sock.c source code [linux/net/bluetooth/rfcomm/sock.c]

1	/*
2	RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3	Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4	Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License version 2 as
8	published by the Free Software Foundation;
9
10	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21	SOFTWARE IS DISCLAIMED.
22	*/
23
24	/*
25	* RFCOMM sockets.
26	*/
27	#include <linux/compat.h>
28	#include <linux/export.h>
29	#include <linux/debugfs.h>
30	#include <linux/sched/signal.h>
31
32	#include <net/bluetooth/bluetooth.h>
33	#include <net/bluetooth/hci_core.h>
34	#include <net/bluetooth/l2cap.h>
35	#include <net/bluetooth/rfcomm.h>
36
37	static const struct proto_ops rfcomm_sock_ops;
38
39	static struct bt_sock_list rfcomm_sk_list = {
40	.lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
41	};
42
43	static void rfcomm_sock_close(struct sock *sk);
44	static void rfcomm_sock_kill(struct sock *sk);
45
46	/ ---- DLC callbacks ----*
47	*
48	* called under rfcomm_dlc_lock()
49	*/
50	static void rfcomm_sk_data_ready(struct rfcomm_dlc d, struct* sk_buff *skb)
51	{
52	struct sock *sk = d->owner;
53	if (!sk)
54	return;
55
56	atomic_add(i: skb->len, v: &sk->sk_rmem_alloc);
57	skb_queue_tail(list: &sk->sk_receive_queue, newsk: skb);
58	sk->sk_data_ready(sk);
59
60	if (atomic_read(v: &sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61	rfcomm_dlc_throttle(d);
62	}
63
64	static void rfcomm_sk_state_change(struct rfcomm_dlc d, int* err)
65	{
66	struct sock sk = d->owner, parent;
67
68	if (!sk)
69	return;
70
71	BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73	lock_sock(sk);
74
75	if (err)
76	sk->sk_err = err;
77
78	sk->sk_state = d->state;
79
80	parent = bt_sk(sk)->parent;
81	if (parent) {
82	if (d->state == BT_CLOSED) {
83	sock_set_flag(sk, flag: SOCK_ZAPPED);
84	bt_accept_unlink(sk);
85	}
86	parent->sk_data_ready(parent);
87	} else {
88	if (d->state == BT_CONNECTED)
89	rfcomm_session_getaddr(s: d->session,
90	src: &rfcomm_pi(sk)->src, NULL);
91	sk->sk_state_change(sk);
92	}
93
94	release_sock(sk);
95
96	if (parent && sock_flag(sk, flag: SOCK_ZAPPED)) {
97	/ We have to drop DLC lock here, otherwise*
98	* rfcomm_sock_destruct() will dead lock. */
99	rfcomm_dlc_unlock(d);
100	rfcomm_sock_kill(sk);
101	rfcomm_dlc_lock(d);
102	}
103	}
104
105	/ ---- Socket functions ---- /
106	static struct sock __rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t src)
107	{
108	struct sock *sk = NULL;
109
110	sk_for_each(sk, &rfcomm_sk_list.head) {
111	if (rfcomm_pi(sk)->channel != channel)
112	continue;
113
114	if (bacmp(ba1: &rfcomm_pi(sk)->src, ba2: src))
115	continue;
116
117	if (sk->sk_state == BT_BOUND \|\| sk->sk_state == BT_LISTEN)
118	break;
119	}
120
121	return sk ? sk : NULL;
122	}
123
124	/ Find socket with channel and source bdaddr.*
125	* Returns closest match.
