1 | /* |
2 | RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> |
4 | Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> |
5 | |
6 | This program is free software; you can redistribute it and/or modify |
7 | it under the terms of the GNU General Public License version 2 as |
8 | published by the Free Software Foundation; |
9 | |
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ |
23 | |
24 | /* |
25 | * RFCOMM sockets. |
26 | */ |
27 | #include <linux/compat.h> |
28 | #include <linux/export.h> |
29 | #include <linux/debugfs.h> |
30 | #include <linux/sched/signal.h> |
31 | |
32 | #include <net/bluetooth/bluetooth.h> |
33 | #include <net/bluetooth/hci_core.h> |
34 | #include <net/bluetooth/l2cap.h> |
35 | #include <net/bluetooth/rfcomm.h> |
36 | |
37 | static const struct proto_ops rfcomm_sock_ops; |
38 | |
39 | static struct bt_sock_list rfcomm_sk_list = { |
40 | .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) |
41 | }; |
42 | |
43 | static void rfcomm_sock_close(struct sock *sk); |
44 | static void rfcomm_sock_kill(struct sock *sk); |
45 | |
46 | /* ---- DLC callbacks ---- |
47 | * |
48 | * called under rfcomm_dlc_lock() |
49 | */ |
50 | static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) |
51 | { |
52 | struct sock *sk = d->owner; |
53 | if (!sk) |
54 | return; |
55 | |
56 | atomic_add(i: skb->len, v: &sk->sk_rmem_alloc); |
57 | skb_queue_tail(list: &sk->sk_receive_queue, newsk: skb); |
58 | sk->sk_data_ready(sk); |
59 | |
60 | if (atomic_read(v: &sk->sk_rmem_alloc) >= sk->sk_rcvbuf) |
61 | rfcomm_dlc_throttle(d); |
62 | } |
63 | |
64 | static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) |
65 | { |
66 | struct sock *sk = d->owner, *parent; |
67 | |
68 | if (!sk) |
69 | return; |
70 | |
71 | BT_DBG("dlc %p state %ld err %d" , d, d->state, err); |
72 | |
73 | lock_sock(sk); |
74 | |
75 | if (err) |
76 | sk->sk_err = err; |
77 | |
78 | sk->sk_state = d->state; |
79 | |
80 | parent = bt_sk(sk)->parent; |
81 | if (parent) { |
82 | if (d->state == BT_CLOSED) { |
83 | sock_set_flag(sk, flag: SOCK_ZAPPED); |
84 | bt_accept_unlink(sk); |
85 | } |
86 | parent->sk_data_ready(parent); |
87 | } else { |
88 | if (d->state == BT_CONNECTED) |
89 | rfcomm_session_getaddr(s: d->session, |
90 | src: &rfcomm_pi(sk)->src, NULL); |
91 | sk->sk_state_change(sk); |
92 | } |
93 | |
94 | release_sock(sk); |
95 | |
96 | if (parent && sock_flag(sk, flag: SOCK_ZAPPED)) { |
97 | /* We have to drop DLC lock here, otherwise |
98 | * rfcomm_sock_destruct() will dead lock. */ |
99 | rfcomm_dlc_unlock(d); |
100 | rfcomm_sock_kill(sk); |
101 | rfcomm_dlc_lock(d); |
102 | } |
103 | } |
104 | |
105 | /* ---- Socket functions ---- */ |
106 | static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) |
107 | { |
108 | struct sock *sk = NULL; |
109 | |
110 | sk_for_each(sk, &rfcomm_sk_list.head) { |
111 | if (rfcomm_pi(sk)->channel != channel) |
112 | continue; |
113 | |
114 | if (bacmp(ba1: &rfcomm_pi(sk)->src, ba2: src)) |
115 | continue; |
116 | |
117 | if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) |
118 | break; |
119 | } |
120 | |
121 | return sk ? sk : NULL; |
122 | } |
123 | |
124 | /* Find socket with channel and source bdaddr. |
125 | * Returns closest match. |
126 | */ |
127 | static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) |
128 | { |
129 | struct sock *sk = NULL, *sk1 = NULL; |
130 | |
131 | read_lock(&rfcomm_sk_list.lock); |
132 | |
133 | sk_for_each(sk, &rfcomm_sk_list.head) { |
134 | if (state && sk->sk_state != state) |
135 | continue; |
136 | |
137 | if (rfcomm_pi(sk)->channel == channel) { |
138 | /* Exact match. */ |
139 | if (!bacmp(ba1: &rfcomm_pi(sk)->src, ba2: src)) |
140 | break; |
141 | |
