CoCalc -- sock.c

GitHub Repository: torvalds/linux
Path: blob/master/net/bluetooth/rfcomm/sock.c
⁴⁹⁶³⁹ views
1
/*
2
   RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3
   Copyright (C) 2002 Maxim Krasnyansky <[email protected]>
4
   Copyright (C) 2002 Marcel Holtmann <[email protected]>
5

6
   This program is free software; you can redistribute it and/or modify
7
   it under the terms of the GNU General Public License version 2 as
8
   published by the Free Software Foundation;
9

10
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18

19
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21
   SOFTWARE IS DISCLAIMED.
22
*/
23

24
/*
25
 * RFCOMM sockets.
26
 */
27
#include <linux/compat.h>
28
#include <linux/export.h>
29
#include <linux/debugfs.h>
30
#include <linux/sched/signal.h>
31

32
#include <net/bluetooth/bluetooth.h>
33
#include <net/bluetooth/hci_core.h>
34
#include <net/bluetooth/l2cap.h>
35
#include <net/bluetooth/rfcomm.h>
36

37
static const struct proto_ops rfcomm_sock_ops;
38

39
static struct bt_sock_list rfcomm_sk_list = {
40
	.lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41
};
42

43
static void rfcomm_sock_close(struct sock *sk);
44
static void rfcomm_sock_kill(struct sock *sk);
45

46
/* ---- DLC callbacks ----
47
 *
48
 * called under rfcomm_dlc_lock()
49
 */
50
static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51
{
52
	struct sock *sk = d->owner;
53
	if (!sk)
54
		return;
55

56
	atomic_add(skb->len, &sk->sk_rmem_alloc);
57
	skb_queue_tail(&sk->sk_receive_queue, skb);
58
	sk->sk_data_ready(sk);
59

60
	if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61
		rfcomm_dlc_throttle(d);
62
}
63

64
static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65
{
66
	struct sock *sk = d->owner, *parent;
67

68
	if (!sk)
69
		return;
70

71
	BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72

73
	lock_sock(sk);
74

75
	if (err)
76
		sk->sk_err = err;
77

78
	sk->sk_state = d->state;
79

80
	parent = bt_sk(sk)->parent;
81
	if (parent) {
82
		if (d->state == BT_CLOSED) {
83
			sock_set_flag(sk, SOCK_ZAPPED);
84
			bt_accept_unlink(sk);
85
		}
86
		parent->sk_data_ready(parent);
87
	} else {
88
		if (d->state == BT_CONNECTED)
89
			rfcomm_session_getaddr(d->session,
90
					       &rfcomm_pi(sk)->src, NULL);
91
		sk->sk_state_change(sk);
92
	}
93

94
	release_sock(sk);
95

96
	if (parent && sock_flag(sk, SOCK_ZAPPED)) {
97
		/* We have to drop DLC lock here, otherwise
98
		 * rfcomm_sock_destruct() will dead lock. */
99
		rfcomm_dlc_unlock(d);
100
		rfcomm_sock_kill(sk);
101
		rfcomm_dlc_lock(d);
102
	}
103
}
104

105
/* ---- Socket functions ---- */
106
static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
107
{
108
	struct sock *sk = NULL;
109

110
	sk_for_each(sk, &rfcomm_sk_list.head) {
111
		if (rfcomm_pi(sk)->channel != channel)
112
			continue;
113

114
		if (bacmp(&rfcomm_pi(sk)->src, src))
115
			continue;
116

117
		if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
118
			break;
119
	}
120

121
	return sk ? sk : NULL;
122
}
123

124
/* Find socket with channel and source bdaddr.
125
 * Returns closest match.
126
 */
127
static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
128
{
129
	struct sock *sk = NULL, *sk1 = NULL;
130

131
	read_lock(&rfcomm_sk_list.lock);
132

133
	sk_for_each(sk, &rfcomm_sk_list.head) {
134
		if (state && sk->sk_state != state)
135
			continue;
136

137
		if (rfcomm_pi(sk)->channel == channel) {
138
			/* Exact match. */
139
			if (!bacmp(&rfcomm_pi(sk)->src, src))
140
				break;
141

142
			/* Closest match */
143
			if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
144
				sk1 = sk;
145
		}
146
	}
147

