BLUETOOTH)
385 return -EINVAL;
386
387 sock_hold(sk);
388 lock_sock(sk);
389
390 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
391 err = -EBADFD;
392 goto done;
393 }
394
395 if (sk->sk_type != SOCK_STREAM) {
396 err = -EINVAL;
397 goto done;
398 }
399
400 sk->sk_state = BT_CONNECT;
401 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
402 rfcomm_pi(sk)->channel = sa->rc_channel;
403
404 d->sec_level = rfcomm_pi(sk)->sec_level;
405 d->role_switch = rfcomm_pi(sk)->role_switch;
406
407 /* Drop sock lock to avoid potential deadlock with the RFCOMM lock */
408 release_sock(sk);
409 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
410 sa->rc_channel);
411 lock_sock(sk);
412 if (!err && !sock_flag(sk, SOCK_ZAPPED))
413 err = bt_sock_wait_state(sk, BT_CONNECTED,
414 sock_sndtimeo(sk, flags & O_NONBLOCK));
415
416 done:
417 release_sock(sk);
418 sock_put(sk);
419 return err;
420 }
421
422 static int rfcomm_sock_listen(struct socket *sock, int backlog)
423 {
424 struct sock *sk = sock->sk;
425 int err = 0;
426
427 BT_DBG("sk %p backlog %d", sk, backlog);
428
429 lock_sock(sk);
430
431 if (sk->sk_state != BT_BOUND) {
432 err = -EBADFD;
433 goto done;
434 }
435
436 if (sk->sk_type != SOCK_STREAM) {
437 err = -EINVAL;
438 goto done;
439 }
440
441 if (!rfcomm_pi(sk)->channel) {
442 bdaddr_t *src = &rfcomm_pi(sk)->src;
443 u8 channel;
444
445 err = -EINVAL;
446
447 write_lock(&rfcomm_sk_list.lock);
448
449 for (channel = 1; channel < 31; channel++)
450 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
451 rfcomm_pi(sk)->channel = channel;
452 err = 0;
453 break;
454 }
455
456 write_unlock(&rfcomm_sk_list.lock);
457
458 if (err < 0)
459 goto done;
460 }
461
462 sk->sk_max_ack_backlog = backlog;
463 sk->sk_ack_backlog = 0;
464 sk->sk_state = BT_LISTEN;
465
466 done:
467 release_sock(sk);
468 return err;
469 }
470
471 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock,
472 struct proto_accept_arg *arg)
473 {
474 DEFINE_WAIT_FUNC(wait, woken_wake_function);
475 struct sock *sk = sock->sk, *nsk;
476 long timeo;
477 int err = 0;
478
479 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
480
481 if (sk->sk_type != SOCK_STREAM) {
482 err = -EINVAL;
483 goto done;
484 }
485
486 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
487
488 BT_DBG("sk %p timeo %ld", sk, timeo);
489
490 /* Wait for an incoming connection. (wake-one). */
491 add_wait_queue_exclusive(sk_sleep(sk), &wait);
492 while (1) {
493 if (sk->sk_state != BT_LISTEN) {
494 err = -EBADFD;
495 break;
496 }
497
498 nsk = bt_accept_dequeue(sk, newsock);
499 if (nsk)
500 break;
501
502 if (!timeo) {
503 err = -EAGAIN;
504 break;
505 }
506
507 if (signal_pending(current)) {
508 err = sock_intr_errno(timeo);
509 break;
510 }
511
512 release_sock(sk);
513
514 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
515
516 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
517 }
518 remove_wait_queue(sk_sleep(sk), &wait);
519
520 if (err)
521 goto done;
522
523 newsock->state = SS_CONNECTED;
524
525 BT_DBG("new socket %p", nsk);
526
527 done:
528 release_sock(sk);
529 return err;
530 }
531
532 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
533 {
534 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
535 struct sock *sk = sock->sk;
536
537 BT_DBG("sock %p, sk %p", sock, sk);
538
539 if (peer && sk->sk_state != BT_CONNECTED &&
540 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
541 return -ENOTCONN;
542
543 memset(sa, 0, sizeof(*sa));
544 sa->rc_family = AF_BLUETOOTH;
545 sa->rc_channel = rfcomm_pi(sk)->channel;
546 if (peer)
547 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
548 else
549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
550
551 return sizeof(struct sockaddr_rc);
552 }
553
554 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
555 size_t len)
556 {
557 struct sock *sk = sock->sk;
558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559 struct sk_buff *skb;
