1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/export.h>
29#include <linux/debugfs.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/rfcomm.h>
35
36static const struct proto_ops rfcomm_sock_ops;
37
38static struct bt_sock_list rfcomm_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
40};
41
42static void rfcomm_sock_close(struct sock *sk);
43static void rfcomm_sock_kill(struct sock *sk);
44
45
46
47
48
49static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50{
51 struct sock *sk = d->owner;
52 if (!sk)
53 return;
54
55 atomic_add(skb->len, &sk->sk_rmem_alloc);
56 skb_queue_tail(&sk->sk_receive_queue, skb);
57 sk->sk_data_ready(sk, skb->len);
58
59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60 rfcomm_dlc_throttle(d);
61}
62
63static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64{
65 struct sock *sk = d->owner, *parent;
66 unsigned long flags;
67
68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73 local_irq_save(flags);
74 bh_lock_sock(sk);
75
76 if (err)
77 sk->sk_err = err;
78
79 sk->sk_state = d->state;
80
81 parent = bt_sk(sk)->parent;
82 if (parent) {
83 if (d->state == BT_CLOSED) {
84 sock_set_flag(sk, SOCK_ZAPPED);
85 bt_accept_unlink(sk);
86 }
87 parent->sk_data_ready(parent, 0);
88 } else {
89 if (d->state == BT_CONNECTED)
90 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
91 sk->sk_state_change(sk);
92 }
93
94 bh_unlock_sock(sk);
95 local_irq_restore(flags);
96
97 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
98
99
100 rfcomm_dlc_unlock(d);
101 rfcomm_sock_kill(sk);
102 rfcomm_dlc_lock(d);
103 }
104}
105
106
107static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
108{
109 struct sock *sk = NULL;
110
111 sk_for_each(sk, &rfcomm_sk_list.head) {
112 if (rfcomm_pi(sk)->channel == channel &&
113 !bacmp(&bt_sk(sk)->src, src))
114 break;
115 }
116
117 return sk ? sk : NULL;
118}
119
120
121
122
123static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
124{
125 struct sock *sk = NULL, *sk1 = NULL;
126
127 read_lock(&rfcomm_sk_list.lock);
128
129 sk_for_each(sk, &rfcomm_sk_list.head) {
130 if (state && sk->sk_state != state)
131 continue;
132
133 if (rfcomm_pi(sk)->channel == channel) {
134
135 if (!bacmp(&bt_sk(sk)->src, src))
136 break;
137
138
139 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
140 sk1 = sk;
141 }
142 }
143
144 read_unlock(&rfcomm_sk_list.lock);
145
146 return sk ? sk : sk1;
147}
148
149static void rfcomm_sock_destruct(struct sock *sk)
150{
151 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
152
153 BT_DBG("sk %p dlc %p", sk, d);
154
155 skb_queue_purge(&sk->sk_receive_queue);
156 skb_queue_purge(&sk->sk_write_queue);
157
158 rfcomm_dlc_lock(d);
159 rfcomm_pi(sk)->dlc = NULL;
160
161
162 if (d->owner == sk)
163 d->owner = NULL;
164 rfcomm_dlc_unlock(d);
165
166 rfcomm_dlc_put(d);
167}
168
169static void rfcomm_sock_cleanup_listen(struct sock *parent)
170{
171 struct sock *sk;
172
173 BT_DBG("parent %p", parent);
174
175
176 while ((sk = bt_accept_dequeue(parent, NULL))) {
177 rfcomm_sock_close(sk);
178 rfcomm_sock_kill(sk);
179 }
180
181 parent->sk_state = BT_CLOSED;
182 sock_set_flag(parent, SOCK_ZAPPED);
183}
184
185
186
187
188static void rfcomm_sock_kill(struct sock *sk)
189{
190 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
191 return;
192
193 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
194
195
196 bt_sock_unlink(&rfcomm_sk_list, sk);
197 sock_set_flag(sk, SOCK_DEAD);
198 sock_put(sk);
199}
200
201static void __rfcomm_sock_close(struct sock *sk)
202{
203 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
204
205 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
206
207 switch (sk->sk_state) {
208 case BT_LISTEN:
209 rfcomm_sock_cleanup_listen(sk);
210 break;
