1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
45#include <net/sock.h>
46
47#include <asm/system.h>
48#include <linux/uaccess.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/l2cap.h>
53#include <net/bluetooth/rfcomm.h>
54
55static const struct proto_ops rfcomm_sock_ops;
56
57static struct bt_sock_list rfcomm_sk_list = {
58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
59};
60
61static void rfcomm_sock_close(struct sock *sk);
62static void rfcomm_sock_kill(struct sock *sk);
63
64
65
66
67
68static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
69{
70 struct sock *sk = d->owner;
71 if (!sk)
72 return;
73
74 atomic_add(skb->len, &sk->sk_rmem_alloc);
75 skb_queue_tail(&sk->sk_receive_queue, skb);
76 sk->sk_data_ready(sk, skb->len);
77
78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
79 rfcomm_dlc_throttle(d);
80}
81
82static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
83{
84 struct sock *sk = d->owner, *parent;
85 unsigned long flags;
86
87 if (!sk)
88 return;
89
90 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
91
92 local_irq_save(flags);
93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
114 local_irq_restore(flags);
115
116 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
117
118
119 rfcomm_dlc_unlock(d);
120 rfcomm_sock_kill(sk);
121 rfcomm_dlc_lock(d);
122 }
123}
124
125
126static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
127{
128 struct sock *sk = NULL;
129 struct hlist_node *node;
130
131 sk_for_each(sk, node, &rfcomm_sk_list.head) {
132 if (rfcomm_pi(sk)->channel == channel &&
133 !bacmp(&bt_sk(sk)->src, src))
134 break;
135 }
136
137 return node ? sk : NULL;
138}
139
140
141
142
143static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144{
145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node;
147
148 read_lock(&rfcomm_sk_list.lock);
149
150 sk_for_each(sk, node, &rfcomm_sk_list.head) {
151 if (state && sk->sk_state != state)
152 continue;
153
154 if (rfcomm_pi(sk)->channel == channel) {
155
156 if (!bacmp(&bt_sk(sk)->src, src))
157 break;
158
159
160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
161 sk1 = sk;
162 }
163 }
164
165 read_unlock(&rfcomm_sk_list.lock);
166
167 return node ? sk : sk1;
168}
169
170static void rfcomm_sock_destruct(struct sock *sk)
171{
172 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
173
174 BT_DBG("sk %p dlc %p", sk, d);
175
176 skb_queue_purge(&sk->sk_receive_queue);
177 skb_queue_purge(&sk->sk_write_queue);
178
179 rfcomm_dlc_lock(d);
180 rfcomm_pi(sk)->dlc = NULL;
181
182
183 if (d->owner == sk)
184 d->owner = NULL;
185 rfcomm_dlc_unlock(d);
186
187 rfcomm_dlc_put(d);
188}
189
190static void rfcomm_sock_cleanup_listen(struct sock *parent)
191{
192 struct sock *sk;
193
194 BT_DBG("parent %p", parent);
195
196
197 while ((sk = bt_accept_dequeue(parent, NULL))) {
198 rfcomm_sock_close(sk);
199 rfcomm_sock_kill(sk);
200 }
201
202 parent->sk_state = BT_CLOSED;
203 sock_set_flag(parent, SOCK_ZAPPED);
204}
205
206
207
208
209static void rfcomm_sock_kill(struct sock *sk)
210{
211 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
212 return;
213
214 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
215
216
217 bt_sock_unlink(&rfcomm_sk_list, sk);
218 sock_set_flag(sk, SOCK_DEAD);
219 sock_put(sk);
220}
221
222static void __rfcomm_sock_close(struct sock *sk)
223{
224 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
225
226 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
227
228 switch (sk->sk_state) {
229 case BT_LISTEN:
230 rfcomm_sock_cleanup_listen(sk);
231 break;
232
233 case BT_CONNECT:
234 case BT_CONNECT2:
235 case BT_CONFIG:
