Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
sock.c
Go to the documentation of this file.
1 /*
2  RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3  Copyright (C) 2002 Maxim Krasnyansky <[email protected]>
4  Copyright (C) 2002 Marcel Holtmann <[email protected]>
5 
6  This program is free software; you can redistribute it and/or modify
7  it under the terms of the GNU General Public License version 2 as
8  published by the Free Software Foundation;
9 
10  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11  OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13  IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14  CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 
19  ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20  COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21  SOFTWARE IS DISCLAIMED.
22 */
23 
24 /*
25  * RFCOMM sockets.
26  */
27 
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
30 
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/rfcomm.h>
35 
36 static const struct proto_ops rfcomm_sock_ops;
37 
38 static struct bt_sock_list rfcomm_sk_list = {
39  .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
40 };
41 
42 static void rfcomm_sock_close(struct sock *sk);
43 static void rfcomm_sock_kill(struct sock *sk);
44 
45 /* ---- DLC callbacks ----
46  *
47  * called under rfcomm_dlc_lock()
48  */
49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50 {
51  struct sock *sk = d->owner;
52  if (!sk)
53  return;
54 
55  atomic_add(skb->len, &sk->sk_rmem_alloc);
57  sk->sk_data_ready(sk, skb->len);
58 
59  if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60  rfcomm_dlc_throttle(d);
61 }
62 
63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64 {
65  struct sock *sk = d->owner, *parent;
66  unsigned long flags;
67 
68  if (!sk)
69  return;
70 
71  BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72 
73  local_irq_save(flags);
74  bh_lock_sock(sk);
75 
76  if (err)
77  sk->sk_err = err;
78 
79  sk->sk_state = d->state;
80 
81  parent = bt_sk(sk)->parent;
82  if (parent) {
83  if (d->state == BT_CLOSED) {
84  sock_set_flag(sk, SOCK_ZAPPED);
85  bt_accept_unlink(sk);
86  }
87  parent->sk_data_ready(parent, 0);
88  } else {
89  if (d->state == BT_CONNECTED)
91  sk->sk_state_change(sk);
92  }
93 
94  bh_unlock_sock(sk);
95  local_irq_restore(flags);
96 
97  if (parent && sock_flag(sk, SOCK_ZAPPED)) {
98  /* We have to drop DLC lock here, otherwise
99  * rfcomm_sock_destruct() will dead lock. */
101  rfcomm_sock_kill(sk);
102  rfcomm_dlc_lock(d);
103  }
104 }
105 
106 /* ---- Socket functions ---- */
107 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
108 {
109  struct sock *sk = NULL;
110  struct hlist_node *node;
111 
112  sk_for_each(sk, node, &rfcomm_sk_list.head) {
113  if (rfcomm_pi(sk)->channel == channel &&
114  !bacmp(&bt_sk(sk)->src, src))
115  break;
116  }
117 
118  return node ? sk : NULL;
119 }
120 
121 /* Find socket with channel and source bdaddr.
122  * Returns closest match.
