Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / linux / net / bluetooth / rfcomm / sock.c
blob: 5d8dda9ec51838b0f496175bde11d22f0fa57da2 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
26 */
27
28#include <linux/export.h>
29#include <linux/debugfs.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/rfcomm.h>
36
37static const struct proto_ops rfcomm_sock_ops;
38
39static struct bt_sock_list rfcomm_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41};
42
43static void rfcomm_sock_close(struct sock *sk);
44static void rfcomm_sock_kill(struct sock *sk);
45
46/* ---- DLC callbacks ----
47 *
48 * called under rfcomm_dlc_lock()
49 */
50static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51{
52 struct sock *sk = d->owner;
53 if (!sk)
54 return;
55
56 atomic_add(skb->len, &sk->sk_rmem_alloc);
57 skb_queue_tail(&sk->sk_receive_queue, skb);
58 sk->sk_data_ready(sk);
59
60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61 rfcomm_dlc_throttle(d);
62}
63
64static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65{
66 struct sock *sk = d->owner, *parent;
67 unsigned long flags;
68
69 if (!sk)
70 return;
71
72 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
73
74 local_irq_save(flags);
75 bh_lock_sock(sk);
76
77 if (err)
78 sk->sk_err = err;
79
80 sk->sk_state = d->state;
81
82 parent = bt_sk(sk)->parent;
83 if (parent) {
84 if (d->state == BT_CLOSED) {
85 sock_set_flag(sk, SOCK_ZAPPED);
86 bt_accept_unlink(sk);
87 }
88 parent->sk_data_ready(parent);
89 } else {
90 if (d->state == BT_CONNECTED)
91 rfcomm_session_getaddr(d->session,
92 &rfcomm_pi(sk)->src, NULL);
93 sk->sk_state_change(sk);
94 }
95
96 bh_unlock_sock(sk);
97 local_irq_restore(flags);
98
99 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
100 /* We have to drop DLC lock here, otherwise
101 * rfcomm_sock_destruct() will dead lock. */
102 rfcomm_dlc_unlock(d);
103 rfcomm_sock_kill(sk);
104 rfcomm_dlc_lock(d);
105 }
106}
107
108/* ---- Socket functions ---- */
109static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
110{
111 struct sock *sk = NULL;
112
113 sk_for_each(sk, &rfcomm_sk_list.head) {
114 if (rfcomm_pi(sk)->channel != channel)
115 continue;
116
117 if (bacmp(&rfcomm_pi(sk)->src, src))
118 continue;
119
120 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
121 break;
122 }
123
124 return sk ? sk : NULL;
125}
126
127/* Find socket with channel and source bdaddr.
128 * Returns closest match.
129 */
130static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
131{
132 struct sock *sk = NULL, *sk1 = NULL;
133
134 read_lock(&rfcomm_sk_list.lock);
135
136 sk_for_each(sk, &rfcomm_sk_list.head) {
137 if (state && sk->sk_state != state)
138 continue;
139
140 if (rfcomm_pi(sk)->channel == channel) {
141 /* Exact match. */
142 if (!bacmp(&rfcomm_pi(sk)->src, src))
143 break;
144
145 /* Closest match */
146 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
147 sk1 = sk;
148 }
149 }
150
151 read_unlock(&rfcomm_sk_list.lock);
152
153 return sk ? sk : sk1;
154}
155
156static void rfcomm_sock_destruct(struct sock *sk)
157{
158 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
159
160 BT_DBG("sk %p dlc %p", sk, d);
161
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
164
165 rfcomm_dlc_lock(d);
166 rfcomm_pi(sk)->dlc = NULL;
167
168 /* Detach DLC if it's owned by this socket */
169 if (d->owner == sk)
170 d->owner = NULL;
171 rfcomm_dlc_unlock(d);
172
173 rfcomm_dlc_put(d);
174}
175
176static void rfcomm_sock_cleanup_listen(struct sock *parent)
177{
178 struct sock *sk;
179
180 BT_DBG("parent %p", parent);
181
182 /* Close not yet accepted dlcs */
183 while ((sk = bt_accept_dequeue(parent, NULL))) {
184 rfcomm_sock_close(sk);
185 rfcomm_sock_kill(sk);
186 }
187
188 parent->sk_state = BT_CLOSED;
189 sock_set_flag(parent, SOCK_ZAPPED);
190}
191
192/* Kill socket (only if zapped and orphan)
193 * Must be called on unlocked socket.