211
212 case BT_CONNECT:
213 case BT_CONNECT2:
214 case BT_CONFIG:
215 case BT_CONNECTED:
216 rfcomm_dlc_close(d, 0);
217
218 default:
219 sock_set_flag(sk, SOCK_ZAPPED);
220 break;
221 }
222}
223
224
225
226
227static void rfcomm_sock_close(struct sock *sk)
228{
229 lock_sock(sk);
230 __rfcomm_sock_close(sk);
231 release_sock(sk);
232}
233
234static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
235{
236 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
237
238 BT_DBG("sk %p", sk);
239
240 if (parent) {
241 sk->sk_type = parent->sk_type;
242 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
243 &bt_sk(parent)->flags);
244
245 pi->sec_level = rfcomm_pi(parent)->sec_level;
246 pi->role_switch = rfcomm_pi(parent)->role_switch;
247
248 security_sk_clone(parent, sk);
249 } else {
250 pi->dlc->defer_setup = 0;
251
252 pi->sec_level = BT_SECURITY_LOW;
253 pi->role_switch = 0;
254 }
255
256 pi->dlc->sec_level = pi->sec_level;
257 pi->dlc->role_switch = pi->role_switch;
258}
259
260static struct proto rfcomm_proto = {
261 .name = "RFCOMM",
262 .owner = THIS_MODULE,
263 .obj_size = sizeof(struct rfcomm_pinfo)
264};
265
266static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
267{
268 struct rfcomm_dlc *d;
269 struct sock *sk;
270
271 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
272 if (!sk)
273 return NULL;
274
275 sock_init_data(sock, sk);
276 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
277
278 d = rfcomm_dlc_alloc(prio);
279 if (!d) {
280 sk_free(sk);
281 return NULL;
282 }
283
284 d->data_ready = rfcomm_sk_data_ready;
285 d->state_change = rfcomm_sk_state_change;
286
287 rfcomm_pi(sk)->dlc = d;
288 d->owner = sk;
289
290 sk->sk_destruct = rfcomm_sock_destruct;
291 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
292
293 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
294 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
295
296 sock_reset_flag(sk, SOCK_ZAPPED);
297
298 sk->sk_protocol = proto;
299 sk->sk_state = BT_OPEN;
300
301 bt_sock_link(&rfcomm_sk_list, sk);
302
303 BT_DBG("sk %p", sk);
304 return sk;
305}
306
307static int rfcomm_sock_create(struct net *net, struct socket *sock,
308 int protocol, int kern)
309{
310 struct sock *sk;
311
312 BT_DBG("sock %p", sock);
313
314 sock->state = SS_UNCONNECTED;
315
316 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
317 return -ESOCKTNOSUPPORT;
318
319 sock->ops = &rfcomm_sock_ops;
320
321 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
322 if (!sk)
323 return -ENOMEM;
324
325 rfcomm_sock_init(sk, NULL);
326 return 0;
327}
328
329static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
330{
331 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
332 struct sock *sk = sock->sk;
333 int err = 0;
334
335 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
336
337 if (!addr || addr->sa_family != AF_BLUETOOTH)
338 return -EINVAL;
339
340 lock_sock(sk);
341
342 if (sk->sk_state != BT_OPEN) {
343 err = -EBADFD;
344 goto done;
345 }
346
347 if (sk->sk_type != SOCK_STREAM) {
348 err = -EINVAL;
349 goto done;
350 }
351
352 write_lock(&rfcomm_sk_list.lock);
353
354 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
355 err = -EADDRINUSE;
356 } else {
357
358 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
359 rfcomm_pi(sk)->channel = sa->rc_channel;
360 sk->sk_state = BT_BOUND;
361 }
362
363 write_unlock(&rfcomm_sk_list.lock);
364
365done:
366 release_sock(sk);
367 return err;
368}
369
370static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
371{
372 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
373 struct sock *sk = sock->sk;
374 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
375 int err = 0;
376
377 BT_DBG("sk %p", sk);
378
379 if (alen < sizeof(struct sockaddr_rc) ||