142 | /* Closest match */ |
143 | if (!bacmp(ba1: &rfcomm_pi(sk)->src, BDADDR_ANY)) |
144 | sk1 = sk; |
145 | } |
146 | } |
147 | |
148 | read_unlock(&rfcomm_sk_list.lock); |
149 | |
150 | return sk ? sk : sk1; |
151 | } |
152 | |
153 | static void rfcomm_sock_destruct(struct sock *sk) |
154 | { |
155 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
156 | |
157 | BT_DBG("sk %p dlc %p" , sk, d); |
158 | |
159 | skb_queue_purge(list: &sk->sk_receive_queue); |
160 | skb_queue_purge(list: &sk->sk_write_queue); |
161 | |
162 | rfcomm_dlc_lock(d); |
163 | rfcomm_pi(sk)->dlc = NULL; |
164 | |
165 | /* Detach DLC if it's owned by this socket */ |
166 | if (d->owner == sk) |
167 | d->owner = NULL; |
168 | rfcomm_dlc_unlock(d); |
169 | |
170 | rfcomm_dlc_put(d); |
171 | } |
172 | |
173 | static void rfcomm_sock_cleanup_listen(struct sock *parent) |
174 | { |
175 | struct sock *sk; |
176 | |
177 | BT_DBG("parent %p" , parent); |
178 | |
179 | /* Close not yet accepted dlcs */ |
180 | while ((sk = bt_accept_dequeue(parent, NULL))) { |
181 | rfcomm_sock_close(sk); |
182 | rfcomm_sock_kill(sk); |
183 | } |
184 | |
185 | parent->sk_state = BT_CLOSED; |
186 | sock_set_flag(sk: parent, flag: SOCK_ZAPPED); |
187 | } |
188 | |
189 | /* Kill socket (only if zapped and orphan) |
190 | * Must be called on unlocked socket. |
191 | */ |
192 | static void rfcomm_sock_kill(struct sock *sk) |
193 | { |
194 | if (!sock_flag(sk, flag: SOCK_ZAPPED) || sk->sk_socket) |
195 | return; |
196 | |
197 | BT_DBG("sk %p state %d refcnt %d" , sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); |
198 | |
199 | /* Kill poor orphan */ |
200 | bt_sock_unlink(l: &rfcomm_sk_list, s: sk); |
201 | sock_set_flag(sk, flag: SOCK_DEAD); |
202 | sock_put(sk); |
203 | } |
204 | |
205 | static void __rfcomm_sock_close(struct sock *sk) |
206 | { |
207 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
208 | |
209 | BT_DBG("sk %p state %d socket %p" , sk, sk->sk_state, sk->sk_socket); |
210 | |
211 | switch (sk->sk_state) { |
212 | case BT_LISTEN: |
213 | rfcomm_sock_cleanup_listen(parent: sk); |
214 | break; |
215 | |
216 | case BT_CONNECT: |
217 | case BT_CONNECT2: |
218 | case BT_CONFIG: |
219 | case BT_CONNECTED: |
220 | rfcomm_dlc_close(d, reason: 0); |
221 | fallthrough; |
222 | |
223 | default: |
224 | sock_set_flag(sk, flag: SOCK_ZAPPED); |
225 | break; |
226 | } |
227 | } |
228 | |
229 | /* Close socket. |
230 | * Must be called on unlocked socket. |
231 | */ |
232 | static void rfcomm_sock_close(struct sock *sk) |
233 | { |
234 | lock_sock(sk); |
235 | __rfcomm_sock_close(sk); |
236 | release_sock(sk); |
237 | } |
238 | |
239 | static void rfcomm_sock_init(struct sock *sk, struct sock *parent) |
240 | { |
241 | struct rfcomm_pinfo *pi = rfcomm_pi(sk); |
242 | |
243 | BT_DBG("sk %p" , sk); |
244 | |
245 | if (parent) { |
246 | sk->sk_type = parent->sk_type; |
247 | pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, |
248 | &bt_sk(parent)->flags); |
249 | |
250 | pi->sec_level = rfcomm_pi(parent)->sec_level; |
251 | pi->role_switch = rfcomm_pi(parent)->role_switch; |
252 | |
253 | security_sk_clone(sk: parent, newsk: sk); |
254 | } else { |
255 | pi->dlc->defer_setup = 0; |
256 | |
257 | pi->sec_level = BT_SECURITY_LOW; |
258 | pi->role_switch = 0; |
259 | } |
260 | |
261 | pi->dlc->sec_level = pi->sec_level; |
262 | pi->dlc->role_switch = pi->role_switch; |
263 | } |
264 | |
265 | static struct proto rfcomm_proto = { |
266 | .name = "RFCOMM" , |
267 | .owner = THIS_MODULE, |
268 | .obj_size = sizeof(struct rfcomm_pinfo) |
269 | }; |
270 | |
271 | static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, |
272 | int proto, gfp_t prio, int kern) |
273 | { |
274 | struct rfcomm_dlc *d; |
