]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/rfcomm/sock.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refuse peer L2CAP address reading when not connected
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / rfcomm / sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
1da177e4
LT		 26 */
27
8c520a59 28#include <linux/export.h>
aef7d97c 29#include <linux/debugfs.h>
1da177e4
LT		 30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/rfcomm.h>
35
90ddc4f0 36static const struct proto_ops rfcomm_sock_ops;
1da177e4
LT		 37
38static struct bt_sock_list rfcomm_sk_list = {
d5fb2962 39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
1da177e4
LT		 40};
41
42static void rfcomm_sock_close(struct sock *sk);
43static void rfcomm_sock_kill(struct sock *sk);
44
45/* ---- DLC callbacks ----
46 *
47 * called under rfcomm_dlc_lock()
48 */
49static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50{
51 struct sock *sk = d->owner;
52 if (!sk)
53 return;
54
55 atomic_add(skb->len, &sk->sk_rmem_alloc);
56 skb_queue_tail(&sk->sk_receive_queue, skb);
57 sk->sk_data_ready(sk, skb->len);
58
59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60 rfcomm_dlc_throttle(d);
61}
62
63static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64{
65 struct sock *sk = d->owner, *parent;
fad003b6
GP		 66 unsigned long flags;
67
1da177e4
LT		 68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
fad003b6 73 local_irq_save(flags);
1da177e4
LT		 74 bh_lock_sock(sk);
75
76 if (err)
77 sk->sk_err = err;
78
79 sk->sk_state = d->state;
80
81 parent = bt_sk(sk)->parent;
82 if (parent) {
83 if (d->state == BT_CLOSED) {
84 sock_set_flag(sk, SOCK_ZAPPED);
85 bt_accept_unlink(sk);
86 }
87 parent->sk_data_ready(parent, 0);
88 } else {
89 if (d->state == BT_CONNECTED)
94a86df0
MH		 90 rfcomm_session_getaddr(d->session,
91 &rfcomm_pi(sk)->src, NULL);
1da177e4
LT		 92 sk->sk_state_change(sk);
93 }
94
95 bh_unlock_sock(sk);
fad003b6 96 local_irq_restore(flags);
1da177e4
LT		 97
98 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
99 /* We have to drop DLC lock here, otherwise
100 * rfcomm_sock_destruct() will dead lock. */
101 rfcomm_dlc_unlock(d);
102 rfcomm_sock_kill(sk);
103 rfcomm_dlc_lock(d);
104 }
105}
106
107/* ---- Socket functions ---- */
108static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
109{
110 struct sock *sk = NULL;
1da177e4 111
b67bfe0d 112 sk_for_each(sk, &rfcomm_sk_list.head) {
8e87d142 113 if (rfcomm_pi(sk)->channel == channel &&
94a86df0 114 !bacmp(&rfcomm_pi(sk)->src, src))
1da177e4
LT		 115 break;
116 }
117
b67bfe0d 118 return sk ? sk : NULL;
1da177e4
LT		 119}
120
121/* Find socket with channel and source bdaddr.
122 * Returns closest match.
