forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1111 lines
23 KiB
1111 lines
23 KiB
/* |
|
RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
|
Copyright (C) 2002 Maxim Krasnyansky <[email protected]> |
|
Copyright (C) 2002 Marcel Holtmann <[email protected]> |
|
|
|
This program is free software; you can redistribute it and/or modify |
|
it under the terms of the GNU General Public License version 2 as |
|
published by the Free Software Foundation; |
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
|
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. |
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY |
|
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
|
|
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
|
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS |
|
SOFTWARE IS DISCLAIMED. |
|
*/ |
|
|
|
/* |
|
* RFCOMM sockets. |
|
*/ |
|
#include <linux/compat.h> |
|
#include <linux/export.h> |
|
#include <linux/debugfs.h> |
|
#include <linux/sched/signal.h> |
|
|
|
#include <net/bluetooth/bluetooth.h> |
|
#include <net/bluetooth/hci_core.h> |
|
#include <net/bluetooth/l2cap.h> |
|
#include <net/bluetooth/rfcomm.h> |
|
|
|
static const struct proto_ops rfcomm_sock_ops; |
|
|
|
static struct bt_sock_list rfcomm_sk_list = { |
|
.lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) |
|
}; |
|
|
|
static void rfcomm_sock_close(struct sock *sk); |
|
static void rfcomm_sock_kill(struct sock *sk); |
|
|
|
/* ---- DLC callbacks ---- |
|
* |
|
* called under rfcomm_dlc_lock() |
|
*/ |
|
static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) |
|
{ |
|
struct sock *sk = d->owner; |
|
if (!sk) |
|
return; |
|
|
|
atomic_add(skb->len, &sk->sk_rmem_alloc); |
|
skb_queue_tail(&sk->sk_receive_queue, skb); |
|
sk->sk_data_ready(sk); |
|
|
|
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) |
|
rfcomm_dlc_throttle(d); |
|
} |
|
|
|
static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) |
|
{ |
|
struct sock *sk = d->owner, *parent; |
|
|
|
if (!sk) |
|
return; |
|
|
|
BT_DBG("dlc %p state %ld err %d", d, d->state, err); |
|
|
|
lock_sock(sk); |
|
|
|
if (err) |
|
sk->sk_err = err; |
|
|
|
sk->sk_state = d->state; |
|
|
|
parent = bt_sk(sk)->parent; |
|
if (parent) { |
|
if (d->state == BT_CLOSED) { |
|
sock_set_flag(sk, SOCK_ZAPPED); |
|
bt_accept_unlink(sk); |
|
} |
|
parent->sk_data_ready(parent); |
|
} else { |
|
if (d->state == BT_CONNECTED) |
|
rfcomm_session_getaddr(d->session, |
|
&rfcomm_pi(sk)->src, NULL); |
|
sk->sk_state_change(sk); |
|
} |
|
|
|
release_sock(sk); |
|
|
|
if (parent && sock_flag(sk, SOCK_ZAPPED)) { |
|
/* We have to drop DLC lock here, otherwise |
|
* rfcomm_sock_destruct() will dead lock. */ |
|
rfcomm_dlc_unlock(d); |
|
rfcomm_sock_kill(sk); |
|
rfcomm_dlc_lock(d); |
|
} |
|
} |
|
|
|
/* ---- Socket functions ---- */ |
|
static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) |
|
{ |
|
struct sock *sk = NULL; |
|
|
|
sk_for_each(sk, &rfcomm_sk_list.head) { |
|
if (rfcomm_pi(sk)->channel != channel) |
|
continue; |
|
|
|
if (bacmp(&rfcomm_pi(sk)->src, src)) |
|
continue; |
|
|
|
if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) |
|
break; |
|
} |
|
|
|
return sk ? sk : NULL; |
|
} |
|
|
|
/* Find socket with channel and source bdaddr. |
