1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/export.h>
29#include <linux/debugfs.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/rfcomm.h>
35
36static const struct proto_ops rfcomm_sock_ops;
37
38static struct bt_sock_list rfcomm_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
40};
41
42static void rfcomm_sock_close(struct sock *sk);
43static void rfcomm_sock_kill(struct sock *sk);
44
45
46
47
48
49static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50{
51 struct sock *sk = d->owner;
52 if (!sk)
53 return;
54
55 atomic_add(skb->len, &sk->sk_rmem_alloc);
56 skb_queue_tail(&sk->sk_receive_queue, skb);
57 sk->sk_data_ready(sk);
58
59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60 rfcomm_dlc_throttle(d);
61}
62
63static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64{
65 struct sock *sk = d->owner, *parent;
66 unsigned long flags;
67
68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73 local_irq_save(flags);
74 bh_lock_sock(sk);
75
76 if (err)
77 sk->sk_err = err;
78
79 sk->sk_state = d->state;
80
81 parent = bt_sk(sk)->parent;
82 if (parent) {
83 if (d->state == BT_CLOSED) {
84 sock_set_flag(sk, SOCK_ZAPPED);
85 bt_accept_unlink(sk);
86 }
87 parent->sk_data_ready(parent);
88 } else {
89 if (d->state == BT_CONNECTED)
90 rfcomm_session_getaddr(d->session,
91 &rfcomm_pi(sk)->src, NULL);
92 sk->sk_state_change(sk);
93 }
94
95 bh_unlock_sock(sk);
96 local_irq_restore(flags);
97
98 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
99
100
101 rfcomm_dlc_unlock(d);
102 rfcomm_sock_kill(sk);
103 rfcomm_dlc_lock(d);
104 }
105}
106
107
108static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
109{
110 struct sock *sk = NULL;
111
112 sk_for_each(sk, &rfcomm_sk_list.head) {
113 if (rfcomm_pi(sk)->channel != channel)
114 continue;
115
116 if (bacmp(&rfcomm_pi(sk)->src, src))
117 continue;
118
119 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
120 break;
121 }
122
123 return sk ? sk : NULL;
124}
125
126
127
128
129static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
130{
131 struct sock *sk = NULL, *sk1 = NULL;
132
133 read_lock(&rfcomm_sk_list.lock);
134
135 sk_for_each(sk, &rfcomm_sk_list.head) {
136 if (state && sk->sk_state != state)
137 continue;
138
139 if (rfcomm_pi(sk)->channel == channel) {
140
141 if (!bacmp(&rfcomm_pi(sk)->src, src))
142 break;
143
144
145 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
146 sk1 = sk;
147 }
148 }
149
150 read_unlock(&rfcomm_sk_list.lock);
151
152 return sk ? sk : sk1;
153}
154
155static void rfcomm_sock_destruct(struct sock *sk)
156{
157 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
158
159 BT_DBG("sk %p dlc %p", sk, d);
160
161 skb_queue_purge(&sk->sk_receive_queue);
162 skb_queue_purge(&sk->sk_write_queue);
163
164 rfcomm_dlc_lock(d);
165 rfcomm_pi(sk)->dlc = NULL;
166
167
168 if (d->owner == sk)
169 d->owner = NULL;
170 rfcomm_dlc_unlock(d);
171
172 rfcomm_dlc_put(d);
173}
174
175static void rfcomm_sock_cleanup_listen(struct sock *parent)
176{
177 struct sock *sk;
178
179 BT_DBG("parent %p", parent);
180
181
182 while ((sk = bt_accept_dequeue(parent, NULL))) {
183 rfcomm_sock_close(sk);
184 rfcomm_sock_kill(sk);
185 }
186
187 parent->sk_state = BT_CLOSED;
188 sock_set_flag(parent, SOCK_ZAPPED);
189}
190
191
192
193
194static void rfcomm_sock_kill(struct sock *sk)
195{
196 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
197 return;
198
199 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
200
201
202 bt_sock_unlink(&rfcomm_sk_list, sk);
203 sock_set_flag(sk, SOCK_DEAD);
204 sock_put(sk);
205}
206
207static void __rfcomm_sock_close(struct sock *sk)
208{
209 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
210
211 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
212
213 switch (sk->sk_state) {
214 case BT_LISTEN:
215 rfcomm_sock_cleanup_listen(sk);
216 break;
217
218 case BT_CONNECT:
219 case BT_CONNECT2:
220 case BT_CONFIG:
221 case BT_CONNECTED:
222 rfcomm_dlc_close(d, 0);
223
224 default:
225 sock_set_flag(sk, SOCK_ZAPPED);
226 break;
227 }
228}
229
230
231
232
233static void rfcomm_sock_close(struct sock *sk)
234{
235 lock_sock(sk);
236 __rfcomm_sock_close(sk);
237 release_sock(sk);
238}
239
240static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
241{
242 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
243
244 BT_DBG("sk %p", sk);
245
246 if (parent) {
247 sk->sk_type = parent->sk_type;
248 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
249 &bt_sk(parent)->flags);
250
251 pi->sec_level = rfcomm_pi(parent)->sec_level;
252 pi->role_switch = rfcomm_pi(parent)->role_switch;
253
254 security_sk_clone(parent, sk);
255 } else {
256 pi->dlc->defer_setup = 0;
257
258 pi->sec_level = BT_SECURITY_LOW;
259 pi->role_switch = 0;
260 }
261
262 pi->dlc->sec_level = pi->sec_level;
263 pi->dlc->role_switch = pi->role_switch;
264}
265
266static struct proto rfcomm_proto = {
267 .name = "RFCOMM",
268 .owner = THIS_MODULE,
269 .obj_size = sizeof(struct rfcomm_pinfo)
270};
271
272static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
273{
274 struct rfcomm_dlc *d;
275 struct sock *sk;
276
277 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
278 if (!sk)
279 return NULL;
280
281 sock_init_data(sock, sk);
282 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
283
284 d = rfcomm_dlc_alloc(prio);
285 if (!d) {
286 sk_free(sk);
287 return NULL;
288 }
289
290 d->data_ready = rfcomm_sk_data_ready;
291 d->state_change = rfcomm_sk_state_change;
292
293 rfcomm_pi(sk)->dlc = d;
294 d->owner = sk;
295
296 sk->sk_destruct = rfcomm_sock_destruct;
297 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
298
299 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
300 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
301
302 sock_reset_flag(sk, SOCK_ZAPPED);
303
304 sk->sk_protocol = proto;
305 sk->sk_state = BT_OPEN;
306
307 bt_sock_link(&rfcomm_sk_list, sk);
308
309 BT_DBG("sk %p", sk);
310 return sk;
311}
312
313static int rfcomm_sock_create(struct net *net, struct socket *sock,
314 int protocol, int kern)
315{
316 struct sock *sk;
317
318 BT_DBG("sock %p", sock);
319
320 sock->state = SS_UNCONNECTED;
321
322 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
323 return -ESOCKTNOSUPPORT;
324
325 sock->ops = &rfcomm_sock_ops;
326
327 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
328 if (!sk)
329 return -ENOMEM;
330
331 rfcomm_sock_init(sk, NULL);
332 return 0;
333}
334
335static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
336{
337 struct sockaddr_rc sa;
338 struct sock *sk = sock->sk;
339 int len, err = 0;
340
341 if (!addr || addr->sa_family != AF_BLUETOOTH)
342 return -EINVAL;
343
344 memset(&sa, 0, sizeof(sa));
345 len = min_t(unsigned int, sizeof(sa), addr_len);
346 memcpy(&sa, addr, len);
347
348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
349
350 lock_sock(sk);
351
352 if (sk->sk_state != BT_OPEN) {
353 err = -EBADFD;
354 goto done;
355 }
356
357 if (sk->sk_type != SOCK_STREAM) {
358 err = -EINVAL;
359 goto done;
360 }
361
362 write_lock(&rfcomm_sk_list.lock);
363
364 if (sa.rc_channel &&
365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
366 err = -EADDRINUSE;
367 } else {
368
369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
370 rfcomm_pi(sk)->channel = sa.rc_channel;
371 sk->sk_state = BT_BOUND;
372 }
373
374 write_unlock(&rfcomm_sk_list.lock);
375
376done:
377 release_sock(sk);
378 return err;
379}
380
381static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
382{
383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
384 struct sock *sk = sock->sk;
385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
386 int err = 0;
387
388 BT_DBG("sk %p", sk);
389
390 if (alen < sizeof(struct sockaddr_rc) ||
391 addr->sa_family != AF_BLUETOOTH)