123 */
eeb36656 124static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
1da177e4
LT		 125{
126 struct sock *sk = NULL, *sk1 = NULL;
1da177e4 127
eeb36656
GP		 128 read_lock(&rfcomm_sk_list.lock);
129
b67bfe0d 130 sk_for_each(sk, &rfcomm_sk_list.head) {
1da177e4
LT		 131 if (state && sk->sk_state != state)
132 continue;
133
134 if (rfcomm_pi(sk)->channel == channel) {
135 /* Exact match. */
94a86df0 136 if (!bacmp(&rfcomm_pi(sk)->src, src))
1da177e4
LT		 137 break;
138
139 /* Closest match */
94a86df0 140 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
1da177e4
LT		 141 sk1 = sk;
142 }
143 }
1da177e4 144
1da177e4 145 read_unlock(&rfcomm_sk_list.lock);
eeb36656 146
b67bfe0d 147 return sk ? sk : sk1;
1da177e4
LT		 148}
149
150static void rfcomm_sock_destruct(struct sock *sk)
151{
152 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
153
154 BT_DBG("sk %p dlc %p", sk, d);
155
156 skb_queue_purge(&sk->sk_receive_queue);
157 skb_queue_purge(&sk->sk_write_queue);
158
159 rfcomm_dlc_lock(d);
160 rfcomm_pi(sk)->dlc = NULL;
161
162 /* Detach DLC if it's owned by this socket */
163 if (d->owner == sk)
164 d->owner = NULL;
165 rfcomm_dlc_unlock(d);
166
167 rfcomm_dlc_put(d);
168}
169
170static void rfcomm_sock_cleanup_listen(struct sock *parent)
171{
172 struct sock *sk;
173
174 BT_DBG("parent %p", parent);
175
176 /* Close not yet accepted dlcs */
177 while ((sk = bt_accept_dequeue(parent, NULL))) {
178 rfcomm_sock_close(sk);
179 rfcomm_sock_kill(sk);
180 }
181
182 parent->sk_state = BT_CLOSED;
183 sock_set_flag(parent, SOCK_ZAPPED);
184}
185
186/* Kill socket (only if zapped and orphan)
187 * Must be called on unlocked socket.
188 */
189static void rfcomm_sock_kill(struct sock *sk)
190{
191 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
192 return;
193
194 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
195
196 /* Kill poor orphan */
197 bt_sock_unlink(&rfcomm_sk_list, sk);
198 sock_set_flag(sk, SOCK_DEAD);
199 sock_put(sk);
200}
201
202static void __rfcomm_sock_close(struct sock *sk)
203{
204 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
205
206 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
207
208 switch (sk->sk_state) {
209 case BT_LISTEN:
210 rfcomm_sock_cleanup_listen(sk);
211 break;
212
213 case BT_CONNECT:
214 case BT_CONNECT2:
215 case BT_CONFIG:
216 case BT_CONNECTED:
217 rfcomm_dlc_close(d, 0);
218
219 default:
220 sock_set_flag(sk, SOCK_ZAPPED);
221 break;
222 }
223}
224
225/* Close socket.
226 * Must be called on unlocked socket.
227 */
228static void rfcomm_sock_close(struct sock *sk)
229{
230 lock_sock(sk);
231 __rfcomm_sock_close(sk);
232 release_sock(sk);
233}
234
235static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
236{
237 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
238
239 BT_DBG("sk %p", sk);
240
241 if (parent) {
242 sk->sk_type = parent->sk_type;
c5daa683
GP		 243 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
244 &bt_sk(parent)->flags);
9f2c8a03
MH		 245
246 pi->sec_level = rfcomm_pi(parent)->sec_level;
247 pi->role_switch = rfcomm_pi(parent)->role_switch;
6230c9b4
PM		 248
249 security_sk_clone(parent, sk);
1da177e4 250 } else {
bb23c0ab 251 pi->dlc->defer_setup = 0;
9f2c8a03
MH		 252
253 pi->sec_level = BT_SECURITY_LOW;
254 pi->role_switch = 0;
1da177e4
LT		 255 }
256
9f2c8a03
MH		 257 pi->dlc->sec_level = pi->sec_level;
258 pi->dlc->role_switch = pi->role_switch;
1da177e4
LT		 259}
260
261static struct proto rfcomm_proto = {
262 .name = "RFCOMM",
263 .owner = THIS_MODULE,