148
	read_unlock(&rfcomm_sk_list.lock);
149

150
	return sk ? sk : sk1;
151
}
152

153
static void rfcomm_sock_destruct(struct sock *sk)
154
{
155
	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
156

157
	BT_DBG("sk %p dlc %p", sk, d);
158

159
	skb_queue_purge(&sk->sk_receive_queue);
160
	skb_queue_purge(&sk->sk_write_queue);
161

162
	rfcomm_dlc_lock(d);
163
	rfcomm_pi(sk)->dlc = NULL;
164

165
	/* Detach DLC if it's owned by this socket */
166
	if (d->owner == sk)
167
		d->owner = NULL;
168
	rfcomm_dlc_unlock(d);
169

170
	rfcomm_dlc_put(d);
171
}
172

173
static void rfcomm_sock_cleanup_listen(struct sock *parent)
174
{
175
	struct sock *sk;
176

177
	BT_DBG("parent %p", parent);
178

179
	/* Close not yet accepted dlcs */
180
	while ((sk = bt_accept_dequeue(parent, NULL))) {
181
		rfcomm_sock_close(sk);
182
		rfcomm_sock_kill(sk);
183
	}
184

185
	parent->sk_state  = BT_CLOSED;
186
	sock_set_flag(parent, SOCK_ZAPPED);
187
}
188

189
/* Kill socket (only if zapped and orphan)
190
 * Must be called on unlocked socket.
191
 */
192
static void rfcomm_sock_kill(struct sock *sk)
193
{
194
	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
195
		return;
196

197
	BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
198

199
	/* Kill poor orphan */
200
	bt_sock_unlink(&rfcomm_sk_list, sk);
201
	sock_set_flag(sk, SOCK_DEAD);
202
	sock_put(sk);
203
}
204

205
static void __rfcomm_sock_close(struct sock *sk)
206
{
207
	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
208

209
	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
210

211
	switch (sk->sk_state) {
212
	case BT_LISTEN:
213
		rfcomm_sock_cleanup_listen(sk);
214
		break;
215

216
	case BT_CONNECT:
217
	case BT_CONNECT2:
218
	case BT_CONFIG:
219
	case BT_CONNECTED:
220
		rfcomm_dlc_close(d, 0);
221
		fallthrough;
222

223
	default:
224
		sock_set_flag(sk, SOCK_ZAPPED);
225
		break;
226
	}
227
}
228

229
/* Close socket.
230
 * Must be called on unlocked socket.
231
 */
232
static void rfcomm_sock_close(struct sock *sk)
233
{
234
	lock_sock(sk);
235
	__rfcomm_sock_close(sk);
236
	release_sock(sk);
237
}
238

239
static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
240
{
241
	struct rfcomm_pinfo *pi = rfcomm_pi(sk);
242

243
	BT_DBG("sk %p", sk);
244

245
	if (parent) {
246
		sk->sk_type = parent->sk_type;
247
		pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
248
						&bt_sk(parent)->flags);
249

250
		pi->sec_level = rfcomm_pi(parent)->sec_level;
251
		pi->role_switch = rfcomm_pi(parent)->role_switch;
252

253
		security_sk_clone(parent, sk);
254
	} else {
255
		pi->dlc->defer_setup = 0;
256

257
		pi->sec_level = BT_SECURITY_LOW;
258
		pi->role_switch = 0;
259
	}
260

261
	pi->dlc->sec_level = pi->sec_level;
262
	pi->dlc->role_switch = pi->role_switch;
263
}
264

265
static struct proto rfcomm_proto = {
266
	.name		= "RFCOMM",
267
	.owner		= THIS_MODULE,
268
	.obj_size	= sizeof(struct rfcomm_pinfo)
269
};
270

271
static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock,
272
				      int proto, gfp_t prio, int kern)
273
{
274
	struct rfcomm_dlc *d;
275
	struct sock *sk;
276

277
	d = rfcomm_dlc_alloc(prio);
278
	if (!d)
279
		return NULL;
280

281
	sk = bt_sock_alloc(net, sock, &rfcomm_proto, proto, prio, kern);
282
	if (!sk) {
283
		rfcomm_dlc_free(d);
284
		return NULL;
285
	}
286

287
	d->data_ready   = rfcomm_sk_data_ready;
288
	d->state_change = rfcomm_sk_state_change;
289

290
	rfcomm_pi(sk)->dlc = d;
291
	d->owner = sk;
292

293
	sk->sk_destruct = rfcomm_sock_destruct;
294
	sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
295