275 | struct sock *sk; |
276 | |
277 | sk = bt_sock_alloc(net, sock, prot: &rfcomm_proto, proto, prio, kern); |
278 | if (!sk) |
279 | return NULL; |
280 | |
281 | d = rfcomm_dlc_alloc(prio); |
282 | if (!d) { |
283 | sk_free(sk); |
284 | return NULL; |
285 | } |
286 | |
287 | d->data_ready = rfcomm_sk_data_ready; |
288 | d->state_change = rfcomm_sk_state_change; |
289 | |
290 | rfcomm_pi(sk)->dlc = d; |
291 | d->owner = sk; |
292 | |
293 | sk->sk_destruct = rfcomm_sock_destruct; |
294 | sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; |
295 | |
296 | sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; |
297 | sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; |
298 | |
299 | bt_sock_link(l: &rfcomm_sk_list, s: sk); |
300 | |
301 | BT_DBG("sk %p" , sk); |
302 | return sk; |
303 | } |
304 | |
305 | static int rfcomm_sock_create(struct net *net, struct socket *sock, |
306 | int protocol, int kern) |
307 | { |
308 | struct sock *sk; |
309 | |
310 | BT_DBG("sock %p" , sock); |
311 | |
312 | sock->state = SS_UNCONNECTED; |
313 | |
314 | if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) |
315 | return -ESOCKTNOSUPPORT; |
316 | |
317 | sock->ops = &rfcomm_sock_ops; |
318 | |
319 | sk = rfcomm_sock_alloc(net, sock, proto: protocol, GFP_ATOMIC, kern); |
320 | if (!sk) |
321 | return -ENOMEM; |
322 | |
323 | rfcomm_sock_init(sk, NULL); |
324 | return 0; |
325 | } |
326 | |
327 | static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) |
328 | { |
329 | struct sockaddr_rc sa; |
330 | struct sock *sk = sock->sk; |
331 | int len, err = 0; |
332 | |
333 | if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || |
334 | addr->sa_family != AF_BLUETOOTH) |
335 | return -EINVAL; |
336 | |
337 | memset(&sa, 0, sizeof(sa)); |
338 | len = min_t(unsigned int, sizeof(sa), addr_len); |
339 | memcpy(&sa, addr, len); |
340 | |
341 | BT_DBG("sk %p %pMR" , sk, &sa.rc_bdaddr); |
342 | |
343 | lock_sock(sk); |
344 | |
345 | if (sk->sk_state != BT_OPEN) { |
346 | err = -EBADFD; |
347 | goto done; |
348 | } |
349 | |
350 | if (sk->sk_type != SOCK_STREAM) { |
351 | err = -EINVAL; |
352 | goto done; |
353 | } |
354 | |
355 | write_lock(&rfcomm_sk_list.lock); |
356 | |
357 | if (sa.rc_channel && |
358 | __rfcomm_get_listen_sock_by_addr(channel: sa.rc_channel, src: &sa.rc_bdaddr)) { |
359 | err = -EADDRINUSE; |
360 | } else { |
361 | /* Save source address */ |
362 | bacpy(dst: &rfcomm_pi(sk)->src, src: &sa.rc_bdaddr); |
363 | rfcomm_pi(sk)->channel = sa.rc_channel; |
364 | sk->sk_state = BT_BOUND; |
365 | } |
366 | |
367 | write_unlock(&rfcomm_sk_list.lock); |
368 | |
369 | done: |
370 | release_sock(sk); |
371 | return err; |
372 | } |
373 | |
374 | static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) |
375 | { |
376 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; |
377 | struct sock *sk = sock->sk; |
378 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
379 | int err = 0; |
380 | |
381 | BT_DBG("sk %p" , sk); |
382 | |
383 | if (alen < sizeof(struct sockaddr_rc) || |
384 | addr->sa_family != AF_BLUETOOTH) |
385 | return -EINVAL; |
386 | |
387 | sock_hold(sk); |
388 | lock_sock(sk); |
389 | |
390 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { |
391 | err = -EBADFD; |
392 | goto done; |
393 | } |
394 | |
395 | if (sk->sk_type != SOCK_STREAM) { |
396 | err = -EINVAL; |
397 | goto done; |
398 | } |
399 | |
400 | sk->sk_state = BT_CONNECT; |
401 | bacpy(dst: &rfcomm_pi(sk)->dst, src: &sa->rc_bdaddr); |
402 | rfcomm_pi(sk)->channel = sa->rc_channel; |
403 | |
404 | d->sec_level = rfcomm_pi(sk)->sec_level; |
405 | d->role_switch = rfcomm_pi(sk)->role_switch; |
406 | |
407 | /* Drop sock lock to avoid potential deadlock with the RFCOMM lock */ |
