1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47
48#include <net/bluetooth/bluetooth.h>
49#include <net/bluetooth/hci_core.h>
50#include <net/bluetooth/l2cap.h>
51#include <net/bluetooth/rfcomm.h>
52
53static const struct proto_ops rfcomm_sock_ops;
54
55static struct bt_sock_list rfcomm_sk_list = {
56 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
57};
58
59static void rfcomm_sock_close(struct sock *sk);
60static void rfcomm_sock_kill(struct sock *sk);
61
62
63
64
65
66static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
67{
68 struct sock *sk = d->owner;
69 if (!sk)
70 return;
71
72 atomic_add(skb->len, &sk->sk_rmem_alloc);
73 skb_queue_tail(&sk->sk_receive_queue, skb);
74 sk->sk_data_ready(sk, skb->len);
75
76 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
77 rfcomm_dlc_throttle(d);
78}
79
80static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
81{
82 struct sock *sk = d->owner, *parent;
83 if (!sk)
84 return;
85
86 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
87
88 bh_lock_sock(sk);
89
90 if (err)
91 sk->sk_err = err;
92
93 sk->sk_state = d->state;
94
95 parent = bt_sk(sk)->parent;
96 if (parent) {
97 if (d->state == BT_CLOSED) {
98 sock_set_flag(sk, SOCK_ZAPPED);
99 bt_accept_unlink(sk);
100 }
101 parent->sk_data_ready(parent, 0);
102 } else {
103 if (d->state == BT_CONNECTED)
104 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
105 sk->sk_state_change(sk);
106 }
107
108 bh_unlock_sock(sk);
109
110 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
111
112
113 rfcomm_dlc_unlock(d);
114 rfcomm_sock_kill(sk);
115 rfcomm_dlc_lock(d);
116 }
117}
118
119
120static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
121{
122 struct sock *sk = NULL;
123 struct hlist_node *node;
124
125 sk_for_each(sk, node, &rfcomm_sk_list.head) {
126 if (rfcomm_pi(sk)->channel == channel &&
127 !bacmp(&bt_sk(sk)->src, src))
128 break;
129 }
130
131 return node ? sk : NULL;
132}
133
134
135
136
137static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
138{
139 struct sock *sk = NULL, *sk1 = NULL;
140 struct hlist_node *node;
141
142 sk_for_each(sk, node, &rfcomm_sk_list.head) {
143 if (state && sk->sk_state != state)
144 continue;
145
146 if (rfcomm_pi(sk)->channel == channel) {
147
148 if (!bacmp(&bt_sk(sk)->src, src))
149 break;
150
151
152 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
153 sk1 = sk;
154 }
155 }
156 return node ? sk : sk1;
157}
158
159
160
161static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
162{
163 struct sock *s;
164 read_lock(&rfcomm_sk_list.lock);
165 s = __rfcomm_get_sock_by_channel(state, channel, src);
166 if (s) bh_lock_sock(s);
167 read_unlock(&rfcomm_sk_list.lock);
168 return s;
169}
170
171static void rfcomm_sock_destruct(struct sock *sk)
172{
173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
174
175 BT_DBG("sk %p dlc %p", sk, d);
176
177 skb_queue_purge(&sk->sk_receive_queue);
178 skb_queue_purge(&sk->sk_write_queue);
179
180 rfcomm_dlc_lock(d);
181 rfcomm_pi(sk)->dlc = NULL;
182
183
184 if (d->owner == sk)
185 d->owner = NULL;
186 rfcomm_dlc_unlock(d);
187
188 rfcomm_dlc_put(d);
189}
190
191static void rfcomm_sock_cleanup_listen(struct sock *parent)
192{
193 struct sock *sk;
194
195 BT_DBG("parent %p", parent);
196
197
198 while ((sk = bt_accept_dequeue(parent, NULL))) {
199 rfcomm_sock_close(sk);
200 rfcomm_sock_kill(sk);
201 }
202
203 parent->sk_state = BT_CLOSED;
204 sock_set_flag(parent, SOCK_ZAPPED);
205}
206
207
208
209
210static void rfcomm_sock_kill(struct sock *sk)
211{
212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
213 return;
214
215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
216
217
218 bt_sock_unlink(&rfcomm_sk_list, sk);
219 sock_set_flag(sk, SOCK_DEAD);
220 sock_put(sk);
221}
222
223static void __rfcomm_sock_close(struct sock *sk)
224{
225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
226
227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
228
229 switch (sk->sk_state) {