296
	sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
297
	sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
298

299
	bt_sock_link(&rfcomm_sk_list, sk);
300

301
	BT_DBG("sk %p", sk);
302
	return sk;
303
}
304

305
static int rfcomm_sock_create(struct net *net, struct socket *sock,
306
			      int protocol, int kern)
307
{
308
	struct sock *sk;
309

310
	BT_DBG("sock %p", sock);
311

312
	sock->state = SS_UNCONNECTED;
313

314
	if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
315
		return -ESOCKTNOSUPPORT;
316

317
	sock->ops = &rfcomm_sock_ops;
318

319
	sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
320
	if (!sk)
321
		return -ENOMEM;
322

323
	rfcomm_sock_init(sk, NULL);
324
	return 0;
325
}
326

327
static int rfcomm_sock_bind(struct socket *sock, struct sockaddr_unsized *addr, int addr_len)
328
{
329
	struct sockaddr_rc sa;
330
	struct sock *sk = sock->sk;
331
	int len, err = 0;
332

333
	if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
334
	    addr->sa_family != AF_BLUETOOTH)
335
		return -EINVAL;
336

337
	memset(&sa, 0, sizeof(sa));
338
	len = min_t(unsigned int, sizeof(sa), addr_len);
339
	memcpy(&sa, addr, len);
340

341
	BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
342

343
	lock_sock(sk);
344

345
	if (sk->sk_state != BT_OPEN) {
346
		err = -EBADFD;
347
		goto done;
348
	}
349

350
	if (sk->sk_type != SOCK_STREAM) {
351
		err = -EINVAL;
352
		goto done;
353
	}
354

355
	write_lock(&rfcomm_sk_list.lock);
356

357
	if (sa.rc_channel &&
358
	    __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
359
		err = -EADDRINUSE;
360
	} else {
361
		/* Save source address */
362
		bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
363
		rfcomm_pi(sk)->channel = sa.rc_channel;
364
		sk->sk_state = BT_BOUND;
365
	}
366

367
	write_unlock(&rfcomm_sk_list.lock);
368

369
done:
370
	release_sock(sk);
371
	return err;
372
}
373

374
static int rfcomm_sock_connect(struct socket *sock, struct sockaddr_unsized *addr,
375
			       int alen, int flags)
376
{
377
	struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
378
	struct sock *sk = sock->sk;
379
	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
380
	int err = 0;
381

382
	BT_DBG("sk %p", sk);
383

384
	if (alen < sizeof(struct sockaddr_rc) ||
385
	    addr->sa_family != AF_BLUETOOTH)
386
		return -EINVAL;
387

388
	sock_hold(sk);
389
	lock_sock(sk);
390

391
	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
392
		err = -EBADFD;
393
		goto done;
394
	}
395

396
	if (sk->sk_type != SOCK_STREAM) {
397
		err = -EINVAL;
398
		goto done;
399
	}
400

401
	sk->sk_state = BT_CONNECT;
402
	bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
403
	rfcomm_pi(sk)->channel = sa->rc_channel;
404

405
	d->sec_level = rfcomm_pi(sk)->sec_level;
406
	d->role_switch = rfcomm_pi(sk)->role_switch;
407

408
	/* Drop sock lock to avoid potential deadlock with the RFCOMM lock */
409
	release_sock(sk);
410
	err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
411
			      sa->rc_channel);
412
	lock_sock(sk);
413
	if (!err && !sock_flag(sk, SOCK_ZAPPED))
414
		err = bt_sock_wait_state(sk, BT_CONNECTED,
415
				sock_sndtimeo(sk, flags & O_NONBLOCK));
416

417
done:
418
	release_sock(sk);
419
	sock_put(sk);
420
	return err;
421
}
422

423
static int rfcomm_sock_listen(struct socket *sock, int backlog)
424
{
425
	struct sock *sk = sock->sk;
426
	int err = 0;
427

428
	BT_DBG("sk %p backlog %d", sk, backlog);
429

430
	lock_sock(sk);
431

432
	if (sk->sk_state != BT_BOUND) {
433
		err = -EBADFD;
434
		goto done;
435
	}
436

437
	if (sk->sk_type != SOCK_STREAM) {
438
		err = -EINVAL;
439
		goto done;
440
	}
441