126	*/
127	static struct sock rfcomm_get_sock_by_channel(int* state, u8 channel, bdaddr_t *src)
128	{
129	struct sock sk = NULL, sk1 = NULL;
130
131	read_lock(&rfcomm_sk_list.lock);
132
133	sk_for_each(sk, &rfcomm_sk_list.head) {
134	if (state && sk->sk_state != state)
135	continue;
136
137	if (rfcomm_pi(sk)->channel == channel) {
138	/ Exact match. /
139	if (!bacmp(ba1: &rfcomm_pi(sk)->src, ba2: src))
140	break;
141
142	/ Closest match /
143	if (!bacmp(ba1: &rfcomm_pi(sk)->src, BDADDR_ANY))
144	sk1 = sk;
145	}
146	}
147
148	read_unlock(&rfcomm_sk_list.lock);
149
150	return sk ? sk : sk1;
151	}
152
153	static void rfcomm_sock_destruct(struct sock *sk)
154	{
155	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
156
157	BT_DBG("sk %p dlc %p", sk, d);
158
159	skb_queue_purge(list: &sk->sk_receive_queue);
160	skb_queue_purge(list: &sk->sk_write_queue);
161
162	rfcomm_dlc_lock(d);
163	rfcomm_pi(sk)->dlc = NULL;
164
165	/ Detach DLC if it's owned by this socket /
166	if (d->owner == sk)
167	d->owner = NULL;
168	rfcomm_dlc_unlock(d);
169
170	rfcomm_dlc_put(d);
171	}
172
173	static void rfcomm_sock_cleanup_listen(struct sock *parent)
174	{
175	struct sock *sk;
176
177	BT_DBG("parent %p", parent);
178
179	/ Close not yet accepted dlcs /
180	while ((sk = bt_accept_dequeue(parent, NULL))) {
181	rfcomm_sock_close(sk);
182	rfcomm_sock_kill(sk);
183	}
184
185	parent->sk_state = BT_CLOSED;
186	sock_set_flag(sk: parent, flag: SOCK_ZAPPED);
187	}
188
189	/ Kill socket (only if zapped and orphan)*
190	* Must be called on unlocked socket.
191	*/
192	static void rfcomm_sock_kill(struct sock *sk)
193	{
194	if (!sock_flag(sk, flag: SOCK_ZAPPED) \|\| sk->sk_socket)
195	return;
196
197	BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
198
199	/ Kill poor orphan /
200	bt_sock_unlink(l: &rfcomm_sk_list, s: sk);
201	sock_set_flag(sk, flag: SOCK_DEAD);
202	sock_put(sk);
203	}
204
205	static void __rfcomm_sock_close(struct sock *sk)
206	{
207	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
208
209	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
210
211	switch (sk->sk_state) {
212	case BT_LISTEN:
213	rfcomm_sock_cleanup_listen(parent: sk);
214	break;
215
216	case BT_CONNECT:
217	case BT_CONNECT2:
218	case BT_CONFIG:
219	case BT_CONNECTED:
220	rfcomm_dlc_close(d, reason: `0`);
221	fallthrough;
222
223	default:
224	sock_set_flag(sk, flag: SOCK_ZAPPED);
225	break;
226	}
227	}
228
229	/ Close socket.*
230	* Must be called on unlocked socket.
231	*/
232	static void rfcomm_sock_close(struct sock *sk)
233	{
234	lock_sock(sk);
235	__rfcomm_sock_close(sk);
236	release_sock(sk);
237	}
238
239	static void rfcomm_sock_init(struct sock sk, struct* sock *parent)
240	{
241	struct rfcomm_pinfo *pi = rfcomm_pi(sk);
242
243	BT_DBG("sk %p", sk);
244
245	if (parent) {
246	sk->sk_type = parent->sk_type;
247	pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
248	&bt_sk(parent)->flags);
249
250	pi->sec_level = rfcomm_pi(parent)->sec_level;
251	pi->role_switch = rfcomm_pi(parent)->role_switch;
252
253	security_sk_clone(sk: parent, newsk: sk);
254	} else {
255	pi->dlc->defer_setup = `0`;
256
257	pi->sec_level = BT_SECURITY_LOW;
258	pi->role_switch = `0`;
259	}
260
261	pi->dlc->sec_level = pi->sec_level;
262	pi->dlc->role_switch = pi->role_switch;
263	}
264