|
* Returns closest match. |
|
*/ |
|
static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) |
|
{ |
|
struct sock *sk = NULL, *sk1 = NULL; |
|
|
|
read_lock(&rfcomm_sk_list.lock); |
|
|
|
sk_for_each(sk, &rfcomm_sk_list.head) { |
|
if (state && sk->sk_state != state) |
|
continue; |
|
|
|
if (rfcomm_pi(sk)->channel == channel) { |
|
/* Exact match. */ |
|
if (!bacmp(&rfcomm_pi(sk)->src, src)) |
|
break; |
|
|
|
/* Closest match */ |
|
if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY)) |
|
sk1 = sk; |
|
} |
|
} |
|
|
|
read_unlock(&rfcomm_sk_list.lock); |
|
|
|
return sk ? sk : sk1; |
|
} |
|
|
|
static void rfcomm_sock_destruct(struct sock *sk) |
|
{ |
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
|
|
|
BT_DBG("sk %p dlc %p", sk, d); |
|
|
|
skb_queue_purge(&sk->sk_receive_queue); |
|
skb_queue_purge(&sk->sk_write_queue); |
|
|
|
rfcomm_dlc_lock(d); |
|
rfcomm_pi(sk)->dlc = NULL; |
|
|
|
/* Detach DLC if it's owned by this socket */ |
|
if (d->owner == sk) |
|
d->owner = NULL; |
|
rfcomm_dlc_unlock(d); |
|
|
|
rfcomm_dlc_put(d); |
|
} |
|
|
|
static void rfcomm_sock_cleanup_listen(struct sock *parent) |
|
{ |
|
struct sock *sk; |
|
|
|
BT_DBG("parent %p", parent); |
|
|
|
/* Close not yet accepted dlcs */ |
|
while ((sk = bt_accept_dequeue(parent, NULL))) { |
|
rfcomm_sock_close(sk); |
|
rfcomm_sock_kill(sk); |
|
} |
|
|
|
parent->sk_state = BT_CLOSED; |
|
sock_set_flag(parent, SOCK_ZAPPED); |
|
} |
|
|
|
/* Kill socket (only if zapped and orphan) |
|
* Must be called on unlocked socket. |
|
*/ |
|
static void rfcomm_sock_kill(struct sock *sk) |
|
{ |
|
if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) |
|
return; |
|
|
|
BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); |
|
|
|
/* Kill poor orphan */ |
|
bt_sock_unlink(&rfcomm_sk_list, sk); |
|
sock_set_flag(sk, SOCK_DEAD); |
|
sock_put(sk); |
|
} |
|
|
|
static void __rfcomm_sock_close(struct sock *sk) |
|
{ |
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
|
|
|
BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); |
|
|
|
switch (sk->sk_state) { |
|
case BT_LISTEN: |
|
rfcomm_sock_cleanup_listen(sk); |
|
break; |
|
|
|
case BT_CONNECT: |
|
case BT_CONNECT2: |
|
case BT_CONFIG: |
|
case BT_CONNECTED: |
|
rfcomm_dlc_close(d, 0); |
|
fallthrough; |
|
|
|
default: |
|
sock_set_flag(sk, SOCK_ZAPPED); |
|
break; |
|
} |
|
} |
|
|
|
/* Close socket. |
|
* Must be called on unlocked socket. |
|
*/ |
|
static void rfcomm_sock_close(struct sock *sk) |
|
{ |
|
lock_sock(sk); |
|
__rfcomm_sock_close(sk); |
|
release_sock(sk); |
|
} |
|
|
|
static void rfcomm_sock_init(struct sock *sk, struct sock *parent) |
|
{ |
|
struct rfcomm_pinfo *pi = rfcomm_pi(sk); |
|
|
|
BT_DBG("sk %p", sk); |
|
|
|
if (parent) { |
|
sk->sk_type = parent->sk_type; |
|
pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP, |
|
&bt_sk(parent)->flags); |
|
|
|
pi->sec_level = rfcomm_pi(parent)->sec_level; |
|
pi->role_switch = rfcomm_pi(parent)->role_switch; |
|
|
|
security_sk_clone(parent, sk); |
|
} else { |
|
pi->dlc->defer_setup = 0; |
|
|
|
pi->sec_level = BT_SECURITY_LOW; |
|
pi->role_switch = 0; |
|
} |
|
|
|
pi->dlc->sec_level = pi->sec_level; |
|
pi->dlc->role_switch = pi->role_switch; |
|
} |
|
|
|