560 int sent;
561
562 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
563 return -ENOTCONN;
564
565 if (msg->msg_flags & MSG_OOB)
566 return -EOPNOTSUPP;
567
568 if (sk->sk_shutdown & SEND_SHUTDOWN)
569 return -EPIPE;
570
571 BT_DBG("sock %p, sk %p", sock, sk);
572
573 lock_sock(sk);
574
575 sent = bt_sock_wait_ready(sk, msg->msg_flags);
576
577 release_sock(sk);
578
579 if (sent)
580 return sent;
581
582 skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE,
583 RFCOMM_SKB_TAIL_RESERVE);
584 if (IS_ERR(skb))
585 return PTR_ERR(skb);
586
587 sent = rfcomm_dlc_send(d, skb);
588 if (sent < 0)
589 kfree_skb(skb);
590
591 return sent;
592 }
593
594 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
595 size_t size, int flags)
596 {
597 struct sock *sk = sock->sk;
598 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
599 int len;
600
601 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
602 rfcomm_dlc_accept(d);
603 return 0;
604 }
605
606 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
607
608 lock_sock(sk);
609 if (!(flags & MSG_PEEK) && len > 0)
610 atomic_sub(len, &sk->sk_rmem_alloc);
611
612 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
613 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
614 release_sock(sk);
615
616 return len;
617 }
618
619 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname,
620 sockptr_t optval, unsigned int optlen)
621 {
622 struct sock *sk = sock->sk;
623 int err = 0;
624 u32 opt;
625
626 BT_DBG("sk %p", sk);
627
628 lock_sock(sk);
629
630 switch (optname) {
631 case RFCOMM_LM:
632 if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) {
633 err = -EFAULT;
634 break;
635 }
636
637 if (opt & RFCOMM_LM_FIPS) {
638 err = -EINVAL;
639 break;
640 }
641
642 if (opt & RFCOMM_LM_AUTH)
643 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
644 if (opt & RFCOMM_LM_ENCRYPT)
645 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
646 if (opt & RFCOMM_LM_SECURE)
647 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
648
649 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
650 break;
651
652 default:
653 err = -ENOPROTOOPT;
654 break;
655 }
656
657 release_sock(sk);
658 return err;
659 }
660
661 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname,
662 sockptr_t optval, unsigned int optlen)
663 {
664 struct sock *sk = sock->sk;
665 struct bt_security sec;
666 int err = 0;
667 u32 opt;
668
669 BT_DBG("sk %p", sk);
670
671 if (level == SOL_RFCOMM)
672 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
673
674 if (level != SOL_BLUETOOTH)
675 return -ENOPROTOOPT;
676
677 lock_sock(sk);
678
679 switch (optname) {
680 case BT_SECURITY:
681 if (sk->sk_type != SOCK_STREAM) {
682 err = -EINVAL;
683 break;
684 }
685
686 sec.level = BT_SECURITY_LOW;
687
688 err = bt_copy_from_sockptr(&sec, sizeof(sec), optval, optlen);
689 if (err)
690 break;
691
692 if (sec.level > BT_SECURITY_HIGH) {
693 err = -EINVAL;
694 break;
695 }
696
697 rfcomm_pi(sk)->sec_level = sec.level;
698 break;
699
700 case BT_DEFER_SETUP:
701 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
702 err = -EINVAL;
703 break;
704 }
705
706 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
707 if (err)
708 break;
709
710 if (opt)
711 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
712 else
713 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
714
715 break;
716
717 default:
718 err = -ENOPROTOOPT;
719 break;
720 }
721
722 release_sock(sk);
723 return err;
724 }
725
726 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
727 {
728 struct sock *sk = sock->sk;
729 struct sock *l2cap_sk;
730 struct l2cap_conn *conn;
731 struct rfcomm_conninfo cinfo;
732 int len, err = 0;
733 u32 opt;
734
735 BT_DBG("sk %p", sk);
736
737 if (get_user(len, optlen))
738 return -EFAULT;
739
740 lock_sock(sk);
741
742 switch (optname) {
743 case RFCOMM_LM:
744 switch (rfcomm_pi(sk)->sec_level) {