194 */
195static void rfcomm_sock_kill(struct sock *sk)
196{
197 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
198 return;
199
200 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
201
202 /* Kill poor orphan */
203 bt_sock_unlink(&rfcomm_sk_list, sk);
204 sock_set_flag(sk, SOCK_DEAD);
205 sock_put(sk);
206}
207
208static void __rfcomm_sock_close(struct sock *sk)
209{
210 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
211
212 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
213
214 switch (sk->sk_state) {
215 case BT_LISTEN:
216 rfcomm_sock_cleanup_listen(sk);
217 break;
218
219 case BT_CONNECT:
220 case BT_CONNECT2:
221 case BT_CONFIG:
222 case BT_CONNECTED:
223 rfcomm_dlc_close(d, 0);
224 /* fall through */
225
226 default:
227 sock_set_flag(sk, SOCK_ZAPPED);
228 break;
229 }
230}
231
232/* Close socket.
233 * Must be called on unlocked socket.
234 */
235static void rfcomm_sock_close(struct sock *sk)
236{
237 lock_sock(sk);
238 __rfcomm_sock_close(sk);
239 release_sock(sk);
240}
241
242static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
243{
244 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
245
246 BT_DBG("sk %p", sk);
247
248 if (parent) {
249 sk->sk_type = parent->sk_type;
250 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
251 &bt_sk(parent)->flags);
252
253 pi->sec_level = rfcomm_pi(parent)->sec_level;
254 pi->role_switch = rfcomm_pi(parent)->role_switch;
255
256 security_sk_clone(parent, sk);
257 } else {
258 pi->dlc->defer_setup = 0;
259
260 pi->sec_level = BT_SECURITY_LOW;
261 pi->role_switch = 0;
262 }
263
264 pi->dlc->sec_level = pi->sec_level;
265 pi->dlc->role_switch = pi->role_switch;
266}
267
268static struct proto rfcomm_proto = {
269 .name = "RFCOMM",
270 .owner = THIS_MODULE,
271 .obj_size = sizeof(struct rfcomm_pinfo)
272};
273
274static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
275{
276 struct rfcomm_dlc *d;
277 struct sock *sk;
278
279 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
280 if (!sk)
281 return NULL;
282
283 sock_init_data(sock, sk);
284 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
285
286 d = rfcomm_dlc_alloc(prio);
287 if (!d) {
288 sk_free(sk);
289 return NULL;
290 }
291
292 d->data_ready = rfcomm_sk_data_ready;
293 d->state_change = rfcomm_sk_state_change;
294
295 rfcomm_pi(sk)->dlc = d;
296 d->owner = sk;
297
298 sk->sk_destruct = rfcomm_sock_destruct;
299 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
300
301 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
302 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
303
304 sock_reset_flag(sk, SOCK_ZAPPED);
305
306 sk->sk_protocol = proto;
307 sk->sk_state = BT_OPEN;
308
309 bt_sock_link(&rfcomm_sk_list, sk);
310
311 BT_DBG("sk %p", sk);
312 return sk;
313}
314
315static int rfcomm_sock_create(struct net *net, struct socket *sock,
316 int protocol, int kern)
317{
318 struct sock *sk;
319
320 BT_DBG("sock %p", sock);
321
322 sock->state = SS_UNCONNECTED;
323
324 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
325 return -ESOCKTNOSUPPORT;
326
327 sock->ops = &rfcomm_sock_ops;
328
329 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
330 if (!sk)
331 return -ENOMEM;
332
333 rfcomm_sock_init(sk, NULL);
334 return 0;
335}
336
337static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
338{
339 struct sockaddr_rc sa;
340 struct sock *sk = sock->sk;
341 int len, err = 0;
342
343 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
344 addr->sa_family != AF_BLUETOOTH)
345 return -EINVAL;
346
347 memset(&sa, 0, sizeof(sa));
348 len = min_t(unsigned int, sizeof(sa), addr_len);
349 memcpy(&sa, addr, len);
350
351 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
352
353 lock_sock(sk);
354
355 if (sk->sk_state != BT_OPEN) {
356 err = -EBADFD;
357 goto done;
358 }
359
360 if (sk->sk_type != SOCK_STREAM) {
361 err = -EINVAL;
362 goto done;
363 }
364
365 write_lock(&rfcomm_sk_list.lock);
366