123  */
124 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
125 {
126  struct sock *sk = NULL, *sk1 = NULL;
127  struct hlist_node *node;
128 
129  read_lock(&rfcomm_sk_list.lock);
130 
131  sk_for_each(sk, node, &rfcomm_sk_list.head) {
132  if (state && sk->sk_state != state)
133  continue;
134 
135  if (rfcomm_pi(sk)->channel == channel) {
136  /* Exact match. */
137  if (!bacmp(&bt_sk(sk)->src, src))
138  break;
139 
140  /* Closest match */
141  if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
142  sk1 = sk;
143  }
144  }
145 
146  read_unlock(&rfcomm_sk_list.lock);
147 
148  return node ? sk : sk1;
149 }
150 
151 static void rfcomm_sock_destruct(struct sock *sk)
152 {
153  struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
154 
155  BT_DBG("sk %p dlc %p", sk, d);
156 
159 
160  rfcomm_dlc_lock(d);
161  rfcomm_pi(sk)->dlc = NULL;
162 
163  /* Detach DLC if it's owned by this socket */
164  if (d->owner == sk)
165  d->owner = NULL;
167 
168  rfcomm_dlc_put(d);
169 }
170 
171 static void rfcomm_sock_cleanup_listen(struct sock *parent)
172 {
173  struct sock *sk;
174 
175  BT_DBG("parent %p", parent);
176 
177  /* Close not yet accepted dlcs */
178  while ((sk = bt_accept_dequeue(parent, NULL))) {
179  rfcomm_sock_close(sk);
180  rfcomm_sock_kill(sk);
181  }
182 
183  parent->sk_state = BT_CLOSED;
184  sock_set_flag(parent, SOCK_ZAPPED);
185 }
186 
187 /* Kill socket (only if zapped and orphan)
188  * Must be called on unlocked socket.
189  */
190 static void rfcomm_sock_kill(struct sock *sk)
191 {
192  if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
193  return;
194 
195  BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
196 
197  /* Kill poor orphan */
198  bt_sock_unlink(&rfcomm_sk_list, sk);
199  sock_set_flag(sk, SOCK_DEAD);
200  sock_put(sk);
201 }
202 
203 static void __rfcomm_sock_close(struct sock *sk)
204 {
205  struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
206 
207  BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
208 
209  switch (sk->sk_state) {
210  case BT_LISTEN:
211  rfcomm_sock_cleanup_listen(sk);
212  break;
213 
214  case BT_CONNECT:
215  case BT_CONNECT2:
216  case BT_CONFIG:
217  case BT_CONNECTED:
218  rfcomm_dlc_close(d, 0);
219 
220  default:
221  sock_set_flag(sk, SOCK_ZAPPED);
222  break;
223  }
224 }
225 
226 /* Close socket.
227  * Must be called on unlocked socket.
228  */
229 static void rfcomm_sock_close(struct sock *sk)
230 {
231  lock_sock(sk);
232  __rfcomm_sock_close(sk);
233  release_sock(sk);
234 }
235 
236 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
237 {
238  struct rfcomm_pinfo *pi = rfcomm_pi(sk);
239 
240  BT_DBG("sk %p", sk);
241 
242  if (parent) {
243  sk->sk_type = parent->sk_type;
244  pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
245  &bt_sk(parent)->flags);
246 
247  pi->sec_level = rfcomm_pi(parent)->sec_level;
248  pi->role_switch = rfcomm_pi(parent)->role_switch;
249 
250  security_sk_clone(parent, sk);
251  } else {
252  pi->dlc->defer_setup = 0;
253 
255  pi->role_switch = 0;
256  }
257 
258  pi->dlc->sec_level = pi->sec_level;
259  pi->dlc->role_switch = pi->role_switch;
260 }
261 
262 static struct proto rfcomm_proto = {
263  .name = "RFCOMM",
264  .owner = THIS_MODULE,
265  .obj_size = sizeof(struct rfcomm_pinfo)
266 };
267 
268 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
269 {
270  struct rfcomm_dlc *d;
271  struct sock *sk;
272 
273  sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
274  if (!sk)
275  return NULL;
276 
277  sock_init_data(sock, sk);