745 case BT_SECURITY_LOW:
746 opt = RFCOMM_LM_AUTH;
747 break;
748 case BT_SECURITY_MEDIUM:
749 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
750 break;
751 case BT_SECURITY_HIGH:
752 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
753 RFCOMM_LM_SECURE;
754 break;
755 case BT_SECURITY_FIPS:
756 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
757 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
758 break;
759 default:
760 opt = 0;
761 break;
762 }
763
764 if (rfcomm_pi(sk)->role_switch)
765 opt |= RFCOMM_LM_MASTER;
766
767 if (put_user(opt, (u32 __user *) optval))
768 err = -EFAULT;
769
770 break;
771
772 case RFCOMM_CONNINFO:
773 if (sk->sk_state != BT_CONNECTED &&
774 !rfcomm_pi(sk)->dlc->defer_setup) {
775 err = -ENOTCONN;
776 break;
777 }
778
779 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
780 conn = l2cap_pi(l2cap_sk)->chan->conn;
781
782 memset(&cinfo, 0, sizeof(cinfo));
783 cinfo.hci_handle = conn->hcon->handle;
784 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
785
786 len = min_t(unsigned int, len, sizeof(cinfo));
787 if (copy_to_user(optval, (char *) &cinfo, len))
788 err = -EFAULT;
789
790 break;
791
792 default:
793 err = -ENOPROTOOPT;
794 break;
795 }
796
797 release_sock(sk);
798 return err;
799 }
800
801 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
802 {
803 struct sock *sk = sock->sk;
804 struct bt_security sec;
805 int len, err = 0;
806
807 BT_DBG("sk %p", sk);
808
809 if (level == SOL_RFCOMM)
810 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
811
812 if (level != SOL_BLUETOOTH)
813 return -ENOPROTOOPT;
814
815 if (get_user(len, optlen))
816 return -EFAULT;
817
818 lock_sock(sk);
819
820 switch (optname) {
821 case BT_SECURITY:
822 if (sk->sk_type != SOCK_STREAM) {
823 err = -EINVAL;
824 break;
825 }
826
827 sec.level = rfcomm_pi(sk)->sec_level;
828 sec.key_size = 0;
829
830 len = min_t(unsigned int, len, sizeof(sec));
831 if (copy_to_user(optval, (char *) &sec, len))
832 err = -EFAULT;
833
834 break;
835
836 case BT_DEFER_SETUP:
837 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
838 err = -EINVAL;
839 break;
840 }
841
842 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
843 (u32 __user *) optval))
844 err = -EFAULT;
845
846 break;
847
848 default:
849 err = -ENOPROTOOPT;
850 break;
851 }
852
853 release_sock(sk);
854 return err;
855 }
856
857 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
858 {
859 struct sock *sk __maybe_unused = sock->sk;
860 int err;
861
862 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
863
864 err = bt_sock_ioctl(sock, cmd, arg);
865
866 if (err == -ENOIOCTLCMD) {
867 #ifdef CONFIG_BT_RFCOMM_TTY
868 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
869 #else
870 err = -EOPNOTSUPP;
871 #endif
872 }
873
874 return err;
875 }
876
877 #ifdef CONFIG_COMPAT
878 static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
879 {
880 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
881 }
882 #endif
883
884 static int rfcomm_sock_shutdown(struct socket *sock, int how)
885 {
886 struct sock *sk = sock->sk;
887 int err = 0;
888
889 BT_DBG("sock %p, sk %p", sock, sk);
890
891 if (!sk)
892 return 0;
893
894 lock_sock(sk);
895 if (!sk->sk_shutdown) {
896 sk->sk_shutdown = SHUTDOWN_MASK;
897
898 release_sock(sk);
899 __rfcomm_sock_close(sk);
900 lock_sock(sk);
901
902 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
903 !(current->flags & PF_EXITING))
904 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
905 }
906 release_sock(sk);
907 return err;
908 }
909
910 static int rfcomm_sock_release(struct socket *sock)
911 {
912 struct sock *sk = sock->sk;
913 int err;
914
915 BT_DBG("sock %p, sk %p", sock, sk);
916
917 if (!sk)
918 return 0;
919
920 err = rfcomm_sock_shutdown(sock, 2);
921
922 sock_orphan(sk);
923 rfcomm_sock_kill(sk);
924 return err;
925 }
926
927 /* ---- RFCOMM core layer callbacks ----
928 *