367 if (sa.rc_channel &&
368 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
369 err = -EADDRINUSE;
370 } else {
371 /* Save source address */
372 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
373 rfcomm_pi(sk)->channel = sa.rc_channel;
374 sk->sk_state = BT_BOUND;
375 }
376
377 write_unlock(&rfcomm_sk_list.lock);
378
379done:
380 release_sock(sk);
381 return err;
382}
383
384static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
385{
386 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
387 struct sock *sk = sock->sk;
388 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
389 int err = 0;
390
391 BT_DBG("sk %p", sk);
392
393 if (alen < sizeof(struct sockaddr_rc) ||
394 addr->sa_family != AF_BLUETOOTH)
395 return -EINVAL;
396
397 lock_sock(sk);
398
399 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
400 err = -EBADFD;
401 goto done;
402 }
403
404 if (sk->sk_type != SOCK_STREAM) {
405 err = -EINVAL;
406 goto done;
407 }
408
409 sk->sk_state = BT_CONNECT;
410 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
411 rfcomm_pi(sk)->channel = sa->rc_channel;
412
413 d->sec_level = rfcomm_pi(sk)->sec_level;
414 d->role_switch = rfcomm_pi(sk)->role_switch;
415
416 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
417 sa->rc_channel);
418 if (!err)
419 err = bt_sock_wait_state(sk, BT_CONNECTED,
420 sock_sndtimeo(sk, flags & O_NONBLOCK));
421
422done:
423 release_sock(sk);
424 return err;
425}
426
427static int rfcomm_sock_listen(struct socket *sock, int backlog)
428{
429 struct sock *sk = sock->sk;
430 int err = 0;
431
432 BT_DBG("sk %p backlog %d", sk, backlog);
433
434 lock_sock(sk);
435
436 if (sk->sk_state != BT_BOUND) {
437 err = -EBADFD;
438 goto done;
439 }
440
441 if (sk->sk_type != SOCK_STREAM) {
442 err = -EINVAL;
443 goto done;
444 }
445
446 if (!rfcomm_pi(sk)->channel) {
447 bdaddr_t *src = &rfcomm_pi(sk)->src;
448 u8 channel;
449
450 err = -EINVAL;
451
452 write_lock(&rfcomm_sk_list.lock);
453
454 for (channel = 1; channel < 31; channel++)
455 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
456 rfcomm_pi(sk)->channel = channel;
457 err = 0;
458 break;
459 }
460
461 write_unlock(&rfcomm_sk_list.lock);
462
463 if (err < 0)
464 goto done;
465 }
466
467 sk->sk_max_ack_backlog = backlog;
468 sk->sk_ack_backlog = 0;
469 sk->sk_state = BT_LISTEN;
470
471done:
472 release_sock(sk);
473 return err;
474}
475
476static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
477 bool kern)
478{
479 DEFINE_WAIT_FUNC(wait, woken_wake_function);
480 struct sock *sk = sock->sk, *nsk;
481 long timeo;
482 int err = 0;
483
484 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
485
486 if (sk->sk_type != SOCK_STREAM) {
487 err = -EINVAL;
488 goto done;
489 }
490
491 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
492
493 BT_DBG("sk %p timeo %ld", sk, timeo);
494
495 /* Wait for an incoming connection. (wake-one). */
496 add_wait_queue_exclusive(sk_sleep(sk), &wait);
497 while (1) {
498 if (sk->sk_state != BT_LISTEN) {
499 err = -EBADFD;
500 break;
501 }
502
503 nsk = bt_accept_dequeue(sk, newsock);
504 if (nsk)
505 break;
506
507 if (!timeo) {
508 err = -EAGAIN;
509 break;
510 }
511
512 if (signal_pending(current)) {
513 err = sock_intr_errno(timeo);
514 break;
515 }
516
517 release_sock(sk);
518
519 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
520
521 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
522 }
523 remove_wait_queue(sk_sleep(sk), &wait);
524
525 if (err)
526 goto done;
527
528 newsock->state = SS_CONNECTED;
529
530 BT_DBG("new socket %p", nsk);
531
532done:
533 release_sock(sk);
534 return err;
535}
536
537static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
538{
539 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
540 struct sock *sk = sock->sk;
541
542 BT_DBG("sock %p, sk %p", sock, sk);
543
544 if (peer && sk->sk_state != BT_CONNECTED &&
545 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