278  INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
279 
280  d = rfcomm_dlc_alloc(prio);
281  if (!d) {
282  sk_free(sk);
283  return NULL;
284  }
285 
286  d->data_ready = rfcomm_sk_data_ready;
287  d->state_change = rfcomm_sk_state_change;
288 
289  rfcomm_pi(sk)->dlc = d;
290  d->owner = sk;
291 
292  sk->sk_destruct = rfcomm_sock_destruct;
294 
296  sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
297 
298  sock_reset_flag(sk, SOCK_ZAPPED);
299 
300  sk->sk_protocol = proto;
301  sk->sk_state = BT_OPEN;
302 
303  bt_sock_link(&rfcomm_sk_list, sk);
304 
305  BT_DBG("sk %p", sk);
306  return sk;
307 }
308 
309 static int rfcomm_sock_create(struct net *net, struct socket *sock,
310  int protocol, int kern)
311 {
312  struct sock *sk;
313 
314  BT_DBG("sock %p", sock);
315 
316  sock->state = SS_UNCONNECTED;
317 
318  if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
319  return -ESOCKTNOSUPPORT;
320 
321  sock->ops = &rfcomm_sock_ops;
322 
323  sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
324  if (!sk)
325  return -ENOMEM;
326 
327  rfcomm_sock_init(sk, NULL);
328  return 0;
329 }
330 
331 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
332 {
333  struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
334  struct sock *sk = sock->sk;
335  int err = 0;
336 
337  BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
338 
339  if (!addr || addr->sa_family != AF_BLUETOOTH)
340  return -EINVAL;
341 
342  lock_sock(sk);
343 
344  if (sk->sk_state != BT_OPEN) {
345  err = -EBADFD;
346  goto done;
347  }
348 
349  if (sk->sk_type != SOCK_STREAM) {
350  err = -EINVAL;
351  goto done;
352  }
353 
354  write_lock(&rfcomm_sk_list.lock);
355 
356  if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
357  err = -EADDRINUSE;
358  } else {
359  /* Save source address */
360  bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
361  rfcomm_pi(sk)->channel = sa->rc_channel;
362  sk->sk_state = BT_BOUND;
363  }
364 
365  write_unlock(&rfcomm_sk_list.lock);
366 
367 done:
368  release_sock(sk);
369  return err;
370 }
371 
372 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
373 {
374  struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
375  struct sock *sk = sock->sk;
376  struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
377  int err = 0;
378 
379  BT_DBG("sk %p", sk);
380 
381  if (alen < sizeof(struct sockaddr_rc) ||
382  addr->sa_family != AF_BLUETOOTH)
383  return -EINVAL;
384 
385  lock_sock(sk);
386 
387  if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
388  err = -EBADFD;
389  goto done;
390  }
391 
392  if (sk->sk_type != SOCK_STREAM) {
393  err = -EINVAL;
394  goto done;
395  }
396 
397  sk->sk_state = BT_CONNECT;
398  bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
399  rfcomm_pi(sk)->channel = sa->rc_channel;
400 
401  d->sec_level = rfcomm_pi(sk)->sec_level;
402  d->role_switch = rfcomm_pi(sk)->role_switch;
403 
404  err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
405  if (!err)
407  sock_sndtimeo(sk, flags & O_NONBLOCK));
408 
409 done:
410  release_sock(sk);
411  return err;
412 }
413 
414 static int rfcomm_sock_listen(struct socket *sock, int backlog)
415 {
416  struct sock *sk = sock->sk;
417  int err = 0;
418 
419  BT_DBG("sk %p backlog %d", sk, backlog);
420 
421  lock_sock(sk);
422 
423  if (sk->sk_state != BT_BOUND) {
424  err = -EBADFD;
425  goto done;
426  }
427 
428  if (sk->sk_type != SOCK_STREAM) {
429  err = -EINVAL;
430  goto done;
431  }
432 
433  if (!rfcomm_pi(sk)->channel) {