442
	if (!rfcomm_pi(sk)->channel) {
443
		bdaddr_t *src = &rfcomm_pi(sk)->src;
444
		u8 channel;
445

446
		err = -EINVAL;
447

448
		write_lock(&rfcomm_sk_list.lock);
449

450
		for (channel = 1; channel < 31; channel++)
451
			if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
452
				rfcomm_pi(sk)->channel = channel;
453
				err = 0;
454
				break;
455
			}
456

457
		write_unlock(&rfcomm_sk_list.lock);
458

459
		if (err < 0)
460
			goto done;
461
	}
462

463
	sk->sk_max_ack_backlog = backlog;
464
	sk->sk_ack_backlog = 0;
465
	sk->sk_state = BT_LISTEN;
466

467
done:
468
	release_sock(sk);
469
	return err;
470
}
471

472
static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock,
473
			      struct proto_accept_arg *arg)
474
{
475
	DEFINE_WAIT_FUNC(wait, woken_wake_function);
476
	struct sock *sk = sock->sk, *nsk;
477
	long timeo;
478
	int err = 0;
479

480
	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
481

482
	if (sk->sk_type != SOCK_STREAM) {
483
		err = -EINVAL;
484
		goto done;
485
	}
486

487
	timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
488

489
	BT_DBG("sk %p timeo %ld", sk, timeo);
490

491
	/* Wait for an incoming connection. (wake-one). */
492
	add_wait_queue_exclusive(sk_sleep(sk), &wait);
493
	while (1) {
494
		if (sk->sk_state != BT_LISTEN) {
495
			err = -EBADFD;
496
			break;
497
		}
498

499
		nsk = bt_accept_dequeue(sk, newsock);
500
		if (nsk)
501
			break;
502

503
		if (!timeo) {
504
			err = -EAGAIN;
505
			break;
506
		}
507

508
		if (signal_pending(current)) {
509
			err = sock_intr_errno(timeo);
510
			break;
511
		}
512

513
		release_sock(sk);
514

515
		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
516

517
		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
518
	}
519
	remove_wait_queue(sk_sleep(sk), &wait);
520

521
	if (err)
522
		goto done;
523

524
	newsock->state = SS_CONNECTED;
525

526
	BT_DBG("new socket %p", nsk);
527

528
done:
529
	release_sock(sk);
530
	return err;
531
}
532

533
static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
534
{
535
	struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
536
	struct sock *sk = sock->sk;
537

538
	BT_DBG("sock %p, sk %p", sock, sk);
539

540
	if (peer && sk->sk_state != BT_CONNECTED &&
541
	    sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
542
		return -ENOTCONN;
543

544
	memset(sa, 0, sizeof(*sa));
545
	sa->rc_family  = AF_BLUETOOTH;
546
	sa->rc_channel = rfcomm_pi(sk)->channel;
547
	if (peer)
548
		bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
549
	else
550
		bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
551

552
	return sizeof(struct sockaddr_rc);
553
}
554

555
static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
556
			       size_t len)
557
{
558
	struct sock *sk = sock->sk;
559
	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
560
	struct sk_buff *skb;
561
	int sent;
562

563
	if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
564
		return -ENOTCONN;
565

566
	if (msg->msg_flags & MSG_OOB)
567
		return -EOPNOTSUPP;
568

569
	if (sk->sk_shutdown & SEND_SHUTDOWN)
570
		return -EPIPE;
571

572
	BT_DBG("sock %p, sk %p", sock, sk);
573

574
	lock_sock(sk);
575

576
	sent = bt_sock_wait_ready(sk, msg->msg_flags);
577

578
	release_sock(sk);
579

580
	if (sent)
581
		return sent;
582

583
	skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE,
584
			      RFCOMM_SKB_TAIL_RESERVE);
585
	if (IS_ERR(skb))
586
		return PTR_ERR(skb);
587

588
	sent = rfcomm_dlc_send(d, skb);
589
	if (sent < 0)
590
		kfree_skb(skb);
591

592
	return sent;
593
}
594

595
static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
596
			       size_t size, int flags)
597
{
598
	struct sock *sk = sock->sk;
599
	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
600
	int len;
601

602
	if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
603
		rfcomm_dlc_accept(d);
604
		return 0;
605
	}
606