236 case BT_CONNECTED:
237 rfcomm_dlc_close(d, 0);
238
239 default:
240 sock_set_flag(sk, SOCK_ZAPPED);
241 break;
242 }
243}
244
245
246
247
248static void rfcomm_sock_close(struct sock *sk)
249{
250 lock_sock(sk);
251 __rfcomm_sock_close(sk);
252 release_sock(sk);
253}
254
255static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
256{
257 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
258
259 BT_DBG("sk %p", sk);
260
261 if (parent) {
262 sk->sk_type = parent->sk_type;
263 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
264
265 pi->sec_level = rfcomm_pi(parent)->sec_level;
266 pi->role_switch = rfcomm_pi(parent)->role_switch;
267 } else {
268 pi->dlc->defer_setup = 0;
269
270 pi->sec_level = BT_SECURITY_LOW;
271 pi->role_switch = 0;
272 }
273
274 pi->dlc->sec_level = pi->sec_level;
275 pi->dlc->role_switch = pi->role_switch;
276}
277
278static struct proto rfcomm_proto = {
279 .name = "RFCOMM",
280 .owner = THIS_MODULE,
281 .obj_size = sizeof(struct rfcomm_pinfo)
282};
283
284static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
285{
286 struct rfcomm_dlc *d;
287 struct sock *sk;
288
289 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
290 if (!sk)
291 return NULL;
292
293 sock_init_data(sock, sk);
294 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
295
296 d = rfcomm_dlc_alloc(prio);
297 if (!d) {
298 sk_free(sk);
299 return NULL;
300 }
301
302 d->data_ready = rfcomm_sk_data_ready;
303 d->state_change = rfcomm_sk_state_change;
304
305 rfcomm_pi(sk)->dlc = d;
306 d->owner = sk;
307
308 sk->sk_destruct = rfcomm_sock_destruct;
309 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
310
311 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
312 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
313
314 sock_reset_flag(sk, SOCK_ZAPPED);
315
316 sk->sk_protocol = proto;
317 sk->sk_state = BT_OPEN;
318
319 bt_sock_link(&rfcomm_sk_list, sk);
320
321 BT_DBG("sk %p", sk);
322 return sk;
323}
324
325static int rfcomm_sock_create(struct net *net, struct socket *sock,
326 int protocol, int kern)
327{
328 struct sock *sk;
329
330 BT_DBG("sock %p", sock);
331
332 sock->state = SS_UNCONNECTED;
333
334 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
335 return -ESOCKTNOSUPPORT;
336
337 sock->ops = &rfcomm_sock_ops;
338
339 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
340 if (!sk)
341 return -ENOMEM;
342
343 rfcomm_sock_init(sk, NULL);
344 return 0;
345}
346
347static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
348{
349 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
350 struct sock *sk = sock->sk;
351 int err = 0;
352
353 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
354
355 if (!addr || addr->sa_family != AF_BLUETOOTH)
356 return -EINVAL;
357
358 lock_sock(sk);
359
360 if (sk->sk_state != BT_OPEN) {
361 err = -EBADFD;
362 goto done;
363 }
364
365 if (sk->sk_type != SOCK_STREAM) {
366 err = -EINVAL;
367 goto done;
368 }
369
370 write_lock_bh(&rfcomm_sk_list.lock);
371
372 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
373 err = -EADDRINUSE;
374 } else {
375
376 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
377 rfcomm_pi(sk)->channel = sa->rc_channel;
378 sk->sk_state = BT_BOUND;
379 }
380
381 write_unlock_bh(&rfcomm_sk_list.lock);
382
383done:
384 release_sock(sk);
385 return err;
386}
387
388static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
389{
390 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
391 struct sock *sk = sock->sk;
392 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
393 int err = 0;
394
395 BT_DBG("sk %p", sk);
396
397 if (alen < sizeof(struct sockaddr_rc) ||