408 | release_sock(sk); |
409 | err = rfcomm_dlc_open(d, src: &rfcomm_pi(sk)->src, dst: &sa->rc_bdaddr, |
410 | channel: sa->rc_channel); |
411 | lock_sock(sk); |
412 | if (!err && !sock_flag(sk, flag: SOCK_ZAPPED)) |
413 | err = bt_sock_wait_state(sk, state: BT_CONNECTED, |
414 | timeo: sock_sndtimeo(sk, noblock: flags & O_NONBLOCK)); |
415 | |
416 | done: |
417 | release_sock(sk); |
418 | sock_put(sk); |
419 | return err; |
420 | } |
421 | |
422 | static int rfcomm_sock_listen(struct socket *sock, int backlog) |
423 | { |
424 | struct sock *sk = sock->sk; |
425 | int err = 0; |
426 | |
427 | BT_DBG("sk %p backlog %d" , sk, backlog); |
428 | |
429 | lock_sock(sk); |
430 | |
431 | if (sk->sk_state != BT_BOUND) { |
432 | err = -EBADFD; |
433 | goto done; |
434 | } |
435 | |
436 | if (sk->sk_type != SOCK_STREAM) { |
437 | err = -EINVAL; |
438 | goto done; |
439 | } |
440 | |
441 | if (!rfcomm_pi(sk)->channel) { |
442 | bdaddr_t *src = &rfcomm_pi(sk)->src; |
443 | u8 channel; |
444 | |
445 | err = -EINVAL; |
446 | |
447 | write_lock(&rfcomm_sk_list.lock); |
448 | |
449 | for (channel = 1; channel < 31; channel++) |
450 | if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { |
451 | rfcomm_pi(sk)->channel = channel; |
452 | err = 0; |
453 | break; |
454 | } |
455 | |
456 | write_unlock(&rfcomm_sk_list.lock); |
457 | |
458 | if (err < 0) |
459 | goto done; |
460 | } |
461 | |
462 | sk->sk_max_ack_backlog = backlog; |
463 | sk->sk_ack_backlog = 0; |
464 | sk->sk_state = BT_LISTEN; |
465 | |
466 | done: |
467 | release_sock(sk); |
468 | return err; |
469 | } |
470 | |
471 | static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags, |
472 | bool kern) |
473 | { |
474 | DEFINE_WAIT_FUNC(wait, woken_wake_function); |
475 | struct sock *sk = sock->sk, *nsk; |
476 | long timeo; |
477 | int err = 0; |
478 | |
479 | lock_sock_nested(sk, SINGLE_DEPTH_NESTING); |
480 | |
481 | if (sk->sk_type != SOCK_STREAM) { |
482 | err = -EINVAL; |
483 | goto done; |
484 | } |
485 | |
486 | timeo = sock_rcvtimeo(sk, noblock: flags & O_NONBLOCK); |
487 | |
488 | BT_DBG("sk %p timeo %ld" , sk, timeo); |
489 | |
490 | /* Wait for an incoming connection. (wake-one). */ |
491 | add_wait_queue_exclusive(wq_head: sk_sleep(sk), wq_entry: &wait); |
492 | while (1) { |
493 | if (sk->sk_state != BT_LISTEN) { |
494 | err = -EBADFD; |
495 | break; |
496 | } |
497 | |
498 | nsk = bt_accept_dequeue(parent: sk, newsock); |
499 | if (nsk) |
500 | break; |
501 | |
502 | if (!timeo) { |
503 | err = -EAGAIN; |
504 | break; |
505 | } |
506 | |
507 | if (signal_pending(current)) { |
508 | err = sock_intr_errno(timeo); |
509 | break; |
510 | } |
511 | |
512 | release_sock(sk); |
513 | |
514 | timeo = wait_woken(wq_entry: &wait, TASK_INTERRUPTIBLE, timeout: timeo); |
515 | |
516 | lock_sock_nested(sk, SINGLE_DEPTH_NESTING); |
517 | } |
518 | remove_wait_queue(wq_head: sk_sleep(sk), wq_entry: &wait); |
519 | |
520 | if (err) |
521 | goto done; |
522 | |
523 | newsock->state = SS_CONNECTED; |
524 | |
525 | BT_DBG("new socket %p" , nsk); |
526 | |
527 | done: |
528 | release_sock(sk); |
529 | return err; |
530 | } |
531 | |
532 | static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) |
533 | { |
534 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; |
535 | struct sock *sk = sock->sk; |
536 | |
537 | BT_DBG("sock %p, sk %p" , sock, sk); |
538 | |
539 | if (peer && sk->sk_state != BT_CONNECTED && |
540 | sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) |
541 | return -ENOTCONN; |
542 | |
543 | memset(sa, 0, sizeof(*sa)); |
544 | sa->rc_family = AF_BLUETOOTH; |
545 | sa->rc_channel = rfcomm_pi(sk)->channel; |
546 | if (peer) |
547 | bacpy(dst: &sa->rc_bdaddr, src: &rfcomm_pi(sk)->dst); |