607
	len = bt_sock_stream_recvmsg(sock, msg, size, flags);
608

609
	lock_sock(sk);
610
	if (!(flags & MSG_PEEK) && len > 0)
611
		atomic_sub(len, &sk->sk_rmem_alloc);
612

613
	if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
614
		rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
615
	release_sock(sk);
616

617
	return len;
618
}
619

620
static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname,
621
		sockptr_t optval, unsigned int optlen)
622
{
623
	struct sock *sk = sock->sk;
624
	int err = 0;
625
	u32 opt;
626

627
	BT_DBG("sk %p", sk);
628

629
	lock_sock(sk);
630

631
	switch (optname) {
632
	case RFCOMM_LM:
633
		err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
634
		if (err)
635
			break;
636

637
		if (opt & RFCOMM_LM_FIPS) {
638
			err = -EINVAL;
639
			break;
640
		}
641

642
		if (opt & RFCOMM_LM_AUTH)
643
			rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
644
		if (opt & RFCOMM_LM_ENCRYPT)
645
			rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
646
		if (opt & RFCOMM_LM_SECURE)
647
			rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
648

649
		rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
650
		break;
651

652
	default:
653
		err = -ENOPROTOOPT;
654
		break;
655
	}
656

657
	release_sock(sk);
658
	return err;
659
}
660

661
static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname,
662
		sockptr_t optval, unsigned int optlen)
663
{
664
	struct sock *sk = sock->sk;
665
	struct bt_security sec;
666
	int err = 0;
667
	u32 opt;
668

669
	BT_DBG("sk %p", sk);
670

671
	if (level == SOL_RFCOMM)
672
		return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
673

674
	if (level != SOL_BLUETOOTH)
675
		return -ENOPROTOOPT;
676

677
	lock_sock(sk);
678

679
	switch (optname) {
680
	case BT_SECURITY:
681
		if (sk->sk_type != SOCK_STREAM) {
682
			err = -EINVAL;
683
			break;
684
		}
685

686
		sec.level = BT_SECURITY_LOW;
687

688
		err = copy_safe_from_sockptr(&sec, sizeof(sec), optval, optlen);
689
		if (err)
690
			break;
691

692
		if (sec.level > BT_SECURITY_HIGH) {
693
			err = -EINVAL;
694
			break;
695
		}
696

697
		rfcomm_pi(sk)->sec_level = sec.level;
698
		break;
699

700
	case BT_DEFER_SETUP:
701
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
702
			err = -EINVAL;
703
			break;
704
		}
705

706
		err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
707
		if (err)
708
			break;
709

710
		if (opt)
711
			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
712
		else
713
			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
714

715
		break;
716

717
	default:
718
		err = -ENOPROTOOPT;
719
		break;
720
	}
721

722
	release_sock(sk);
723
	return err;
724
}
725

726
static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
727
{
728
	struct sock *sk = sock->sk;
729
	struct sock *l2cap_sk;
730
	struct l2cap_conn *conn;
731
	struct rfcomm_conninfo cinfo;
732
	int err = 0;
733
	size_t len;
734
	u32 opt;
735

736
	BT_DBG("sk %p", sk);
737

738
	if (get_user(len, optlen))
739
		return -EFAULT;
740

741
	lock_sock(sk);
742

743
	switch (optname) {
744
	case RFCOMM_LM:
745
		switch (rfcomm_pi(sk)->sec_level) {
746
		case BT_SECURITY_LOW:
747
			opt = RFCOMM_LM_AUTH;
748
			break;
749
		case BT_SECURITY_MEDIUM:
750
			opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
751
			break;
752
		case BT_SECURITY_HIGH:
753
			opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
754
			      RFCOMM_LM_SECURE;
755
			break;
756
		case BT_SECURITY_FIPS:
757
			opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
758
			      RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
759
			break;
760
		default:
761
			opt = 0;
762
			break;
763
		}
764

765
		if (rfcomm_pi(sk)->role_switch)
766
			opt |= RFCOMM_LM_MASTER;
767

768
		if (put_user(opt, (u32 __user *) optval))
769
			err = -EFAULT;
770

771
		break;
772

773
	case RFCOMM_CONNINFO:
774
		if (sk->sk_state != BT_CONNECTED &&
775
					!rfcomm_pi(sk)->dlc->defer_setup) {
776
			err = -ENOTCONN;
777
			break;
778
		}
779

780
		l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
781
		conn = l2cap_pi(l2cap_sk)->chan->conn;
782

