1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/compat.h>
28#include <linux/export.h>
29#include <linux/debugfs.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/rfcomm.h>
36
37static const struct proto_ops rfcomm_sock_ops;
38
39static struct bt_sock_list rfcomm_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41};
42
43static void rfcomm_sock_close(struct sock *sk);
44static void rfcomm_sock_kill(struct sock *sk);
45
46
47
48
49
50static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51{
52 struct sock *sk = d->owner;
53 if (!sk)
54 return;
55
56 atomic_add(skb->len, &sk->sk_rmem_alloc);
57 skb_queue_tail(&sk->sk_receive_queue, skb);
58 sk->sk_data_ready(sk);
59
60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61 rfcomm_dlc_throttle(d);
62}
63
64static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65{
66 struct sock *sk = d->owner, *parent;
67
68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73 lock_sock(sk);
74
75 if (err)
76 sk->sk_err = err;
77
78 sk->sk_state = d->state;
79
80 parent = bt_sk(sk)->parent;
81 if (parent) {
82 if (d->state == BT_CLOSED) {
83 sock_set_flag(sk, SOCK_ZAPPED);
84 bt_accept_unlink(sk);
85 }
86 parent->sk_data_ready(parent);
87 } else {
88 if (d->state == BT_CONNECTED)
89 rfcomm_session_getaddr(d->session,
90 &rfcomm_pi(sk)->src, NULL);
91 sk->sk_state_change(sk);
92 }
93
94 release_sock(sk);
95
96 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
97
98
99 rfcomm_dlc_unlock(d);
100 rfcomm_sock_kill(sk);
101 rfcomm_dlc_lock(d);
102 }
103}
104
105
106static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
107{
108 struct sock *sk = NULL;
109
110 sk_for_each(sk, &rfcomm_sk_list.head) {
111 if (rfcomm_pi(sk)->channel != channel)
112 continue;
113
114 if (bacmp(&rfcomm_pi(sk)->src, src))
115 continue;
116
117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
118 break;
119 }
120
121 return sk ? sk : NULL;
122}
123
124
125
126
127static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
128{
129 struct sock *sk = NULL, *sk1 = NULL;
130
131 read_lock(&rfcomm_sk_list.lock);
132
133 sk_for_each(sk, &rfcomm_sk_list.head) {
134 if (state && sk->sk_state != state)
135 continue;
136
137 if (rfcomm_pi(sk)->channel == channel) {
138
139 if (!bacmp(&rfcomm_pi(sk)->src, src))
140 break;
141
142
143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
144 sk1 = sk;
145 }
146 }
147
148 read_unlock(&rfcomm_sk_list.lock);
149
150 return sk ? sk : sk1;
151}
152
153static void rfcomm_sock_destruct(struct sock *sk)
154{
155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
156
157 BT_DBG("sk %p dlc %p", sk, d);
158
159 skb_queue_purge(&sk->sk_receive_queue);
160 skb_queue_purge(&sk->sk_write_queue);
161
162 rfcomm_dlc_lock(d);
163 rfcomm_pi(sk)->dlc = NULL;
164
165
166 if (d->owner == sk)
167 d->owner = NULL;
168 rfcomm_dlc_unlock(d);
169
170 rfcomm_dlc_put(d);
171}
172
173static void rfcomm_sock_cleanup_listen(struct sock *parent)
174{
175 struct sock *sk;
176
177 BT_DBG("parent %p", parent);
178
179
180 while ((sk = bt_accept_dequeue(parent, NULL))) {
181 rfcomm_sock_close(sk);
182 rfcomm_sock_kill(sk);
183 }
184
185 parent->sk_state = BT_CLOSED;
186 sock_set_flag(parent, SOCK_ZAPPED);
187}
188
189
190
191
192static void rfcomm_sock_kill(struct sock *sk)
193{
194 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
195 return;
196
197 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
198
199
200 bt_sock_unlink(&rfcomm_sk_list, sk);
201 sock_set_flag(sk, SOCK_DEAD);
202 sock_put(sk);
203}
204
205static void __rfcomm_sock_close(struct sock *sk)
206{
207 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
208
209 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
210
211 switch (sk->sk_state) {
212 case BT_LISTEN:
213 rfcomm_sock_cleanup_listen(sk);
214 break;
215
216 case BT_CONNECT:
217 case BT_CONNECT2:
218 case BT_CONFIG:
219 case BT_CONNECTED:
220 rfcomm_dlc_close(d, 0);