398 addr->sa_family != AF_BLUETOOTH)
399 return -EINVAL;
400
401 lock_sock(sk);
402
403 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
404 err = -EBADFD;
405 goto done;
406 }
407
408 if (sk->sk_type != SOCK_STREAM) {
409 err = -EINVAL;
410 goto done;
411 }
412
413 sk->sk_state = BT_CONNECT;
414 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
415 rfcomm_pi(sk)->channel = sa->rc_channel;
416
417 d->sec_level = rfcomm_pi(sk)->sec_level;
418 d->role_switch = rfcomm_pi(sk)->role_switch;
419
420 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
421 if (!err)
422 err = bt_sock_wait_state(sk, BT_CONNECTED,
423 sock_sndtimeo(sk, flags & O_NONBLOCK));
424
425done:
426 release_sock(sk);
427 return err;
428}
429
430static int rfcomm_sock_listen(struct socket *sock, int backlog)
431{
432 struct sock *sk = sock->sk;
433 int err = 0;
434
435 BT_DBG("sk %p backlog %d", sk, backlog);
436
437 lock_sock(sk);
438
439 if (sk->sk_state != BT_BOUND) {
440 err = -EBADFD;
441 goto done;
442 }
443
444 if (sk->sk_type != SOCK_STREAM) {
445 err = -EINVAL;
446 goto done;
447 }
448
449 if (!rfcomm_pi(sk)->channel) {
450 bdaddr_t *src = &bt_sk(sk)->src;
451 u8 channel;
452
453 err = -EINVAL;
454
455 write_lock_bh(&rfcomm_sk_list.lock);
456
457 for (channel = 1; channel < 31; channel++)
458 if (!__rfcomm_get_sock_by_addr(channel, src)) {
459 rfcomm_pi(sk)->channel = channel;
460 err = 0;
461 break;
462 }
463
464 write_unlock_bh(&rfcomm_sk_list.lock);
465
466 if (err < 0)
467 goto done;
468 }
469
470 sk->sk_max_ack_backlog = backlog;
471 sk->sk_ack_backlog = 0;
472 sk->sk_state = BT_LISTEN;
473
474done:
475 release_sock(sk);
476 return err;
477}
478
479static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
480{
481 DECLARE_WAITQUEUE(wait, current);
482 struct sock *sk = sock->sk, *nsk;
483 long timeo;
484 int err = 0;
485
486 lock_sock(sk);
487
488 if (sk->sk_state != BT_LISTEN) {
489 err = -EBADFD;
490 goto done;
491 }
492
493 if (sk->sk_type != SOCK_STREAM) {
494 err = -EINVAL;
495 goto done;
496 }
497
498 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
499
500 BT_DBG("sk %p timeo %ld", sk, timeo);
501
502
503 add_wait_queue_exclusive(sk_sleep(sk), &wait);
504 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
505 set_current_state(TASK_INTERRUPTIBLE);
506 if (!timeo) {
507 err = -EAGAIN;
508 break;
509 }
510
511 release_sock(sk);
512 timeo = schedule_timeout(timeo);
513 lock_sock(sk);
514
515 if (sk->sk_state != BT_LISTEN) {
516 err = -EBADFD;
517 break;
518 }
519
520 if (signal_pending(current)) {
521 err = sock_intr_errno(timeo);
522 break;
523 }
524 }
525 set_current_state(TASK_RUNNING);
526 remove_wait_queue(sk_sleep(sk), &wait);
527
528 if (err)
529 goto done;
530
531 newsock->state = SS_CONNECTED;
532
533 BT_DBG("new socket %p", nsk);
534
535done:
536 release_sock(sk);
537 return err;
538}
539
540static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
541{
542 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
543 struct sock *sk = sock->sk;
544
545 BT_DBG("sock %p, sk %p", sock, sk);
546
547 sa->rc_family = AF_BLUETOOTH;
548 sa->rc_channel = rfcomm_pi(sk)->channel;
549 if (peer)
550 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
551 else
552 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
553
554 *len = sizeof(struct sockaddr_rc);
555 return 0;
556}
557
558static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
559 struct msghdr *msg, size_t len)
560{
561 struct sock *sk = sock->sk;
562 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
563 struct sk_buff *skb;
564 int sent = 0;
565
566 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