380 addr->sa_family != AF_BLUETOOTH)
381 return -EINVAL;
382
383 lock_sock(sk);
384
385 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
386 err = -EBADFD;
387 goto done;
388 }
389
390 if (sk->sk_type != SOCK_STREAM) {
391 err = -EINVAL;
392 goto done;
393 }
394
395 sk->sk_state = BT_CONNECT;
396 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
397 rfcomm_pi(sk)->channel = sa->rc_channel;
398
399 d->sec_level = rfcomm_pi(sk)->sec_level;
400 d->role_switch = rfcomm_pi(sk)->role_switch;
401
402 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
403 if (!err)
404 err = bt_sock_wait_state(sk, BT_CONNECTED,
405 sock_sndtimeo(sk, flags & O_NONBLOCK));
406
407done:
408 release_sock(sk);
409 return err;
410}
411
412static int rfcomm_sock_listen(struct socket *sock, int backlog)
413{
414 struct sock *sk = sock->sk;
415 int err = 0;
416
417 BT_DBG("sk %p backlog %d", sk, backlog);
418
419 lock_sock(sk);
420
421 if (sk->sk_state != BT_BOUND) {
422 err = -EBADFD;
423 goto done;
424 }
425
426 if (sk->sk_type != SOCK_STREAM) {
427 err = -EINVAL;
428 goto done;
429 }
430
431 if (!rfcomm_pi(sk)->channel) {
432 bdaddr_t *src = &bt_sk(sk)->src;
433 u8 channel;
434
435 err = -EINVAL;
436
437 write_lock(&rfcomm_sk_list.lock);
438
439 for (channel = 1; channel < 31; channel++)
440 if (!__rfcomm_get_sock_by_addr(channel, src)) {
441 rfcomm_pi(sk)->channel = channel;
442 err = 0;
443 break;
444 }
445
446 write_unlock(&rfcomm_sk_list.lock);
447
448 if (err < 0)
449 goto done;
450 }
451
452 sk->sk_max_ack_backlog = backlog;
453 sk->sk_ack_backlog = 0;
454 sk->sk_state = BT_LISTEN;
455
456done:
457 release_sock(sk);
458 return err;
459}
460
461static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
462{
463 DECLARE_WAITQUEUE(wait, current);
464 struct sock *sk = sock->sk, *nsk;
465 long timeo;
466 int err = 0;
467
468 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
469
470 if (sk->sk_type != SOCK_STREAM) {
471 err = -EINVAL;
472 goto done;
473 }
474
475 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
476
477 BT_DBG("sk %p timeo %ld", sk, timeo);
478
479
480 add_wait_queue_exclusive(sk_sleep(sk), &wait);
481 while (1) {
482 set_current_state(TASK_INTERRUPTIBLE);
483
484 if (sk->sk_state != BT_LISTEN) {
485 err = -EBADFD;
486 break;
487 }
488
489 nsk = bt_accept_dequeue(sk, newsock);
490 if (nsk)
491 break;
492
493 if (!timeo) {
494 err = -EAGAIN;
495 break;
496 }
497
498 if (signal_pending(current)) {
499 err = sock_intr_errno(timeo);
500 break;
501 }
502
503 release_sock(sk);
504 timeo = schedule_timeout(timeo);
505 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
506 }
507 __set_current_state(TASK_RUNNING);
508 remove_wait_queue(sk_sleep(sk), &wait);
509
510 if (err)
511 goto done;
512
513 newsock->state = SS_CONNECTED;
514
515 BT_DBG("new socket %p", nsk);
516
517done:
518 release_sock(sk);
519 return err;
520}
521
522static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
523{
524 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
525 struct sock *sk = sock->sk;
526
527 BT_DBG("sock %p, sk %p", sock, sk);
528
529 memset(sa, 0, sizeof(*sa));
530 sa->rc_family = AF_BLUETOOTH;
531 sa->rc_channel = rfcomm_pi(sk)->channel;
532 if (peer)
533 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
534 else
535 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
536
537 *len = sizeof(struct sockaddr_rc);
538 return 0;
539}
540
541static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
542 struct msghdr *msg, size_t len)
543{
544 struct sock *sk = sock->sk;
545 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
546 struct sk_buff *skb;
547 int sent = 0;
548
549 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
550 return -ENOTCONN;
551