264 .obj_size = sizeof(struct rfcomm_pinfo)
265};
266
1b8d7ae4 267static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 268{
269 struct rfcomm_dlc *d;
270 struct sock *sk;
271
6257ff21 272 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
1da177e4
LT		 273 if (!sk)
274 return NULL;
275
276 sock_init_data(sock, sk);
277 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
278
279 d = rfcomm_dlc_alloc(prio);
280 if (!d) {
281 sk_free(sk);
282 return NULL;
283 }
284
285 d->data_ready = rfcomm_sk_data_ready;
286 d->state_change = rfcomm_sk_state_change;
287
288 rfcomm_pi(sk)->dlc = d;
289 d->owner = sk;
290
291 sk->sk_destruct = rfcomm_sock_destruct;
292 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
293
77db1980
MH		 294 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
295 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
1da177e4
LT		 296
297 sock_reset_flag(sk, SOCK_ZAPPED);
298
299 sk->sk_protocol = proto;
77db1980 300 sk->sk_state = BT_OPEN;
1da177e4
LT		 301
302 bt_sock_link(&rfcomm_sk_list, sk);
303
304 BT_DBG("sk %p", sk);
305 return sk;
306}
307
3f378b68
EP		 308static int rfcomm_sock_create(struct net *net, struct socket *sock,
309 int protocol, int kern)
1da177e4
LT		 310{
311 struct sock *sk;
312
313 BT_DBG("sock %p", sock);
314
315 sock->state = SS_UNCONNECTED;
316
317 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
318 return -ESOCKTNOSUPPORT;
319
320 sock->ops = &rfcomm_sock_ops;
321
1b8d7ae4 322 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
74da626a 323 if (!sk)
1da177e4
LT		 324 return -ENOMEM;
325
326 rfcomm_sock_init(sk, NULL);
327 return 0;
328}
329
330static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
331{
332 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
333 struct sock *sk = sock->sk;
334 int err = 0;
335
6ed93dc6 336 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
1da177e4
LT		 337
338 if (!addr || addr->sa_family != AF_BLUETOOTH)
339 return -EINVAL;
340
341 lock_sock(sk);
342
343 if (sk->sk_state != BT_OPEN) {
344 err = -EBADFD;
345 goto done;
346 }
347
354d28d5
MH		 348 if (sk->sk_type != SOCK_STREAM) {
349 err = -EINVAL;
350 goto done;
351 }
352
95ca83f4 353 write_lock(&rfcomm_sk_list.lock);
1da177e4
LT		 354
355 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
356 err = -EADDRINUSE;
357 } else {
358 /* Save source address */
94a86df0 359 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr);
1da177e4
LT		 360 rfcomm_pi(sk)->channel = sa->rc_channel;
361 sk->sk_state = BT_BOUND;
362 }
363
95ca83f4 364 write_unlock(&rfcomm_sk_list.lock);
1da177e4
LT		 365
366done:
367 release_sock(sk);
368 return err;
369}
370
371static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
372{
373 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
374 struct sock *sk = sock->sk;
375 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
376 int err = 0;
377
378 BT_DBG("sk %p", sk);
379
6503d961
CG		 380 if (alen < sizeof(struct sockaddr_rc) ||
381 addr->sa_family != AF_BLUETOOTH)
1da177e4
LT		 382 return -EINVAL;
383
354d28d5 384 lock_sock(sk);
1da177e4 385
354d28d5
MH		 386 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
387 err = -EBADFD;
388 goto done;
389 }
1da177e4 390
354d28d5
MH		 391 if (sk->sk_type != SOCK_STREAM) {
392 err = -EINVAL;
393 goto done;
394 }
1da177e4
LT		 395
396 sk->sk_state = BT_CONNECT;
94a86df0 397 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
1da177e4
LT		 398 rfcomm_pi(sk)->channel = sa->rc_channel;
399
9f2c8a03