434  bdaddr_t *src = &bt_sk(sk)->src;
435  u8 channel;
436 
437  err = -EINVAL;
438 
439  write_lock(&rfcomm_sk_list.lock);
440 
441  for (channel = 1; channel < 31; channel++)
442  if (!__rfcomm_get_sock_by_addr(channel, src)) {
443  rfcomm_pi(sk)->channel = channel;
444  err = 0;
445  break;
446  }
447 
448  write_unlock(&rfcomm_sk_list.lock);
449 
450  if (err < 0)
451  goto done;
452  }
453 
455  sk->sk_ack_backlog = 0;
456  sk->sk_state = BT_LISTEN;
457 
458 done:
459  release_sock(sk);
460  return err;
461 }
462 
463 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
464 {
466  struct sock *sk = sock->sk, *nsk;
467  long timeo;
468  int err = 0;
469 
470  lock_sock(sk);
471 
472  if (sk->sk_type != SOCK_STREAM) {
473  err = -EINVAL;
474  goto done;
475  }
476 
477  timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
478 
479  BT_DBG("sk %p timeo %ld", sk, timeo);
480 
481  /* Wait for an incoming connection. (wake-one). */
482  add_wait_queue_exclusive(sk_sleep(sk), &wait);
483  while (1) {
485 
486  if (sk->sk_state != BT_LISTEN) {
487  err = -EBADFD;
488  break;
489  }
490 
491  nsk = bt_accept_dequeue(sk, newsock);
492  if (nsk)
493  break;
494 
495  if (!timeo) {
496  err = -EAGAIN;
497  break;
498  }
499 
500  if (signal_pending(current)) {
501  err = sock_intr_errno(timeo);
502  break;
503  }
504 
505  release_sock(sk);
506  timeo = schedule_timeout(timeo);
507  lock_sock(sk);
508  }
510  remove_wait_queue(sk_sleep(sk), &wait);
511 
512  if (err)
513  goto done;
514 
515  newsock->state = SS_CONNECTED;
516 
517  BT_DBG("new socket %p", nsk);
518 
519 done:
520  release_sock(sk);
521  return err;
522 }
523 
524 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
525 {
526  struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
527  struct sock *sk = sock->sk;
528 
529  BT_DBG("sock %p, sk %p", sock, sk);
530 
531  memset(sa, 0, sizeof(*sa));
532  sa->rc_family = AF_BLUETOOTH;
533  sa->rc_channel = rfcomm_pi(sk)->channel;
534  if (peer)
535  bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
536  else
537  bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
538 
539  *len = sizeof(struct sockaddr_rc);
540  return 0;
541 }
542 
543 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
544  struct msghdr *msg, size_t len)
545 {
546  struct sock *sk = sock->sk;
547  struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
548  struct sk_buff *skb;
549  int sent = 0;
550 
552  return -ENOTCONN;
553 
554  if (msg->msg_flags & MSG_OOB)
555  return -EOPNOTSUPP;
556 
557  if (sk->sk_shutdown & SEND_SHUTDOWN)
558  return -EPIPE;
559 
560  BT_DBG("sock %p, sk %p", sock, sk);
561 
562  lock_sock(sk);
563 
564  while (len) {
565  size_t size = min_t(size_t, len, d->mtu);
566  int err;
567 
568  skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
569  msg->msg_flags & MSG_DONTWAIT, &err);
570  if (!skb) {
571  if (sent == 0)
572  sent = err;
573  break;
574  }
575  skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
576 
577  err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
578  if (err) {
579  kfree_skb(skb);
580  if (sent == 0)
581  sent = err;
582  break;
583  }
584 
585  skb->priority = sk->sk_priority;
586 
587  err = rfcomm_dlc_send(d, skb);
588  if (err < 0) {
589  kfree_skb(skb);
590  if (sent == 0)
591  sent = err;
592  break;
593  }
594 
595  sent += size;
596  len -= size;
597  }
598 
599  release_sock(sk);
600 
601  return sent;
602 }
603 
604 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
605  struct msghdr *msg, size_t size, int flags)
