1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
45#include <linux/security.h>
46#include <net/sock.h>
47
48#include <linux/uaccess.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/l2cap.h>
53#include <net/bluetooth/rfcomm.h>
54
55static const struct proto_ops rfcomm_sock_ops;
56
57static struct bt_sock_list rfcomm_sk_list = {
58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
59};
60
61static void rfcomm_sock_close(struct sock *sk);
62static void rfcomm_sock_kill(struct sock *sk);
63
64
65
66
67
68static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
69{
70 struct sock *sk = d->owner;
71 if (!sk)
72 return;
73
74 atomic_add(skb->len, &sk->sk_rmem_alloc);
75 skb_queue_tail(&sk->sk_receive_queue, skb);
76 sk->sk_data_ready(sk, skb->len);
77
78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
79 rfcomm_dlc_throttle(d);
80}
81
82static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
83{
84 struct sock *sk = d->owner, *parent;
85 unsigned long flags;
86
87 if (!sk)
88 return;
89
90 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
91
92 local_irq_save(flags);
93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
114 local_irq_restore(flags);
115
116 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
117
118
119 rfcomm_dlc_unlock(d);
120 rfcomm_sock_kill(sk);
121 rfcomm_dlc_lock(d);
122 }
123}
124
125
126static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
127{
128 struct sock *sk = NULL;
129 struct hlist_node *node;
130
131 sk_for_each(sk, node, &rfcomm_sk_list.head) {
132 if (rfcomm_pi(sk)->channel == channel &&
133 !bacmp(&bt_sk(sk)->src, src))
134 break;
135 }
136
137 return node ? sk : NULL;
138}
139
140
141
142
143static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144{
145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node;
147
148 read_lock(&rfcomm_sk_list.lock);
149
150 sk_for_each(sk, node, &rfcomm_sk_list.head) {
151 if (state && sk->sk_state != state)
152 continue;
153
154 if (rfcomm_pi(sk)->channel == channel) {
155
156 if (!bacmp(&bt_sk(sk)->src, src))
157 break;
158
159
160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
161 sk1 = sk;
162 }
163 }
164
165 read_unlock(&rfcomm_sk_list.lock);
166
167 return node ? sk : sk1;
168}
169
170static void rfcomm_sock_destruct(struct sock *sk)
171{
172 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
173
174 BT_DBG("sk %p dlc %p", sk, d);
175
176 skb_queue_purge(&sk->sk_receive_queue);
177 skb_queue_purge(&sk->sk_write_queue);
178
179 rfcomm_dlc_lock(d);
180 rfcomm_pi(sk)->dlc = NULL;
181
182
183 if (d->owner == sk)
184 d->owner = NULL;
185 rfcomm_dlc_unlock(d);
186
187 rfcomm_dlc_put(d);
188}
189
190static void rfcomm_sock_cleanup_listen(struct sock *parent)
191{
192 struct sock *sk;
193
194 BT_DBG("parent %p", parent);
195
196
197 while ((sk = bt_accept_dequeue(parent, NULL))) {
198 rfcomm_sock_close(sk);
199 rfcomm_sock_kill(sk);
200 }
201
202 parent->sk_state = BT_CLOSED;
203 sock_set_flag(parent, SOCK_ZAPPED);
204}
205
206
207
208
209static void rfcomm_sock_kill(struct sock *sk)
210{
211 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
212 return;
213
214 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
215
216
217 bt_sock_unlink(&rfcomm_sk_list, sk);
218 sock_set_flag(sk, SOCK_DEAD);
219 sock_put(sk);
220}
221
222static void __rfcomm_sock_close(struct sock *sk)
223{
224 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
225
226 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
227
228 switch (sk->sk_state) {
229 case BT_LISTEN:
230 rfcomm_sock_cleanup_listen(sk);
231 break;
232
233 case BT_CONNECT:
234 case BT_CONNECT2:
235 case BT_CONFIG:
