1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/compat.h>
28#include <linux/export.h>
29#include <linux/debugfs.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/rfcomm.h>
36
37static const struct proto_ops rfcomm_sock_ops;
38
39static struct bt_sock_list rfcomm_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41};
42
43static void rfcomm_sock_close(struct sock *sk);
44static void rfcomm_sock_kill(struct sock *sk);
45
46
47
48
49
50static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51{
52 struct sock *sk = d->owner;
53 if (!sk)
54 return;
55
56 atomic_add(skb->len, &sk->sk_rmem_alloc);
57 skb_queue_tail(&sk->sk_receive_queue, skb);
58 sk->sk_data_ready(sk);
59
60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61 rfcomm_dlc_throttle(d);
62}
63
64static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65{
66 struct sock *sk = d->owner, *parent;
67 unsigned long flags;
68
69 if (!sk)
70 return;
71
72 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
73
74 local_irq_save(flags);
75 bh_lock_sock(sk);
76
77 if (err)
78 sk->sk_err = err;
79
80 sk->sk_state = d->state;
81
82 parent = bt_sk(sk)->parent;
83 if (parent) {
84 if (d->state == BT_CLOSED) {
85 sock_set_flag(sk, SOCK_ZAPPED);
86 bt_accept_unlink(sk);
87 }
88 parent->sk_data_ready(parent);
89 } else {
90 if (d->state == BT_CONNECTED)
91 rfcomm_session_getaddr(d->session,
92 &rfcomm_pi(sk)->src, NULL);
93 sk->sk_state_change(sk);
94 }
95
96 bh_unlock_sock(sk);
97 local_irq_restore(flags);
98
99 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
100
101
102 rfcomm_dlc_unlock(d);
103 rfcomm_sock_kill(sk);
104 rfcomm_dlc_lock(d);
105 }
106}
107
108
109static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
110{
111 struct sock *sk = NULL;
112
113 sk_for_each(sk, &rfcomm_sk_list.head) {
114 if (rfcomm_pi(sk)->channel != channel)
115 continue;
116
117 if (bacmp(&rfcomm_pi(sk)->src, src))
118 continue;
119
120 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
121 break;
122 }
123
124 return sk ? sk : NULL;
125}
126
127
128
129
130static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
131{
132 struct sock *sk = NULL, *sk1 = NULL;
133
134 read_lock(&rfcomm_sk_list.lock);
135
136 sk_for_each(sk, &rfcomm_sk_list.head) {
137 if (state && sk->sk_state != state)
138 continue;
139
140 if (rfcomm_pi(sk)->channel == channel) {
141
142 if (!bacmp(&rfcomm_pi(sk)->src, src))
143 break;
144
145
146 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
147 sk1 = sk;
148 }
149 }
150
151 read_unlock(&rfcomm_sk_list.lock);
152
153 return sk ? sk : sk1;
154}
155
156static void rfcomm_sock_destruct(struct sock *sk)
157{
158 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
159
160 BT_DBG("sk %p dlc %p", sk, d);
161
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
164
165 rfcomm_dlc_lock(d);
166 rfcomm_pi(sk)->dlc = NULL;
167
168
169 if (d->owner == sk)
170 d->owner = NULL;
171 rfcomm_dlc_unlock(d);
172
173 rfcomm_dlc_put(d);
174}
175
176static void rfcomm_sock_cleanup_listen(struct sock *parent)
177{
178 struct sock *sk;
179
180 BT_DBG("parent %p", parent);
181
182
183 while ((sk = bt_accept_dequeue(parent, NULL))) {
184 rfcomm_sock_close(sk);
185 rfcomm_sock_kill(sk);
186 }
187
188 parent->sk_state = BT_CLOSED;
189 sock_set_flag(parent, SOCK_ZAPPED);
190}
191
192
193
194
195static void rfcomm_sock_kill(struct sock *sk)
196{
197 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
198 return;
199
200 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
201
202
203 bt_sock_unlink(&rfcomm_sk_list, sk);
204 sock_set_flag(sk, SOCK_DEAD);
205 sock_put(sk);
206}
207
208static void __rfcomm_sock_close(struct sock *sk)
209{
210 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
211
212 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
213
214 switch (sk->sk_state) {
215 case BT_LISTEN:
216 rfcomm_sock_cleanup_listen(sk);
217 break;
218
219 case BT_CONNECT:
220 case BT_CONNECT2:
221 case BT_CONFIG:
222 case BT_CONNECTED:
223 rfcomm_dlc_close(d, 0);
224
225
226 default:
227 sock_set_flag(sk, SOCK_ZAPPED);
228 break;
229 }
230}
231
232
233
234
235static void rfcomm_sock_close(struct sock *sk)
236{
237 lock_sock(sk);
238 __rfcomm_sock_close(sk);
239 release_sock(sk);
240}
241
242static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
243{
244 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
245
246 BT_DBG("sk %p", sk);
247
248 if (parent) {
249 sk->sk_type = parent->sk_type;
250 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
251 &bt_sk(parent)->flags);
252
253 pi->sec_level = rfcomm_pi(parent)->sec_level;
254 pi->role_switch = rfcomm_pi(parent)->role_switch;
255
256 security_sk_clone(parent, sk);
257 } else {
258 pi->dlc->defer_setup = 0;
259
260 pi->sec_level = BT_SECURITY_LOW;
261 pi->role_switch = 0;
262 }
263
264 pi->dlc->sec_level = pi->sec_level;
265 pi->dlc->role_switch = pi->role_switch;
266}
267
268static struct proto rfcomm_proto = {
269 .name = "RFCOMM",
270 .owner = THIS_MODULE,
271 .obj_size = sizeof(struct rfcomm_pinfo)
272};
273
274static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
275{
276 struct rfcomm_dlc *d;
277 struct sock *sk;
278
279 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
280 if (!sk)
281 return NULL;
282
283 sock_init_data(sock, sk);
284 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
285
286 d = rfcomm_dlc_alloc(prio);
287 if (!d) {
288 sk_free(sk);
289 return NULL;
290 }
291
292 d->data_ready = rfcomm_sk_data_ready;
293 d->state_change = rfcomm_sk_state_change;
294
295 rfcomm_pi(sk)->dlc = d;
296 d->owner = sk;
297
298 sk->sk_destruct = rfcomm_sock_destruct;
299 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
300
301 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
302 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
303
304 sock_reset_flag(sk, SOCK_ZAPPED);
305
306 sk->sk_protocol = proto;
307 sk->sk_state = BT_OPEN;
308
309 bt_sock_link(&rfcomm_sk_list, sk);
310
311 BT_DBG("sk %p", sk);
312 return sk;
313}
314
315static int rfcomm_sock_create(struct net *net, struct socket *sock,
316 int protocol, int kern)
317{
318 struct sock *sk;
319
320 BT_DBG("sock %p", sock);
321
322 sock->state = SS_UNCONNECTED;
323
324 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
325 return -ESOCKTNOSUPPORT;
326
327 sock->ops = &rfcomm_sock_ops;
328
329 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
330 if (!sk)
331 return -ENOMEM;
332
333 rfcomm_sock_init(sk, NULL);
334 return 0;
335}
336
337static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
338{
339 struct sockaddr_rc sa;
340 struct sock *sk = sock->sk;
341 int len, err = 0;
342
343 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
344 addr->sa_family != AF_BLUETOOTH)
345 return -EINVAL;
346
347 memset(&sa, 0, sizeof(sa));
348 len = min_t(unsigned int, sizeof(sa), addr_len);
349 memcpy(&sa, addr, len);
350
351 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
352
353 lock_sock(sk);
354
355 if (sk->sk_state != BT_OPEN) {
356 err = -EBADFD;
357 goto done;
358 }
359
360 if (sk->sk_type != SOCK_STREAM) {
361 err = -EINVAL;
362 goto done;
363 }
364
365 write_lock(&rfcomm_sk_list.lock);
366
367 if (sa.rc_channel &&
368 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
369 err = -EADDRINUSE;
370 } else {
371
372 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
373 rfcomm_pi(sk)->channel = sa.rc_channel;
374 sk->sk_state = BT_BOUND;
375 }
376
377 write_unlock(&rfcomm_sk_list.lock);
378
379done:
380 release_sock(sk);
381 return err;
382}
383
384static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
385{
386 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
387 struct sock *sk = sock->sk;
388 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
389 int err = 0;
390
391 BT_DBG("sk %p", sk);
392
393 if (alen < sizeof(struct sockaddr_rc) ||