static struct proto rfcomm_proto = { |
|
.name = "RFCOMM", |
|
.owner = THIS_MODULE, |
|
.obj_size = sizeof(struct rfcomm_pinfo) |
|
}; |
|
|
|
static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern) |
|
{ |
|
struct rfcomm_dlc *d; |
|
struct sock *sk; |
|
|
|
sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern); |
|
if (!sk) |
|
return NULL; |
|
|
|
sock_init_data(sock, sk); |
|
INIT_LIST_HEAD(&bt_sk(sk)->accept_q); |
|
|
|
d = rfcomm_dlc_alloc(prio); |
|
if (!d) { |
|
sk_free(sk); |
|
return NULL; |
|
} |
|
|
|
d->data_ready = rfcomm_sk_data_ready; |
|
d->state_change = rfcomm_sk_state_change; |
|
|
|
rfcomm_pi(sk)->dlc = d; |
|
d->owner = sk; |
|
|
|
sk->sk_destruct = rfcomm_sock_destruct; |
|
sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; |
|
|
|
sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; |
|
sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; |
|
|
|
sock_reset_flag(sk, SOCK_ZAPPED); |
|
|
|
sk->sk_protocol = proto; |
|
sk->sk_state = BT_OPEN; |
|
|
|
bt_sock_link(&rfcomm_sk_list, sk); |
|
|
|
BT_DBG("sk %p", sk); |
|
return sk; |
|
} |
|
|
|
static int rfcomm_sock_create(struct net *net, struct socket *sock, |
|
int protocol, int kern) |
|
{ |
|
struct sock *sk; |
|
|
|
BT_DBG("sock %p", sock); |
|
|
|
sock->state = SS_UNCONNECTED; |
|
|
|
if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) |
|
return -ESOCKTNOSUPPORT; |
|
|
|
sock->ops = &rfcomm_sock_ops; |
|
|
|
sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); |
|
if (!sk) |
|
return -ENOMEM; |
|
|
|
rfcomm_sock_init(sk, NULL); |
|
return 0; |
|
} |
|
|
|
static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) |
|
{ |
|
struct sockaddr_rc sa; |
|
struct sock *sk = sock->sk; |
|
int len, err = 0; |
|
|
|
if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || |
|
addr->sa_family != AF_BLUETOOTH) |
|
return -EINVAL; |
|
|
|
memset(&sa, 0, sizeof(sa)); |
|
len = min_t(unsigned int, sizeof(sa), addr_len); |
|
memcpy(&sa, addr, len); |
|
|
|
BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); |
|
|
|
lock_sock(sk); |
|
|
|
if (sk->sk_state != BT_OPEN) { |
|
err = -EBADFD; |
|
goto done; |
|
} |
|
|
|
if (sk->sk_type != SOCK_STREAM) { |
|
err = -EINVAL; |
|
goto done; |
|
} |
|
|
|
write_lock(&rfcomm_sk_list.lock); |
|
|
|
if (sa.rc_channel && |
|
__rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { |
|
err = -EADDRINUSE; |
|
} else { |
|
/* Save source address */ |
|
bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); |
|
rfcomm_pi(sk)->channel = sa.rc_channel; |
|
sk->sk_state = BT_BOUND; |
|
} |
|
|
|
write_unlock(&rfcomm_sk_list.lock); |
|
|
|
done: |
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) |
|
{ |
|
struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; |
|
struct sock *sk = sock->sk; |
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
|
int err = 0; |
|
|
|
BT_DBG("sk %p", sk); |
|
|
|
if (alen < sizeof(struct sockaddr_rc) || |
|
addr->sa_family != AF_BLUETOOTH) |
|
return -EINVAL; |
|
|
|
lock_sock(sk); |
|
|
|
if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { |
|
err = -EBADFD; |
|
goto done; |
|
} |
|
|
|
if (sk->sk_type != SOCK_STREAM) { |
|
err = -EINVAL; |
|
goto done; |
|
} |
|
|
|
sk->sk_state = BT_CONNECT; |
|
bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr); |
|
rfcomm_pi(sk)->channel = sa->rc_channel; |
|
|
|
d->sec_level = rfcomm_pi(sk)->sec_level; |
|
d->role_switch = rfcomm_pi(sk)->role_switch; |
|
|
|
err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr, |
|
sa->rc_channel); |
|
if (!err) |
|
err = bt_sock_wait_state(sk, BT_CONNECTED, |
|
sock_sndtimeo(sk, flags & O_NONBLOCK)); |
|
|
|
done: |
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_listen(struct socket *sock, int backlog) |
|
{ |
|
struct sock *sk = sock->sk; |
|
int err = 0; |
|
|
|
BT_DBG("sk %p backlog %d", sk, backlog); |
|
|
|
lock_sock(sk); |
|
|
|
if (sk->sk_state != BT_BOUND) { |
|
err = -EBADFD; |
|
goto done; |
|
} |
|
|
|
if (sk->sk_type != SOCK_STREAM) { |
|
err = -EINVAL; |
|
goto done; |
|
} |
|
|
|
if (!rfcomm_pi(sk)->channel) { |
|
bdaddr_t *src = &rfcomm_pi(sk)->src; |
|
u8 channel; |
|
|
|
err = -EINVAL; |
|
|
|
write_lock(&rfcomm_sk_list.lock); |
|
|
|
for (channel = 1; channel < 31; channel++) |
|
if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { |
|
rfcomm_pi(sk)->channel = channel; |
|
err = 0; |
|
break; |
|
} |
|
|
|
write_unlock(&rfcomm_sk_list.lock); |
|
|
|
if (err < 0) |
|
goto done; |
|
} |
|
|
|
sk->sk_max_ack_backlog = backlog; |
|
sk->sk_ack_backlog = 0; |
|
sk->sk_state = BT_LISTEN; |
|
|
|
done: |
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags, |
|
bool kern) |
|
{ |
|
DEFINE_WAIT_FUNC(wait, woken_wake_function); |
|
struct sock *sk = sock->sk, *nsk; |
|
long timeo; |
|
int err = 0; |
|
|
|
lock_sock_nested(sk, SINGLE_DEPTH_NESTING); |
|
|
|
if (sk->sk_type != SOCK_STREAM) { |
|
err = -EINVAL; |
|
goto done; |
|
} |
|
|
|
timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); |
|
|
|
BT_DBG("sk %p timeo %ld", sk, timeo); |
|
|
|
/* Wait for an incoming connection. (wake-one). */ |
|
add_wait_queue_exclusive(sk_sleep(sk), &wait); |
|
while (1) { |
|
if (sk->sk_state != BT_LISTEN) { |
|
err = -EBADFD; |
|
break; |
|
} |
|
|
|
nsk = bt_accept_dequeue(sk, newsock); |
|
if (nsk) |
|
break; |
|
|
|
if (!timeo) { |
|
err = -EAGAIN; |
|
break; |
|
} |
|
|
|
if (signal_pending(current)) { |
|
err = sock_intr_errno(timeo); |
|
break; |
|
} |
|
|
|
release_sock(sk); |
|
|
|
timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); |
|
|
|
lock_sock_nested(sk, SINGLE_DEPTH_NESTING); |
|
} |
|
remove_wait_queue(sk_sleep(sk), &wait); |
|
|
|
if (err) |
|
goto done; |
|
|
|
newsock->state = SS_CONNECTED; |
|
|
|
BT_DBG("new socket %p", nsk); |
|
|
|
done: |
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer) |
|
{ |
|
struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; |
|
struct sock *sk = sock->sk; |
|
|
|
BT_DBG("sock %p, sk %p", sock, sk); |
|
|
|
if (peer && sk->sk_state != BT_CONNECTED && |
|
sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) |
|
return -ENOTCONN; |
|
|
|
memset(sa, 0, sizeof(*sa)); |
|
sa->rc_family = AF_BLUETOOTH; |
|
sa->rc_channel = rfcomm_pi(sk)->channel; |
|
if (peer) |
|
bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst); |
|
else |
|
bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src); |
|
|
|
return sizeof(struct sockaddr_rc); |
|
} |
|
|
|
static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, |
|
size_t len) |
|
{ |
|
struct sock *sk = sock->sk; |