236 case BT_CONNECTED:
237 rfcomm_dlc_close(d, 0);
238
239 default:
240 sock_set_flag(sk, SOCK_ZAPPED);
241 break;
242 }
243}
244
245
246
247
248static void rfcomm_sock_close(struct sock *sk)
249{
250 lock_sock(sk);
251 __rfcomm_sock_close(sk);
252 release_sock(sk);
253}
254
255static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
256{
257 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
258
259 BT_DBG("sk %p", sk);
260
261 if (parent) {
262 sk->sk_type = parent->sk_type;
263 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
264
265 pi->sec_level = rfcomm_pi(parent)->sec_level;
266 pi->role_switch = rfcomm_pi(parent)->role_switch;
267
268 security_sk_clone(parent, sk);
269 } else {
270 pi->dlc->defer_setup = 0;
271
272 pi->sec_level = BT_SECURITY_LOW;
273 pi->role_switch = 0;
274 }
275
276 pi->dlc->sec_level = pi->sec_level;
277 pi->dlc->role_switch = pi->role_switch;
278}
279
280static struct proto rfcomm_proto = {
281 .name = "RFCOMM",
282 .owner = THIS_MODULE,
283 .obj_size = sizeof(struct rfcomm_pinfo)
284};
285
286static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
287{
288 struct rfcomm_dlc *d;
289 struct sock *sk;
290
291 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
292 if (!sk)
293 return NULL;
294
295 sock_init_data(sock, sk);
296 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
297
298 d = rfcomm_dlc_alloc(prio);
299 if (!d) {
300 sk_free(sk);
301 return NULL;
302 }
303
304 d->data_ready = rfcomm_sk_data_ready;
305 d->state_change = rfcomm_sk_state_change;
306
307 rfcomm_pi(sk)->dlc = d;
308 d->owner = sk;
309
310 sk->sk_destruct = rfcomm_sock_destruct;
311 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
312
313 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
314 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
315
316 sock_reset_flag(sk, SOCK_ZAPPED);
317
318 sk->sk_protocol = proto;
319 sk->sk_state = BT_OPEN;
320
321 bt_sock_link(&rfcomm_sk_list, sk);
322
323 BT_DBG("sk %p", sk);
324 return sk;
325}
326
327static int rfcomm_sock_create(struct net *net, struct socket *sock,
328 int protocol, int kern)
329{
330 struct sock *sk;
331
332 BT_DBG("sock %p", sock);
333
334 sock->state = SS_UNCONNECTED;
335
336 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
337 return -ESOCKTNOSUPPORT;
338
339 sock->ops = &rfcomm_sock_ops;
340
341 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
342 if (!sk)
343 return -ENOMEM;
344
345 rfcomm_sock_init(sk, NULL);
346 return 0;
347}
348
349static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
350{
351 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
352 struct sock *sk = sock->sk;
353 int err = 0;
354
355 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
356
357 if (!addr || addr->sa_family != AF_BLUETOOTH)
358 return -EINVAL;
359
360 lock_sock(sk);
361
362 if (sk->sk_state != BT_OPEN) {
363 err = -EBADFD;
364 goto done;
365 }
366
367 if (sk->sk_type != SOCK_STREAM) {
368 err = -EINVAL;
369 goto done;
370 }
371
372 write_lock(&rfcomm_sk_list.lock);
373
374 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
375 err = -EADDRINUSE;
376 } else {
377
378 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
379 rfcomm_pi(sk)->channel = sa->rc_channel;
380 sk->sk_state = BT_BOUND;
381 }
382
383 write_unlock(&rfcomm_sk_list.lock);
384
385done:
386 release_sock(sk);
387 return err;
388}
389
390static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
391{
392 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
393 struct sock *sk = sock->sk;
394 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
395 int err = 0;
396
397 BT_DBG("sk %p", sk);
398