MH		 400 d->sec_level = rfcomm_pi(sk)->sec_level;
401 d->role_switch = rfcomm_pi(sk)->role_switch;
77db1980 402
94a86df0
MH		 403 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
404 sa->rc_channel);
1da177e4
LT		 405 if (!err)
406 err = bt_sock_wait_state(sk, BT_CONNECTED,
407 sock_sndtimeo(sk, flags & O_NONBLOCK));
408
354d28d5 409done:
1da177e4
LT		 410 release_sock(sk);
411 return err;
412}
413
414static int rfcomm_sock_listen(struct socket *sock, int backlog)
415{
416 struct sock *sk = sock->sk;
417 int err = 0;
418
419 BT_DBG("sk %p backlog %d", sk, backlog);
420
421 lock_sock(sk);
422
423 if (sk->sk_state != BT_BOUND) {
424 err = -EBADFD;
425 goto done;
426 }
427
354d28d5
MH		 428 if (sk->sk_type != SOCK_STREAM) {
429 err = -EINVAL;
430 goto done;
431 }
432
1da177e4 433 if (!rfcomm_pi(sk)->channel) {
94a86df0 434 bdaddr_t *src = &rfcomm_pi(sk)->src;
1da177e4
LT		 435 u8 channel;
436
437 err = -EINVAL;
438
95ca83f4 439 write_lock(&rfcomm_sk_list.lock);
1da177e4
LT		 440
441 for (channel = 1; channel < 31; channel++)
442 if (!__rfcomm_get_sock_by_addr(channel, src)) {
443 rfcomm_pi(sk)->channel = channel;
444 err = 0;
445 break;
446 }
447
95ca83f4 448 write_unlock(&rfcomm_sk_list.lock);
1da177e4
LT		 449
450 if (err < 0)
451 goto done;
452 }
453
454 sk->sk_max_ack_backlog = backlog;
455 sk->sk_ack_backlog = 0;
456 sk->sk_state = BT_LISTEN;
457
458done:
459 release_sock(sk);
460 return err;
461}
462
463static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
464{
465 DECLARE_WAITQUEUE(wait, current);
466 struct sock *sk = sock->sk, *nsk;
467 long timeo;
468 int err = 0;
469
dc2a0e20 470 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4 471
354d28d5
MH		 472 if (sk->sk_type != SOCK_STREAM) {
473 err = -EINVAL;
474 goto done;
475 }
476
1da177e4
LT		 477 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
478
479 BT_DBG("sk %p timeo %ld", sk, timeo);
480
481 /* Wait for an incoming connection. (wake-one). */
aa395145 482 add_wait_queue_exclusive(sk_sleep(sk), &wait);
950e2d51 483 while (1) {
1da177e4 484 set_current_state(TASK_INTERRUPTIBLE);
950e2d51
PH		 485
486 if (sk->sk_state != BT_LISTEN) {
487 err = -EBADFD;
1da177e4
LT		 488 break;
489 }
490
950e2d51
PH		 491 nsk = bt_accept_dequeue(sk, newsock);
492 if (nsk)
493 break;
1da177e4 494
950e2d51
PH		 495 if (!timeo) {
496 err = -EAGAIN;
1da177e4
LT		 497 break;
498 }
499
500 if (signal_pending(current)) {
501 err = sock_intr_errno(timeo);
502 break;
503 }
950e2d51
PH		 504
505 release_sock(sk);
506 timeo = schedule_timeout(timeo);
dc2a0e20 507 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4 508 }
950e2d51 509 __set_current_state(TASK_RUNNING);
aa395145 510 remove_wait_queue(sk_sleep(sk), &wait);
1da177e4
LT		 511
512 if (err)
513 goto done;
514
515 newsock->state = SS_CONNECTED;
516
517 BT_DBG("new socket %p", nsk);
518
519done:
520 release_sock(sk);
521 return err;
522}
523
524static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
525{
526 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
527 struct sock *sk = sock->sk;
528
529 BT_DBG("sock %p, sk %p", sock, sk);
530
9344a972 531 memset(sa, 0, sizeof(*sa));
1da177e4
LT		 532 sa->rc_family = AF_BLUETOOTH;
533 sa->rc_channel = rfcomm_pi(sk)->channel;
534 if (peer)
94a86df0 535 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
1da177e4 536 else
94a86df0 537 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
1da177e4
LT		 538
539 *len = sizeof(struct sockaddr_rc);
540 return 0;
541}
542
543static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