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
|
struct sk_buff *skb; |
|
int sent; |
|
|
|
if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) |
|
return -ENOTCONN; |
|
|
|
if (msg->msg_flags & MSG_OOB) |
|
return -EOPNOTSUPP; |
|
|
|
if (sk->sk_shutdown & SEND_SHUTDOWN) |
|
return -EPIPE; |
|
|
|
BT_DBG("sock %p, sk %p", sock, sk); |
|
|
|
lock_sock(sk); |
|
|
|
sent = bt_sock_wait_ready(sk, msg->msg_flags); |
|
if (sent) |
|
goto done; |
|
|
|
while (len) { |
|
size_t size = min_t(size_t, len, d->mtu); |
|
int err; |
|
|
|
skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, |
|
msg->msg_flags & MSG_DONTWAIT, &err); |
|
if (!skb) { |
|
if (sent == 0) |
|
sent = err; |
|
break; |
|
} |
|
skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); |
|
|
|
err = memcpy_from_msg(skb_put(skb, size), msg, size); |
|
if (err) { |
|
kfree_skb(skb); |
|
if (sent == 0) |
|
sent = err; |
|
break; |
|
} |
|
|
|
skb->priority = sk->sk_priority; |
|
|
|
err = rfcomm_dlc_send(d, skb); |
|
if (err < 0) { |
|
kfree_skb(skb); |
|
if (sent == 0) |
|
sent = err; |
|
break; |
|
} |
|
|
|
sent += size; |
|
len -= size; |
|
} |
|
|
|
done: |
|
release_sock(sk); |
|
|
|
return sent; |
|
} |
|
|
|
static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, |
|
size_t size, int flags) |
|
{ |
|
struct sock *sk = sock->sk; |
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
|
int len; |
|
|
|
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
|
rfcomm_dlc_accept(d); |
|
return 0; |
|
} |
|
|
|
len = bt_sock_stream_recvmsg(sock, msg, size, flags); |
|
|
|
lock_sock(sk); |
|
if (!(flags & MSG_PEEK) && len > 0) |
|
atomic_sub(len, &sk->sk_rmem_alloc); |
|
|
|
if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) |
|
rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); |
|
release_sock(sk); |
|
|
|
return len; |
|
} |
|
|
|
static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, |
|
sockptr_t optval, unsigned int optlen) |
|
{ |
|
struct sock *sk = sock->sk; |
|
int err = 0; |
|
u32 opt; |
|
|
|
BT_DBG("sk %p", sk); |
|
|
|
lock_sock(sk); |
|
|
|
switch (optname) { |
|
case RFCOMM_LM: |
|
if (copy_from_sockptr(&opt, optval, sizeof(u32))) { |
|
err = -EFAULT; |
|
break; |
|
} |
|
|
|
if (opt & RFCOMM_LM_FIPS) { |
|
err = -EINVAL; |
|
break; |
|
} |
|
|
|
if (opt & RFCOMM_LM_AUTH) |
|
rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; |
|
if (opt & RFCOMM_LM_ENCRYPT) |
|
rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; |
|
if (opt & RFCOMM_LM_SECURE) |
|
rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; |
|
|
|
rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); |
|
break; |
|
|
|
default: |
|
err = -ENOPROTOOPT; |
|
break; |
|
} |
|
|
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, |
|
sockptr_t optval, unsigned int optlen) |
|
{ |
|
struct sock *sk = sock->sk; |
|
struct bt_security sec; |
|
int err = 0; |
|
size_t len; |
|
u32 opt; |
|
|
|
BT_DBG("sk %p", sk); |
|
|
|
if (level == SOL_RFCOMM) |
|
return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); |
|
|
|
if (level != SOL_BLUETOOTH) |
|
return -ENOPROTOOPT; |
|
|
|
lock_sock(sk); |
|
|
|
switch (optname) { |
|
case BT_SECURITY: |
|
if (sk->sk_type != SOCK_STREAM) { |
|
err = -EINVAL; |
|
break; |