221 fallthrough;
222
223 default:
224 sock_set_flag(sk, SOCK_ZAPPED);
225 break;
226 }
227}
228
229
230
231
232static void rfcomm_sock_close(struct sock *sk)
233{
234 lock_sock(sk);
235 __rfcomm_sock_close(sk);
236 release_sock(sk);
237}
238
239static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
240{
241 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
242
243 BT_DBG("sk %p", sk);
244
245 if (parent) {
246 sk->sk_type = parent->sk_type;
247 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
248 &bt_sk(parent)->flags);
249
250 pi->sec_level = rfcomm_pi(parent)->sec_level;
251 pi->role_switch = rfcomm_pi(parent)->role_switch;
252
253 security_sk_clone(parent, sk);
254 } else {
255 pi->dlc->defer_setup = 0;
256
257 pi->sec_level = BT_SECURITY_LOW;
258 pi->role_switch = 0;
259 }
260
261 pi->dlc->sec_level = pi->sec_level;
262 pi->dlc->role_switch = pi->role_switch;
263}
264
265static struct proto rfcomm_proto = {
266 .name = "RFCOMM",
267 .owner = THIS_MODULE,
268 .obj_size = sizeof(struct rfcomm_pinfo)
269};
270
271static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
272{
273 struct rfcomm_dlc *d;
274 struct sock *sk;
275
276 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
277 if (!sk)
278 return NULL;
279
280 sock_init_data(sock, sk);
281 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
282
283 d = rfcomm_dlc_alloc(prio);
284 if (!d) {
285 sk_free(sk);
286 return NULL;
287 }
288
289 d->data_ready = rfcomm_sk_data_ready;
290 d->state_change = rfcomm_sk_state_change;
291
292 rfcomm_pi(sk)->dlc = d;
293 d->owner = sk;
294
295 sk->sk_destruct = rfcomm_sock_destruct;
296 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
297
298 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
299 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
300
301 sock_reset_flag(sk, SOCK_ZAPPED);
302
303 sk->sk_protocol = proto;
304 sk->sk_state = BT_OPEN;
305
306 bt_sock_link(&rfcomm_sk_list, sk);
307
308 BT_DBG("sk %p", sk);
309 return sk;
310}
311
312static int rfcomm_sock_create(struct net *net, struct socket *sock,
313 int protocol, int kern)
314{
315 struct sock *sk;
316
317 BT_DBG("sock %p", sock);
318
319 sock->state = SS_UNCONNECTED;
320
321 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
322 return -ESOCKTNOSUPPORT;
323
324 sock->ops = &rfcomm_sock_ops;
325
326 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
327 if (!sk)
328 return -ENOMEM;
329
330 rfcomm_sock_init(sk, NULL);
331 return 0;
332}
333
334static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
335{
336 struct sockaddr_rc sa;
337 struct sock *sk = sock->sk;
338 int len, err = 0;
339
340 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
341 addr->sa_family != AF_BLUETOOTH)
342 return -EINVAL;
343
344 memset(&sa, 0, sizeof(sa));
345 len = min_t(unsigned int, sizeof(sa), addr_len);
346 memcpy(&sa, addr, len);
347
348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
349
350 lock_sock(sk);
351
352 if (sk->sk_state != BT_OPEN) {
353 err = -EBADFD;
354 goto done;
355 }
356
357 if (sk->sk_type != SOCK_STREAM) {
358 err = -EINVAL;
359 goto done;
360 }
361
362 write_lock(&rfcomm_sk_list.lock);
363
364 if (sa.rc_channel &&
365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
366 err = -EADDRINUSE;
367 } else {
368
369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
370 rfcomm_pi(sk)->channel = sa.rc_channel;
371 sk->sk_state = BT_BOUND;
372 }
373
374 write_unlock(&rfcomm_sk_list.lock);
375
376done:
377 release_sock(sk);
378 return err;
379}
380
381static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
382{
383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
384 struct sock *sk = sock->sk;
385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
386 int err = 0;
387
388 BT_DBG("sk %p", sk);
389
390 if (alen < sizeof(struct sockaddr_rc) ||
391 addr->sa_family != AF_BLUETOOTH)
392 return -EINVAL;
393
394 lock_sock(sk);