783
		memset(&cinfo, 0, sizeof(cinfo));
784
		cinfo.hci_handle = conn->hcon->handle;
785
		memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
786

787
		len = min(len, sizeof(cinfo));
788
		if (copy_to_user(optval, (char *) &cinfo, len))
789
			err = -EFAULT;
790

791
		break;
792

793
	default:
794
		err = -ENOPROTOOPT;
795
		break;
796
	}
797

798
	release_sock(sk);
799
	return err;
800
}
801

802
static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
803
{
804
	struct sock *sk = sock->sk;
805
	struct bt_security sec;
806
	int err = 0;
807
	size_t len;
808

809
	BT_DBG("sk %p", sk);
810

811
	if (level == SOL_RFCOMM)
812
		return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
813

814
	if (level != SOL_BLUETOOTH)
815
		return -ENOPROTOOPT;
816

817
	if (get_user(len, optlen))
818
		return -EFAULT;
819

820
	lock_sock(sk);
821

822
	switch (optname) {
823
	case BT_SECURITY:
824
		if (sk->sk_type != SOCK_STREAM) {
825
			err = -EINVAL;
826
			break;
827
		}
828

829
		sec.level = rfcomm_pi(sk)->sec_level;
830
		sec.key_size = 0;
831

832
		len = min(len, sizeof(sec));
833
		if (copy_to_user(optval, (char *) &sec, len))
834
			err = -EFAULT;
835

836
		break;
837

838
	case BT_DEFER_SETUP:
839
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
840
			err = -EINVAL;
841
			break;
842
		}
843

844
		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
845
			     (u32 __user *) optval))
846
			err = -EFAULT;
847

848
		break;
849

850
	default:
851
		err = -ENOPROTOOPT;
852
		break;
853
	}
854

855
	release_sock(sk);
856
	return err;
857
}
858

859
static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
860
{
861
	struct sock *sk __maybe_unused = sock->sk;
862
	int err;
863

864
	BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
865

866
	err = bt_sock_ioctl(sock, cmd, arg);
867

868
	if (err == -ENOIOCTLCMD) {
869
#ifdef CONFIG_BT_RFCOMM_TTY
870
		err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
871
#else
872
		err = -EOPNOTSUPP;
873
#endif
874
	}
875

876
	return err;
877
}
878

879
#ifdef CONFIG_COMPAT
880
static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
881
{
882
	return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
883
}
884
#endif
885

886
static int rfcomm_sock_shutdown(struct socket *sock, int how)
887
{
888
	struct sock *sk = sock->sk;
889
	int err = 0;
890

891
	BT_DBG("sock %p, sk %p", sock, sk);
892

893
	if (!sk)
894
		return 0;
895

896
	lock_sock(sk);
897
	if (!sk->sk_shutdown) {
898
		sk->sk_shutdown = SHUTDOWN_MASK;
899

900
		release_sock(sk);
901
		__rfcomm_sock_close(sk);
902
		lock_sock(sk);
903

904
		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
905
		    !(current->flags & PF_EXITING))
906
			err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
907
	}
908
	release_sock(sk);
909
	return err;
910
}
911

912
static int rfcomm_sock_release(struct socket *sock)
913
{
914
	struct sock *sk = sock->sk;
915
	int err;
916

917
	BT_DBG("sock %p, sk %p", sock, sk);
918

919
	if (!sk)
920
		return 0;
921

922
	err = rfcomm_sock_shutdown(sock, 2);
923

924
	sock_orphan(sk);
925
	rfcomm_sock_kill(sk);
926
	return err;
927
}
928

929
/* ---- RFCOMM core layer callbacks ----
930
 *
931
 * called under rfcomm_lock()
932
 */
933
int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
934
{
935
	struct sock *sk, *parent;
936
	bdaddr_t src, dst;
937
	int result = 0;
938

939
	BT_DBG("session %p channel %d", s, channel);
940

941
	rfcomm_session_getaddr(s, &src, &dst);
942

943
	/* Check if we have socket listening on channel */
944
	parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
945
	if (!parent)
946
		return 0;
947

948
	lock_sock(parent);
949

950
	/* Check for backlog size */
951
	if (sk_acceptq_is_full(parent)) {
952
		BT_DBG("backlog full %d", parent->sk_ack_backlog);
953
		goto done;
954
	}
955