265	static struct proto rfcomm_proto = {
266	.name = "RFCOMM",
267	.owner = THIS_MODULE,
268	.obj_size = sizeof(struct rfcomm_pinfo)
269	};
270
271	static struct sock rfcomm_sock_alloc(struct* net net, struct* socket *sock,
272	int proto, gfp_t prio, int kern)
273	{
274	struct rfcomm_dlc *d;
275	struct sock *sk;
276
277	sk = bt_sock_alloc(net, sock, prot: &rfcomm_proto, proto, prio, kern);
278	if (!sk)
279	return NULL;
280
281	d = rfcomm_dlc_alloc(prio);
282	if (!d) {
283	sk_free(sk);
284	return NULL;
285	}
286
287	d->data_ready = rfcomm_sk_data_ready;
288	d->state_change = rfcomm_sk_state_change;
289
290	rfcomm_pi(sk)->dlc = d;
291	d->owner = sk;
292
293	sk->sk_destruct = rfcomm_sock_destruct;
294	sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
295
296	sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * `10`;
297	sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * `10`;
298
299	bt_sock_link(l: &rfcomm_sk_list, s: sk);
300
301	BT_DBG("sk %p", sk);
302	return sk;
303	}
304
305	static int rfcomm_sock_create(struct net net, struct* socket *sock,
306	int protocol, int kern)
307	{
308	struct sock *sk;
309
310	BT_DBG("sock %p", sock);
311
312	sock->state = SS_UNCONNECTED;
313
314	if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
315	return -ESOCKTNOSUPPORT;
316
317	sock->ops = &rfcomm_sock_ops;
318
319	sk = rfcomm_sock_alloc(net, sock, proto: protocol, GFP_ATOMIC, kern);
320	if (!sk)
321	return -ENOMEM;
322
323	rfcomm_sock_init(sk, NULL);
324	return `0`;
325	}
326
327	static int rfcomm_sock_bind(struct socket sock, struct* sockaddr addr, int* addr_len)
328	{
329	struct sockaddr_rc sa;
330	struct sock *sk = sock->sk;
331	int len, err = `0`;
332
333	if (!addr \|\| addr_len < offsetofend(struct sockaddr, sa_family) \|\|
334	addr->sa_family != AF_BLUETOOTH)
335	return -EINVAL;
336
337	memset(&sa, `0`, sizeof(sa));
338	len = min_t(unsigned int, sizeof(sa), addr_len);
339	memcpy(&sa, addr, len);
340
341	BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
342
343	lock_sock(sk);
344
345	if (sk->sk_state != BT_OPEN) {
346	err = -EBADFD;
347	goto done;
348	}
349
350	if (sk->sk_type != SOCK_STREAM) {
351	err = -EINVAL;
352	goto done;
353	}
354
355	write_lock(&rfcomm_sk_list.lock);
356
357	if (sa.rc_channel &&
358	__rfcomm_get_listen_sock_by_addr(channel: sa.rc_channel, src: &sa.rc_bdaddr)) {
359	err = -EADDRINUSE;
360	} else {
361	/ Save source address /
362	bacpy(dst: &rfcomm_pi(sk)->src, src: &sa.rc_bdaddr);
363	rfcomm_pi(sk)->channel = sa.rc_channel;
364	sk->sk_state = BT_BOUND;
365	}
366
367	write_unlock(&rfcomm_sk_list.lock);
368
369	done:
370	release_sock(sk);
371	return err;
372	}
373
374	static int rfcomm_sock_connect(struct socket sock, struct* sockaddr addr, int* alen, int flags)
375	{
376	struct sockaddr_rc sa = (struct* sockaddr_rc *) addr;
377	struct sock *sk = sock->sk;
378	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
379	int err = `0`;
380
381	BT_DBG("sk %p", sk);
382
383	if (alen < sizeof(struct sockaddr_rc) \|\|
384	addr->sa_family != AF_BLUETOOTH)
385	return -EINVAL;
386
387	sock_hold(sk);
388	lock_sock(sk);
389
390	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
391	err = -EBADFD;
392	goto done;
393	}
394
395	if (sk->sk_type != SOCK_STREAM) {
396	err = -EINVAL;
397	goto done;
398	}
399
400	sk->sk_state = BT_CONNECT;