395
396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
397 err = -EBADFD;
398 goto done;
399 }
400
401 if (sk->sk_type != SOCK_STREAM) {
402 err = -EINVAL;
403 goto done;
404 }
405
406 sk->sk_state = BT_CONNECT;
407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
408 rfcomm_pi(sk)->channel = sa->rc_channel;
409
410 d->sec_level = rfcomm_pi(sk)->sec_level;
411 d->role_switch = rfcomm_pi(sk)->role_switch;
412
413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
414 sa->rc_channel);
415 if (!err)
416 err = bt_sock_wait_state(sk, BT_CONNECTED,
417 sock_sndtimeo(sk, flags & O_NONBLOCK));
418
419done:
420 release_sock(sk);
421 return err;
422}
423
424static int rfcomm_sock_listen(struct socket *sock, int backlog)
425{
426 struct sock *sk = sock->sk;
427 int err = 0;
428
429 BT_DBG("sk %p backlog %d", sk, backlog);
430
431 lock_sock(sk);
432
433 if (sk->sk_state != BT_BOUND) {
434 err = -EBADFD;
435 goto done;
436 }
437
438 if (sk->sk_type != SOCK_STREAM) {
439 err = -EINVAL;
440 goto done;
441 }
442
443 if (!rfcomm_pi(sk)->channel) {
444 bdaddr_t *src = &rfcomm_pi(sk)->src;
445 u8 channel;
446
447 err = -EINVAL;
448
449 write_lock(&rfcomm_sk_list.lock);
450
451 for (channel = 1; channel < 31; channel++)
452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
453 rfcomm_pi(sk)->channel = channel;
454 err = 0;
455 break;
456 }
457
458 write_unlock(&rfcomm_sk_list.lock);
459
460 if (err < 0)
461 goto done;
462 }
463
464 sk->sk_max_ack_backlog = backlog;
465 sk->sk_ack_backlog = 0;
466 sk->sk_state = BT_LISTEN;
467
468done:
469 release_sock(sk);
470 return err;
471}
472
473static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
474 bool kern)
475{
476 DEFINE_WAIT_FUNC(wait, woken_wake_function);
477 struct sock *sk = sock->sk, *nsk;
478 long timeo;
479 int err = 0;
480
481 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
482
483 if (sk->sk_type != SOCK_STREAM) {
484 err = -EINVAL;
485 goto done;
486 }
487
488 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
489
490 BT_DBG("sk %p timeo %ld", sk, timeo);
491
492
493 add_wait_queue_exclusive(sk_sleep(sk), &wait);
494 while (1) {
495 if (sk->sk_state != BT_LISTEN) {
496 err = -EBADFD;
497 break;
498 }
499
500 nsk = bt_accept_dequeue(sk, newsock);
501 if (nsk)
502 break;
503
504 if (!timeo) {
505 err = -EAGAIN;
506 break;
507 }
508
509 if (signal_pending(current)) {
510 err = sock_intr_errno(timeo);
511 break;
512 }
513
514 release_sock(sk);
515
516 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
517
518 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
519 }
520 remove_wait_queue(sk_sleep(sk), &wait);
521
522 if (err)
523 goto done;
524
525 newsock->state = SS_CONNECTED;
526
527 BT_DBG("new socket %p", nsk);
528
529done:
530 release_sock(sk);
531 return err;
532}
533
534static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
535{
536 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
537 struct sock *sk = sock->sk;
538
539 BT_DBG("sock %p, sk %p", sock, sk);
540
541 if (peer && sk->sk_state != BT_CONNECTED &&
542 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
543 return -ENOTCONN;
544
545 memset(sa, 0, sizeof(*sa));
546 sa->rc_family = AF_BLUETOOTH;
547 sa->rc_channel = rfcomm_pi(sk)->channel;
548 if (peer)
549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
550 else
551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
552
553 return sizeof(struct sockaddr_rc);
554}
555
556static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
557 size_t len)
558{
559 struct sock *sk = sock->sk;
560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
561 struct sk_buff *skb;
562 int sent;
563
564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
565 return -ENOTCONN;
566
567 if (msg->msg_flags & MSG_OOB)
568 return -EOPNOTSUPP;
569
570 if (sk->sk_shutdown & SEND_SHUTDOWN)
571 return -EPIPE;
572
573 BT_DBG("sock %p, sk %p", sock, sk);