606 {
607  struct sock *sk = sock->sk;
608  struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
609  int len;
610 
613  return 0;
614  }
615 
616  len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
617 
618  lock_sock(sk);
619  if (!(flags & MSG_PEEK) && len > 0)
620  atomic_sub(len, &sk->sk_rmem_alloc);
621 
622  if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
623  rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
624  release_sock(sk);
625 
626  return len;
627 }
628 
629 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
630 {
631  struct sock *sk = sock->sk;
632  int err = 0;
633  u32 opt;
634 
635  BT_DBG("sk %p", sk);
636 
637  lock_sock(sk);
638 
639  switch (optname) {
640  case RFCOMM_LM:
641  if (get_user(opt, (u32 __user *) optval)) {
642  err = -EFAULT;
643  break;
644  }
645 
646  if (opt & RFCOMM_LM_AUTH)
647  rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
648  if (opt & RFCOMM_LM_ENCRYPT)
649  rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
650  if (opt & RFCOMM_LM_SECURE)
651  rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
652 
653  rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
654  break;
655 
656  default:
657  err = -ENOPROTOOPT;
658  break;
659  }
660 
661  release_sock(sk);
662  return err;
663 }
664 
665 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
666 {
667  struct sock *sk = sock->sk;
668  struct bt_security sec;
669  int err = 0;
670  size_t len;
671  u32 opt;
672 
673  BT_DBG("sk %p", sk);
674 
675  if (level == SOL_RFCOMM)
676  return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
677 
678  if (level != SOL_BLUETOOTH)
679  return -ENOPROTOOPT;
680 
681  lock_sock(sk);
682 
683  switch (optname) {
684  case BT_SECURITY:
685  if (sk->sk_type != SOCK_STREAM) {
686  err = -EINVAL;
687  break;
688  }
689 
690  sec.level = BT_SECURITY_LOW;
691 
692  len = min_t(unsigned int, sizeof(sec), optlen);
693  if (copy_from_user((char *) &sec, optval, len)) {
694  err = -EFAULT;
695  break;
696  }
697 
698  if (sec.level > BT_SECURITY_HIGH) {
699  err = -EINVAL;
700  break;
701  }
702 
703  rfcomm_pi(sk)->sec_level = sec.level;
704  break;
705 
706  case BT_DEFER_SETUP:
707  if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
708  err = -EINVAL;
709  break;
710  }
711 
712  if (get_user(opt, (u32 __user *) optval)) {
713  err = -EFAULT;
714  break;
715  }
716 
717  if (opt)
718  set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
719  else
720  clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
721 
722  break;
723 
724  default:
725  err = -ENOPROTOOPT;
726  break;
727  }
728 
729  release_sock(sk);
730  return err;
731 }
732 
733 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
734 {
735  struct sock *sk = sock->sk;
736  struct rfcomm_conninfo cinfo;
737  struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
738  int len, err = 0;
739  u32 opt;
740 
741  BT_DBG("sk %p", sk);
742 
743  if (get_user(len, optlen))
744  return -EFAULT;
745 
746  lock_sock(sk);
747 
748  switch (optname) {
749  case RFCOMM_LM:
750  switch (rfcomm_pi(sk)->sec_level) {
751  case BT_SECURITY_LOW:
752  opt = RFCOMM_LM_AUTH;
753  break;
754  case BT_SECURITY_MEDIUM:
755  opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
756  break;
757  case BT_SECURITY_HIGH:
758  opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
760  break;
761  default:
762  opt = 0;
763  break;
764  }
765 
766  if (rfcomm_pi(sk)->role_switch)
767  opt |= RFCOMM_LM_MASTER;
768 