546 return -ENOTCONN;
547
548 memset(sa, 0, sizeof(*sa));
549 sa->rc_family = AF_BLUETOOTH;
550 sa->rc_channel = rfcomm_pi(sk)->channel;
551 if (peer)
552 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
553 else
554 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
555
556 return sizeof(struct sockaddr_rc);
557}
558
559static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
560 size_t len)
561{
562 struct sock *sk = sock->sk;
563 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
564 struct sk_buff *skb;
565 int sent;
566
567 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
568 return -ENOTCONN;
569
570 if (msg->msg_flags & MSG_OOB)
571 return -EOPNOTSUPP;
572
573 if (sk->sk_shutdown & SEND_SHUTDOWN)
574 return -EPIPE;
575
576 BT_DBG("sock %p, sk %p", sock, sk);
577
578 lock_sock(sk);
579
580 sent = bt_sock_wait_ready(sk, msg->msg_flags);
581
582 release_sock(sk);
583
584 if (sent)
585 return sent;
586
587 skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE,
588 RFCOMM_SKB_TAIL_RESERVE);
589 if (IS_ERR(skb))
590 return PTR_ERR(skb);
591
592 sent = rfcomm_dlc_send(d, skb);
593 if (sent < 0)
594 kfree_skb(skb);
595
596 return sent;
597}
598
599static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
600 size_t size, int flags)
601{
602 struct sock *sk = sock->sk;
603 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
604 int len;
605
606 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
607 rfcomm_dlc_accept(d);
608 return 0;
609 }
610
611 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
612
613 lock_sock(sk);
614 if (!(flags & MSG_PEEK) && len > 0)
615 atomic_sub(len, &sk->sk_rmem_alloc);
616
617 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
618 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
619 release_sock(sk);
620
621 return len;
622}
623
624static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
625{
626 struct sock *sk = sock->sk;
627 int err = 0;
628 u32 opt;
629
630 BT_DBG("sk %p", sk);
631
632 lock_sock(sk);
633
634 switch (optname) {
635 case RFCOMM_LM:
636 if (get_user(opt, (u32 __user *) optval)) {
637 err = -EFAULT;
638 break;
639 }
640
641 if (opt & RFCOMM_LM_FIPS) {
642 err = -EINVAL;
643 break;
644 }
645
646 if (opt & RFCOMM_LM_AUTH)
647 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
648 if (opt & RFCOMM_LM_ENCRYPT)
649 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
650 if (opt & RFCOMM_LM_SECURE)
651 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
652
653 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
654 break;
655
656 default:
657 err = -ENOPROTOOPT;
658 break;
659 }
660
661 release_sock(sk);
662 return err;
663}
664
665static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
666{
667 struct sock *sk = sock->sk;
668 struct bt_security sec;
669 int err = 0;
670 size_t len;
671 u32 opt;
672
673 BT_DBG("sk %p", sk);
674
675 if (level == SOL_RFCOMM)
676 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
677
678 if (level != SOL_BLUETOOTH)
679 return -ENOPROTOOPT;
680
681 lock_sock(sk);
682
683 switch (optname) {
684 case BT_SECURITY:
685 if (sk->sk_type != SOCK_STREAM) {
686 err = -EINVAL;
687 break;
688 }
689
690 sec.level = BT_SECURITY_LOW;
691
692 len = min_t(unsigned int, sizeof(sec), optlen);
693 if (copy_from_user((char *) &sec, optval, len)) {
694 err = -EFAULT;
695 break;
696 }
697
698 if (sec.level > BT_SECURITY_HIGH) {
699 err = -EINVAL;
700 break;
701 }
702
703 rfcomm_pi(sk)->sec_level = sec.level;
704 break;
705
706 case BT_DEFER_SETUP:
707 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
708 err = -EINVAL;
709 break;
710 }
711
712 if (get_user(opt, (u32 __user *) optval)) {
713 err = -EFAULT;
714 break;
715 }
716
717 if (opt)
718 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
719 else
720 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
721
722 break;
723
724 default:
725 err = -ENOPROTOOPT;
726 break;
727 }
728
729 release_sock(sk);