392 return -EINVAL;
393
394 lock_sock(sk);
395
396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
397 err = -EBADFD;
398 goto done;
399 }
400
401 if (sk->sk_type != SOCK_STREAM) {
402 err = -EINVAL;
403 goto done;
404 }
405
406 sk->sk_state = BT_CONNECT;
407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
408 rfcomm_pi(sk)->channel = sa->rc_channel;
409
410 d->sec_level = rfcomm_pi(sk)->sec_level;
411 d->role_switch = rfcomm_pi(sk)->role_switch;
412
413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
414 sa->rc_channel);
415 if (!err)
416 err = bt_sock_wait_state(sk, BT_CONNECTED,
417 sock_sndtimeo(sk, flags & O_NONBLOCK));
418
419done:
420 release_sock(sk);
421 return err;
422}
423
424static int rfcomm_sock_listen(struct socket *sock, int backlog)
425{
426 struct sock *sk = sock->sk;
427 int err = 0;
428
429 BT_DBG("sk %p backlog %d", sk, backlog);
430
431 lock_sock(sk);
432
433 if (sk->sk_state != BT_BOUND) {
434 err = -EBADFD;
435 goto done;
436 }
437
438 if (sk->sk_type != SOCK_STREAM) {
439 err = -EINVAL;
440 goto done;
441 }
442
443 if (!rfcomm_pi(sk)->channel) {
444 bdaddr_t *src = &rfcomm_pi(sk)->src;
445 u8 channel;
446
447 err = -EINVAL;
448
449 write_lock(&rfcomm_sk_list.lock);
450
451 for (channel = 1; channel < 31; channel++)
452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
453 rfcomm_pi(sk)->channel = channel;
454 err = 0;
455 break;
456 }
457
458 write_unlock(&rfcomm_sk_list.lock);
459
460 if (err < 0)
461 goto done;
462 }
463
464 sk->sk_max_ack_backlog = backlog;
465 sk->sk_ack_backlog = 0;
466 sk->sk_state = BT_LISTEN;
467
468done:
469 release_sock(sk);
470 return err;
471}
472
473static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
474{
475 DEFINE_WAIT_FUNC(wait, woken_wake_function);
476 struct sock *sk = sock->sk, *nsk;
477 long timeo;
478 int err = 0;
479
480 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
481
482 if (sk->sk_type != SOCK_STREAM) {
483 err = -EINVAL;
484 goto done;
485 }
486
487 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
488
489 BT_DBG("sk %p timeo %ld", sk, timeo);
490
491
492 add_wait_queue_exclusive(sk_sleep(sk), &wait);
493 while (1) {
494 if (sk->sk_state != BT_LISTEN) {
495 err = -EBADFD;
496 break;
497 }
498
499 nsk = bt_accept_dequeue(sk, newsock);
500 if (nsk)
501 break;
502
503 if (!timeo) {
504 err = -EAGAIN;
505 break;
506 }
507
508 if (signal_pending(current)) {
509 err = sock_intr_errno(timeo);
510 break;
511 }
512
513 release_sock(sk);
514
515 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
516
517 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
518 }
519 remove_wait_queue(sk_sleep(sk), &wait);
520
521 if (err)
522 goto done;
523
524 newsock->state = SS_CONNECTED;
525
526 BT_DBG("new socket %p", nsk);
527
528done:
529 release_sock(sk);
530 return err;
531}
532
533static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
534{
535 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
536 struct sock *sk = sock->sk;
537
538 BT_DBG("sock %p, sk %p", sock, sk);
539
540 if (peer && sk->sk_state != BT_CONNECTED &&
541 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
542 return -ENOTCONN;
543
544 memset(sa, 0, sizeof(*sa));
545 sa->rc_family = AF_BLUETOOTH;
546 sa->rc_channel = rfcomm_pi(sk)->channel;
547 if (peer)
548 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
549 else
550 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
551
552 *len = sizeof(struct sockaddr_rc);
553 return 0;
554}
555
556static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
557 size_t len)
558{
559 struct sock *sk = sock->sk;
560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
561 struct sk_buff *skb;
562 int sent;
563
564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
565 return -ENOTCONN;
566
567 if (msg->msg_flags & MSG_OOB)
568 return -EOPNOTSUPP;
569
570 if (sk->sk_shutdown & SEND_SHUTDOWN)