394 addr->sa_family != AF_BLUETOOTH)
395 return -EINVAL;
396
397 lock_sock(sk);
398
399 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
400 err = -EBADFD;
401 goto done;
402 }
403
404 if (sk->sk_type != SOCK_STREAM) {
405 err = -EINVAL;
406 goto done;
407 }
408
409 sk->sk_state = BT_CONNECT;
410 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
411 rfcomm_pi(sk)->channel = sa->rc_channel;
412
413 d->sec_level = rfcomm_pi(sk)->sec_level;
414 d->role_switch = rfcomm_pi(sk)->role_switch;
415
416 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
417 sa->rc_channel);
418 if (!err)
419 err = bt_sock_wait_state(sk, BT_CONNECTED,
420 sock_sndtimeo(sk, flags & O_NONBLOCK));
421
422done:
423 release_sock(sk);
424 return err;
425}
426
427static int rfcomm_sock_listen(struct socket *sock, int backlog)
428{
429 struct sock *sk = sock->sk;
430 int err = 0;
431
432 BT_DBG("sk %p backlog %d", sk, backlog);
433
434 lock_sock(sk);
435
436 if (sk->sk_state != BT_BOUND) {
437 err = -EBADFD;
438 goto done;
439 }
440
441 if (sk->sk_type != SOCK_STREAM) {
442 err = -EINVAL;
443 goto done;
444 }
445
446 if (!rfcomm_pi(sk)->channel) {
447 bdaddr_t *src = &rfcomm_pi(sk)->src;
448 u8 channel;
449
450 err = -EINVAL;
451
452 write_lock(&rfcomm_sk_list.lock);
453
454 for (channel = 1; channel < 31; channel++)
455 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
456 rfcomm_pi(sk)->channel = channel;
457 err = 0;
458 break;
459 }
460
461 write_unlock(&rfcomm_sk_list.lock);
462
463 if (err < 0)
464 goto done;
465 }
466
467 sk->sk_max_ack_backlog = backlog;
468 sk->sk_ack_backlog = 0;
469 sk->sk_state = BT_LISTEN;
470
471done:
472 release_sock(sk);
473 return err;
474}
475
476static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
477 bool kern)
478{
479 DEFINE_WAIT_FUNC(wait, woken_wake_function);
480 struct sock *sk = sock->sk, *nsk;
481 long timeo;
482 int err = 0;
483
484 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
485
486 if (sk->sk_type != SOCK_STREAM) {
487 err = -EINVAL;
488 goto done;
489 }
490
491 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
492
493 BT_DBG("sk %p timeo %ld", sk, timeo);
494
495
496 add_wait_queue_exclusive(sk_sleep(sk), &wait);
497 while (1) {
498 if (sk->sk_state != BT_LISTEN) {
499 err = -EBADFD;
500 break;
501 }
502
503 nsk = bt_accept_dequeue(sk, newsock);
504 if (nsk)
505 break;
506
507 if (!timeo) {
508 err = -EAGAIN;
509 break;
510 }
511
512 if (signal_pending(current)) {
513 err = sock_intr_errno(timeo);
514 break;
515 }
516
517 release_sock(sk);
518
519 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
520
521 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
522 }
523 remove_wait_queue(sk_sleep(sk), &wait);
524
525 if (err)
526 goto done;
527
528 newsock->state = SS_CONNECTED;
529
530 BT_DBG("new socket %p", nsk);
531
532done:
533 release_sock(sk);
534 return err;
535}
536
537static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
538{
539 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
540 struct sock *sk = sock->sk;
541
542 BT_DBG("sock %p, sk %p", sock, sk);
543
544 if (peer && sk->sk_state != BT_CONNECTED &&
545 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
546 return -ENOTCONN;
547
548 memset(sa, 0, sizeof(*sa));
549 sa->rc_family = AF_BLUETOOTH;
550 sa->rc_channel = rfcomm_pi(sk)->channel;
551 if (peer)
552 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
553 else
554 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
555
556 return sizeof(struct sockaddr_rc);
557}
558
559static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
560 size_t len)
561{
562 struct sock *sk = sock->sk;
563 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
564 struct sk_buff *skb;
565 int sent;
566
567 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
568 return -ENOTCONN;
569
570 if (msg->msg_flags & MSG_OOB)
571 return -EOPNOTSUPP;
572