230 case BT_LISTEN:
231 rfcomm_sock_cleanup_listen(sk);
232 break;
233
234 case BT_CONNECT:
235 case BT_CONNECT2:
236 case BT_CONFIG:
237 case BT_CONNECTED:
238 rfcomm_dlc_close(d, 0);
239
240 default:
241 sock_set_flag(sk, SOCK_ZAPPED);
242 break;
243 }
244}
245
246
247
248
249static void rfcomm_sock_close(struct sock *sk)
250{
251 lock_sock(sk);
252 __rfcomm_sock_close(sk);
253 release_sock(sk);
254}
255
256static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
257{
258 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
259
260 BT_DBG("sk %p", sk);
261
262 if (parent) {
263 sk->sk_type = parent->sk_type;
264 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
265
266 pi->sec_level = rfcomm_pi(parent)->sec_level;
267 pi->role_switch = rfcomm_pi(parent)->role_switch;
268 } else {
269 pi->dlc->defer_setup = 0;
270
271 pi->sec_level = BT_SECURITY_LOW;
272 pi->role_switch = 0;
273 }
274
275 pi->dlc->sec_level = pi->sec_level;
276 pi->dlc->role_switch = pi->role_switch;
277}
278
279static struct proto rfcomm_proto = {
280 .name = "RFCOMM",
281 .owner = THIS_MODULE,
282 .obj_size = sizeof(struct rfcomm_pinfo)
283};
284
285static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
286{
287 struct rfcomm_dlc *d;
288 struct sock *sk;
289
290 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
291 if (!sk)
292 return NULL;
293
294 sock_init_data(sock, sk);
295 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
296
297 d = rfcomm_dlc_alloc(prio);
298 if (!d) {
299 sk_free(sk);
300 return NULL;
301 }
302
303 d->data_ready = rfcomm_sk_data_ready;
304 d->state_change = rfcomm_sk_state_change;
305
306 rfcomm_pi(sk)->dlc = d;
307 d->owner = sk;
308
309 sk->sk_destruct = rfcomm_sock_destruct;
310 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
311
312 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
313 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
314
315 sock_reset_flag(sk, SOCK_ZAPPED);
316
317 sk->sk_protocol = proto;
318 sk->sk_state = BT_OPEN;
319
320 bt_sock_link(&rfcomm_sk_list, sk);
321
322 BT_DBG("sk %p", sk);
323 return sk;
324}
325
326static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
327{
328 struct sock *sk;
329
330 BT_DBG("sock %p", sock);
331
332 sock->state = SS_UNCONNECTED;
333
334 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
335 return -ESOCKTNOSUPPORT;
336
337 sock->ops = &rfcomm_sock_ops;
338
339 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
340 if (!sk)
341 return -ENOMEM;
342
343 rfcomm_sock_init(sk, NULL);
344 return 0;
345}
346
347static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
348{
349 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
350 struct sock *sk = sock->sk;
351 int err = 0;
352
353 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
354
355 if (!addr || addr->sa_family != AF_BLUETOOTH)
356 return -EINVAL;
357
358 lock_sock(sk);
359
360 if (sk->sk_state != BT_OPEN) {
361 err = -EBADFD;
362 goto done;
363 }
364
365 if (sk->sk_type != SOCK_STREAM) {
366 err = -EINVAL;
367 goto done;
368 }
369
370 write_lock_bh(&rfcomm_sk_list.lock);
371
372 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
373 err = -EADDRINUSE;
374 } else {
375
376 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
377 rfcomm_pi(sk)->channel = sa->rc_channel;
378 sk->sk_state = BT_BOUND;
379 }
380
381 write_unlock_bh(&rfcomm_sk_list.lock);
382
383done:
384 release_sock(sk);
385 return err;
386}
387
388static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
389{
390 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
391 struct sock *sk = sock->sk;
392 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
393 int err = 0;
394
395 BT_DBG("sk %p", sk);
396
397 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
398 return -EINVAL;
399
400 lock_sock(sk);
401
402 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
403 err = -EBADFD;
404 goto done;
405 }
406
407 if (sk->sk_type != SOCK_STREAM) {
408 err = -EINVAL;