567 return -ENOTCONN;
568
569 if (msg->msg_flags & MSG_OOB)
570 return -EOPNOTSUPP;
571
572 if (sk->sk_shutdown & SEND_SHUTDOWN)
573 return -EPIPE;
574
575 BT_DBG("sock %p, sk %p", sock, sk);
576
577 lock_sock(sk);
578
579 while (len) {
580 size_t size = min_t(size_t, len, d->mtu);
581 int err;
582
583 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
584 msg->msg_flags & MSG_DONTWAIT, &err);
585 if (!skb) {
586 if (sent == 0)
587 sent = err;
588 break;
589 }
590 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
591
592 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
593 if (err) {
594 kfree_skb(skb);
595 if (sent == 0)
596 sent = err;
597 break;
598 }
599
600 err = rfcomm_dlc_send(d, skb);
601 if (err < 0) {
602 kfree_skb(skb);
603 if (sent == 0)
604 sent = err;
605 break;
606 }
607
608 sent += size;
609 len -= size;
610 }
611
612 release_sock(sk);
613
614 return sent;
615}
616
617static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
618 struct msghdr *msg, size_t size, int flags)
619{
620 struct sock *sk = sock->sk;
621 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
622 int len;
623
624 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
625 rfcomm_dlc_accept(d);
626 return 0;
627 }
628
629 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
630
631 lock_sock(sk);
632 if (!(flags & MSG_PEEK) && len > 0)
633 atomic_sub(len, &sk->sk_rmem_alloc);
634
635 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
636 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
637 release_sock(sk);
638
639 return len;
640}
641
642static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
643{
644 struct sock *sk = sock->sk;
645 int err = 0;
646 u32 opt;
647
648 BT_DBG("sk %p", sk);
649
650 lock_sock(sk);
651
652 switch (optname) {
653 case RFCOMM_LM:
654 if (get_user(opt, (u32 __user *) optval)) {
655 err = -EFAULT;
656 break;
657 }
658
659 if (opt & RFCOMM_LM_AUTH)
660 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
661 if (opt & RFCOMM_LM_ENCRYPT)
662 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
663 if (opt & RFCOMM_LM_SECURE)
664 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
665
666 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
667 break;
668
669 default:
670 err = -ENOPROTOOPT;
671 break;
672 }
673
674 release_sock(sk);
675 return err;
676}
677
678static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
679{
680 struct sock *sk = sock->sk;
681 struct bt_security sec;
682 int len, err = 0;
683 u32 opt;
684
685 BT_DBG("sk %p", sk);
686
687 if (level == SOL_RFCOMM)
688 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
689
690 if (level != SOL_BLUETOOTH)
691 return -ENOPROTOOPT;
692
693 lock_sock(sk);
694
695 switch (optname) {
696 case BT_SECURITY:
697 if (sk->sk_type != SOCK_STREAM) {
698 err = -EINVAL;
699 break;
700 }
701
702 sec.level = BT_SECURITY_LOW;
703
704 len = min_t(unsigned int, sizeof(sec), optlen);
705 if (copy_from_user((char *) &sec, optval, len)) {
706 err = -EFAULT;
707 break;
708 }
709
710 if (sec.level > BT_SECURITY_HIGH) {
711 err = -EINVAL;
712 break;
713 }
714
715 rfcomm_pi(sk)->sec_level = sec.level;
716 break;
717
718 case BT_DEFER_SETUP:
719 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
720 err = -EINVAL;
721 break;
722 }
723
724 if (get_user(opt, (u32 __user *) optval)) {
725 err = -EFAULT;
726 break;
727 }
728
729 bt_sk(sk)->defer_setup = opt;
730 break;
731
732 default:
733 err = -ENOPROTOOPT;
734 break;
735 }
736
737 release_sock(sk);
738 return err;
739}
740
741static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
742{
743 struct sock *sk = sock->sk;