399 if (alen < sizeof(struct sockaddr_rc) ||
400 addr->sa_family != AF_BLUETOOTH)
401 return -EINVAL;
402
403 lock_sock(sk);
404
405 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
406 err = -EBADFD;
407 goto done;
408 }
409
410 if (sk->sk_type != SOCK_STREAM) {
411 err = -EINVAL;
412 goto done;
413 }
414
415 sk->sk_state = BT_CONNECT;
416 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
417 rfcomm_pi(sk)->channel = sa->rc_channel;
418
419 d->sec_level = rfcomm_pi(sk)->sec_level;
420 d->role_switch = rfcomm_pi(sk)->role_switch;
421
422 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
423 if (!err)
424 err = bt_sock_wait_state(sk, BT_CONNECTED,
425 sock_sndtimeo(sk, flags & O_NONBLOCK));
426
427done:
428 release_sock(sk);
429 return err;
430}
431
432static int rfcomm_sock_listen(struct socket *sock, int backlog)
433{
434 struct sock *sk = sock->sk;
435 int err = 0;
436
437 BT_DBG("sk %p backlog %d", sk, backlog);
438
439 lock_sock(sk);
440
441 if (sk->sk_state != BT_BOUND) {
442 err = -EBADFD;
443 goto done;
444 }
445
446 if (sk->sk_type != SOCK_STREAM) {
447 err = -EINVAL;
448 goto done;
449 }
450
451 if (!rfcomm_pi(sk)->channel) {
452 bdaddr_t *src = &bt_sk(sk)->src;
453 u8 channel;
454
455 err = -EINVAL;
456
457 write_lock(&rfcomm_sk_list.lock);
458
459 for (channel = 1; channel < 31; channel++)
460 if (!__rfcomm_get_sock_by_addr(channel, src)) {
461 rfcomm_pi(sk)->channel = channel;
462 err = 0;
463 break;
464 }
465
466 write_unlock(&rfcomm_sk_list.lock);
467
468 if (err < 0)
469 goto done;
470 }
471
472 sk->sk_max_ack_backlog = backlog;
473 sk->sk_ack_backlog = 0;
474 sk->sk_state = BT_LISTEN;
475
476done:
477 release_sock(sk);
478 return err;
479}
480
481static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
482{
483 DECLARE_WAITQUEUE(wait, current);
484 struct sock *sk = sock->sk, *nsk;
485 long timeo;
486 int err = 0;
487
488 lock_sock(sk);
489
490 if (sk->sk_type != SOCK_STREAM) {
491 err = -EINVAL;
492 goto done;
493 }
494
495 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
496
497 BT_DBG("sk %p timeo %ld", sk, timeo);
498
499
500 add_wait_queue_exclusive(sk_sleep(sk), &wait);
501 while (1) {
502 set_current_state(TASK_INTERRUPTIBLE);
503
504 if (sk->sk_state != BT_LISTEN) {
505 err = -EBADFD;
506 break;
507 }
508
509 nsk = bt_accept_dequeue(sk, newsock);
510 if (nsk)
511 break;
512
513 if (!timeo) {
514 err = -EAGAIN;
515 break;
516 }
517
518 if (signal_pending(current)) {
519 err = sock_intr_errno(timeo);
520 break;
521 }
522
523 release_sock(sk);
524 timeo = schedule_timeout(timeo);
525 lock_sock(sk);
526 }
527 __set_current_state(TASK_RUNNING);
528 remove_wait_queue(sk_sleep(sk), &wait);
529
530 if (err)
531 goto done;
532
533 newsock->state = SS_CONNECTED;
534
535 BT_DBG("new socket %p", nsk);
536
537done:
538 release_sock(sk);
539 return err;
540}
541
542static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
543{
544 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
545 struct sock *sk = sock->sk;
546
547 BT_DBG("sock %p, sk %p", sock, sk);
548
549 sa->rc_family = AF_BLUETOOTH;
550 sa->rc_channel = rfcomm_pi(sk)->channel;
551 if (peer)
552 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
553 else
554 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
555
556 *len = sizeof(struct sockaddr_rc);
557 return 0;
558}
559
560static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
561 struct msghdr *msg, size_t len)
562{
563 struct sock *sk = sock->sk;
564 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
565 struct sk_buff *skb;
566 int sent = 0;
567
568 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
569 return -ENOTCONN;
570