769  if (put_user(opt, (u32 __user *) optval))
770  err = -EFAULT;
771  break;
772 
773  case RFCOMM_CONNINFO:
774  if (sk->sk_state != BT_CONNECTED &&
775  !rfcomm_pi(sk)->dlc->defer_setup) {
776  err = -ENOTCONN;
777  break;
778  }
779 
780  memset(&cinfo, 0, sizeof(cinfo));
781  cinfo.hci_handle = conn->hcon->handle;
782  memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
783 
784  len = min_t(unsigned int, len, sizeof(cinfo));
785  if (copy_to_user(optval, (char *) &cinfo, len))
786  err = -EFAULT;
787 
788  break;
789 
790  default:
791  err = -ENOPROTOOPT;
792  break;
793  }
794 
795  release_sock(sk);
796  return err;
797 }
798 
799 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
800 {
801  struct sock *sk = sock->sk;
802  struct bt_security sec;
803  int len, err = 0;
804 
805  BT_DBG("sk %p", sk);
806 
807  if (level == SOL_RFCOMM)
808  return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
809 
810  if (level != SOL_BLUETOOTH)
811  return -ENOPROTOOPT;
812 
813  if (get_user(len, optlen))
814  return -EFAULT;
815 
816  lock_sock(sk);
817 
818  switch (optname) {
819  case BT_SECURITY:
820  if (sk->sk_type != SOCK_STREAM) {
821  err = -EINVAL;
822  break;
823  }
824 
825  sec.level = rfcomm_pi(sk)->sec_level;
826  sec.key_size = 0;
827 
828  len = min_t(unsigned int, len, sizeof(sec));
829  if (copy_to_user(optval, (char *) &sec, len))
830  err = -EFAULT;
831 
832  break;
833 
834  case BT_DEFER_SETUP:
835  if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
836  err = -EINVAL;
837  break;
838  }
839 
840  if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
841  (u32 __user *) optval))
842  err = -EFAULT;
843 
844  break;
845 
846  default:
847  err = -ENOPROTOOPT;
848  break;
849  }
850 
851  release_sock(sk);
852  return err;
853 }
854 
855 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
856 {
857  struct sock *sk __maybe_unused = sock->sk;
858  int err;
859 
860  BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
861 
862  err = bt_sock_ioctl(sock, cmd, arg);
863 
864  if (err == -ENOIOCTLCMD) {
865 #ifdef CONFIG_BT_RFCOMM_TTY
866  lock_sock(sk);
867  err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
868  release_sock(sk);
869 #else
870  err = -EOPNOTSUPP;
871 #endif
872  }
873 
874  return err;
875 }
876 
877 static int rfcomm_sock_shutdown(struct socket *sock, int how)
878 {
879  struct sock *sk = sock->sk;
880  int err = 0;
881 
882  BT_DBG("sock %p, sk %p", sock, sk);
883 
884  if (!sk)
885  return 0;
886 
887  lock_sock(sk);
888  if (!sk->sk_shutdown) {
890  __rfcomm_sock_close(sk);
891 
892  if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
894  }
895  release_sock(sk);
896  return err;
897 }
898 
899 static int rfcomm_sock_release(struct socket *sock)
900 {
901  struct sock *sk = sock->sk;
902  int err;
903 
904  BT_DBG("sock %p, sk %p", sock, sk);
905 
906  if (!sk)
907  return 0;
908 
909  err = rfcomm_sock_shutdown(sock, 2);
910 
911  sock_orphan(sk);
912  rfcomm_sock_kill(sk);
913  return err;
914 }
915 
916 /* ---- RFCOMM core layer callbacks ----
917  *
918  * called under rfcomm_lock()
919  */
920 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
921 {
922  struct sock *sk, *parent;
923  bdaddr_t src, dst;
924  int result = 0;
925 
926  BT_DBG("session %p channel %d", s, channel);
927 
928  rfcomm_session_getaddr(s, &src, &dst);
929 
930  /* Check if we have socket listening on channel */
931  parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
932  if (!parent)
933  return 0;
934 
935  bh_lock_sock(parent);
936 