573 if (sk->sk_shutdown & SEND_SHUTDOWN)
574 return -EPIPE;
575
576 BT_DBG("sock %p, sk %p", sock, sk);
577
578 lock_sock(sk);
579
580 sent = bt_sock_wait_ready(sk, msg->msg_flags);
581 if (sent)
582 goto done;
583
584 while (len) {
585 size_t size = min_t(size_t, len, d->mtu);
586 int err;
587
588 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
589 msg->msg_flags & MSG_DONTWAIT, &err);
590 if (!skb) {
591 if (sent == 0)
592 sent = err;
593 break;
594 }
595 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
596
597 err = memcpy_from_msg(skb_put(skb, size), msg, size);
598 if (err) {
599 kfree_skb(skb);
600 if (sent == 0)
601 sent = err;
602 break;
603 }
604
605 skb->priority = sk->sk_priority;
606
607 err = rfcomm_dlc_send(d, skb);
608 if (err < 0) {
609 kfree_skb(skb);
610 if (sent == 0)
611 sent = err;
612 break;
613 }
614
615 sent += size;
616 len -= size;
617 }
618
619done:
620 release_sock(sk);
621
622 return sent;
623}
624
625static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
626 size_t size, int flags)
627{
628 struct sock *sk = sock->sk;
629 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
630 int len;
631
632 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
633 rfcomm_dlc_accept(d);
634 return 0;
635 }
636
637 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
638
639 lock_sock(sk);
640 if (!(flags & MSG_PEEK) && len > 0)
641 atomic_sub(len, &sk->sk_rmem_alloc);
642
643 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
644 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
645 release_sock(sk);
646
647 return len;
648}
649
650static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
651{
652 struct sock *sk = sock->sk;
653 int err = 0;
654 u32 opt;
655
656 BT_DBG("sk %p", sk);
657
658 lock_sock(sk);
659
660 switch (optname) {
661 case RFCOMM_LM:
662 if (get_user(opt, (u32 __user *) optval)) {
663 err = -EFAULT;
664 break;
665 }
666
667 if (opt & RFCOMM_LM_FIPS) {
668 err = -EINVAL;
669 break;
670 }
671
672 if (opt & RFCOMM_LM_AUTH)
673 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
674 if (opt & RFCOMM_LM_ENCRYPT)
675 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
676 if (opt & RFCOMM_LM_SECURE)
677 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
678
679 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
680 break;
681
682 default:
683 err = -ENOPROTOOPT;
684 break;
685 }
686
687 release_sock(sk);
688 return err;
689}
690
691static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
692{
693 struct sock *sk = sock->sk;
694 struct bt_security sec;
695 int err = 0;
696 size_t len;
697 u32 opt;
698
699 BT_DBG("sk %p", sk);
700
701 if (level == SOL_RFCOMM)
702 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
703
704 if (level != SOL_BLUETOOTH)
705 return -ENOPROTOOPT;
706
707 lock_sock(sk);
708
709 switch (optname) {
710 case BT_SECURITY:
711 if (sk->sk_type != SOCK_STREAM) {
712 err = -EINVAL;
713 break;
714 }
715
716 sec.level = BT_SECURITY_LOW;
717
718 len = min_t(unsigned int, sizeof(sec), optlen);
719 if (copy_from_user((char *) &sec, optval, len)) {
720 err = -EFAULT;
721 break;
722 }
723
724 if (sec.level > BT_SECURITY_HIGH) {
725 err = -EINVAL;
726 break;
727 }
728
729 rfcomm_pi(sk)->sec_level = sec.level;
730 break;
731
732 case BT_DEFER_SETUP:
733 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
734 err = -EINVAL;
735 break;
736 }
737
738 if (get_user(opt, (u32 __user *) optval)) {
739 err = -EFAULT;
740 break;
741 }
742
743 if (opt)
744 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
745 else
746 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
747
748 break;
749
750 default:
751 err = -ENOPROTOOPT;
752 break;
753 }
754
755 release_sock(sk);
756 return err;
757}
758
759static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
760{
761 struct sock *sk = sock->sk;
762 struct sock *l2cap_sk;
763 struct l2cap_conn *conn;
764 struct rfcomm_conninfo cinfo;