574
575 lock_sock(sk);
576
577 sent = bt_sock_wait_ready(sk, msg->msg_flags);
578 if (sent)
579 goto done;
580
581 while (len) {
582 size_t size = min_t(size_t, len, d->mtu);
583 int err;
584
585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
586 msg->msg_flags & MSG_DONTWAIT, &err);
587 if (!skb) {
588 if (sent == 0)
589 sent = err;
590 break;
591 }
592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
593
594 err = memcpy_from_msg(skb_put(skb, size), msg, size);
595 if (err) {
596 kfree_skb(skb);
597 if (sent == 0)
598 sent = err;
599 break;
600 }
601
602 skb->priority = sk->sk_priority;
603
604 err = rfcomm_dlc_send(d, skb);
605 if (err < 0) {
606 kfree_skb(skb);
607 if (sent == 0)
608 sent = err;
609 break;
610 }
611
612 sent += size;
613 len -= size;
614 }
615
616done:
617 release_sock(sk);
618
619 return sent;
620}
621
622static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
623 size_t size, int flags)
624{
625 struct sock *sk = sock->sk;
626 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
627 int len;
628
629 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
630 rfcomm_dlc_accept(d);
631 return 0;
632 }
633
634 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
635
636 lock_sock(sk);
637 if (!(flags & MSG_PEEK) && len > 0)
638 atomic_sub(len, &sk->sk_rmem_alloc);
639
640 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
641 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
642 release_sock(sk);
643
644 return len;
645}
646
647static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname,
648 sockptr_t optval, unsigned int optlen)
649{
650 struct sock *sk = sock->sk;
651 int err = 0;
652 u32 opt;
653
654 BT_DBG("sk %p", sk);
655
656 lock_sock(sk);
657
658 switch (optname) {
659 case RFCOMM_LM:
660 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
661 err = -EFAULT;
662 break;
663 }
664
665 if (opt & RFCOMM_LM_FIPS) {
666 err = -EINVAL;
667 break;
668 }
669
670 if (opt & RFCOMM_LM_AUTH)
671 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
672 if (opt & RFCOMM_LM_ENCRYPT)
673 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
674 if (opt & RFCOMM_LM_SECURE)
675 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
676
677 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
678 break;
679
680 default:
681 err = -ENOPROTOOPT;
682 break;
683 }
684
685 release_sock(sk);
686 return err;
687}
688
689static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname,
690 sockptr_t optval, unsigned int optlen)
691{
692 struct sock *sk = sock->sk;
693 struct bt_security sec;
694 int err = 0;
695 size_t len;
696 u32 opt;
697
698 BT_DBG("sk %p", sk);
699
700 if (level == SOL_RFCOMM)
701 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
702
703 if (level != SOL_BLUETOOTH)
704 return -ENOPROTOOPT;
705
706 lock_sock(sk);
707
708 switch (optname) {
709 case BT_SECURITY:
710 if (sk->sk_type != SOCK_STREAM) {
711 err = -EINVAL;
712 break;
713 }
714
715 sec.level = BT_SECURITY_LOW;
716
717 len = min_t(unsigned int, sizeof(sec), optlen);
718 if (copy_from_sockptr(&sec, optval, len)) {
719 err = -EFAULT;
720 break;
721 }
722
723 if (sec.level > BT_SECURITY_HIGH) {
724 err = -EINVAL;
725 break;
726 }
727
728 rfcomm_pi(sk)->sec_level = sec.level;
729 break;
730
731 case BT_DEFER_SETUP:
732 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
733 err = -EINVAL;
734 break;
735 }
736
737 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
738 err = -EFAULT;
739 break;
740 }
741
742 if (opt)
743 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
744 else
745 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
746
747 break;
748
749 default:
750 err = -ENOPROTOOPT;
751 break;
752 }
753
754 release_sock(sk);
755 return err;
756}
757
758static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
759{
760 struct sock *sk = sock->sk;
761 struct sock *l2cap_sk;
762 struct l2cap_conn *conn;