929 * called under rfcomm_lock()
930 */
931 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
932 {
933 struct sock *sk, *parent;
934 bdaddr_t src, dst;
935 int result = 0;
936
937 BT_DBG("session %p channel %d", s, channel);
938
939 rfcomm_session_getaddr(s, &src, &dst);
940
941 /* Check if we have socket listening on channel */
942 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
943 if (!parent)
944 return 0;
945
946 lock_sock(parent);
947
948 /* Check for backlog size */
949 if (sk_acceptq_is_full(parent)) {
950 BT_DBG("backlog full %d", parent->sk_ack_backlog);
951 goto done;
952 }
953
954 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
955 if (!sk)
956 goto done;
957
958 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
959
960 rfcomm_sock_init(sk, parent);
961 bacpy(&rfcomm_pi(sk)->src, &src);
962 bacpy(&rfcomm_pi(sk)->dst, &dst);
963 rfcomm_pi(sk)->channel = channel;
964
965 sk->sk_state = BT_CONFIG;
966 bt_accept_enqueue(parent, sk, true);
967
968 /* Accept connection and return socket DLC */
969 *d = rfcomm_pi(sk)->dlc;
970 result = 1;
971
972 done:
973 release_sock(parent);
974
975 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
976 parent->sk_state_change(parent);
977
978 return result;
979 }
980
981 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
982 {
983 struct sock *sk;
984
985 read_lock(&rfcomm_sk_list.lock);
986
987 sk_for_each(sk, &rfcomm_sk_list.head) {
988 seq_printf(f, "%pMR %pMR %d %d\n",
989 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
990 sk->sk_state, rfcomm_pi(sk)->channel);
991 }
992
993 read_unlock(&rfcomm_sk_list.lock);
994
995 return 0;
996 }
997
998 DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
999
1000 static struct dentry *rfcomm_sock_debugfs;
1001
1002 static const struct proto_ops rfcomm_sock_ops = {
1003 .family = PF_BLUETOOTH,
1004 .owner = THIS_MODULE,
1005 .release = rfcomm_sock_release,
1006 .bind = rfcomm_sock_bind,
1007 .connect = rfcomm_sock_connect,
1008 .listen = rfcomm_sock_listen,
1009 .accept = rfcomm_sock_accept,
1010 .getname = rfcomm_sock_getname,
1011 .sendmsg = rfcomm_sock_sendmsg,
1012 .recvmsg = rfcomm_sock_recvmsg,
1013 .shutdown = rfcomm_sock_shutdown,
1014 .setsockopt = rfcomm_sock_setsockopt,
1015 .getsockopt = rfcomm_sock_getsockopt,
1016 .ioctl = rfcomm_sock_ioctl,
1017 .gettstamp = sock_gettstamp,
1018 .poll = bt_sock_poll,
1019 .socketpair = sock_no_socketpair,
1020 .mmap = sock_no_mmap,
1021 #ifdef CONFIG_COMPAT
1022 .compat_ioctl = rfcomm_sock_compat_ioctl,
1023 #endif
1024 };
1025
1026 static const struct net_proto_family rfcomm_sock_family_ops = {
1027 .family = PF_BLUETOOTH,
1028 .owner = THIS_MODULE,
1029 .create = rfcomm_sock_create
1030 };
1031
1032 int __init rfcomm_init_sockets(void)
1033 {
1034 int err;
1035
1036 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1037
1038 err = proto_register(&rfcomm_proto, 0);
1039 if (err < 0)
1040 return err;
1041
1042 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1043 if (err < 0) {
1044 BT_ERR("RFCOMM socket layer registration failed");
1045 goto error;
1046 }
1047
1048 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1049 if (err < 0) {
1050 BT_ERR("Failed to create RFCOMM proc file");
1051 bt_sock_unregister(BTPROTO_RFCOMM);
1052 goto error;
1053 }
1054
1055 BT_INFO("RFCOMM socket layer initialized");
1056
1057 if (IS_ERR_OR_NULL(bt_debugfs))
1058 return 0;
1059
1060 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1061 bt_debugfs, NULL,
1062 &rfcomm_sock_debugfs_fops);
1063
1064 return 0;
1065
1066 error:
1067 proto_unregister(&rfcomm_proto);
1068 return err;
1069 }
1070
1071 void __exit rfcomm_cleanup_sockets(void)
1072 {
1073 bt_procfs_cleanup(&init_net, "rfcomm");
1074
1075 debugfs_remove(rfcomm_sock_debugfs);
1076
1077 bt_sock_unregister(BTPROTO_RFCOMM);
1078
1079 proto_unregister(&rfcomm_proto);
1080 }
1081
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.