548 | else |
549 | bacpy(dst: &sa->rc_bdaddr, src: &rfcomm_pi(sk)->src); |
550 | |
551 | return sizeof(struct sockaddr_rc); |
552 | } |
553 | |
554 | static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, |
555 | size_t len) |
556 | { |
557 | struct sock *sk = sock->sk; |
558 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
559 | struct sk_buff *skb; |
560 | int sent; |
561 | |
562 | if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) |
563 | return -ENOTCONN; |
564 | |
565 | if (msg->msg_flags & MSG_OOB) |
566 | return -EOPNOTSUPP; |
567 | |
568 | if (sk->sk_shutdown & SEND_SHUTDOWN) |
569 | return -EPIPE; |
570 | |
571 | BT_DBG("sock %p, sk %p" , sock, sk); |
572 | |
573 | lock_sock(sk); |
574 | |
575 | sent = bt_sock_wait_ready(sk, msg_flags: msg->msg_flags); |
576 | |
577 | release_sock(sk); |
578 | |
579 | if (sent) |
580 | return sent; |
581 | |
582 | skb = bt_skb_sendmmsg(sk, msg, len, mtu: d->mtu, RFCOMM_SKB_HEAD_RESERVE, |
583 | RFCOMM_SKB_TAIL_RESERVE); |
584 | if (IS_ERR(ptr: skb)) |
585 | return PTR_ERR(ptr: skb); |
586 | |
587 | sent = rfcomm_dlc_send(d, skb); |
588 | if (sent < 0) |
589 | kfree_skb(skb); |
590 | |
591 | return sent; |
592 | } |
593 | |
594 | static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, |
595 | size_t size, int flags) |
596 | { |
597 | struct sock *sk = sock->sk; |
598 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
599 | int len; |
600 | |
601 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, addr: &d->flags)) { |
602 | rfcomm_dlc_accept(d); |
603 | return 0; |
604 | } |
605 | |
606 | len = bt_sock_stream_recvmsg(sock, msg, len: size, flags); |
607 | |
608 | lock_sock(sk); |
609 | if (!(flags & MSG_PEEK) && len > 0) |
610 | atomic_sub(i: len, v: &sk->sk_rmem_alloc); |
611 | |
612 | if (atomic_read(v: &sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) |
613 | rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); |
614 | release_sock(sk); |
615 | |
616 | return len; |
617 | } |
618 | |
619 | static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, |
620 | sockptr_t optval, unsigned int optlen) |
621 | { |
622 | struct sock *sk = sock->sk; |
623 | int err = 0; |
624 | u32 opt; |
625 | |
626 | BT_DBG("sk %p" , sk); |
627 | |
628 | lock_sock(sk); |
629 | |
630 | switch (optname) { |
631 | case RFCOMM_LM: |
632 | if (copy_from_sockptr(dst: &opt, src: optval, size: sizeof(u32))) { |
633 | err = -EFAULT; |
634 | break; |
635 | } |
636 | |
637 | if (opt & RFCOMM_LM_FIPS) { |
638 | err = -EINVAL; |
639 | break; |
640 | } |
641 | |
642 | if (opt & RFCOMM_LM_AUTH) |
643 | rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; |
644 | if (opt & RFCOMM_LM_ENCRYPT) |
645 | rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; |
646 | if (opt & RFCOMM_LM_SECURE) |
647 | rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; |
648 | |
649 | rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); |
650 | break; |
651 | |
652 | default: |
653 | err = -ENOPROTOOPT; |
654 | break; |
655 | } |
656 | |
657 | release_sock(sk); |
658 | return err; |
659 | } |
660 | |
661 | static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, |
662 | sockptr_t optval, unsigned int optlen) |
663 | { |
664 | struct sock *sk = sock->sk; |
665 | struct bt_security sec; |
666 | int err = 0; |
667 | size_t len; |
668 | u32 opt; |
669 | |
670 | BT_DBG("sk %p" , sk); |
671 | |
672 | if (level == SOL_RFCOMM) |
673 | return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); |
674 | |
675 | if (level != SOL_BLUETOOTH) |
676 | return -ENOPROTOOPT; |
677 | |
678 | lock_sock(sk); |
679 | |
680 | switch (optname) { |
681 | case BT_SECURITY: |
682 | if (sk->sk_type != SOCK_STREAM) { |