409 goto done;
410 }
411
412 sk->sk_state = BT_CONNECT;
413 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
414 rfcomm_pi(sk)->channel = sa->rc_channel;
415
416 d->sec_level = rfcomm_pi(sk)->sec_level;
417 d->role_switch = rfcomm_pi(sk)->role_switch;
418
419 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
420 if (!err)
421 err = bt_sock_wait_state(sk, BT_CONNECTED,
422 sock_sndtimeo(sk, flags & O_NONBLOCK));
423
424done:
425 release_sock(sk);
426 return err;
427}
428
429static int rfcomm_sock_listen(struct socket *sock, int backlog)
430{
431 struct sock *sk = sock->sk;
432 int err = 0;
433
434 BT_DBG("sk %p backlog %d", sk, backlog);
435
436 lock_sock(sk);
437
438 if (sk->sk_state != BT_BOUND) {
439 err = -EBADFD;
440 goto done;
441 }
442
443 if (sk->sk_type != SOCK_STREAM) {
444 err = -EINVAL;
445 goto done;
446 }
447
448 if (!rfcomm_pi(sk)->channel) {
449 bdaddr_t *src = &bt_sk(sk)->src;
450 u8 channel;
451
452 err = -EINVAL;
453
454 write_lock_bh(&rfcomm_sk_list.lock);
455
456 for (channel = 1; channel < 31; channel++)
457 if (!__rfcomm_get_sock_by_addr(channel, src)) {
458 rfcomm_pi(sk)->channel = channel;
459 err = 0;
460 break;
461 }
462
463 write_unlock_bh(&rfcomm_sk_list.lock);
464
465 if (err < 0)
466 goto done;
467 }
468
469 sk->sk_max_ack_backlog = backlog;
470 sk->sk_ack_backlog = 0;
471 sk->sk_state = BT_LISTEN;
472
473done:
474 release_sock(sk);
475 return err;
476}
477
478static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
479{
480 DECLARE_WAITQUEUE(wait, current);
481 struct sock *sk = sock->sk, *nsk;
482 long timeo;
483 int err = 0;
484
485 lock_sock(sk);
486
487 if (sk->sk_state != BT_LISTEN) {
488 err = -EBADFD;
489 goto done;
490 }
491
492 if (sk->sk_type != SOCK_STREAM) {
493 err = -EINVAL;
494 goto done;
495 }
496
497 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
498
499 BT_DBG("sk %p timeo %ld", sk, timeo);
500
501
502 add_wait_queue_exclusive(sk->sk_sleep, &wait);
503 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
504 set_current_state(TASK_INTERRUPTIBLE);
505 if (!timeo) {
506 err = -EAGAIN;
507 break;
508 }
509
510 release_sock(sk);
511 timeo = schedule_timeout(timeo);
512 lock_sock(sk);
513
514 if (sk->sk_state != BT_LISTEN) {
515 err = -EBADFD;
516 break;
517 }
518
519 if (signal_pending(current)) {
520 err = sock_intr_errno(timeo);
521 break;
522 }
523 }
524 set_current_state(TASK_RUNNING);
525 remove_wait_queue(sk->sk_sleep, &wait);
526
527 if (err)
528 goto done;
529
530 newsock->state = SS_CONNECTED;
531
532 BT_DBG("new socket %p", nsk);
533
534done:
535 release_sock(sk);
536 return err;
537}
538
539static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
540{
541 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
542 struct sock *sk = sock->sk;
543
544 BT_DBG("sock %p, sk %p", sock, sk);
545
546 sa->rc_family = AF_BLUETOOTH;
547 sa->rc_channel = rfcomm_pi(sk)->channel;
548 if (peer)
549 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
550 else
551 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
552
553 *len = sizeof(struct sockaddr_rc);
554 return 0;
555}
556
557static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
558 struct msghdr *msg, size_t len)
559{
560 struct sock *sk = sock->sk;
561 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
562 struct sk_buff *skb;
563 int sent = 0;
564
565 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
566 return -ENOTCONN;
567
568 if (msg->msg_flags & MSG_OOB)
569 return -EOPNOTSUPP;
570
571 if (sk->sk_shutdown & SEND_SHUTDOWN)
572 return -EPIPE;
573
574 BT_DBG("sock %p, sk %p", sock, sk);
575
576 lock_sock(sk);
577
578 while (len) {
579 size_t size = min_t(size_t, len, d->mtu);
580 int err;
581
582 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
583 msg->msg_flags & MSG_DONTWAIT, &err);
584 if (!skb) {
585 if (sent == 0)
586 sent = err;
587 break;
588 }
589 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
590
591 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