401	bacpy(dst: &rfcomm_pi(sk)->dst, src: &sa->rc_bdaddr);
402	rfcomm_pi(sk)->channel = sa->rc_channel;
403
404	d->sec_level = rfcomm_pi(sk)->sec_level;
405	d->role_switch = rfcomm_pi(sk)->role_switch;
406
407	/ Drop sock lock to avoid potential deadlock with the RFCOMM lock /
408	release_sock(sk);
409	err = rfcomm_dlc_open(d, src: &rfcomm_pi(sk)->src, dst: &sa->rc_bdaddr,
410	channel: sa->rc_channel);
411	lock_sock(sk);
412	if (!err && !sock_flag(sk, flag: SOCK_ZAPPED))
413	err = bt_sock_wait_state(sk, state: BT_CONNECTED,
414	timeo: sock_sndtimeo(sk, noblock: flags & O_NONBLOCK));
415
416	done:
417	release_sock(sk);
418	sock_put(sk);
419	return err;
420	}
421
422	static int rfcomm_sock_listen(struct socket sock, int* backlog)
423	{
424	struct sock *sk = sock->sk;
425	int err = `0`;
426
427	BT_DBG("sk %p backlog %d", sk, backlog);
428
429	lock_sock(sk);
430
431	if (sk->sk_state != BT_BOUND) {
432	err = -EBADFD;
433	goto done;
434	}
435
436	if (sk->sk_type != SOCK_STREAM) {
437	err = -EINVAL;
438	goto done;
439	}
440
441	if (!rfcomm_pi(sk)->channel) {
442	bdaddr_t *src = &rfcomm_pi(sk)->src;
443	u8 channel;
444
445	err = -EINVAL;
446
447	write_lock(&rfcomm_sk_list.lock);
448
449	for (channel = `1`; channel < `31`; channel++)
450	if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
451	rfcomm_pi(sk)->channel = channel;
452	err = `0`;
453	break;
454	}
455
456	write_unlock(&rfcomm_sk_list.lock);
457
458	if (err < `0`)
459	goto done;
460	}
461
462	sk->sk_max_ack_backlog = backlog;
463	sk->sk_ack_backlog = `0`;
464	sk->sk_state = BT_LISTEN;
465
466	done:
467	release_sock(sk);
468	return err;
469	}
470
471	static int rfcomm_sock_accept(struct socket sock, struct* socket newsock, int* flags,
472	bool kern)
473	{
474	DEFINE_WAIT_FUNC(wait, woken_wake_function);
475	struct sock sk = sock->sk, nsk;
476	long timeo;
477	int err = `0`;
478
479	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
480
481	if (sk->sk_type != SOCK_STREAM) {
482	err = -EINVAL;
483	goto done;
484	}
485
486	timeo = sock_rcvtimeo(sk, noblock: flags & O_NONBLOCK);
487
488	BT_DBG("sk %p timeo %ld", sk, timeo);
489
490	/ Wait for an incoming connection. (wake-one). /
491	add_wait_queue_exclusive(wq_head: sk_sleep(sk), wq_entry: &wait);
492	while (`1`) {
493	if (sk->sk_state != BT_LISTEN) {
494	err = -EBADFD;
495	break;
496	}
497
498	nsk = bt_accept_dequeue(parent: sk, newsock);
499	if (nsk)
500	break;
501
502	if (!timeo) {
503	err = -EAGAIN;
504	break;
505	}
506
507	if (signal_pending(current)) {
508	err = sock_intr_errno(timeo);
509	break;
510	}
511
512	release_sock(sk);
513
514	timeo = wait_woken(wq_entry: &wait, TASK_INTERRUPTIBLE, timeout: timeo);
515
516	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
517	}
518	remove_wait_queue(wq_head: sk_sleep(sk), wq_entry: &wait);
519
520	if (err)
521	goto done;
522
523	newsock->state = SS_CONNECTED;
524
525	BT_DBG("new socket %p", nsk);
526
527	done:
528	release_sock(sk);
529	return err;
530	}
531
532	static int rfcomm_sock_getname(struct socket sock, struct* sockaddr addr, int* peer)
533	{
534	struct sockaddr_rc sa = (struct* sockaddr_rc *) addr;
535	struct sock *sk = sock->sk;
536
537	BT_DBG("sock %p, sk %p", sock, sk);
538
539	if (peer && sk->sk_state != BT_CONNECTED &&
540	sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