937  /* Check for backlog size */
938  if (sk_acceptq_is_full(parent)) {
939  BT_DBG("backlog full %d", parent->sk_ack_backlog);
940  goto done;
941  }
942 
943  sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
944  if (!sk)
945  goto done;
946 
948 
949  rfcomm_sock_init(sk, parent);
950  bacpy(&bt_sk(sk)->src, &src);
951  bacpy(&bt_sk(sk)->dst, &dst);
952  rfcomm_pi(sk)->channel = channel;
953 
954  sk->sk_state = BT_CONFIG;
955  bt_accept_enqueue(parent, sk);
956 
957  /* Accept connection and return socket DLC */
958  *d = rfcomm_pi(sk)->dlc;
959  result = 1;
960 
961 done:
962  bh_unlock_sock(parent);
963 
964  if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
965  parent->sk_state_change(parent);
966 
967  return result;
968 }
969 
970 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
971 {
972  struct sock *sk;
973  struct hlist_node *node;
974 
975  read_lock(&rfcomm_sk_list.lock);
976 
977  sk_for_each(sk, node, &rfcomm_sk_list.head) {
978  seq_printf(f, "%s %s %d %d\n",
979  batostr(&bt_sk(sk)->src),
980  batostr(&bt_sk(sk)->dst),
981  sk->sk_state, rfcomm_pi(sk)->channel);
982  }
983 
984  read_unlock(&rfcomm_sk_list.lock);
985 
986  return 0;
987 }
988 
989 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
990 {
991  return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
992 }
993 
994 static const struct file_operations rfcomm_sock_debugfs_fops = {
995  .open = rfcomm_sock_debugfs_open,
996  .read = seq_read,
997  .llseek = seq_lseek,
998  .release = single_release,
999 };
1000 
1001 static struct dentry *rfcomm_sock_debugfs;
1002 
1003 static const struct proto_ops rfcomm_sock_ops = {
1004  .family = PF_BLUETOOTH,
1005  .owner = THIS_MODULE,
1006  .release = rfcomm_sock_release,
1007  .bind = rfcomm_sock_bind,
1008  .connect = rfcomm_sock_connect,
1009  .listen = rfcomm_sock_listen,
1010  .accept = rfcomm_sock_accept,
1011  .getname = rfcomm_sock_getname,
1012  .sendmsg = rfcomm_sock_sendmsg,
1013  .recvmsg = rfcomm_sock_recvmsg,
1014  .shutdown = rfcomm_sock_shutdown,
1015  .setsockopt = rfcomm_sock_setsockopt,
1016  .getsockopt = rfcomm_sock_getsockopt,
1017  .ioctl = rfcomm_sock_ioctl,
1018  .poll = bt_sock_poll,
1019  .socketpair = sock_no_socketpair,
1020  .mmap = sock_no_mmap
1021 };
1022 
1023 static const struct net_proto_family rfcomm_sock_family_ops = {
1024  .family = PF_BLUETOOTH,
1025  .owner = THIS_MODULE,
1026  .create = rfcomm_sock_create
1027 };
1028 
1030 {
1031  int err;
1032 
1033  err = proto_register(&rfcomm_proto, 0);
1034  if (err < 0)
1035  return err;
1036 
1037  err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1038  if (err < 0) {
1039  BT_ERR("RFCOMM socket layer registration failed");
1040  goto error;
1041  }
1042 
1043  err = bt_procfs_init(THIS_MODULE, &init_net, "rfcomm", &rfcomm_sk_list, NULL);
1044  if (err < 0) {
1045  BT_ERR("Failed to create RFCOMM proc file");
1047  goto error;
1048  }
1049 
1050  if (bt_debugfs) {
1051  rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1052  bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1053  if (!rfcomm_sock_debugfs)
1054  BT_ERR("Failed to create RFCOMM debug file");
1055  }
1056 
1057  BT_INFO("RFCOMM socket layer initialized");
1058 
1059  return 0;
1060 
1061 error:
1062  proto_unregister(&rfcomm_proto);
1063  return err;
1064 }
1065 
1067 {
1068  bt_procfs_cleanup(&init_net, "rfcomm");
1069 
1070  debugfs_remove(rfcomm_sock_debugfs);
1071 
1073  BT_ERR("RFCOMM socket layer unregistration failed");
1074 
1075  proto_unregister(&rfcomm_proto);
1076 }