683 | err = -EINVAL; |
684 | break; |
685 | } |
686 | |
687 | sec.level = BT_SECURITY_LOW; |
688 | |
689 | len = min_t(unsigned int, sizeof(sec), optlen); |
690 | if (copy_from_sockptr(dst: &sec, src: optval, size: len)) { |
691 | err = -EFAULT; |
692 | break; |
693 | } |
694 | |
695 | if (sec.level > BT_SECURITY_HIGH) { |
696 | err = -EINVAL; |
697 | break; |
698 | } |
699 | |
700 | rfcomm_pi(sk)->sec_level = sec.level; |
701 | break; |
702 | |
703 | case BT_DEFER_SETUP: |
704 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { |
705 | err = -EINVAL; |
706 | break; |
707 | } |
708 | |
709 | if (copy_from_sockptr(dst: &opt, src: optval, size: sizeof(u32))) { |
710 | err = -EFAULT; |
711 | break; |
712 | } |
713 | |
714 | if (opt) |
715 | set_bit(nr: BT_SK_DEFER_SETUP, addr: &bt_sk(sk)->flags); |
716 | else |
717 | clear_bit(nr: BT_SK_DEFER_SETUP, addr: &bt_sk(sk)->flags); |
718 | |
719 | break; |
720 | |
721 | default: |
722 | err = -ENOPROTOOPT; |
723 | break; |
724 | } |
725 | |
726 | release_sock(sk); |
727 | return err; |
728 | } |
729 | |
730 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) |
731 | { |
732 | struct sock *sk = sock->sk; |
733 | struct sock *l2cap_sk; |
734 | struct l2cap_conn *conn; |
735 | struct rfcomm_conninfo cinfo; |
736 | int len, err = 0; |
737 | u32 opt; |
738 | |
739 | BT_DBG("sk %p" , sk); |
740 | |
741 | if (get_user(len, optlen)) |
742 | return -EFAULT; |
743 | |
744 | lock_sock(sk); |
745 | |
746 | switch (optname) { |
747 | case RFCOMM_LM: |
748 | switch (rfcomm_pi(sk)->sec_level) { |
749 | case BT_SECURITY_LOW: |
750 | opt = RFCOMM_LM_AUTH; |
751 | break; |
752 | case BT_SECURITY_MEDIUM: |
753 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; |
754 | break; |
755 | case BT_SECURITY_HIGH: |
756 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | |
757 | RFCOMM_LM_SECURE; |
758 | break; |
759 | case BT_SECURITY_FIPS: |
760 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | |
761 | RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; |
762 | break; |
763 | default: |
764 | opt = 0; |
765 | break; |
766 | } |
767 | |
768 | if (rfcomm_pi(sk)->role_switch) |
769 | opt |= RFCOMM_LM_MASTER; |
770 | |
771 | if (put_user(opt, (u32 __user *) optval)) |
772 | err = -EFAULT; |
773 | |
774 | break; |
775 | |
776 | case RFCOMM_CONNINFO: |
777 | if (sk->sk_state != BT_CONNECTED && |
778 | !rfcomm_pi(sk)->dlc->defer_setup) { |
779 | err = -ENOTCONN; |
780 | break; |
781 | } |
782 | |
783 | l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; |
784 | conn = l2cap_pi(l2cap_sk)->chan->conn; |
785 | |
786 | memset(&cinfo, 0, sizeof(cinfo)); |
787 | cinfo.hci_handle = conn->hcon->handle; |
788 | memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); |
789 | |
790 | len = min_t(unsigned int, len, sizeof(cinfo)); |
791 | if (copy_to_user(to: optval, from: (char *) &cinfo, n: len)) |
792 | err = -EFAULT; |
793 | |
794 | break; |
795 | |
796 | default: |
797 | err = -ENOPROTOOPT; |
798 | break; |
799 | } |
800 | |
801 | release_sock(sk); |
802 | return err; |
803 | } |
804 | |
805 | static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) |
806 | { |
807 | struct sock *sk = sock->sk; |
808 | struct bt_security sec; |
809 | int len, err = 0; |
810 | |
811 | BT_DBG("sk %p" , sk); |
812 | |
813 | if (level == SOL_RFCOMM) |
814 | return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); |
815 | |
816 | if (level != SOL_BLUETOOTH) |
817 | return -ENOPROTOOPT; |
818 | |
819 | if (get_user(len, optlen)) |
820 | return -EFAULT; |
821 | |
822 | lock_sock(sk); |
823 | |
824 | switch (optname) { |
825 | case BT_SECURITY: |
826 | if (sk->sk_type != SOCK_STREAM) { |
827 | err = -EINVAL; |
828 | break; |