541	return -ENOTCONN;
542
543	memset(sa, `0`, sizeof(*sa));
544	sa->rc_family = AF_BLUETOOTH;
545	sa->rc_channel = rfcomm_pi(sk)->channel;
546	if (peer)
547	bacpy(dst: &sa->rc_bdaddr, src: &rfcomm_pi(sk)->dst);
548	else
549	bacpy(dst: &sa->rc_bdaddr, src: &rfcomm_pi(sk)->src);
550
551	return sizeof(struct sockaddr_rc);
552	}
553
554	static int rfcomm_sock_sendmsg(struct socket sock, struct* msghdr *msg,
555	size_t len)
556	{
557	struct sock *sk = sock->sk;
558	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559	struct sk_buff *skb;
560	int sent;
561
562	if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
563	return -ENOTCONN;
564
565	if (msg->msg_flags & MSG_OOB)
566	return -EOPNOTSUPP;
567
568	if (sk->sk_shutdown & SEND_SHUTDOWN)
569	return -EPIPE;
570
571	BT_DBG("sock %p, sk %p", sock, sk);
572
573	lock_sock(sk);
574
575	sent = bt_sock_wait_ready(sk, msg_flags: msg->msg_flags);
576
577	release_sock(sk);
578
579	if (sent)
580	return sent;
581
582	skb = bt_skb_sendmmsg(sk, msg, len, mtu: d->mtu, RFCOMM_SKB_HEAD_RESERVE,
583	RFCOMM_SKB_TAIL_RESERVE);
584	if (IS_ERR(ptr: skb))
585	return PTR_ERR(ptr: skb);
586
587	sent = rfcomm_dlc_send(d, skb);
588	if (sent < `0`)
589	kfree_skb(skb);
590
591	return sent;
592	}
593
594	static int rfcomm_sock_recvmsg(struct socket sock, struct* msghdr *msg,
595	size_t size, int flags)
596	{
597	struct sock *sk = sock->sk;
598	struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
599	int len;
600
601	if (test_and_clear_bit(RFCOMM_DEFER_SETUP, addr: &d->flags)) {
602	rfcomm_dlc_accept(d);
603	return `0`;
604	}
605
606	len = bt_sock_stream_recvmsg(sock, msg, len: size, flags);
607
608	lock_sock(sk);
609	if (!(flags & MSG_PEEK) && len > `0`)
610	atomic_sub(i: len, v: &sk->sk_rmem_alloc);
611
612	if (atomic_read(v: &sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> `2`))
613	rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
614	release_sock(sk);
615
616	return len;
617	}
618
619	static int rfcomm_sock_setsockopt_old(struct socket sock, int* optname,
620	sockptr_t optval, unsigned int optlen)
621	{
622	struct sock *sk = sock->sk;
623	int err = `0`;
624	u32 opt;
625
626	BT_DBG("sk %p", sk);
627
628	lock_sock(sk);
629
630	switch (optname) {
631	case RFCOMM_LM:
632	if (copy_from_sockptr(dst: &opt, src: optval, size: sizeof(u32))) {
633	err = -EFAULT;
634	break;
635	}
636
637	if (opt & RFCOMM_LM_FIPS) {
638	err = -EINVAL;
639	break;
640	}
641
642	if (opt & RFCOMM_LM_AUTH)
643	rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
644	if (opt & RFCOMM_LM_ENCRYPT)
645	rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
646	if (opt & RFCOMM_LM_SECURE)
647	rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
648
649	rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
650	break;
651
652	default:
653	err = -ENOPROTOOPT;
654	break;
655	}
656
657	release_sock(sk);
658	return err;
659	}
660
661	static int rfcomm_sock_setsockopt(struct socket sock, int* level, int optname,
662	sockptr_t optval, unsigned int optlen)
663	{
664	struct sock *sk = sock->sk;
665	struct bt_security sec;
666	int err = `0`;
667	size_t len;
668	u32 opt;
669
670	BT_DBG("sk %p", sk);
671
672	if (level == SOL_RFCOMM)
673	return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
674
675	if (level != SOL_BLUETOOTH)