571 return -EPIPE;
572
573 BT_DBG("sock %p, sk %p", sock, sk);
574
575 lock_sock(sk);
576
577 sent = bt_sock_wait_ready(sk, msg->msg_flags);
578 if (sent)
579 goto done;
580
581 while (len) {
582 size_t size = min_t(size_t, len, d->mtu);
583 int err;
584
585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
586 msg->msg_flags & MSG_DONTWAIT, &err);
587 if (!skb) {
588 if (sent == 0)
589 sent = err;
590 break;
591 }
592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
593
594 err = memcpy_from_msg(skb_put(skb, size), msg, size);
595 if (err) {
596 kfree_skb(skb);
597 if (sent == 0)
598 sent = err;
599 break;
600 }
601
602 skb->priority = sk->sk_priority;
603
604 err = rfcomm_dlc_send(d, skb);
605 if (err < 0) {
606 kfree_skb(skb);
607 if (sent == 0)
608 sent = err;
609 break;
610 }
611
612 sent += size;
613 len -= size;
614 }
615
616done:
617 release_sock(sk);
618
619 return sent;
620}
621
622static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
623 size_t size, int flags)
624{
625 struct sock *sk = sock->sk;
626 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
627 int len;
628
629 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
630 rfcomm_dlc_accept(d);
631 return 0;
632 }
633
634 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
635
636 lock_sock(sk);
637 if (!(flags & MSG_PEEK) && len > 0)
638 atomic_sub(len, &sk->sk_rmem_alloc);
639
640 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
641 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
642 release_sock(sk);
643
644 return len;
645}
646
647static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
648{
649 struct sock *sk = sock->sk;
650 int err = 0;
651 u32 opt;
652
653 BT_DBG("sk %p", sk);
654
655 lock_sock(sk);
656
657 switch (optname) {
658 case RFCOMM_LM:
659 if (get_user(opt, (u32 __user *) optval)) {
660 err = -EFAULT;
661 break;
662 }
663
664 if (opt & RFCOMM_LM_FIPS) {
665 err = -EINVAL;
666 break;
667 }
668
669 if (opt & RFCOMM_LM_AUTH)
670 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
671 if (opt & RFCOMM_LM_ENCRYPT)
672 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
673 if (opt & RFCOMM_LM_SECURE)
674 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
675
676 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
677 break;
678
679 default:
680 err = -ENOPROTOOPT;
681 break;
682 }
683
684 release_sock(sk);
685 return err;
686}
687
688static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
689{
690 struct sock *sk = sock->sk;
691 struct bt_security sec;
692 int err = 0;
693 size_t len;
694 u32 opt;
695
696 BT_DBG("sk %p", sk);
697
698 if (level == SOL_RFCOMM)
699 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
700
701 if (level != SOL_BLUETOOTH)
702 return -ENOPROTOOPT;
703
704 lock_sock(sk);
705
706 switch (optname) {
707 case BT_SECURITY:
708 if (sk->sk_type != SOCK_STREAM) {
709 err = -EINVAL;
710 break;
711 }
712
713 sec.level = BT_SECURITY_LOW;
714
715 len = min_t(unsigned int, sizeof(sec), optlen);
716 if (copy_from_user((char *) &sec, optval, len)) {
717 err = -EFAULT;
718 break;
719 }
720
721 if (sec.level > BT_SECURITY_HIGH) {
722 err = -EINVAL;
723 break;
724 }
725
726 rfcomm_pi(sk)->sec_level = sec.level;
727 break;
728
729 case BT_DEFER_SETUP:
730 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
731 err = -EINVAL;
732 break;
733 }
734
735 if (get_user(opt, (u32 __user *) optval)) {
736 err = -EFAULT;
737 break;
738 }
739
740 if (opt)
741 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
742 else
743 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
744
745 break;
746
747 default:
748 err = -ENOPROTOOPT;
749 break;
750 }
751
752 release_sock(sk);
753 return err;
754}
755
756static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
757{
758 struct sock *sk = sock->sk;
759 struct sock *l2cap_sk;
760 struct l2cap_conn *conn;
761 struct rfcomm_conninfo cinfo;