571 if (msg->msg_flags & MSG_OOB)
572 return -EOPNOTSUPP;
573
574 if (sk->sk_shutdown & SEND_SHUTDOWN)
575 return -EPIPE;
576
577 BT_DBG("sock %p, sk %p", sock, sk);
578
579 lock_sock(sk);
580
581 while (len) {
582 size_t size = min_t(size_t, len, d->mtu);
583 int err;
584
585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
586 msg->msg_flags & MSG_DONTWAIT, &err);
587 if (!skb) {
588 if (sent == 0)
589 sent = err;
590 break;
591 }
592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
593
594 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
595 if (err) {
596 kfree_skb(skb);
597 if (sent == 0)
598 sent = err;
599 break;
600 }
601
602 skb->priority = sk->sk_priority;
603
604 err = rfcomm_dlc_send(d, skb);
605 if (err < 0) {
606 kfree_skb(skb);
607 if (sent == 0)
608 sent = err;
609 break;
610 }
611
612 sent += size;
613 len -= size;
614 }
615
616 release_sock(sk);
617
618 return sent;
619}
620
621static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
622 struct msghdr *msg, size_t size, int flags)
623{
624 struct sock *sk = sock->sk;
625 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
626 int len;
627
628 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
629 rfcomm_dlc_accept(d);
630 return 0;
631 }
632
633 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
634
635 lock_sock(sk);
636 if (!(flags & MSG_PEEK) && len > 0)
637 atomic_sub(len, &sk->sk_rmem_alloc);
638
639 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
640 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
641 release_sock(sk);
642
643 return len;
644}
645
646static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
647{
648 struct sock *sk = sock->sk;
649 int err = 0;
650 u32 opt;
651
652 BT_DBG("sk %p", sk);
653
654 lock_sock(sk);
655
656 switch (optname) {
657 case RFCOMM_LM:
658 if (get_user(opt, (u32 __user *) optval)) {
659 err = -EFAULT;
660 break;
661 }
662
663 if (opt & RFCOMM_LM_AUTH)
664 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
665 if (opt & RFCOMM_LM_ENCRYPT)
666 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
667 if (opt & RFCOMM_LM_SECURE)
668 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
669
670 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
671 break;
672
673 default:
674 err = -ENOPROTOOPT;
675 break;
676 }
677
678 release_sock(sk);
679 return err;
680}
681
682static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
683{
684 struct sock *sk = sock->sk;
685 struct bt_security sec;
686 int err = 0;
687 size_t len;
688 u32 opt;
689
690 BT_DBG("sk %p", sk);
691
692 if (level == SOL_RFCOMM)
693 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
694
695 if (level != SOL_BLUETOOTH)
696 return -ENOPROTOOPT;
697
698 lock_sock(sk);
699
700 switch (optname) {
701 case BT_SECURITY:
702 if (sk->sk_type != SOCK_STREAM) {
703 err = -EINVAL;
704 break;
705 }
706
707 sec.level = BT_SECURITY_LOW;
708
709 len = min_t(unsigned int, sizeof(sec), optlen);
710 if (copy_from_user((char *) &sec, optval, len)) {
711 err = -EFAULT;
712 break;
713 }
714
715 if (sec.level > BT_SECURITY_HIGH) {
716 err = -EINVAL;
717 break;
718 }
719
720 rfcomm_pi(sk)->sec_level = sec.level;
721 break;
722
723 case BT_DEFER_SETUP:
724 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
725 err = -EINVAL;
726 break;
727 }
728
729 if (get_user(opt, (u32 __user *) optval)) {
730 err = -EFAULT;
731 break;
732 }
733
734 bt_sk(sk)->defer_setup = opt;
735 break;
736
737 default:
738 err = -ENOPROTOOPT;
739 break;
740 }
741
742 release_sock(sk);
743 return err;
744}
745
746static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
747{
748 struct sock *sk = sock->sk;