|
} |
|
|
|
sec.level = BT_SECURITY_LOW; |
|
|
|
len = min_t(unsigned int, sizeof(sec), optlen); |
|
if (copy_from_sockptr(&sec, optval, len)) { |
|
err = -EFAULT; |
|
break; |
|
} |
|
|
|
if (sec.level > BT_SECURITY_HIGH) { |
|
err = -EINVAL; |
|
break; |
|
} |
|
|
|
rfcomm_pi(sk)->sec_level = sec.level; |
|
break; |
|
|
|
case BT_DEFER_SETUP: |
|
if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { |
|
err = -EINVAL; |
|
break; |
|
} |
|
|
|
if (copy_from_sockptr(&opt, optval, sizeof(u32))) { |
|
err = -EFAULT; |
|
break; |
|
} |
|
|
|
if (opt) |
|
set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); |
|
else |
|
clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); |
|
|
|
break; |
|
|
|
default: |
|
err = -ENOPROTOOPT; |
|
break; |
|
} |
|
|
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) |
|
{ |
|
struct sock *sk = sock->sk; |
|
struct sock *l2cap_sk; |
|
struct l2cap_conn *conn; |
|
struct rfcomm_conninfo cinfo; |
|
int len, err = 0; |
|
u32 opt; |
|
|
|
BT_DBG("sk %p", sk); |
|
|
|
if (get_user(len, optlen)) |
|
return -EFAULT; |
|
|
|
lock_sock(sk); |
|
|
|
switch (optname) { |
|
case RFCOMM_LM: |
|
switch (rfcomm_pi(sk)->sec_level) { |
|
case BT_SECURITY_LOW: |
|
opt = RFCOMM_LM_AUTH; |
|
break; |
|
case BT_SECURITY_MEDIUM: |
|
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; |
|
break; |
|
case BT_SECURITY_HIGH: |
|
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | |
|
RFCOMM_LM_SECURE; |
|
break; |
|
case BT_SECURITY_FIPS: |
|
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | |
|
RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; |
|
break; |
|
default: |
|
opt = 0; |
|
break; |
|
} |
|
|
|
if (rfcomm_pi(sk)->role_switch) |
|
opt |= RFCOMM_LM_MASTER; |
|
|
|
if (put_user(opt, (u32 __user *) optval)) |
|
err = -EFAULT; |
|
|
|
break; |
|
|
|
case RFCOMM_CONNINFO: |
|
if (sk->sk_state != BT_CONNECTED && |
|
!rfcomm_pi(sk)->dlc->defer_setup) { |
|
err = -ENOTCONN; |
|
break; |
|
} |
|
|
|
l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; |
|
conn = l2cap_pi(l2cap_sk)->chan->conn; |
|
|
|
memset(&cinfo, 0, sizeof(cinfo)); |
|
cinfo.hci_handle = conn->hcon->handle; |
|
memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); |
|
|
|
len = min_t(unsigned int, len, sizeof(cinfo)); |
|
if (copy_to_user(optval, (char *) &cinfo, len)) |
|
err = -EFAULT; |
|
|
|
break; |
|
|
|
default: |
|
err = -ENOPROTOOPT; |
|
break; |
|
} |
|
|
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) |
|
{ |
|
struct sock *sk = sock->sk; |
|
struct bt_security sec; |
|
int len, err = 0; |
|
|
|
BT_DBG("sk %p", sk); |
|
|
|
if (level == SOL_RFCOMM) |
|
return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); |
|
|
|
if (level != SOL_BLUETOOTH) |
|
return -ENOPROTOOPT; |
|
|
|
if (get_user(len, optlen)) |
|
return -EFAULT; |
|
|
|
lock_sock(sk); |
|
|
|
switch (optname) { |
|
case BT_SECURITY: |
|
if (sk->sk_type != SOCK_STREAM) { |
|
err = -EINVAL; |
|
break; |
|
} |
|
|
|
sec.level = rfcomm_pi(sk)->sec_level; |
|
sec.key_size = 0; |
|
|
|
len = min_t(unsigned int, len, sizeof(sec)); |
|
if (copy_to_user(optval, (char *) &sec, len)) |
|
err = -EFAULT; |
|
|
|
break; |
|
|
|
case BT_DEFER_SETUP: |
|
if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { |
|