744 struct sock *l2cap_sk;
745 struct rfcomm_conninfo cinfo;
746 int len, err = 0;
747 u32 opt;
748
749 BT_DBG("sk %p", sk);
750
751 if (get_user(len, optlen))
752 return -EFAULT;
753
754 lock_sock(sk);
755
756 switch (optname) {
757 case RFCOMM_LM:
758 switch (rfcomm_pi(sk)->sec_level) {
759 case BT_SECURITY_LOW:
760 opt = RFCOMM_LM_AUTH;
761 break;
762 case BT_SECURITY_MEDIUM:
763 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
764 break;
765 case BT_SECURITY_HIGH:
766 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
767 RFCOMM_LM_SECURE;
768 break;
769 default:
770 opt = 0;
771 break;
772 }
773
774 if (rfcomm_pi(sk)->role_switch)
775 opt |= RFCOMM_LM_MASTER;
776
777 if (put_user(opt, (u32 __user *) optval))
778 err = -EFAULT;
779 break;
780
781 case RFCOMM_CONNINFO:
782 if (sk->sk_state != BT_CONNECTED &&
783 !rfcomm_pi(sk)->dlc->defer_setup) {
784 err = -ENOTCONN;
785 break;
786 }
787
788 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
789
790 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
791 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
792
793 len = min_t(unsigned int, len, sizeof(cinfo));
794 if (copy_to_user(optval, (char *) &cinfo, len))
795 err = -EFAULT;
796
797 break;
798
799 default:
800 err = -ENOPROTOOPT;
801 break;
802 }
803
804 release_sock(sk);
805 return err;
806}
807
808static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
809{
810 struct sock *sk = sock->sk;
811 struct bt_security sec;
812 int len, err = 0;
813
814 BT_DBG("sk %p", sk);
815
816 if (level == SOL_RFCOMM)
817 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
818
819 if (level != SOL_BLUETOOTH)
820 return -ENOPROTOOPT;
821
822 if (get_user(len, optlen))
823 return -EFAULT;
824
825 lock_sock(sk);
826
827 switch (optname) {
828 case BT_SECURITY:
829 if (sk->sk_type != SOCK_STREAM) {
830 err = -EINVAL;
831 break;
832 }
833
834 sec.level = rfcomm_pi(sk)->sec_level;
835
836 len = min_t(unsigned int, len, sizeof(sec));
837 if (copy_to_user(optval, (char *) &sec, len))
838 err = -EFAULT;
839
840 break;
841
842 case BT_DEFER_SETUP:
843 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
844 err = -EINVAL;
845 break;
846 }
847
848 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
849 err = -EFAULT;
850
851 break;
852
853 default:
854 err = -ENOPROTOOPT;
855 break;
856 }
857
858 release_sock(sk);
859 return err;
860}
861
862static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
863{
864 struct sock *sk __maybe_unused = sock->sk;
865 int err;
866
867 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
868
869 err = bt_sock_ioctl(sock, cmd, arg);
870
871 if (err == -ENOIOCTLCMD) {
872#ifdef CONFIG_BT_RFCOMM_TTY
873 lock_sock(sk);
874 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
875 release_sock(sk);
876#else
877 err = -EOPNOTSUPP;
878#endif
879 }
880
881 return err;
882}
883
884static int rfcomm_sock_shutdown(struct socket *sock, int how)
885{
886 struct sock *sk = sock->sk;
887 int err = 0;
888
889 BT_DBG("sock %p, sk %p", sock, sk);
890
891 if (!sk)
892 return 0;
893
894 lock_sock(sk);
895 if (!sk->sk_shutdown) {
896 sk->sk_shutdown = SHUTDOWN_MASK;
897 __rfcomm_sock_close(sk);
898
899 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
900 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
901 }
902 release_sock(sk);
903 return err;
904}
905
906static int rfcomm_sock_release(struct socket *sock)
907{
908 struct sock *sk = sock->sk;
909 int err;
910
911 BT_DBG("sock %p, sk %p", sock, sk);
912
913 if (!sk)
914 return 0;
915
916 err = rfcomm_sock_shutdown(sock, 2);
917
918 sock_orphan(sk);
919 rfcomm_sock_kill(sk);