749 struct rfcomm_conninfo cinfo;
750 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
751 int len, err = 0;
752 u32 opt;
753
754 BT_DBG("sk %p", sk);
755
756 if (get_user(len, optlen))
757 return -EFAULT;
758
759 lock_sock(sk);
760
761 switch (optname) {
762 case RFCOMM_LM:
763 switch (rfcomm_pi(sk)->sec_level) {
764 case BT_SECURITY_LOW:
765 opt = RFCOMM_LM_AUTH;
766 break;
767 case BT_SECURITY_MEDIUM:
768 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
769 break;
770 case BT_SECURITY_HIGH:
771 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
772 RFCOMM_LM_SECURE;
773 break;
774 default:
775 opt = 0;
776 break;
777 }
778
779 if (rfcomm_pi(sk)->role_switch)
780 opt |= RFCOMM_LM_MASTER;
781
782 if (put_user(opt, (u32 __user *) optval))
783 err = -EFAULT;
784 break;
785
786 case RFCOMM_CONNINFO:
787 if (sk->sk_state != BT_CONNECTED &&
788 !rfcomm_pi(sk)->dlc->defer_setup) {
789 err = -ENOTCONN;
790 break;
791 }
792
793 memset(&cinfo, 0, sizeof(cinfo));
794 cinfo.hci_handle = conn->hcon->handle;
795 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
796
797 len = min_t(unsigned int, len, sizeof(cinfo));
798 if (copy_to_user(optval, (char *) &cinfo, len))
799 err = -EFAULT;
800
801 break;
802
803 default:
804 err = -ENOPROTOOPT;
805 break;
806 }
807
808 release_sock(sk);
809 return err;
810}
811
812static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
813{
814 struct sock *sk = sock->sk;
815 struct bt_security sec;
816 int len, err = 0;
817
818 BT_DBG("sk %p", sk);
819
820 if (level == SOL_RFCOMM)
821 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
822
823 if (level != SOL_BLUETOOTH)
824 return -ENOPROTOOPT;
825
826 if (get_user(len, optlen))
827 return -EFAULT;
828
829 lock_sock(sk);
830
831 switch (optname) {
832 case BT_SECURITY:
833 if (sk->sk_type != SOCK_STREAM) {
834 err = -EINVAL;
835 break;
836 }
837
838 sec.level = rfcomm_pi(sk)->sec_level;
839
840 len = min_t(unsigned int, len, sizeof(sec));
841 if (copy_to_user(optval, (char *) &sec, len))
842 err = -EFAULT;
843
844 break;
845
846 case BT_DEFER_SETUP:
847 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
848 err = -EINVAL;
849 break;
850 }
851
852 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
853 err = -EFAULT;
854
855 break;
856
857 default:
858 err = -ENOPROTOOPT;
859 break;
860 }
861
862 release_sock(sk);
863 return err;
864}
865
866static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
867{
868 struct sock *sk __maybe_unused = sock->sk;
869 int err;
870
871 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
872
873 err = bt_sock_ioctl(sock, cmd, arg);
874
875 if (err == -ENOIOCTLCMD) {
876#ifdef CONFIG_BT_RFCOMM_TTY
877 lock_sock(sk);
878 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
879 release_sock(sk);
880#else
881 err = -EOPNOTSUPP;
882#endif
883 }
884
885 return err;
886}
887
888static int rfcomm_sock_shutdown(struct socket *sock, int how)
889{
890 struct sock *sk = sock->sk;
891 int err = 0;
892
893 BT_DBG("sock %p, sk %p", sock, sk);
894
895 if (!sk)
896 return 0;
897
898 lock_sock(sk);
899 if (!sk->sk_shutdown) {
900 sk->sk_shutdown = SHUTDOWN_MASK;
901 __rfcomm_sock_close(sk);
902
903 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
904 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
905 }
906 release_sock(sk);
907 return err;
908}
909
910static int rfcomm_sock_release(struct socket *sock)
911{
912 struct sock *sk = sock->sk;
913 int err;
914
915 BT_DBG("sock %p, sk %p", sock, sk);
916
917 if (!sk)
918 return 0;
919
920 err = rfcomm_sock_shutdown(sock, 2);
921
922 sock_orphan(sk);
923 rfcomm_sock_kill(sk);
924 return err;
925}
926
927
928
929
930