592 if (err) {
593 kfree_skb(skb);
594 if (sent == 0)
595 sent = err;
596 break;
597 }
598
599 err = rfcomm_dlc_send(d, skb);
600 if (err < 0) {
601 kfree_skb(skb);
602 if (sent == 0)
603 sent = err;
604 break;
605 }
606
607 sent += size;
608 len -= size;
609 }
610
611 release_sock(sk);
612
613 return sent;
614}
615
616static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
617{
618 DECLARE_WAITQUEUE(wait, current);
619
620 add_wait_queue(sk->sk_sleep, &wait);
621 for (;;) {
622 set_current_state(TASK_INTERRUPTIBLE);
623
624 if (!skb_queue_empty(&sk->sk_receive_queue) ||
625 sk->sk_err ||
626 (sk->sk_shutdown & RCV_SHUTDOWN) ||
627 signal_pending(current) ||
628 !timeo)
629 break;
630
631 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
632 release_sock(sk);
633 timeo = schedule_timeout(timeo);
634 lock_sock(sk);
635 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
636 }
637
638 __set_current_state(TASK_RUNNING);
639 remove_wait_queue(sk->sk_sleep, &wait);
640 return timeo;
641}
642
643static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
644 struct msghdr *msg, size_t size, int flags)
645{
646 struct sock *sk = sock->sk;
647 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
648 int err = 0;
649 size_t target, copied = 0;
650 long timeo;
651
652 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
653 rfcomm_dlc_accept(d);
654 return 0;
655 }
656
657 if (flags & MSG_OOB)
658 return -EOPNOTSUPP;
659
660 msg->msg_namelen = 0;
661
662 BT_DBG("sk %p size %zu", sk, size);
663
664 lock_sock(sk);
665
666 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
667 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
668
669 do {
670 struct sk_buff *skb;
671 int chunk;
672
673 skb = skb_dequeue(&sk->sk_receive_queue);
674 if (!skb) {
675 if (copied >= target)
676 break;
677
678 if ((err = sock_error(sk)) != 0)
679 break;
680 if (sk->sk_shutdown & RCV_SHUTDOWN)
681 break;
682
683 err = -EAGAIN;
684 if (!timeo)
685 break;
686
687 timeo = rfcomm_sock_data_wait(sk, timeo);
688
689 if (signal_pending(current)) {
690 err = sock_intr_errno(timeo);
691 goto out;
692 }
693 continue;
694 }
695
696 chunk = min_t(unsigned int, skb->len, size);
697 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
698 skb_queue_head(&sk->sk_receive_queue, skb);
699 if (!copied)
700 copied = -EFAULT;
701 break;
702 }
703 copied += chunk;
704 size -= chunk;
705
706 sock_recv_timestamp(msg, sk, skb);
707
708 if (!(flags & MSG_PEEK)) {
709 atomic_sub(chunk, &sk->sk_rmem_alloc);
710
711 skb_pull(skb, chunk);
712 if (skb->len) {
713 skb_queue_head(&sk->sk_receive_queue, skb);
714 break;
715 }
716 kfree_skb(skb);
717
718 } else {
719
720 skb_queue_head(&sk->sk_receive_queue, skb);
721 break;
722 }
723 } while (size);
724
725out:
726 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
727 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
728
729 release_sock(sk);
730 return copied ? : err;
731}
732
733static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
734{
735 struct sock *sk = sock->sk;
736 int err = 0;
737 u32 opt;
738
739 BT_DBG("sk %p", sk);
740
741 lock_sock(sk);
742
743 switch (optname) {
744 case RFCOMM_LM:
745 if (get_user(opt, (u32 __user *) optval)) {
746 err = -EFAULT;
747 break;
748 }
749
750 if (opt & RFCOMM_LM_AUTH)
751 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
752 if (opt & RFCOMM_LM_ENCRYPT)
753 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
754 if (opt & RFCOMM_LM_SECURE)
755 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
756
757 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
758 break;
759
760 default:
761 err = -ENOPROTOOPT;
762 break;
763 }
764
765 release_sock(sk);
766 return err;
767}
768
769static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
770{
771 struct sock *sk = sock->sk;
772 struct bt_security sec;
773 int len, err = 0;
774 u32 opt;
775
776 BT_DBG("sk %p", sk);
777
778 if (level == SOL_RFCOMM)