552 if (msg->msg_flags & MSG_OOB)
553 return -EOPNOTSUPP;
554
555 if (sk->sk_shutdown & SEND_SHUTDOWN)
556 return -EPIPE;
557
558 BT_DBG("sock %p, sk %p", sock, sk);
559
560 lock_sock(sk);
561
562 while (len) {
563 size_t size = min_t(size_t, len, d->mtu);
564 int err;
565
566 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
567 msg->msg_flags & MSG_DONTWAIT, &err);
568 if (!skb) {
569 if (sent == 0)
570 sent = err;
571 break;
572 }
573 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
574
575 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
576 if (err) {
577 kfree_skb(skb);
578 if (sent == 0)
579 sent = err;
580 break;
581 }
582
583 skb->priority = sk->sk_priority;
584
585 err = rfcomm_dlc_send(d, skb);
586 if (err < 0) {
587 kfree_skb(skb);
588 if (sent == 0)
589 sent = err;
590 break;
591 }
592
593 sent += size;
594 len -= size;
595 }
596
597 release_sock(sk);
598
599 return sent;
600}
601
602static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
603 struct msghdr *msg, size_t size, int flags)
604{
605 struct sock *sk = sock->sk;
606 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
607 int len;
608
609 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
610 rfcomm_dlc_accept(d);
611 msg->msg_namelen = 0;
612 return 0;
613 }
614
615 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
616
617 lock_sock(sk);
618 if (!(flags & MSG_PEEK) && len > 0)
619 atomic_sub(len, &sk->sk_rmem_alloc);
620
621 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
622 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
623 release_sock(sk);
624
625 return len;
626}
627
628static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
629{
630 struct sock *sk = sock->sk;
631 int err = 0;
632 u32 opt;
633
634 BT_DBG("sk %p", sk);
635
636 lock_sock(sk);
637
638 switch (optname) {
639 case RFCOMM_LM:
640 if (get_user(opt, (u32 __user *) optval)) {
641 err = -EFAULT;
642 break;
643 }
644
645 if (opt & RFCOMM_LM_AUTH)
646 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
647 if (opt & RFCOMM_LM_ENCRYPT)
648 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
649 if (opt & RFCOMM_LM_SECURE)
650 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
651
652 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
653 break;
654
655 default:
656 err = -ENOPROTOOPT;
657 break;
658 }
659
660 release_sock(sk);
661 return err;
662}
663
664static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
665{
666 struct sock *sk = sock->sk;
667 struct bt_security sec;
668 int err = 0;
669 size_t len;
670 u32 opt;
671
672 BT_DBG("sk %p", sk);
673
674 if (level == SOL_RFCOMM)
675 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
676
677 if (level != SOL_BLUETOOTH)
678 return -ENOPROTOOPT;
679
680 lock_sock(sk);
681
682 switch (optname) {
683 case BT_SECURITY:
684 if (sk->sk_type != SOCK_STREAM) {
685 err = -EINVAL;
686 break;
687 }
688
689 sec.level = BT_SECURITY_LOW;
690
691 len = min_t(unsigned int, sizeof(sec), optlen);
692 if (copy_from_user((char *) &sec, optval, len)) {
693 err = -EFAULT;
694 break;
695 }
696
697 if (sec.level > BT_SECURITY_HIGH) {
698 err = -EINVAL;
699 break;
700 }
701
702 rfcomm_pi(sk)->sec_level = sec.level;
703 break;
704
705 case BT_DEFER_SETUP:
706 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
707 err = -EINVAL;
708 break;
709 }
710
711 if (get_user(opt, (u32 __user *) optval)) {
712 err = -EFAULT;
713 break;
714 }
715
716 if (opt)
717 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
718 else
719 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
720
721 break;
722
723 default:
724 err = -ENOPROTOOPT;
725 break;
726 }
727
728 release_sock(sk);
729 return err;
730}
731
732static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
733{
734 struct sock *sk = sock->sk;