676	return -ENOPROTOOPT;
677
678	lock_sock(sk);
679
680	switch (optname) {
681	case BT_SECURITY:
682	if (sk->sk_type != SOCK_STREAM) {
683	err = -EINVAL;
684	break;
685	}
686
687	sec.level = BT_SECURITY_LOW;
688
689	len = min_t(unsigned int, sizeof(sec), optlen);
690	if (copy_from_sockptr(dst: &sec, src: optval, size: len)) {
691	err = -EFAULT;
692	break;
693	}
694
695	if (sec.level > BT_SECURITY_HIGH) {
696	err = -EINVAL;
697	break;
698	}
699
700	rfcomm_pi(sk)->sec_level = sec.level;
701	break;
702
703	case BT_DEFER_SETUP:
704	if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
705	err = -EINVAL;
706	break;
707	}
708
709	if (copy_from_sockptr(dst: &opt, src: optval, size: sizeof(u32))) {
710	err = -EFAULT;
711	break;
712	}
713
714	if (opt)
715	set_bit(nr: BT_SK_DEFER_SETUP, addr: &bt_sk(sk)->flags);
716	else
717	clear_bit(nr: BT_SK_DEFER_SETUP, addr: &bt_sk(sk)->flags);
718
719	break;
720
721	default:
722	err = -ENOPROTOOPT;
723	break;
724	}
725
726	release_sock(sk);
727	return err;
728	}
729
730	static int rfcomm_sock_getsockopt_old(struct socket sock, int* optname, char __user optval, int* __user *optlen)
731	{
732	struct sock *sk = sock->sk;
733	struct sock *l2cap_sk;
734	struct l2cap_conn *conn;
735	struct rfcomm_conninfo cinfo;
736	int len, err = `0`;
737	u32 opt;
738
739	BT_DBG("sk %p", sk);
740
741	if (get_user(len, optlen))
742	return -EFAULT;
743
744	lock_sock(sk);
745
746	switch (optname) {
747	case RFCOMM_LM:
748	switch (rfcomm_pi(sk)->sec_level) {
749	case BT_SECURITY_LOW:
750	opt = RFCOMM_LM_AUTH;
751	break;
752	case BT_SECURITY_MEDIUM:
753	opt = RFCOMM_LM_AUTH \| RFCOMM_LM_ENCRYPT;
754	break;
755	case BT_SECURITY_HIGH:
756	opt = RFCOMM_LM_AUTH \| RFCOMM_LM_ENCRYPT \|
757	RFCOMM_LM_SECURE;
758	break;
759	case BT_SECURITY_FIPS:
760	opt = RFCOMM_LM_AUTH \| RFCOMM_LM_ENCRYPT \|
761	RFCOMM_LM_SECURE \| RFCOMM_LM_FIPS;
762	break;
763	default:
764	opt = `0`;
765	break;
766	}
767
768	if (rfcomm_pi(sk)->role_switch)
769	opt \|= RFCOMM_LM_MASTER;
770
771	if (put_user(opt, (u32 __user *) optval))
772	err = -EFAULT;
773
774	break;
775
776	case RFCOMM_CONNINFO:
777	if (sk->sk_state != BT_CONNECTED &&
778	!rfcomm_pi(sk)->dlc->defer_setup) {
779	err = -ENOTCONN;
780	break;
781	}
782
783	l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
784	conn = l2cap_pi(l2cap_sk)->chan->conn;
785
786	memset(&cinfo, `0`, sizeof(cinfo));
787	cinfo.hci_handle = conn->hcon->handle;
788	memcpy(cinfo.dev_class, conn->hcon->dev_class, `3`);
789
790	len = min_t(unsigned int, len, sizeof(cinfo));
791	if (copy_to_user(to: optval, from: (char *) &cinfo, n: len))
792	err = -EFAULT;
793
794	break;
795
796	default:
797	err = -ENOPROTOOPT;
798	break;
799	}
800
801	release_sock(sk);
802	return err;
803	}
804
805	static int rfcomm_sock_getsockopt(struct socket sock, int* level, int optname, char __user optval, int* __user *optlen)
806	{
807	struct sock *sk = sock->sk;
808	struct bt_security sec;
809	int len, err = `0`;
810
811	BT_DBG("sk %p", sk);
812
813	if (level == SOL_RFCOMM)
814	return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
815
816	if (level != SOL_BLUETOOTH)
817	return -ENOPROTOOPT;
818
819	if (get_user(len, optlen))
820	return -EFAULT;
821
822	lock_sock(sk);
823
824	switch (optname) {
825	case BT_SECURITY:
826	if (sk->sk_type != SOCK_STREAM) {