763 struct rfcomm_conninfo cinfo;
764 int len, err = 0;
765 u32 opt;
766
767 BT_DBG("sk %p", sk);
768
769 if (get_user(len, optlen))
770 return -EFAULT;
771
772 lock_sock(sk);
773
774 switch (optname) {
775 case RFCOMM_LM:
776 switch (rfcomm_pi(sk)->sec_level) {
777 case BT_SECURITY_LOW:
778 opt = RFCOMM_LM_AUTH;
779 break;
780 case BT_SECURITY_MEDIUM:
781 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
782 break;
783 case BT_SECURITY_HIGH:
784 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
785 RFCOMM_LM_SECURE;
786 break;
787 case BT_SECURITY_FIPS:
788 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
789 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
790 break;
791 default:
792 opt = 0;
793 break;
794 }
795
796 if (rfcomm_pi(sk)->role_switch)
797 opt |= RFCOMM_LM_MASTER;
798
799 if (put_user(opt, (u32 __user *) optval))
800 err = -EFAULT;
801
802 break;
803
804 case RFCOMM_CONNINFO:
805 if (sk->sk_state != BT_CONNECTED &&
806 !rfcomm_pi(sk)->dlc->defer_setup) {
807 err = -ENOTCONN;
808 break;
809 }
810
811 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
812 conn = l2cap_pi(l2cap_sk)->chan->conn;
813
814 memset(&cinfo, 0, sizeof(cinfo));
815 cinfo.hci_handle = conn->hcon->handle;
816 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
817
818 len = min_t(unsigned int, len, sizeof(cinfo));
819 if (copy_to_user(optval, (char *) &cinfo, len))
820 err = -EFAULT;
821
822 break;
823
824 default:
825 err = -ENOPROTOOPT;
826 break;
827 }
828
829 release_sock(sk);
830 return err;
831}
832
833static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
834{
835 struct sock *sk = sock->sk;
836 struct bt_security sec;
837 int len, err = 0;
838
839 BT_DBG("sk %p", sk);
840
841 if (level == SOL_RFCOMM)
842 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
843
844 if (level != SOL_BLUETOOTH)
845 return -ENOPROTOOPT;
846
847 if (get_user(len, optlen))
848 return -EFAULT;
849
850 lock_sock(sk);
851
852 switch (optname) {
853 case BT_SECURITY:
854 if (sk->sk_type != SOCK_STREAM) {
855 err = -EINVAL;
856 break;
857 }
858
859 sec.level = rfcomm_pi(sk)->sec_level;
860 sec.key_size = 0;
861
862 len = min_t(unsigned int, len, sizeof(sec));
863 if (copy_to_user(optval, (char *) &sec, len))
864 err = -EFAULT;
865
866 break;
867
868 case BT_DEFER_SETUP:
869 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
870 err = -EINVAL;
871 break;
872 }
873
874 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
875 (u32 __user *) optval))
876 err = -EFAULT;
877
878 break;
879
880 default:
881 err = -ENOPROTOOPT;
882 break;
883 }
884
885 release_sock(sk);
886 return err;
887}
888
889static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
890{
891 struct sock *sk __maybe_unused = sock->sk;
892 int err;
893
894 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
895
896 err = bt_sock_ioctl(sock, cmd, arg);
897
898 if (err == -ENOIOCTLCMD) {
899#ifdef CONFIG_BT_RFCOMM_TTY
900 lock_sock(sk);
901 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
902 release_sock(sk);
903#else
904 err = -EOPNOTSUPP;
905#endif
906 }
907
908 return err;
909}
910
911#ifdef CONFIG_COMPAT
912static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
913{
914 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
915}
916#endif
917
918static int rfcomm_sock_shutdown(struct socket *sock, int how)
919{
920 struct sock *sk = sock->sk;
921 int err = 0;
922
923 BT_DBG("sock %p, sk %p", sock, sk);
924
925 if (!sk)
926 return 0;
927
928 lock_sock(sk);
929 if (!sk->sk_shutdown) {
930 sk->sk_shutdown = SHUTDOWN_MASK;
931 __rfcomm_sock_close(sk);
932
933 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
934 !(current->flags & PF_EXITING))
935 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
936 }
937 release_sock(sk);
938 return err;
939}
940
941static int rfcomm_sock_release(struct socket *sock)
942{
943 struct sock *sk = sock->sk;
944 int err;
945