765 int len, err = 0;
766 u32 opt;
767
768 BT_DBG("sk %p", sk);
769
770 if (get_user(len, optlen))
771 return -EFAULT;
772
773 lock_sock(sk);
774
775 switch (optname) {
776 case RFCOMM_LM:
777 switch (rfcomm_pi(sk)->sec_level) {
778 case BT_SECURITY_LOW:
779 opt = RFCOMM_LM_AUTH;
780 break;
781 case BT_SECURITY_MEDIUM:
782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
783 break;
784 case BT_SECURITY_HIGH:
785 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
786 RFCOMM_LM_SECURE;
787 break;
788 case BT_SECURITY_FIPS:
789 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
790 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
791 break;
792 default:
793 opt = 0;
794 break;
795 }
796
797 if (rfcomm_pi(sk)->role_switch)
798 opt |= RFCOMM_LM_MASTER;
799
800 if (put_user(opt, (u32 __user *) optval))
801 err = -EFAULT;
802
803 break;
804
805 case RFCOMM_CONNINFO:
806 if (sk->sk_state != BT_CONNECTED &&
807 !rfcomm_pi(sk)->dlc->defer_setup) {
808 err = -ENOTCONN;
809 break;
810 }
811
812 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
813 conn = l2cap_pi(l2cap_sk)->chan->conn;
814
815 memset(&cinfo, 0, sizeof(cinfo));
816 cinfo.hci_handle = conn->hcon->handle;
817 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
818
819 len = min_t(unsigned int, len, sizeof(cinfo));
820 if (copy_to_user(optval, (char *) &cinfo, len))
821 err = -EFAULT;
822
823 break;
824
825 default:
826 err = -ENOPROTOOPT;
827 break;
828 }
829
830 release_sock(sk);
831 return err;
832}
833
834static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
835{
836 struct sock *sk = sock->sk;
837 struct bt_security sec;
838 int len, err = 0;
839
840 BT_DBG("sk %p", sk);
841
842 if (level == SOL_RFCOMM)
843 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
844
845 if (level != SOL_BLUETOOTH)
846 return -ENOPROTOOPT;
847
848 if (get_user(len, optlen))
849 return -EFAULT;
850
851 lock_sock(sk);
852
853 switch (optname) {
854 case BT_SECURITY:
855 if (sk->sk_type != SOCK_STREAM) {
856 err = -EINVAL;
857 break;
858 }
859
860 sec.level = rfcomm_pi(sk)->sec_level;
861 sec.key_size = 0;
862
863 len = min_t(unsigned int, len, sizeof(sec));
864 if (copy_to_user(optval, (char *) &sec, len))
865 err = -EFAULT;
866
867 break;
868
869 case BT_DEFER_SETUP:
870 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
871 err = -EINVAL;
872 break;
873 }
874
875 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
876 (u32 __user *) optval))
877 err = -EFAULT;
878
879 break;
880
881 default:
882 err = -ENOPROTOOPT;
883 break;
884 }
885
886 release_sock(sk);
887 return err;
888}
889
890static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
891{
892 struct sock *sk __maybe_unused = sock->sk;
893 int err;
894
895 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
896
897 err = bt_sock_ioctl(sock, cmd, arg);
898
899 if (err == -ENOIOCTLCMD) {
900#ifdef CONFIG_BT_RFCOMM_TTY
901 lock_sock(sk);
902 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
903 release_sock(sk);
904#else
905 err = -EOPNOTSUPP;
906#endif
907 }
908
909 return err;
910}
911
912#ifdef CONFIG_COMPAT
913static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
914{
915 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
916}
917#endif
918
919static int rfcomm_sock_shutdown(struct socket *sock, int how)
920{
921 struct sock *sk = sock->sk;
922 int err = 0;
923
924 BT_DBG("sock %p, sk %p", sock, sk);
925
926 if (!sk)
927 return 0;
928
929 lock_sock(sk);
930 if (!sk->sk_shutdown) {
931 sk->sk_shutdown = SHUTDOWN_MASK;
932 __rfcomm_sock_close(sk);
933
934 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
935 !(current->flags & PF_EXITING))
936 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
937 }
938 release_sock(sk);
939 return err;
940}
941
942static int rfcomm_sock_release(struct socket *sock)
943{
944 struct sock *sk = sock->sk;
945 int err;
946
947 BT_DBG("sock %p, sk %p", sock, sk);