827	err = -EINVAL;
828	break;
829	}
830
831	sec.level = rfcomm_pi(sk)->sec_level;
832	sec.key_size = `0`;
833
834	len = min_t(unsigned int, len, sizeof(sec));
835	if (copy_to_user(to: optval, from: (char *) &sec, n: len))
836	err = -EFAULT;
837
838	break;
839
840	case BT_DEFER_SETUP:
841	if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
842	err = -EINVAL;
843	break;
844	}
845
846	if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
847	(u32 __user *) optval))
848	err = -EFAULT;
849
850	break;
851
852	default:
853	err = -ENOPROTOOPT;
854	break;
855	}
856
857	release_sock(sk);
858	return err;
859	}
860
861	static int rfcomm_sock_ioctl(struct socket sock, unsigned* int cmd, unsigned long arg)
862	{
863	struct sock *sk __maybe_unused = sock->sk;
864	int err;
865
866	BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
867
868	err = bt_sock_ioctl(sock, cmd, arg);
869
870	if (err == -ENOIOCTLCMD) {
871	#ifdef CONFIG_BT_RFCOMM_TTY
872	lock_sock(sk);
873	err = rfcomm_dev_ioctl(sk, cmd, arg: (void __user *) arg);
874	release_sock(sk);
875	#else
876	err = -EOPNOTSUPP;
877	#endif
878	}
879
880	return err;
881	}
882
883	#ifdef CONFIG_COMPAT
884	static int rfcomm_sock_compat_ioctl(struct socket sock, unsigned* int cmd, unsigned long arg)
885	{
886	return rfcomm_sock_ioctl(sock, cmd, arg: (unsigned long)compat_ptr(uptr: arg));
887	}
888	#endif
889
890	static int rfcomm_sock_shutdown(struct socket sock, int* how)
891	{
892	struct sock *sk = sock->sk;
893	int err = `0`;
894
895	BT_DBG("sock %p, sk %p", sock, sk);
896
897	if (!sk)
898	return `0`;
899
900	lock_sock(sk);
901	if (!sk->sk_shutdown) {
902	sk->sk_shutdown = SHUTDOWN_MASK;
903
904	release_sock(sk);
905	__rfcomm_sock_close(sk);
906	lock_sock(sk);
907
908	if (sock_flag(sk, flag: SOCK_LINGER) && sk->sk_lingertime &&
909	!(current->flags & PF_EXITING))
910	err = bt_sock_wait_state(sk, state: BT_CLOSED, timeo: sk->sk_lingertime);
911	}
912	release_sock(sk);
913	return err;
914	}
915
916	static int rfcomm_sock_release(struct socket *sock)
917	{
918	struct sock *sk = sock->sk;
919	int err;
920
921	BT_DBG("sock %p, sk %p", sock, sk);
922
923	if (!sk)
924	return `0`;
925
926	err = rfcomm_sock_shutdown(sock, how: `2`);
927
928	sock_orphan(sk);
929	rfcomm_sock_kill(sk);
930	return err;
931	}
932
933	/ ---- RFCOMM core layer callbacks ----*
934	*
935	* called under rfcomm_lock()
936	*/
937	int rfcomm_connect_ind(struct rfcomm_session s, u8 channel, struct* rfcomm_dlc **d)
938	{
939	struct sock sk, parent;
940	bdaddr_t src, dst;
941	int result = `0`;
942
943	BT_DBG("session %p channel %d", s, channel);
944
945	rfcomm_session_getaddr(s, src: &src, dst: &dst);
946
947	/ Check if we have socket listening on channel /
948	parent = rfcomm_get_sock_by_channel(state: BT_LISTEN, channel, src: &src);
949	if (!parent)
950	return `0`;
951
952	lock_sock(sk: parent);
953
954	/ Check for backlog size /
955	if (sk_acceptq_is_full(sk: parent)) {
956	BT_DBG("backlog full %d", parent->sk_ack_backlog);
957	goto done;
958	}
959
960	sk = rfcomm_sock_alloc(net: sock_net(sk: parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, kern: `0`);
961	if (!sk)
962	goto done;
963
964	bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
965
966	rfcomm_sock_init(sk, parent);
967	bacpy(dst: &rfcomm_pi(sk)->src, src: &src);