544 struct msghdr *msg, size_t len)
545{
546 struct sock *sk = sock->sk;
547 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
548 struct sk_buff *skb;
e793dcf0 549 int sent;
1da177e4 550
bb23c0ab
MH		 551 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
552 return -ENOTCONN;
553
1da177e4
LT		 554 if (msg->msg_flags & MSG_OOB)
555 return -EOPNOTSUPP;
556
557 if (sk->sk_shutdown & SEND_SHUTDOWN)
558 return -EPIPE;
559
560 BT_DBG("sock %p, sk %p", sock, sk);
561
562 lock_sock(sk);
563
e793dcf0
JH		 564 sent = bt_sock_wait_ready(sk, msg->msg_flags);
565 if (sent)
566 goto done;
567
1da177e4
LT		 568 while (len) {
569 size_t size = min_t(size_t, len, d->mtu);
4d6a2188 570 int err;
8e87d142 571
1da177e4
LT		 572 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
573 msg->msg_flags & MSG_DONTWAIT, &err);
91aa35a5
VS		 574 if (!skb) {
575 if (sent == 0)
576 sent = err;
1da177e4 577 break;
91aa35a5 578 }
1da177e4
LT		 579 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
580
581 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
582 if (err) {
583 kfree_skb(skb);
4d6a2188
MH		 584 if (sent == 0)
585 sent = err;
1da177e4
LT		 586 break;
587 }
588
262038fc
LAD		 589 skb->priority = sk->sk_priority;
590
1da177e4
LT		 591 err = rfcomm_dlc_send(d, skb);
592 if (err < 0) {
593 kfree_skb(skb);
4d6a2188
MH		 594 if (sent == 0)
595 sent = err;
1da177e4
LT		 596 break;
597 }
598
599 sent += size;
600 len -= size;
601 }
602
e793dcf0 603done:
1da177e4
LT		 604 release_sock(sk);
605
4d6a2188 606 return sent;
1da177e4
LT		 607}
608
1da177e4
LT		 609static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
610 struct msghdr *msg, size_t size, int flags)
611{
612 struct sock *sk = sock->sk;
bb23c0ab 613 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
3d7d01df 614 int len;
1da177e4 615
bb23c0ab
MH		 616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
617 rfcomm_dlc_accept(d);
618 return 0;
619 }
620
3d7d01df 621 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
1da177e4
LT		 622
623 lock_sock(sk);
3d7d01df
MM		 624 if (!(flags & MSG_PEEK) && len > 0)
625 atomic_sub(len, &sk->sk_rmem_alloc);
1da177e4 626
1da177e4
LT		 627 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
628 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
1da177e4 629 release_sock(sk);
3d7d01df
MM		 630
631 return len;
1da177e4
LT		 632}
633
b7058842 634static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1da177e4
LT		 635{
636 struct sock *sk = sock->sk;
637 int err = 0;
638 u32 opt;
639
640 BT_DBG("sk %p", sk);
641
642 lock_sock(sk);
643
644 switch (optname) {
645 case RFCOMM_LM:
646 if (get_user(opt, (u32 __user *) optval)) {
647 err = -EFAULT;
648 break;
649 }
650
2c068e0b
MH		 651 if (opt & RFCOMM_LM_FIPS) {
652 err = -EINVAL;
653 break;
654 }
655
9f2c8a03
MH		 656 if (opt & RFCOMM_LM_AUTH)
657 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
658 if (opt & RFCOMM_LM_ENCRYPT)
659 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
660 if (opt & RFCOMM_LM_SECURE)
661 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
662
663 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
1da177e4
LT		 664 break;
665
666 default:
667 err = -ENOPROTOOPT;
668 break;
669 }
670
671 release_sock(sk);
672 return err;
673}
674
b7058842 675static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
d58daf42
MH		 676{
677 struct sock *sk = sock->sk;
9f2c8a03 678 struct bt_security sec;
d0fad89d
SB		 679 int err = 0;
680 size_t len;