931int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
932{
933 struct sock *sk, *parent;
934 bdaddr_t src, dst;
935 int result = 0;
936
937 BT_DBG("session %p channel %d", s, channel);
938
939 rfcomm_session_getaddr(s, &src, &dst);
940
941
942 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
943 if (!parent)
944 return 0;
945
946 bh_lock_sock(parent);
947
948
949 if (sk_acceptq_is_full(parent)) {
950 BT_DBG("backlog full %d", parent->sk_ack_backlog);
951 goto done;
952 }
953
954 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
955 if (!sk)
956 goto done;
957
958 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
959
960 rfcomm_sock_init(sk, parent);
961 bacpy(&bt_sk(sk)->src, &src);
962 bacpy(&bt_sk(sk)->dst, &dst);
963 rfcomm_pi(sk)->channel = channel;
964
965 sk->sk_state = BT_CONFIG;
966 bt_accept_enqueue(parent, sk);
967
968
969 *d = rfcomm_pi(sk)->dlc;
970 result = 1;
971
972done:
973 bh_unlock_sock(parent);
974
975 if (bt_sk(parent)->defer_setup)
976 parent->sk_state_change(parent);
977
978 return result;
979}
980
981static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
982{
983 struct sock *sk;
984 struct hlist_node *node;
985
986 read_lock(&rfcomm_sk_list.lock);
987
988 sk_for_each(sk, node, &rfcomm_sk_list.head) {
989 seq_printf(f, "%s %s %d %d\n",
990 batostr(&bt_sk(sk)->src),
991 batostr(&bt_sk(sk)->dst),
992 sk->sk_state, rfcomm_pi(sk)->channel);
993 }
994
995 read_unlock(&rfcomm_sk_list.lock);
996
997 return 0;
998}
999
1000static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1001{
1002 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1003}
1004
1005static const struct file_operations rfcomm_sock_debugfs_fops = {
1006 .open = rfcomm_sock_debugfs_open,
1007 .read = seq_read,
1008 .llseek = seq_lseek,
1009 .release = single_release,
1010};
1011
1012static struct dentry *rfcomm_sock_debugfs;
1013
1014static const struct proto_ops rfcomm_sock_ops = {
1015 .family = PF_BLUETOOTH,
1016 .owner = THIS_MODULE,
1017 .release = rfcomm_sock_release,
1018 .bind = rfcomm_sock_bind,
1019 .connect = rfcomm_sock_connect,
1020 .listen = rfcomm_sock_listen,
1021 .accept = rfcomm_sock_accept,
1022 .getname = rfcomm_sock_getname,
1023 .sendmsg = rfcomm_sock_sendmsg,
1024 .recvmsg = rfcomm_sock_recvmsg,
1025 .shutdown = rfcomm_sock_shutdown,
1026 .setsockopt = rfcomm_sock_setsockopt,
1027 .getsockopt = rfcomm_sock_getsockopt,
1028 .ioctl = rfcomm_sock_ioctl,
1029 .poll = bt_sock_poll,
1030 .socketpair = sock_no_socketpair,
1031 .mmap = sock_no_mmap
1032};
1033
1034static const struct net_proto_family rfcomm_sock_family_ops = {
1035 .family = PF_BLUETOOTH,
1036 .owner = THIS_MODULE,
1037 .create = rfcomm_sock_create
1038};
1039
1040int __init rfcomm_init_sockets(void)
1041{
1042 int err;
1043
1044 err = proto_register(&rfcomm_proto, 0);
1045 if (err < 0)
1046 return err;
1047
1048 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1049 if (err < 0)
1050 goto error;
1051
1052 if (bt_debugfs) {
1053 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1054 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1055 if (!rfcomm_sock_debugfs)
1056 BT_ERR("Failed to create RFCOMM debug file");
1057 }
1058
1059 BT_INFO("RFCOMM socket layer initialized");
1060
1061 return 0;
1062
1063error:
1064 BT_ERR("RFCOMM socket layer registration failed");
1065 proto_unregister(&rfcomm_proto);
1066 return err;
1067}
1068
1069void __exit rfcomm_cleanup_sockets(void)
1070{
1071 debugfs_remove(rfcomm_sock_debugfs);
1072
1073 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1074 BT_ERR("RFCOMM socket layer unregistration failed");
1075
1076 proto_unregister(&rfcomm_proto);
1077}
1078