730 return err;
731}
732
733static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
734{
735 struct sock *sk = sock->sk;
736 struct sock *l2cap_sk;
737 struct l2cap_conn *conn;
738 struct rfcomm_conninfo cinfo;
739 int err = 0;
740 size_t len;
741 u32 opt;
742
743 BT_DBG("sk %p", sk);
744
745 if (get_user(len, optlen))
746 return -EFAULT;
747
748 lock_sock(sk);
749
750 switch (optname) {
751 case RFCOMM_LM:
752 switch (rfcomm_pi(sk)->sec_level) {
753 case BT_SECURITY_LOW:
754 opt = RFCOMM_LM_AUTH;
755 break;
756 case BT_SECURITY_MEDIUM:
757 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
758 break;
759 case BT_SECURITY_HIGH:
760 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
761 RFCOMM_LM_SECURE;
762 break;
763 case BT_SECURITY_FIPS:
764 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
765 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
766 break;
767 default:
768 opt = 0;
769 break;
770 }
771
772 if (rfcomm_pi(sk)->role_switch)
773 opt |= RFCOMM_LM_MASTER;
774
775 if (put_user(opt, (u32 __user *) optval))
776 err = -EFAULT;
777
778 break;
779
780 case RFCOMM_CONNINFO:
781 if (sk->sk_state != BT_CONNECTED &&
782 !rfcomm_pi(sk)->dlc->defer_setup) {
783 err = -ENOTCONN;
784 break;
785 }
786
787 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
788 conn = l2cap_pi(l2cap_sk)->chan->conn;
789
790 memset(&cinfo, 0, sizeof(cinfo));
791 cinfo.hci_handle = conn->hcon->handle;
792 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
793
794 len = min(len, sizeof(cinfo));
795 if (copy_to_user(optval, (char *) &cinfo, len))
796 err = -EFAULT;
797
798 break;
799
800 default:
801 err = -ENOPROTOOPT;
802 break;
803 }
804
805 release_sock(sk);
806 return err;
807}
808
809static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
810{
811 struct sock *sk = sock->sk;
812 struct bt_security sec;
813 int err = 0;
814 size_t len;
815
816 BT_DBG("sk %p", sk);
817
818 if (level == SOL_RFCOMM)
819 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
820
821 if (level != SOL_BLUETOOTH)
822 return -ENOPROTOOPT;
823
824 if (get_user(len, optlen))
825 return -EFAULT;
826
827 lock_sock(sk);
828
829 switch (optname) {
830 case BT_SECURITY:
831 if (sk->sk_type != SOCK_STREAM) {
832 err = -EINVAL;
833 break;
834 }
835
836 sec.level = rfcomm_pi(sk)->sec_level;
837 sec.key_size = 0;
838
839 len = min(len, sizeof(sec));
840 if (copy_to_user(optval, (char *) &sec, len))
841 err = -EFAULT;
842
843 break;
844
845 case BT_DEFER_SETUP:
846 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
847 err = -EINVAL;
848 break;
849 }
850
851 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
852 (u32 __user *) optval))
853 err = -EFAULT;
854
855 break;
856
857 default:
858 err = -ENOPROTOOPT;
859 break;
860 }
861
862 release_sock(sk);
863 return err;
864}
865
866static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
867{
868 struct sock *sk __maybe_unused = sock->sk;
869 int err;
870
871 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
872
873 err = bt_sock_ioctl(sock, cmd, arg);
874
875 if (err == -ENOIOCTLCMD) {
876#ifdef CONFIG_BT_RFCOMM_TTY
877 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
878#else
879 err = -EOPNOTSUPP;
880#endif
881 }
882
883 return err;
884}
885
886static int rfcomm_sock_shutdown(struct socket *sock, int how)
887{
888 struct sock *sk = sock->sk;
889 int err = 0;
890
891 BT_DBG("sock %p, sk %p", sock, sk);
892
893 if (!sk)
894 return 0;
895
896 lock_sock(sk);
897 if (!sk->sk_shutdown) {
898 sk->sk_shutdown = SHUTDOWN_MASK;
899 __rfcomm_sock_close(sk);
900
901 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
902 !(current->flags & PF_EXITING))
903 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
904 }
905 release_sock(sk);
906 return err;
907}
908
909static int rfcomm_sock_release(struct socket *sock)
910{
911 struct sock *sk = sock->sk;
912 int err;
913
914 BT_DBG("sock %p, sk %p", sock, sk);
915
916 if (!sk)
917 return 0;