bb23c0ab 681 u32 opt;
d58daf42
MH		 682
683 BT_DBG("sk %p", sk);
684
685 if (level == SOL_RFCOMM)
686 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
687
0588d94f
MH		 688 if (level != SOL_BLUETOOTH)
689 return -ENOPROTOOPT;
690
d58daf42
MH		 691 lock_sock(sk);
692
693 switch (optname) {
9f2c8a03 694 case BT_SECURITY:
0588d94f
MH		 695 if (sk->sk_type != SOCK_STREAM) {
696 err = -EINVAL;
697 break;
698 }
699
9f2c8a03
MH		 700 sec.level = BT_SECURITY_LOW;
701
702 len = min_t(unsigned int, sizeof(sec), optlen);
703 if (copy_from_user((char *) &sec, optval, len)) {
704 err = -EFAULT;
705 break;
706 }
707
708 if (sec.level > BT_SECURITY_HIGH) {
709 err = -EINVAL;
710 break;
711 }
712
713 rfcomm_pi(sk)->sec_level = sec.level;
714 break;
715
bb23c0ab
MH		 716 case BT_DEFER_SETUP:
717 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
718 err = -EINVAL;
719 break;
720 }
721
722 if (get_user(opt, (u32 __user *) optval)) {
723 err = -EFAULT;
724 break;
725 }
726
c5daa683
GP		 727 if (opt)
728 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
729 else
730 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
731
bb23c0ab
MH		 732 break;
733
d58daf42
MH		 734 default:
735 err = -ENOPROTOOPT;
736 break;
737 }
738
739 release_sock(sk);
740 return err;
741}
742
743static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 744{
745 struct sock *sk = sock->sk;
60c7a3c9
MH		 746 struct sock *l2cap_sk;
747 struct l2cap_conn *conn;
1da177e4
LT		 748 struct rfcomm_conninfo cinfo;
749 int len, err = 0;
9f2c8a03 750 u32 opt;
1da177e4
LT		 751
752 BT_DBG("sk %p", sk);
753
754 if (get_user(len, optlen))
755 return -EFAULT;
756
757 lock_sock(sk);
758
759 switch (optname) {
760 case RFCOMM_LM:
9f2c8a03
MH		 761 switch (rfcomm_pi(sk)->sec_level) {
762 case BT_SECURITY_LOW:
763 opt = RFCOMM_LM_AUTH;
764 break;
765 case BT_SECURITY_MEDIUM:
766 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
767 break;
768 case BT_SECURITY_HIGH:
769 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
2c068e0b
MH		 770 RFCOMM_LM_SECURE;
771 break;
772 case BT_SECURITY_FIPS:
773 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
774 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
9f2c8a03
MH		 775 break;
776 default:
777 opt = 0;
778 break;
779 }
780
781 if (rfcomm_pi(sk)->role_switch)
782 opt |= RFCOMM_LM_MASTER;
783
784 if (put_user(opt, (u32 __user *) optval))
1da177e4 785 err = -EFAULT;
2c068e0b 786
1da177e4
LT		 787 break;
788
789 case RFCOMM_CONNINFO:
bb23c0ab
MH		 790 if (sk->sk_state != BT_CONNECTED &&
791 !rfcomm_pi(sk)->dlc->defer_setup) {
1da177e4
LT		 792 err = -ENOTCONN;
793 break;
794 }
795
60c7a3c9
MH		 796 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
797 conn = l2cap_pi(l2cap_sk)->chan->conn;
798
8d03e971 799 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 800 cinfo.hci_handle = conn->hcon->handle;
801 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
1da177e4
LT		 802
803 len = min_t(unsigned int, len, sizeof(cinfo));
804 if (copy_to_user(optval, (char *) &cinfo, len))
805 err = -EFAULT;
806
807 break;
808
809 default:
810 err = -ENOPROTOOPT;
811 break;
812 }
813
814 release_sock(sk);
d58daf42
MH		 815 return err;
816}
817
818static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
819{
820 struct sock *sk = sock->sk;
9f2c8a03 821 struct bt_security sec;
d58daf42
MH		 822 int len, err = 0;
823
824 BT_DBG("sk %p", sk);
825
826 if (level == SOL_RFCOMM)
827 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
828
0588d94f