956
	sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
957
	if (!sk)
958
		goto done;
959

960
	bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
961

962
	rfcomm_sock_init(sk, parent);
963
	bacpy(&rfcomm_pi(sk)->src, &src);
964
	bacpy(&rfcomm_pi(sk)->dst, &dst);
965
	rfcomm_pi(sk)->channel = channel;
966

967
	sk->sk_state = BT_CONFIG;
968
	bt_accept_enqueue(parent, sk, true);
969

970
	/* Accept connection and return socket DLC */
971
	*d = rfcomm_pi(sk)->dlc;
972
	result = 1;
973

974
done:
975
	release_sock(parent);
976

977
	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
978
		parent->sk_state_change(parent);
979

980
	return result;
981
}
982

983
static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
984
{
985
	struct sock *sk;
986

987
	read_lock(&rfcomm_sk_list.lock);
988

989
	sk_for_each(sk, &rfcomm_sk_list.head) {
990
		seq_printf(f, "%pMR %pMR %d %d\n",
991
			   &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
992
			   sk->sk_state, rfcomm_pi(sk)->channel);
993
	}
994

995
	read_unlock(&rfcomm_sk_list.lock);
996

997
	return 0;
998
}
999

1000
DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1001

1002
static struct dentry *rfcomm_sock_debugfs;
1003

1004
static const struct proto_ops rfcomm_sock_ops = {
1005
	.family		= PF_BLUETOOTH,
1006
	.owner		= THIS_MODULE,
1007
	.release	= rfcomm_sock_release,
1008
	.bind		= rfcomm_sock_bind,
1009
	.connect	= rfcomm_sock_connect,
1010
	.listen		= rfcomm_sock_listen,
1011
	.accept		= rfcomm_sock_accept,
1012
	.getname	= rfcomm_sock_getname,
1013
	.sendmsg	= rfcomm_sock_sendmsg,
1014
	.recvmsg	= rfcomm_sock_recvmsg,
1015
	.shutdown	= rfcomm_sock_shutdown,
1016
	.setsockopt	= rfcomm_sock_setsockopt,
1017
	.getsockopt	= rfcomm_sock_getsockopt,
1018
	.ioctl		= rfcomm_sock_ioctl,
1019
	.gettstamp	= sock_gettstamp,
1020
	.poll		= bt_sock_poll,
1021
	.socketpair	= sock_no_socketpair,
1022
	.mmap		= sock_no_mmap,
1023
#ifdef CONFIG_COMPAT
1024
	.compat_ioctl	= rfcomm_sock_compat_ioctl,
1025
#endif
1026
};
1027

1028
static const struct net_proto_family rfcomm_sock_family_ops = {
1029
	.family		= PF_BLUETOOTH,
1030
	.owner		= THIS_MODULE,
1031
	.create		= rfcomm_sock_create
1032
};
1033

1034
int __init rfcomm_init_sockets(void)
1035
{
1036
	int err;
1037

1038
	BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1039

1040
	err = proto_register(&rfcomm_proto, 0);
1041
	if (err < 0)
1042
		return err;
1043

1044
	err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1045
	if (err < 0) {
1046
		BT_ERR("RFCOMM socket layer registration failed");
1047
		goto error;
1048
	}
1049

1050
	err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1051
	if (err < 0) {
1052
		BT_ERR("Failed to create RFCOMM proc file");
1053
		bt_sock_unregister(BTPROTO_RFCOMM);
1054
		goto error;
1055
	}
1056

1057
	BT_INFO("RFCOMM socket layer initialized");
1058

1059
	if (IS_ERR_OR_NULL(bt_debugfs))
1060
		return 0;
1061

1062
	rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1063
						  bt_debugfs, NULL,
1064
						  &rfcomm_sock_debugfs_fops);
1065

1066
	return 0;
1067

1068
error:
1069
	proto_unregister(&rfcomm_proto);
1070
	return err;
1071
}
1072

1073
void __exit rfcomm_cleanup_sockets(void)
1074
{
1075
	bt_procfs_cleanup(&init_net, "rfcomm");
1076

1077
	debugfs_remove(rfcomm_sock_debugfs);
1078

1079
	bt_sock_unregister(BTPROTO_RFCOMM);
1080

1081
	proto_unregister(&rfcomm_proto);
1082
}
1083

1084
Product

Resources

Company