735 struct rfcomm_conninfo cinfo;
736 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
737 int len, err = 0;
738 u32 opt;
739
740 BT_DBG("sk %p", sk);
741
742 if (get_user(len, optlen))
743 return -EFAULT;
744
745 lock_sock(sk);
746
747 switch (optname) {
748 case RFCOMM_LM:
749 switch (rfcomm_pi(sk)->sec_level) {
750 case BT_SECURITY_LOW:
751 opt = RFCOMM_LM_AUTH;
752 break;
753 case BT_SECURITY_MEDIUM:
754 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
755 break;
756 case BT_SECURITY_HIGH:
757 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
758 RFCOMM_LM_SECURE;
759 break;
760 default:
761 opt = 0;
762 break;
763 }
764
765 if (rfcomm_pi(sk)->role_switch)
766 opt |= RFCOMM_LM_MASTER;
767
768 if (put_user(opt, (u32 __user *) optval))
769 err = -EFAULT;
770 break;
771
772 case RFCOMM_CONNINFO:
773 if (sk->sk_state != BT_CONNECTED &&
774 !rfcomm_pi(sk)->dlc->defer_setup) {
775 err = -ENOTCONN;
776 break;
777 }
778
779 memset(&cinfo, 0, sizeof(cinfo));
780 cinfo.hci_handle = conn->hcon->handle;
781 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
782
783 len = min_t(unsigned int, len, sizeof(cinfo));
784 if (copy_to_user(optval, (char *) &cinfo, len))
785 err = -EFAULT;
786
787 break;
788
789 default:
790 err = -ENOPROTOOPT;
791 break;
792 }
793
794 release_sock(sk);
795 return err;
796}
797
798static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
799{
800 struct sock *sk = sock->sk;
801 struct bt_security sec;
802 int len, err = 0;
803
804 BT_DBG("sk %p", sk);
805
806 if (level == SOL_RFCOMM)
807 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
808
809 if (level != SOL_BLUETOOTH)
810 return -ENOPROTOOPT;
811
812 if (get_user(len, optlen))
813 return -EFAULT;
814
815 lock_sock(sk);
816
817 switch (optname) {
818 case BT_SECURITY:
819 if (sk->sk_type != SOCK_STREAM) {
820 err = -EINVAL;
821 break;
822 }
823
824 sec.level = rfcomm_pi(sk)->sec_level;
825 sec.key_size = 0;
826
827 len = min_t(unsigned int, len, sizeof(sec));
828 if (copy_to_user(optval, (char *) &sec, len))
829 err = -EFAULT;
830
831 break;
832
833 case BT_DEFER_SETUP:
834 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
835 err = -EINVAL;
836 break;
837 }
838
839 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
840 (u32 __user *) optval))
841 err = -EFAULT;
842
843 break;
844
845 default:
846 err = -ENOPROTOOPT;
847 break;
848 }
849
850 release_sock(sk);
851 return err;
852}
853
854static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
855{
856 struct sock *sk __maybe_unused = sock->sk;
857 int err;
858
859 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
860
861 err = bt_sock_ioctl(sock, cmd, arg);
862
863 if (err == -ENOIOCTLCMD) {
864#ifdef CONFIG_BT_RFCOMM_TTY
865 lock_sock(sk);
866 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
867 release_sock(sk);
868#else
869 err = -EOPNOTSUPP;
870#endif
871 }
872
873 return err;
874}
875
876static int rfcomm_sock_shutdown(struct socket *sock, int how)
877{
878 struct sock *sk = sock->sk;
879 int err = 0;
880
881 BT_DBG("sock %p, sk %p", sock, sk);
882
883 if (!sk)
884 return 0;
885
886 lock_sock(sk);
887 if (!sk->sk_shutdown) {
888 sk->sk_shutdown = SHUTDOWN_MASK;
889 __rfcomm_sock_close(sk);
890
891 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
892 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
893 }
894 release_sock(sk);
895 return err;
896}
897
898static int rfcomm_sock_release(struct socket *sock)
899{
900 struct sock *sk = sock->sk;
901 int err;
902
903 BT_DBG("sock %p, sk %p", sock, sk);
904
905 if (!sk)
906 return 0;
907
908 err = rfcomm_sock_shutdown(sock, 2);
909
910 sock_orphan(sk);
911 rfcomm_sock_kill(sk);
912 return err;
913}
914
915
916
917
918
919int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