MH		 829 if (level != SOL_BLUETOOTH)
830 return -ENOPROTOOPT;
831
d58daf42
MH		 832 if (get_user(len, optlen))
833 return -EFAULT;
834
835 lock_sock(sk);
836
837 switch (optname) {
9f2c8a03 838 case BT_SECURITY:
0588d94f
MH		 839 if (sk->sk_type != SOCK_STREAM) {
840 err = -EINVAL;
841 break;
842 }
843
9f2c8a03 844 sec.level = rfcomm_pi(sk)->sec_level;
9ad2de43 845 sec.key_size = 0;
9f2c8a03
MH		 846
847 len = min_t(unsigned int, len, sizeof(sec));
848 if (copy_to_user(optval, (char *) &sec, len))
849 err = -EFAULT;
850
851 break;
852
bb23c0ab
MH		 853 case BT_DEFER_SETUP:
854 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
855 err = -EINVAL;
856 break;
857 }
858
c5daa683
GP		 859 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
860 (u32 __user *) optval))
bb23c0ab
MH		 861 err = -EFAULT;
862
863 break;
864
d58daf42
MH		 865 default:
866 err = -ENOPROTOOPT;
867 break;
868 }
869
870 release_sock(sk);
1da177e4
LT		 871 return err;
872}
873
874static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
875{
e19caae7 876 struct sock *sk __maybe_unused = sock->sk;
1da177e4
LT		 877 int err;
878
e19caae7 879 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
1da177e4 880
3241ad82 881 err = bt_sock_ioctl(sock, cmd, arg);
1da177e4 882
3241ad82 883 if (err == -ENOIOCTLCMD) {
1da177e4 884#ifdef CONFIG_BT_RFCOMM_TTY
3241ad82
MH		 885 lock_sock(sk);
886 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
887 release_sock(sk);
1da177e4 888#else
3241ad82 889 err = -EOPNOTSUPP;
1da177e4 890#endif
3241ad82 891 }
1da177e4 892
1da177e4
LT		 893 return err;
894}
895
896static int rfcomm_sock_shutdown(struct socket *sock, int how)
897{
898 struct sock *sk = sock->sk;
899 int err = 0;
900
901 BT_DBG("sock %p, sk %p", sock, sk);
902
285b4e90
AE		 903 if (!sk)
904 return 0;
1da177e4
LT		 905
906 lock_sock(sk);
907 if (!sk->sk_shutdown) {
908 sk->sk_shutdown = SHUTDOWN_MASK;
909 __rfcomm_sock_close(sk);
910
911 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
912 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
913 }
914 release_sock(sk);
915 return err;
916}
917
918static int rfcomm_sock_release(struct socket *sock)
919{
920 struct sock *sk = sock->sk;
921 int err;
922
923 BT_DBG("sock %p, sk %p", sock, sk);
924
925 if (!sk)
926 return 0;
927
928 err = rfcomm_sock_shutdown(sock, 2);
929
930 sock_orphan(sk);
931 rfcomm_sock_kill(sk);
932 return err;
933}
934
8e87d142 935/* ---- RFCOMM core layer callbacks ----
1da177e4
LT		 936 *
937 * called under rfcomm_lock()
938 */
939int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
940{
941 struct sock *sk, *parent;
942 bdaddr_t src, dst;
943 int result = 0;
944
945 BT_DBG("session %p channel %d", s, channel);
946
947 rfcomm_session_getaddr(s, &src, &dst);
948
949 /* Check if we have socket listening on channel */
950 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
951 if (!parent)
952 return 0;
953
eeb36656
GP		 954 bh_lock_sock(parent);
955
1da177e4
LT		 956 /* Check for backlog size */
957 if (sk_acceptq_is_full(parent)) {
8e87d142 958 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 959 goto done;
960 }
961
3b1e0a65 962 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1da177e4
LT		 963 if (!sk)
964 goto done;
965
b5a30dda
OP		 966 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
967
1da177e4 968 rfcomm_sock_init(sk, parent);
94a86df0
MH		 969 bacpy(&rfcomm_pi(sk)->src, &src);
970 bacpy(&rfcomm_pi(sk)->dst, &dst);
1da177e4
LT		 971 rfcomm_pi(sk)->channel = channel;
972
973 sk->sk_state = BT_CONFIG;