920 return err;
921}
922
923
924
925
926
927int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
928{
929 struct sock *sk, *parent;
930 bdaddr_t src, dst;
931 int result = 0;
932
933 BT_DBG("session %p channel %d", s, channel);
934
935 rfcomm_session_getaddr(s, &src, &dst);
936
937
938 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
939 if (!parent)
940 return 0;
941
942 bh_lock_sock(parent);
943
944
945 if (sk_acceptq_is_full(parent)) {
946 BT_DBG("backlog full %d", parent->sk_ack_backlog);
947 goto done;
948 }
949
950 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
951 if (!sk)
952 goto done;
953
954 rfcomm_sock_init(sk, parent);
955 bacpy(&bt_sk(sk)->src, &src);
956 bacpy(&bt_sk(sk)->dst, &dst);
957 rfcomm_pi(sk)->channel = channel;
958
959 sk->sk_state = BT_CONFIG;
960 bt_accept_enqueue(parent, sk);
961
962
963 *d = rfcomm_pi(sk)->dlc;
964 result = 1;
965
966done:
967 bh_unlock_sock(parent);
968
969 if (bt_sk(parent)->defer_setup)
970 parent->sk_state_change(parent);
971
972 return result;
973}
974
975static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
976{
977 struct sock *sk;
978 struct hlist_node *node;
979
980 read_lock_bh(&rfcomm_sk_list.lock);
981
982 sk_for_each(sk, node, &rfcomm_sk_list.head) {
983 seq_printf(f, "%s %s %d %d\n",
984 batostr(&bt_sk(sk)->src),
985 batostr(&bt_sk(sk)->dst),
986 sk->sk_state, rfcomm_pi(sk)->channel);
987 }
988
989 read_unlock_bh(&rfcomm_sk_list.lock);
990
991 return 0;
992}
993
994static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
995{
996 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
997}
998
999static const struct file_operations rfcomm_sock_debugfs_fops = {
1000 .open = rfcomm_sock_debugfs_open,
1001 .read = seq_read,
1002 .llseek = seq_lseek,
1003 .release = single_release,
1004};
1005
1006static struct dentry *rfcomm_sock_debugfs;
1007
1008static const struct proto_ops rfcomm_sock_ops = {
1009 .family = PF_BLUETOOTH,
1010 .owner = THIS_MODULE,
1011 .release = rfcomm_sock_release,
1012 .bind = rfcomm_sock_bind,
1013 .connect = rfcomm_sock_connect,
1014 .listen = rfcomm_sock_listen,
1015 .accept = rfcomm_sock_accept,
1016 .getname = rfcomm_sock_getname,
1017 .sendmsg = rfcomm_sock_sendmsg,
1018 .recvmsg = rfcomm_sock_recvmsg,
1019 .shutdown = rfcomm_sock_shutdown,
1020 .setsockopt = rfcomm_sock_setsockopt,
1021 .getsockopt = rfcomm_sock_getsockopt,
1022 .ioctl = rfcomm_sock_ioctl,
1023 .poll = bt_sock_poll,
1024 .socketpair = sock_no_socketpair,
1025 .mmap = sock_no_mmap
1026};
1027
1028static const struct net_proto_family rfcomm_sock_family_ops = {
1029 .family = PF_BLUETOOTH,
1030 .owner = THIS_MODULE,
1031 .create = rfcomm_sock_create
1032};
1033
1034int __init rfcomm_init_sockets(void)
1035{
1036 int err;
1037
1038 err = proto_register(&rfcomm_proto, 0);
1039 if (err < 0)
1040 return err;
1041
1042 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1043 if (err < 0)
1044 goto error;
1045
1046 if (bt_debugfs) {
1047 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1048 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1049 if (!rfcomm_sock_debugfs)
1050 BT_ERR("Failed to create RFCOMM debug file");
1051 }
1052
1053 BT_INFO("RFCOMM socket layer initialized");
1054
1055 return 0;
1056
1057error:
1058 BT_ERR("RFCOMM socket layer registration failed");
1059 proto_unregister(&rfcomm_proto);
1060 return err;
1061}
1062
1063void __exit rfcomm_cleanup_sockets(void)
1064{
1065 debugfs_remove(rfcomm_sock_debugfs);
1066
1067 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1068 BT_ERR("RFCOMM socket layer unregistration failed");
1069
1070 proto_unregister(&rfcomm_proto);
1071}
1072