920{
921 struct sock *sk, *parent;
922 bdaddr_t src, dst;
923 int result = 0;
924
925 BT_DBG("session %p channel %d", s, channel);
926
927 rfcomm_session_getaddr(s, &src, &dst);
928
929
930 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
931 if (!parent)
932 return 0;
933
934 bh_lock_sock(parent);
935
936
937 if (sk_acceptq_is_full(parent)) {
938 BT_DBG("backlog full %d", parent->sk_ack_backlog);
939 goto done;
940 }
941
942 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
943 if (!sk)
944 goto done;
945
946 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
947
948 rfcomm_sock_init(sk, parent);
949 bacpy(&bt_sk(sk)->src, &src);
950 bacpy(&bt_sk(sk)->dst, &dst);
951 rfcomm_pi(sk)->channel = channel;
952
953 sk->sk_state = BT_CONFIG;
954 bt_accept_enqueue(parent, sk);
955
956
957 *d = rfcomm_pi(sk)->dlc;
958 result = 1;
959
960done:
961 bh_unlock_sock(parent);
962
963 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
964 parent->sk_state_change(parent);
965
966 return result;
967}
968
969static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
970{
971 struct sock *sk;
972
973 read_lock(&rfcomm_sk_list.lock);
974
975 sk_for_each(sk, &rfcomm_sk_list.head) {
976 seq_printf(f, "%pMR %pMR %d %d\n",
977 &bt_sk(sk)->src, &bt_sk(sk)->dst,
978 sk->sk_state, rfcomm_pi(sk)->channel);
979 }
980
981 read_unlock(&rfcomm_sk_list.lock);
982
983 return 0;
984}
985
986static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
987{
988 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
989}
990
991static const struct file_operations rfcomm_sock_debugfs_fops = {
992 .open = rfcomm_sock_debugfs_open,
993 .read = seq_read,
994 .llseek = seq_lseek,
995 .release = single_release,
996};
997
998static struct dentry *rfcomm_sock_debugfs;
999
1000static const struct proto_ops rfcomm_sock_ops = {
1001 .family = PF_BLUETOOTH,
1002 .owner = THIS_MODULE,
1003 .release = rfcomm_sock_release,
1004 .bind = rfcomm_sock_bind,
1005 .connect = rfcomm_sock_connect,
1006 .listen = rfcomm_sock_listen,
1007 .accept = rfcomm_sock_accept,
1008 .getname = rfcomm_sock_getname,
1009 .sendmsg = rfcomm_sock_sendmsg,
1010 .recvmsg = rfcomm_sock_recvmsg,
1011 .shutdown = rfcomm_sock_shutdown,
1012 .setsockopt = rfcomm_sock_setsockopt,
1013 .getsockopt = rfcomm_sock_getsockopt,
1014 .ioctl = rfcomm_sock_ioctl,
1015 .poll = bt_sock_poll,
1016 .socketpair = sock_no_socketpair,
1017 .mmap = sock_no_mmap
1018};
1019
1020static const struct net_proto_family rfcomm_sock_family_ops = {
1021 .family = PF_BLUETOOTH,
1022 .owner = THIS_MODULE,
1023 .create = rfcomm_sock_create
1024};
1025
1026int __init rfcomm_init_sockets(void)
1027{
1028 int err;
1029
1030 err = proto_register(&rfcomm_proto, 0);
1031 if (err < 0)
1032 return err;
1033
1034 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1035 if (err < 0) {
1036 BT_ERR("RFCOMM socket layer registration failed");
1037 goto error;
1038 }
1039
1040 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1041 if (err < 0) {
1042 BT_ERR("Failed to create RFCOMM proc file");
1043 bt_sock_unregister(BTPROTO_RFCOMM);
1044 goto error;
1045 }
1046
1047 if (bt_debugfs) {
1048 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1049 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1050 if (!rfcomm_sock_debugfs)
1051 BT_ERR("Failed to create RFCOMM debug file");
1052 }
1053
1054 BT_INFO("RFCOMM socket layer initialized");
1055
1056 return 0;
1057
1058error:
1059 proto_unregister(&rfcomm_proto);
1060 return err;
1061}
1062
1063void __exit rfcomm_cleanup_sockets(void)
1064{
1065 bt_procfs_cleanup(&init_net, "rfcomm");
1066
1067 debugfs_remove(rfcomm_sock_debugfs);
1068
1069 bt_sock_unregister(BTPROTO_RFCOMM);
1070
1071 proto_unregister(&rfcomm_proto);
1072}
1073