968	bacpy(dst: &rfcomm_pi(sk)->dst, src: &dst);
969	rfcomm_pi(sk)->channel = channel;
970
971	sk->sk_state = BT_CONFIG;
972	bt_accept_enqueue(parent, sk, bh: true);
973
974	/ Accept connection and return socket DLC /
975	*d = rfcomm_pi(sk)->dlc;
976	result = `1`;
977
978	done:
979	release_sock(sk: parent);
980
981	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
982	parent->sk_state_change(parent);
983
984	return result;
985	}
986
987	static int rfcomm_sock_debugfs_show(struct seq_file f, void* *p)
988	{
989	struct sock *sk;
990
991	read_lock(&rfcomm_sk_list.lock);
992
993	sk_for_each(sk, &rfcomm_sk_list.head) {
994	seq_printf(m: f, fmt: "%pMR %pMR %d %d\n",
995	&rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
996	sk->sk_state, rfcomm_pi(sk)->channel);
997	}
998
999	read_unlock(&rfcomm_sk_list.lock);
1000
1001	return `0`;
1002	}
1003
1004	DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
1005
1006	static struct dentry *rfcomm_sock_debugfs;
1007
1008	static const struct proto_ops rfcomm_sock_ops = {
1009	.family = PF_BLUETOOTH,
1010	.owner = THIS_MODULE,
1011	.release = rfcomm_sock_release,
1012	.bind = rfcomm_sock_bind,
1013	.connect = rfcomm_sock_connect,
1014	.listen = rfcomm_sock_listen,
1015	.accept = rfcomm_sock_accept,
1016	.getname = rfcomm_sock_getname,
1017	.sendmsg = rfcomm_sock_sendmsg,
1018	.recvmsg = rfcomm_sock_recvmsg,
1019	.shutdown = rfcomm_sock_shutdown,
1020	.setsockopt = rfcomm_sock_setsockopt,
1021	.getsockopt = rfcomm_sock_getsockopt,
1022	.ioctl = rfcomm_sock_ioctl,
1023	.gettstamp = sock_gettstamp,
1024	.poll = bt_sock_poll,
1025	.socketpair = sock_no_socketpair,
1026	.mmap = sock_no_mmap,
1027	#ifdef CONFIG_COMPAT
1028	.compat_ioctl = rfcomm_sock_compat_ioctl,
1029	#endif
1030	};
1031
1032	static const struct net_proto_family rfcomm_sock_family_ops = {
1033	.family = PF_BLUETOOTH,
1034	.owner = THIS_MODULE,
1035	.create = rfcomm_sock_create
1036	};
1037
1038	int __init rfcomm_init_sockets(void)
1039	{
1040	int err;
1041
1042	BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1043
1044	err = proto_register(prot: &rfcomm_proto, alloc_slab: `0`);
1045	if (err < `0`)
1046	return err;
1047
1048	err = bt_sock_register(BTPROTO_RFCOMM, ops: &rfcomm_sock_family_ops);
1049	if (err < `0`) {
1050	BT_ERR("RFCOMM socket layer registration failed");
1051	goto error;
1052	}
1053
1054	err = bt_procfs_init(net: &init_net, name: "rfcomm", sk_list: &rfcomm_sk_list, NULL);
1055	if (err < `0`) {
1056	BT_ERR("Failed to create RFCOMM proc file");
1057	bt_sock_unregister(BTPROTO_RFCOMM);
1058	goto error;
1059	}
1060
1061	BT_INFO("RFCOMM socket layer initialized");
1062
1063	if (IS_ERR_OR_NULL(ptr: bt_debugfs))
1064	return `0`;
1065
1066	rfcomm_sock_debugfs = debugfs_create_file(name: "rfcomm", mode: `0444`,
1067	parent: bt_debugfs, NULL,
1068	fops: &rfcomm_sock_debugfs_fops);
1069
1070	return `0`;
1071
1072	error:
1073	proto_unregister(prot: &rfcomm_proto);
1074	return err;
1075	}
1076
1077	void __exit rfcomm_cleanup_sockets(void)
1078	{
1079	bt_procfs_cleanup(net: &init_net, name: "rfcomm");
1080
1081	debugfs_remove(dentry: rfcomm_sock_debugfs);
1082
1083	bt_sock_unregister(BTPROTO_RFCOMM);
1084
1085	proto_unregister(prot: &rfcomm_proto);
1086	}
1087

source code of linux/net/bluetooth/rfcomm/sock.c