829 | } |
830 | |
831 | sec.level = rfcomm_pi(sk)->sec_level; |
832 | sec.key_size = 0; |
833 | |
834 | len = min_t(unsigned int, len, sizeof(sec)); |
835 | if (copy_to_user(to: optval, from: (char *) &sec, n: len)) |
836 | err = -EFAULT; |
837 | |
838 | break; |
839 | |
840 | case BT_DEFER_SETUP: |
841 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { |
842 | err = -EINVAL; |
843 | break; |
844 | } |
845 | |
846 | if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), |
847 | (u32 __user *) optval)) |
848 | err = -EFAULT; |
849 | |
850 | break; |
851 | |
852 | default: |
853 | err = -ENOPROTOOPT; |
854 | break; |
855 | } |
856 | |
857 | release_sock(sk); |
858 | return err; |
859 | } |
860 | |
861 | static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
862 | { |
863 | struct sock *sk __maybe_unused = sock->sk; |
864 | int err; |
865 | |
866 | BT_DBG("sk %p cmd %x arg %lx" , sk, cmd, arg); |
867 | |
868 | err = bt_sock_ioctl(sock, cmd, arg); |
869 | |
870 | if (err == -ENOIOCTLCMD) { |
871 | #ifdef CONFIG_BT_RFCOMM_TTY |
872 | lock_sock(sk); |
873 | err = rfcomm_dev_ioctl(sk, cmd, arg: (void __user *) arg); |
874 | release_sock(sk); |
875 | #else |
876 | err = -EOPNOTSUPP; |
877 | #endif |
878 | } |
879 | |
880 | return err; |
881 | } |
882 | |
883 | #ifdef CONFIG_COMPAT |
884 | static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
885 | { |
886 | return rfcomm_sock_ioctl(sock, cmd, arg: (unsigned long)compat_ptr(uptr: arg)); |
887 | } |
888 | #endif |
889 | |
890 | static int rfcomm_sock_shutdown(struct socket *sock, int how) |
891 | { |
892 | struct sock *sk = sock->sk; |
893 | int err = 0; |
894 | |
895 | BT_DBG("sock %p, sk %p" , sock, sk); |
896 | |
897 | if (!sk) |
898 | return 0; |
899 | |
900 | lock_sock(sk); |
901 | if (!sk->sk_shutdown) { |
902 | sk->sk_shutdown = SHUTDOWN_MASK; |
903 | |
904 | release_sock(sk); |
905 | __rfcomm_sock_close(sk); |
906 | lock_sock(sk); |
907 | |
908 | if (sock_flag(sk, flag: SOCK_LINGER) && sk->sk_lingertime && |
909 | !(current->flags & PF_EXITING)) |
910 | err = bt_sock_wait_state(sk, state: BT_CLOSED, timeo: sk->sk_lingertime); |
911 | } |
912 | release_sock(sk); |
913 | return err; |
914 | } |
915 | |
916 | static int rfcomm_sock_release(struct socket *sock) |
917 | { |
918 | struct sock *sk = sock->sk; |
919 | int err; |
920 | |
921 | BT_DBG("sock %p, sk %p" , sock, sk); |
922 | |
923 | if (!sk) |
924 | return 0; |
925 | |
926 | err = rfcomm_sock_shutdown(sock, how: 2); |
927 | |
928 | sock_orphan(sk); |
929 | rfcomm_sock_kill(sk); |
930 | return err; |
931 | } |
932 | |
933 | /* ---- RFCOMM core layer callbacks ---- |
934 | * |
935 | * called under rfcomm_lock() |
936 | */ |
937 | int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) |
938 | { |
939 | struct sock *sk, *parent; |
940 | bdaddr_t src, dst; |
941 | int result = 0; |
942 | |
943 | BT_DBG("session %p channel %d" , s, channel); |
944 | |
945 | rfcomm_session_getaddr(s, src: &src, dst: &dst); |
946 | |
947 | /* Check if we have socket listening on channel */ |
948 | parent = rfcomm_get_sock_by_channel(state: BT_LISTEN, channel, src: &src); |
949 | if (!parent) |
950 | return 0; |
951 | |
952 | lock_sock(sk: parent); |
953 | |
954 | /* Check for backlog size */ |
955 | if (sk_acceptq_is_full(sk: parent)) { |
956 | BT_DBG("backlog full %d" , parent->sk_ack_backlog); |
957 | goto done; |
958 | } |
959 | |
960 | sk = rfcomm_sock_alloc(net: sock_net(sk: parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, kern: 0); |
961 | if (!sk) |
962 | goto done; |
963 | |
964 | bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); |
965 | |
966 | rfcomm_sock_init(sk, parent); |
967 | bacpy(dst: &rfcomm_pi(sk)->src, src: &src); |