779 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
780
781 if (level != SOL_BLUETOOTH)
782 return -ENOPROTOOPT;
783
784 lock_sock(sk);
785
786 switch (optname) {
787 case BT_SECURITY:
788 if (sk->sk_type != SOCK_STREAM) {
789 err = -EINVAL;
790 break;
791 }
792
793 sec.level = BT_SECURITY_LOW;
794
795 len = min_t(unsigned int, sizeof(sec), optlen);
796 if (copy_from_user((char *) &sec, optval, len)) {
797 err = -EFAULT;
798 break;
799 }
800
801 if (sec.level > BT_SECURITY_HIGH) {
802 err = -EINVAL;
803 break;
804 }
805
806 rfcomm_pi(sk)->sec_level = sec.level;
807 break;
808
809 case BT_DEFER_SETUP:
810 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
811 err = -EINVAL;
812 break;
813 }
814
815 if (get_user(opt, (u32 __user *) optval)) {
816 err = -EFAULT;
817 break;
818 }
819
820 bt_sk(sk)->defer_setup = opt;
821 break;
822
823 default:
824 err = -ENOPROTOOPT;
825 break;
826 }
827
828 release_sock(sk);
829 return err;
830}
831
832static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
833{
834 struct sock *sk = sock->sk;
835 struct sock *l2cap_sk;
836 struct rfcomm_conninfo cinfo;
837 int len, err = 0;
838 u32 opt;
839
840 BT_DBG("sk %p", sk);
841
842 if (get_user(len, optlen))
843 return -EFAULT;
844
845 lock_sock(sk);
846
847 switch (optname) {
848 case RFCOMM_LM:
849 switch (rfcomm_pi(sk)->sec_level) {
850 case BT_SECURITY_LOW:
851 opt = RFCOMM_LM_AUTH;
852 break;
853 case BT_SECURITY_MEDIUM:
854 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
855 break;
856 case BT_SECURITY_HIGH:
857 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
858 RFCOMM_LM_SECURE;
859 break;
860 default:
861 opt = 0;
862 break;
863 }
864
865 if (rfcomm_pi(sk)->role_switch)
866 opt |= RFCOMM_LM_MASTER;
867
868 if (put_user(opt, (u32 __user *) optval))
869 err = -EFAULT;
870 break;
871
872 case RFCOMM_CONNINFO:
873 if (sk->sk_state != BT_CONNECTED &&
874 !rfcomm_pi(sk)->dlc->defer_setup) {
875 err = -ENOTCONN;
876 break;
877 }
878
879 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
880
881 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
882 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
883
884 len = min_t(unsigned int, len, sizeof(cinfo));
885 if (copy_to_user(optval, (char *) &cinfo, len))
886 err = -EFAULT;
887
888 break;
889
890 default:
891 err = -ENOPROTOOPT;
892 break;
893 }
894
895 release_sock(sk);
896 return err;
897}
898
899static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
900{
901 struct sock *sk = sock->sk;
902 struct bt_security sec;
903 int len, err = 0;
904
905 BT_DBG("sk %p", sk);
906
907 if (level == SOL_RFCOMM)
908 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
909
910 if (level != SOL_BLUETOOTH)
911 return -ENOPROTOOPT;
912
913 if (get_user(len, optlen))
914 return -EFAULT;
915
916 lock_sock(sk);
917
918 switch (optname) {
919 case BT_SECURITY:
920 if (sk->sk_type != SOCK_STREAM) {
921 err = -EINVAL;
922 break;
923 }
924
925 sec.level = rfcomm_pi(sk)->sec_level;
926
927 len = min_t(unsigned int, len, sizeof(sec));
928 if (copy_to_user(optval, (char *) &sec, len))
929 err = -EFAULT;
930
931 break;
932
933 case BT_DEFER_SETUP:
934 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
935 err = -EINVAL;
936 break;
937 }
938
939 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
940 err = -EFAULT;
941
942 break;
943
944 default:
945 err = -ENOPROTOOPT;
946 break;
947 }
948
949 release_sock(sk);
950 return err;
951}
952
953static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
954{
955 struct sock *sk __maybe_unused = sock->sk;
956 int err;
957
958 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
959
960 err = bt_sock_ioctl(sock, cmd, arg);
961
962 if (err == -ENOIOCTLCMD) {
963#ifdef CONFIG_BT_RFCOMM_TTY
964 lock_sock(sk);
965 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
966 release_sock(sk);
967#else
968 err = -EOPNOTSUPP;
969#endif
970 }
971
972 return err;
973}
974
975static int rfcomm_sock_shutdown(struct socket *sock, int how)
976{