918
919 err = rfcomm_sock_shutdown(sock, 2);
920
921 sock_orphan(sk);
922 rfcomm_sock_kill(sk);
923 return err;
924}
925
926/* ---- RFCOMM core layer callbacks ----
927 *
928 * called under rfcomm_lock()
929 */
930int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
931{
932 struct sock *sk, *parent;
933 bdaddr_t src, dst;
934 int result = 0;
935
936 BT_DBG("session %p channel %d", s, channel);
937
938 rfcomm_session_getaddr(s, &src, &dst);
939
940 /* Check if we have socket listening on channel */
941 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
942 if (!parent)
943 return 0;
944
945 bh_lock_sock(parent);
946
947 /* Check for backlog size */
948 if (sk_acceptq_is_full(parent)) {
949 BT_DBG("backlog full %d", parent->sk_ack_backlog);
950 goto done;
951 }
952
953 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
954 if (!sk)
955 goto done;
956
957 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
958
959 rfcomm_sock_init(sk, parent);
960 bacpy(&rfcomm_pi(sk)->src, &src);
961 bacpy(&rfcomm_pi(sk)->dst, &dst);
962 rfcomm_pi(sk)->channel = channel;
963
964 sk->sk_state = BT_CONFIG;
965 bt_accept_enqueue(parent, sk, true);
966
967 /* Accept connection and return socket DLC */
968 *d = rfcomm_pi(sk)->dlc;
969 result = 1;
970
971done:
972 bh_unlock_sock(parent);
973
974 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
975 parent->sk_state_change(parent);
976
977 return result;
978}
979
980static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
981{
982 struct sock *sk;
983
984 read_lock(&rfcomm_sk_list.lock);
985
986 sk_for_each(sk, &rfcomm_sk_list.head) {
987 seq_printf(f, "%pMR %pMR %d %d\n",
988 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
989 sk->sk_state, rfcomm_pi(sk)->channel);
990 }
991
992 read_unlock(&rfcomm_sk_list.lock);
993
994 return 0;
995}
996
997DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
998
999static struct dentry *rfcomm_sock_debugfs;
1000
1001static const struct proto_ops rfcomm_sock_ops = {
1002 .family = PF_BLUETOOTH,
1003 .owner = THIS_MODULE,
1004 .release = rfcomm_sock_release,
1005 .bind = rfcomm_sock_bind,
1006 .connect = rfcomm_sock_connect,
1007 .listen = rfcomm_sock_listen,
1008 .accept = rfcomm_sock_accept,
1009 .getname = rfcomm_sock_getname,
1010 .sendmsg = rfcomm_sock_sendmsg,
1011 .recvmsg = rfcomm_sock_recvmsg,
1012 .shutdown = rfcomm_sock_shutdown,
1013 .setsockopt = rfcomm_sock_setsockopt,
1014 .getsockopt = rfcomm_sock_getsockopt,
1015 .ioctl = rfcomm_sock_ioctl,
1016 .gettstamp = sock_gettstamp,
1017 .poll = bt_sock_poll,
1018 .socketpair = sock_no_socketpair,
1019 .mmap = sock_no_mmap
1020};
1021
1022static const struct net_proto_family rfcomm_sock_family_ops = {
1023 .family = PF_BLUETOOTH,
1024 .owner = THIS_MODULE,
1025 .create = rfcomm_sock_create
1026};
1027
1028int __init rfcomm_init_sockets(void)
1029{
1030 int err;
1031
1032 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1033
1034 err = proto_register(&rfcomm_proto, 0);
1035 if (err < 0)
1036 return err;
1037
1038 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1039 if (err < 0) {
1040 BT_ERR("RFCOMM socket layer registration failed");
1041 goto error;
1042 }
1043
1044 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1045 if (err < 0) {
1046 BT_ERR("Failed to create RFCOMM proc file");
1047 bt_sock_unregister(BTPROTO_RFCOMM);
1048 goto error;
1049 }
1050
1051 BT_INFO("RFCOMM socket layer initialized");
1052
1053 if (IS_ERR_OR_NULL(bt_debugfs))
1054 return 0;
1055
1056 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1057 bt_debugfs, NULL,
1058 &rfcomm_sock_debugfs_fops);
1059
1060 return 0;
1061
1062error:
1063 proto_unregister(&rfcomm_proto);
1064 return err;
1065}
1066
1067void __exit rfcomm_cleanup_sockets(void)
1068{
1069 bt_procfs_cleanup(&init_net, "rfcomm");
1070
1071 debugfs_remove(rfcomm_sock_debugfs);
1072
1073 bt_sock_unregister(BTPROTO_RFCOMM);
1074
1075 proto_unregister(&rfcomm_proto);
1076}