968 | bacpy(dst: &rfcomm_pi(sk)->dst, src: &dst); |
969 | rfcomm_pi(sk)->channel = channel; |
970 | |
971 | sk->sk_state = BT_CONFIG; |
972 | bt_accept_enqueue(parent, sk, bh: true); |
973 | |
974 | /* Accept connection and return socket DLC */ |
975 | *d = rfcomm_pi(sk)->dlc; |
976 | result = 1; |
977 | |
978 | done: |
979 | release_sock(sk: parent); |
980 | |
981 | if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) |
982 | parent->sk_state_change(parent); |
983 | |
984 | return result; |
985 | } |
986 | |
987 | static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) |
988 | { |
989 | struct sock *sk; |
990 | |
991 | read_lock(&rfcomm_sk_list.lock); |
992 | |
993 | sk_for_each(sk, &rfcomm_sk_list.head) { |
994 | seq_printf(m: f, fmt: "%pMR %pMR %d %d\n" , |
995 | &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, |
996 | sk->sk_state, rfcomm_pi(sk)->channel); |
997 | } |
998 | |
999 | read_unlock(&rfcomm_sk_list.lock); |
1000 | |
1001 | return 0; |
1002 | } |
1003 | |
1004 | DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs); |
1005 | |
1006 | static struct dentry *rfcomm_sock_debugfs; |
1007 | |
1008 | static const struct proto_ops rfcomm_sock_ops = { |
1009 | .family = PF_BLUETOOTH, |
1010 | .owner = THIS_MODULE, |
1011 | .release = rfcomm_sock_release, |
1012 | .bind = rfcomm_sock_bind, |
1013 | .connect = rfcomm_sock_connect, |
1014 | .listen = rfcomm_sock_listen, |
1015 | .accept = rfcomm_sock_accept, |
1016 | .getname = rfcomm_sock_getname, |
1017 | .sendmsg = rfcomm_sock_sendmsg, |
1018 | .recvmsg = rfcomm_sock_recvmsg, |
1019 | .shutdown = rfcomm_sock_shutdown, |
1020 | .setsockopt = rfcomm_sock_setsockopt, |
1021 | .getsockopt = rfcomm_sock_getsockopt, |
1022 | .ioctl = rfcomm_sock_ioctl, |
1023 | .gettstamp = sock_gettstamp, |
1024 | .poll = bt_sock_poll, |
1025 | .socketpair = sock_no_socketpair, |
1026 | .mmap = sock_no_mmap, |
1027 | #ifdef CONFIG_COMPAT |
1028 | .compat_ioctl = rfcomm_sock_compat_ioctl, |
1029 | #endif |
1030 | }; |
1031 | |
1032 | static const struct net_proto_family rfcomm_sock_family_ops = { |
1033 | .family = PF_BLUETOOTH, |
1034 | .owner = THIS_MODULE, |
1035 | .create = rfcomm_sock_create |
1036 | }; |
1037 | |
1038 | int __init rfcomm_init_sockets(void) |
1039 | { |
1040 | int err; |
1041 | |
1042 | BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); |
1043 | |
1044 | err = proto_register(prot: &rfcomm_proto, alloc_slab: 0); |
1045 | if (err < 0) |
1046 | return err; |
1047 | |
1048 | err = bt_sock_register(BTPROTO_RFCOMM, ops: &rfcomm_sock_family_ops); |
1049 | if (err < 0) { |
1050 | BT_ERR("RFCOMM socket layer registration failed" ); |
1051 | goto error; |
1052 | } |
1053 | |
1054 | err = bt_procfs_init(net: &init_net, name: "rfcomm" , sk_list: &rfcomm_sk_list, NULL); |
1055 | if (err < 0) { |
1056 | BT_ERR("Failed to create RFCOMM proc file" ); |
1057 | bt_sock_unregister(BTPROTO_RFCOMM); |
1058 | goto error; |
1059 | } |
1060 | |
1061 | BT_INFO("RFCOMM socket layer initialized" ); |
1062 | |
1063 | if (IS_ERR_OR_NULL(ptr: bt_debugfs)) |
1064 | return 0; |
1065 | |
1066 | rfcomm_sock_debugfs = debugfs_create_file(name: "rfcomm" , mode: 0444, |
1067 | parent: bt_debugfs, NULL, |
1068 | fops: &rfcomm_sock_debugfs_fops); |
1069 | |
1070 | return 0; |
1071 | |
1072 | error: |
1073 | proto_unregister(prot: &rfcomm_proto); |
1074 | return err; |
1075 | } |
1076 | |
1077 | void __exit rfcomm_cleanup_sockets(void) |
1078 | { |
1079 | bt_procfs_cleanup(net: &init_net, name: "rfcomm" ); |
1080 | |
1081 | debugfs_remove(dentry: rfcomm_sock_debugfs); |
1082 | |
1083 | bt_sock_unregister(BTPROTO_RFCOMM); |
1084 | |
1085 | proto_unregister(prot: &rfcomm_proto); |
1086 | } |
1087 | |