977 struct sock *sk = sock->sk;
978 int err = 0;
979
980 BT_DBG("sock %p, sk %p", sock, sk);
981
982 if (!sk) return 0;
983
984 lock_sock(sk);
985 if (!sk->sk_shutdown) {
986 sk->sk_shutdown = SHUTDOWN_MASK;
987 __rfcomm_sock_close(sk);
988
989 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
990 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
991 }
992 release_sock(sk);
993 return err;
994}
995
996static int rfcomm_sock_release(struct socket *sock)
997{
998 struct sock *sk = sock->sk;
999 int err;
1000
1001 BT_DBG("sock %p, sk %p", sock, sk);
1002
1003 if (!sk)
1004 return 0;
1005
1006 err = rfcomm_sock_shutdown(sock, 2);
1007
1008 sock_orphan(sk);
1009 rfcomm_sock_kill(sk);
1010 return err;
1011}
1012
1013
1014
1015
1016
1017int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
1018{
1019 struct sock *sk, *parent;
1020 bdaddr_t src, dst;
1021 int result = 0;
1022
1023 BT_DBG("session %p channel %d", s, channel);
1024
1025 rfcomm_session_getaddr(s, &src, &dst);
1026
1027
1028 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
1029 if (!parent)
1030 return 0;
1031
1032
1033 if (sk_acceptq_is_full(parent)) {
1034 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1035 goto done;
1036 }
1037
1038 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1039 if (!sk)
1040 goto done;
1041
1042 rfcomm_sock_init(sk, parent);
1043 bacpy(&bt_sk(sk)->src, &src);
1044 bacpy(&bt_sk(sk)->dst, &dst);
1045 rfcomm_pi(sk)->channel = channel;
1046
1047 sk->sk_state = BT_CONFIG;
1048 bt_accept_enqueue(parent, sk);
1049
1050
1051 *d = rfcomm_pi(sk)->dlc;
1052 result = 1;
1053
1054done:
1055 bh_unlock_sock(parent);
1056
1057 if (bt_sk(parent)->defer_setup)
1058 parent->sk_state_change(parent);
1059
1060 return result;
1061}
1062
1063static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
1064{
1065 struct sock *sk;
1066 struct hlist_node *node;
1067 char *str = buf;
1068
1069 read_lock_bh(&rfcomm_sk_list.lock);
1070
1071 sk_for_each(sk, node, &rfcomm_sk_list.head) {
1072 str += sprintf(str, "%s %s %d %d\n",
1073 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
1074 sk->sk_state, rfcomm_pi(sk)->channel);
1075 }
1076
1077 read_unlock_bh(&rfcomm_sk_list.lock);
1078
1079 return (str - buf);
1080}
1081
1082static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
1083
1084static const struct proto_ops rfcomm_sock_ops = {
1085 .family = PF_BLUETOOTH,
1086 .owner = THIS_MODULE,
1087 .release = rfcomm_sock_release,
1088 .bind = rfcomm_sock_bind,
1089 .connect = rfcomm_sock_connect,
1090 .listen = rfcomm_sock_listen,
1091 .accept = rfcomm_sock_accept,
1092 .getname = rfcomm_sock_getname,
1093 .sendmsg = rfcomm_sock_sendmsg,
1094 .recvmsg = rfcomm_sock_recvmsg,
1095 .shutdown = rfcomm_sock_shutdown,
1096 .setsockopt = rfcomm_sock_setsockopt,
1097 .getsockopt = rfcomm_sock_getsockopt,
1098 .ioctl = rfcomm_sock_ioctl,
1099 .poll = bt_sock_poll,
1100 .socketpair = sock_no_socketpair,
1101 .mmap = sock_no_mmap
1102};
1103
1104static struct net_proto_family rfcomm_sock_family_ops = {
1105 .family = PF_BLUETOOTH,
1106 .owner = THIS_MODULE,
1107 .create = rfcomm_sock_create
1108};
1109
1110int __init rfcomm_init_sockets(void)
1111{
1112 int err;
1113
1114 err = proto_register(&rfcomm_proto, 0);
1115 if (err < 0)
1116 return err;
1117
1118 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1119 if (err < 0)
1120 goto error;
1121
1122 if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
1123 BT_ERR("Failed to create RFCOMM info file");
1124
1125 BT_INFO("RFCOMM socket layer initialized");
1126
1127 return 0;
1128
1129error:
1130 BT_ERR("RFCOMM socket layer registration failed");
1131 proto_unregister(&rfcomm_proto);
1132 return err;
1133}
1134
1135void rfcomm_cleanup_sockets(void)
1136{
1137 class_remove_file(bt_class, &class_attr_rfcomm);
1138
1139 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1140 BT_ERR("RFCOMM socket layer unregistration failed");
1141
1142 proto_unregister(&rfcomm_proto);
1143}
1144