948
949 if (!sk)
950 return 0;
951
952 err = rfcomm_sock_shutdown(sock, 2);
953
954 sock_orphan(sk);
955 rfcomm_sock_kill(sk);
956 return err;
957}
958
959
960
961
962
963int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
964{
965 struct sock *sk, *parent;
966 bdaddr_t src, dst;
967 int result = 0;
968
969 BT_DBG("session %p channel %d", s, channel);
970
971 rfcomm_session_getaddr(s, &src, &dst);
972
973
974 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
975 if (!parent)
976 return 0;
977
978 bh_lock_sock(parent);
979
980
981 if (sk_acceptq_is_full(parent)) {
982 BT_DBG("backlog full %d", parent->sk_ack_backlog);
983 goto done;
984 }
985
986 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
987 if (!sk)
988 goto done;
989
990 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
991
992 rfcomm_sock_init(sk, parent);
993 bacpy(&rfcomm_pi(sk)->src, &src);
994 bacpy(&rfcomm_pi(sk)->dst, &dst);
995 rfcomm_pi(sk)->channel = channel;
996
997 sk->sk_state = BT_CONFIG;
998 bt_accept_enqueue(parent, sk, true);
999
1000
1001 *d = rfcomm_pi(sk)->dlc;
1002 result = 1;
1003
1004done:
1005 bh_unlock_sock(parent);
1006
1007 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1008 parent->sk_state_change(parent);
1009
1010 return result;
1011}
1012
1013static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1014{
1015 struct sock *sk;
1016
1017 read_lock(&rfcomm_sk_list.lock);
1018
1019 sk_for_each(sk, &rfcomm_sk_list.head) {
1020 seq_printf(f, "%pMR %pMR %d %d\n",
1021 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1022 sk->sk_state, rfcomm_pi(sk)->channel);
1023 }
1024
1025 read_unlock(&rfcomm_sk_list.lock);
1026
1027 return 0;
1028}
1029
1030DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1031
1032static struct dentry *rfcomm_sock_debugfs;
1033
1034static const struct proto_ops rfcomm_sock_ops = {
1035 .family = PF_BLUETOOTH,
1036 .owner = THIS_MODULE,
1037 .release = rfcomm_sock_release,
1038 .bind = rfcomm_sock_bind,
1039 .connect = rfcomm_sock_connect,
1040 .listen = rfcomm_sock_listen,
1041 .accept = rfcomm_sock_accept,
1042 .getname = rfcomm_sock_getname,
1043 .sendmsg = rfcomm_sock_sendmsg,
1044 .recvmsg = rfcomm_sock_recvmsg,
1045 .shutdown = rfcomm_sock_shutdown,
1046 .setsockopt = rfcomm_sock_setsockopt,
1047 .getsockopt = rfcomm_sock_getsockopt,
1048 .ioctl = rfcomm_sock_ioctl,
1049 .gettstamp = sock_gettstamp,
1050 .poll = bt_sock_poll,
1051 .socketpair = sock_no_socketpair,
1052 .mmap = sock_no_mmap,
1053#ifdef CONFIG_COMPAT
1054 .compat_ioctl = rfcomm_sock_compat_ioctl,
1055#endif
1056};
1057
1058static const struct net_proto_family rfcomm_sock_family_ops = {
1059 .family = PF_BLUETOOTH,
1060 .owner = THIS_MODULE,
1061 .create = rfcomm_sock_create
1062};
1063
1064int __init rfcomm_init_sockets(void)
1065{
1066 int err;
1067
1068 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1069
1070 err = proto_register(&rfcomm_proto, 0);
1071 if (err < 0)
1072 return err;
1073
1074 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1075 if (err < 0) {
1076 BT_ERR("RFCOMM socket layer registration failed");
1077 goto error;
1078 }
1079
1080 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1081 if (err < 0) {
1082 BT_ERR("Failed to create RFCOMM proc file");
1083 bt_sock_unregister(BTPROTO_RFCOMM);
1084 goto error;
1085 }
1086
1087 BT_INFO("RFCOMM socket layer initialized");
1088
1089 if (IS_ERR_OR_NULL(bt_debugfs))
1090 return 0;
1091
1092 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1093 bt_debugfs, NULL,
1094 &rfcomm_sock_debugfs_fops);
1095
1096 return 0;
1097
1098error:
1099 proto_unregister(&rfcomm_proto);
1100 return err;
1101}
1102
1103void __exit rfcomm_cleanup_sockets(void)
1104{
1105 bt_procfs_cleanup(&init_net, "rfcomm");
1106
1107 debugfs_remove(rfcomm_sock_debugfs);
1108
1109 bt_sock_unregister(BTPROTO_RFCOMM);
1110
1111 proto_unregister(&rfcomm_proto);
1112}
1113