946 BT_DBG("sock %p, sk %p", sock, sk);
947
948 if (!sk)
949 return 0;
950
951 err = rfcomm_sock_shutdown(sock, 2);
952
953 sock_orphan(sk);
954 rfcomm_sock_kill(sk);
955 return err;
956}
957
958
959
960
961
962int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
963{
964 struct sock *sk, *parent;
965 bdaddr_t src, dst;
966 int result = 0;
967
968 BT_DBG("session %p channel %d", s, channel);
969
970 rfcomm_session_getaddr(s, &src, &dst);
971
972
973 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
974 if (!parent)
975 return 0;
976
977 lock_sock(parent);
978
979
980 if (sk_acceptq_is_full(parent)) {
981 BT_DBG("backlog full %d", parent->sk_ack_backlog);
982 goto done;
983 }
984
985 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
986 if (!sk)
987 goto done;
988
989 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
990
991 rfcomm_sock_init(sk, parent);
992 bacpy(&rfcomm_pi(sk)->src, &src);
993 bacpy(&rfcomm_pi(sk)->dst, &dst);
994 rfcomm_pi(sk)->channel = channel;
995
996 sk->sk_state = BT_CONFIG;
997 bt_accept_enqueue(parent, sk, true);
998
999
1000 *d = rfcomm_pi(sk)->dlc;
1001 result = 1;
1002
1003done:
1004 release_sock(parent);
1005
1006 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1007 parent->sk_state_change(parent);
1008
1009 return result;
1010}
1011
1012static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1013{
1014 struct sock *sk;
1015
1016 read_lock(&rfcomm_sk_list.lock);
1017
1018 sk_for_each(sk, &rfcomm_sk_list.head) {
1019 seq_printf(f, "%pMR %pMR %d %d\n",
1020 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1021 sk->sk_state, rfcomm_pi(sk)->channel);
1022 }
1023
1024 read_unlock(&rfcomm_sk_list.lock);
1025
1026 return 0;
1027}
1028
1029DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1030
1031static struct dentry *rfcomm_sock_debugfs;
1032
1033static const struct proto_ops rfcomm_sock_ops = {
1034 .family = PF_BLUETOOTH,
1035 .owner = THIS_MODULE,
1036 .release = rfcomm_sock_release,
1037 .bind = rfcomm_sock_bind,
1038 .connect = rfcomm_sock_connect,
1039 .listen = rfcomm_sock_listen,
1040 .accept = rfcomm_sock_accept,
1041 .getname = rfcomm_sock_getname,
1042 .sendmsg = rfcomm_sock_sendmsg,
1043 .recvmsg = rfcomm_sock_recvmsg,
1044 .shutdown = rfcomm_sock_shutdown,
1045 .setsockopt = rfcomm_sock_setsockopt,
1046 .getsockopt = rfcomm_sock_getsockopt,
1047 .ioctl = rfcomm_sock_ioctl,
1048 .gettstamp = sock_gettstamp,
1049 .poll = bt_sock_poll,
1050 .socketpair = sock_no_socketpair,
1051 .mmap = sock_no_mmap,
1052#ifdef CONFIG_COMPAT
1053 .compat_ioctl = rfcomm_sock_compat_ioctl,
1054#endif
1055};
1056
1057static const struct net_proto_family rfcomm_sock_family_ops = {
1058 .family = PF_BLUETOOTH,
1059 .owner = THIS_MODULE,
1060 .create = rfcomm_sock_create
1061};
1062
1063int __init rfcomm_init_sockets(void)
1064{
1065 int err;
1066
1067 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1068
1069 err = proto_register(&rfcomm_proto, 0);
1070 if (err < 0)
1071 return err;
1072
1073 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1074 if (err < 0) {
1075 BT_ERR("RFCOMM socket layer registration failed");
1076 goto error;
1077 }
1078
1079 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1080 if (err < 0) {
1081 BT_ERR("Failed to create RFCOMM proc file");
1082 bt_sock_unregister(BTPROTO_RFCOMM);
1083 goto error;
1084 }
1085
1086 BT_INFO("RFCOMM socket layer initialized");
1087
1088 if (IS_ERR_OR_NULL(bt_debugfs))
1089 return 0;
1090
1091 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1092 bt_debugfs, NULL,
1093 &rfcomm_sock_debugfs_fops);
1094
1095 return 0;
1096
1097error:
1098 proto_unregister(&rfcomm_proto);
1099 return err;
1100}
1101
1102void __exit rfcomm_cleanup_sockets(void)
1103{
1104 bt_procfs_cleanup(&init_net, "rfcomm");
1105
1106 debugfs_remove(rfcomm_sock_debugfs);
1107
1108 bt_sock_unregister(BTPROTO_RFCOMM);
1109
1110 proto_unregister(&rfcomm_proto);
1111}
1112