762 int len, err = 0;
763 u32 opt;
764
765 BT_DBG("sk %p", sk);
766
767 if (get_user(len, optlen))
768 return -EFAULT;
769
770 lock_sock(sk);
771
772 switch (optname) {
773 case RFCOMM_LM:
774 switch (rfcomm_pi(sk)->sec_level) {
775 case BT_SECURITY_LOW:
776 opt = RFCOMM_LM_AUTH;
777 break;
778 case BT_SECURITY_MEDIUM:
779 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
780 break;
781 case BT_SECURITY_HIGH:
782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
783 RFCOMM_LM_SECURE;
784 break;
785 case BT_SECURITY_FIPS:
786 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
787 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
788 break;
789 default:
790 opt = 0;
791 break;
792 }
793
794 if (rfcomm_pi(sk)->role_switch)
795 opt |= RFCOMM_LM_MASTER;
796
797 if (put_user(opt, (u32 __user *) optval))
798 err = -EFAULT;
799
800 break;
801
802 case RFCOMM_CONNINFO:
803 if (sk->sk_state != BT_CONNECTED &&
804 !rfcomm_pi(sk)->dlc->defer_setup) {
805 err = -ENOTCONN;
806 break;
807 }
808
809 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
810 conn = l2cap_pi(l2cap_sk)->chan->conn;
811
812 memset(&cinfo, 0, sizeof(cinfo));
813 cinfo.hci_handle = conn->hcon->handle;
814 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
815
816 len = min_t(unsigned int, len, sizeof(cinfo));
817 if (copy_to_user(optval, (char *) &cinfo, len))
818 err = -EFAULT;
819
820 break;
821
822 default:
823 err = -ENOPROTOOPT;
824 break;
825 }
826
827 release_sock(sk);
828 return err;
829}
830
831static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
832{
833 struct sock *sk = sock->sk;
834 struct bt_security sec;
835 int len, err = 0;
836
837 BT_DBG("sk %p", sk);
838
839 if (level == SOL_RFCOMM)
840 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
841
842 if (level != SOL_BLUETOOTH)
843 return -ENOPROTOOPT;
844
845 if (get_user(len, optlen))
846 return -EFAULT;
847
848 lock_sock(sk);
849
850 switch (optname) {
851 case BT_SECURITY:
852 if (sk->sk_type != SOCK_STREAM) {
853 err = -EINVAL;
854 break;
855 }
856
857 sec.level = rfcomm_pi(sk)->sec_level;
858 sec.key_size = 0;
859
860 len = min_t(unsigned int, len, sizeof(sec));
861 if (copy_to_user(optval, (char *) &sec, len))
862 err = -EFAULT;
863
864 break;
865
866 case BT_DEFER_SETUP:
867 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
868 err = -EINVAL;
869 break;
870 }
871
872 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
873 (u32 __user *) optval))
874 err = -EFAULT;
875
876 break;
877
878 default:
879 err = -ENOPROTOOPT;
880 break;
881 }
882
883 release_sock(sk);
884 return err;
885}
886
887static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
888{
889 struct sock *sk __maybe_unused = sock->sk;
890 int err;
891
892 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
893
894 err = bt_sock_ioctl(sock, cmd, arg);
895
896 if (err == -ENOIOCTLCMD) {
897#ifdef CONFIG_BT_RFCOMM_TTY
898 lock_sock(sk);
899 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
900 release_sock(sk);
901#else
902 err = -EOPNOTSUPP;
903#endif
904 }
905
906 return err;
907}
908
909static int rfcomm_sock_shutdown(struct socket *sock, int how)
910{
911 struct sock *sk = sock->sk;
912 int err = 0;
913
914 BT_DBG("sock %p, sk %p", sock, sk);
915
916 if (!sk)
917 return 0;
918
919 lock_sock(sk);
920 if (!sk->sk_shutdown) {
921 sk->sk_shutdown = SHUTDOWN_MASK;
922 __rfcomm_sock_close(sk);
923
924 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
925 !(current->flags & PF_EXITING))
926 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
927 }
928 release_sock(sk);
929 return err;
930}
931
932static int rfcomm_sock_release(struct socket *sock)
933{
934 struct sock *sk = sock->sk;
935 int err;
936
937 BT_DBG("sock %p, sk %p", sock, sk);
938
939 if (!sk)
940 return 0;
941
942 err = rfcomm_sock_shutdown(sock, 2);
943
944 sock_orphan(sk);
945 rfcomm_sock_kill(sk);
946 return err;