974 bt_accept_enqueue(parent, sk);
975
976 /* Accept connection and return socket DLC */
977 *d = rfcomm_pi(sk)->dlc;
978 result = 1;
979
980done:
981 bh_unlock_sock(parent);
bb23c0ab 982
c5daa683 983 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
bb23c0ab
MH		 984 parent->sk_state_change(parent);
985
1da177e4
LT		 986 return result;
987}
988
aef7d97c 989static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1da177e4
LT		 990{
991 struct sock *sk;
1da177e4 992
95ca83f4 993 read_lock(&rfcomm_sk_list.lock);
1da177e4 994
b67bfe0d 995 sk_for_each(sk, &rfcomm_sk_list.head) {
fcb73338 996 seq_printf(f, "%pMR %pMR %d %d\n",
94a86df0 997 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
fcb73338 998 sk->sk_state, rfcomm_pi(sk)->channel);
be9d1227 999 }
1da177e4 1000
95ca83f4 1001 read_unlock(&rfcomm_sk_list.lock);
1da177e4 1002
aef7d97c 1003 return 0;
1da177e4
LT		 1004}
1005
aef7d97c
MH		 1006static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1007{
1008 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1009}
1010
1011static const struct file_operations rfcomm_sock_debugfs_fops = {
1012 .open = rfcomm_sock_debugfs_open,
1013 .read = seq_read,
1014 .llseek = seq_lseek,
1015 .release = single_release,
1016};
1017
1018static struct dentry *rfcomm_sock_debugfs;
1da177e4 1019
90ddc4f0 1020static const struct proto_ops rfcomm_sock_ops = {
1da177e4
LT		 1021 .family = PF_BLUETOOTH,
1022 .owner = THIS_MODULE,
1023 .release = rfcomm_sock_release,
1024 .bind = rfcomm_sock_bind,
1025 .connect = rfcomm_sock_connect,
1026 .listen = rfcomm_sock_listen,
1027 .accept = rfcomm_sock_accept,
1028 .getname = rfcomm_sock_getname,
1029 .sendmsg = rfcomm_sock_sendmsg,
1030 .recvmsg = rfcomm_sock_recvmsg,
1031 .shutdown = rfcomm_sock_shutdown,
1032 .setsockopt = rfcomm_sock_setsockopt,
1033 .getsockopt = rfcomm_sock_getsockopt,
1034 .ioctl = rfcomm_sock_ioctl,
1035 .poll = bt_sock_poll,
1036 .socketpair = sock_no_socketpair,
1037 .mmap = sock_no_mmap
1038};
1039
ec1b4cf7 1040static const struct net_proto_family rfcomm_sock_family_ops = {
1da177e4
LT		 1041 .family = PF_BLUETOOTH,
1042 .owner = THIS_MODULE,
1043 .create = rfcomm_sock_create
1044};
1045
be9d1227 1046int __init rfcomm_init_sockets(void)
1da177e4
LT		 1047{
1048 int err;
1049
1050 err = proto_register(&rfcomm_proto, 0);
1051 if (err < 0)
1052 return err;
1053
1054 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
c6f5df16
MY		 1055 if (err < 0) {
1056 BT_ERR("RFCOMM socket layer registration failed");
1057 goto error;
1058 }
1059
b0316615 1060 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
c6f5df16
MY		 1061 if (err < 0) {
1062 BT_ERR("Failed to create RFCOMM proc file");
1063 bt_sock_unregister(BTPROTO_RFCOMM);
1da177e4 1064 goto error;
c6f5df16 1065 }
1da177e4 1066
1da177e4
LT		 1067 BT_INFO("RFCOMM socket layer initialized");
1068
1120e4bf
MH		 1069 if (IS_ERR_OR_NULL(bt_debugfs))
1070 return 0;
1071
1072 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1073 bt_debugfs, NULL,
1074 &rfcomm_sock_debugfs_fops);
1075
1da177e4
LT		 1076 return 0;
1077
1078error:
1da177e4
LT		 1079 proto_unregister(&rfcomm_proto);
1080 return err;
1081}
1082
2f8362af 1083void __exit rfcomm_cleanup_sockets(void)
1da177e4 1084{
c6f5df16
MY		 1085 bt_procfs_cleanup(&init_net, "rfcomm");
1086
aef7d97c 1087 debugfs_remove(rfcomm_sock_debugfs);
1da177e4 1088
5e9d7f86 1089 bt_sock_unregister(BTPROTO_RFCOMM);
1da177e4
LT		 1090
1091 proto_unregister(&rfcomm_proto);
1092}
Ubuntu Artful kernel mirror