947}
948
949
950
951
952
953int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
954{
955 struct sock *sk, *parent;
956 bdaddr_t src, dst;
957 int result = 0;
958
959 BT_DBG("session %p channel %d", s, channel);
960
961 rfcomm_session_getaddr(s, &src, &dst);
962
963
964 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
965 if (!parent)
966 return 0;
967
968 bh_lock_sock(parent);
969
970
971 if (sk_acceptq_is_full(parent)) {
972 BT_DBG("backlog full %d", parent->sk_ack_backlog);
973 goto done;
974 }
975
976 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
977 if (!sk)
978 goto done;
979
980 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
981
982 rfcomm_sock_init(sk, parent);
983 bacpy(&rfcomm_pi(sk)->src, &src);
984 bacpy(&rfcomm_pi(sk)->dst, &dst);
985 rfcomm_pi(sk)->channel = channel;
986
987 sk->sk_state = BT_CONFIG;
988 bt_accept_enqueue(parent, sk);
989
990
991 *d = rfcomm_pi(sk)->dlc;
992 result = 1;
993
994done:
995 bh_unlock_sock(parent);
996
997 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
998 parent->sk_state_change(parent);
999
1000 return result;
1001}
1002
1003static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1004{
1005 struct sock *sk;
1006
1007 read_lock(&rfcomm_sk_list.lock);
1008
1009 sk_for_each(sk, &rfcomm_sk_list.head) {
1010 seq_printf(f, "%pMR %pMR %d %d\n",
1011 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1012 sk->sk_state, rfcomm_pi(sk)->channel);
1013 }
1014
1015 read_unlock(&rfcomm_sk_list.lock);
1016
1017 return 0;
1018}
1019
1020static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1021{
1022 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1023}
1024
1025static const struct file_operations rfcomm_sock_debugfs_fops = {
1026 .open = rfcomm_sock_debugfs_open,
1027 .read = seq_read,
1028 .llseek = seq_lseek,
1029 .release = single_release,
1030};
1031
1032static struct dentry *rfcomm_sock_debugfs;
1033
1034static const struct proto_ops rfcomm_sock_ops = {
1035 .family = PF_BLUETOOTH,
1036 .owner = THIS_MODULE,
1037 .release = rfcomm_sock_release,
1038 .bind = rfcomm_sock_bind,
1039 .connect = rfcomm_sock_connect,
1040 .listen = rfcomm_sock_listen,
1041 .accept = rfcomm_sock_accept,
1042 .getname = rfcomm_sock_getname,
1043 .sendmsg = rfcomm_sock_sendmsg,
1044 .recvmsg = rfcomm_sock_recvmsg,
1045 .shutdown = rfcomm_sock_shutdown,
1046 .setsockopt = rfcomm_sock_setsockopt,
1047 .getsockopt = rfcomm_sock_getsockopt,
1048 .ioctl = rfcomm_sock_ioctl,
1049 .poll = bt_sock_poll,
1050 .socketpair = sock_no_socketpair,
1051 .mmap = sock_no_mmap
1052};
1053
1054static const struct net_proto_family rfcomm_sock_family_ops = {
1055 .family = PF_BLUETOOTH,
1056 .owner = THIS_MODULE,
1057 .create = rfcomm_sock_create
1058};
1059
1060int __init rfcomm_init_sockets(void)
1061{
1062 int err;
1063
1064 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1065
1066 err = proto_register(&rfcomm_proto, 0);
1067 if (err < 0)
1068 return err;
1069
1070 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1071 if (err < 0) {
1072 BT_ERR("RFCOMM socket layer registration failed");
1073 goto error;
1074 }
1075
1076 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1077 if (err < 0) {
1078 BT_ERR("Failed to create RFCOMM proc file");
1079 bt_sock_unregister(BTPROTO_RFCOMM);
1080 goto error;
1081 }
1082
1083 BT_INFO("RFCOMM socket layer initialized");
1084
1085 if (IS_ERR_OR_NULL(bt_debugfs))
1086 return 0;
1087
1088 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1089 bt_debugfs, NULL,
1090 &rfcomm_sock_debugfs_fops);
1091
1092 return 0;
1093
1094error:
1095 proto_unregister(&rfcomm_proto);
1096 return err;
1097}
1098
1099void __exit rfcomm_cleanup_sockets(void)
1100{
1101 bt_procfs_cleanup(&init_net, "rfcomm");
1102
1103 debugfs_remove(rfcomm_sock_debugfs);
1104
1105 bt_sock_unregister(BTPROTO_RFCOMM);
1106
1107 proto_unregister(&rfcomm_proto);
1108}
1109