err = -EINVAL; |
|
break; |
|
} |
|
|
|
if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), |
|
(u32 __user *) optval)) |
|
err = -EFAULT; |
|
|
|
break; |
|
|
|
default: |
|
err = -ENOPROTOOPT; |
|
break; |
|
} |
|
|
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
|
{ |
|
struct sock *sk __maybe_unused = sock->sk; |
|
int err; |
|
|
|
BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); |
|
|
|
err = bt_sock_ioctl(sock, cmd, arg); |
|
|
|
if (err == -ENOIOCTLCMD) { |
|
#ifdef CONFIG_BT_RFCOMM_TTY |
|
lock_sock(sk); |
|
err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); |
|
release_sock(sk); |
|
#else |
|
err = -EOPNOTSUPP; |
|
#endif |
|
} |
|
|
|
return err; |
|
} |
|
|
|
#ifdef CONFIG_COMPAT |
|
static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
|
{ |
|
return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); |
|
} |
|
#endif |
|
|
|
static int rfcomm_sock_shutdown(struct socket *sock, int how) |
|
{ |
|
struct sock *sk = sock->sk; |
|
int err = 0; |
|
|
|
BT_DBG("sock %p, sk %p", sock, sk); |
|
|
|
if (!sk) |
|
return 0; |
|
|
|
lock_sock(sk); |
|
if (!sk->sk_shutdown) { |
|
sk->sk_shutdown = SHUTDOWN_MASK; |
|
__rfcomm_sock_close(sk); |
|
|
|
if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && |
|
!(current->flags & PF_EXITING)) |
|
err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); |
|
} |
|
release_sock(sk); |
|
return err; |
|
} |
|
|
|
static int rfcomm_sock_release(struct socket *sock) |
|
{ |
|
struct sock *sk = sock->sk; |
|
int err; |
|
|
|
BT_DBG("sock %p, sk %p", sock, sk); |
|
|
|
if (!sk) |
|
return 0; |
|
|
|
err = rfcomm_sock_shutdown(sock, 2); |
|
|
|
sock_orphan(sk); |
|
rfcomm_sock_kill(sk); |
|
return err; |
|
} |
|
|
|
/* ---- RFCOMM core layer callbacks ---- |
|
* |
|
* called under rfcomm_lock() |
|
*/ |
|
int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) |
|
{ |
|
struct sock *sk, *parent; |
|
bdaddr_t src, dst; |
|
int result = 0; |
|
|
|
BT_DBG("session %p channel %d", s, channel); |
|
|
|
rfcomm_session_getaddr(s, &src, &dst); |
|
|
|
/* Check if we have socket listening on channel */ |
|
parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); |
|
if (!parent) |
|
return 0; |
|
|
|
lock_sock(parent); |
|
|
|
/* Check for backlog size */ |
|
if (sk_acceptq_is_full(parent)) { |
|
BT_DBG("backlog full %d", parent->sk_ack_backlog); |
|
goto done; |
|
} |
|
|
|
sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0); |
|
if (!sk) |
|
goto done; |
|
|
|
bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); |
|
|
|
rfcomm_sock_init(sk, parent); |
|
bacpy(&rfcomm_pi(sk)->src, &src); |
|
bacpy(&rfcomm_pi(sk)->dst, &dst); |
|
rfcomm_pi(sk)->channel = channel; |
|
|
|
sk->sk_state = BT_CONFIG; |
|
bt_accept_enqueue(parent, sk, true); |
|
|
|
/* Accept connection and return socket DLC */ |
|
*d = rfcomm_pi(sk)->dlc; |
|
result = 1; |
|
|
|
done: |
|
release_sock(parent); |
|
|
|
if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) |
|
parent->sk_state_change(parent); |
|
|
|
return result; |
|
} |
|
|
|
static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) |
|
{ |
|
struct sock *sk; |
|
|
|
read_lock(&rfcomm_sk_list.lock); |
|
|
|
sk_for_each(sk, &rfcomm_sk_list.head) { |
|
seq_printf(f, "%pMR %pMR %d %d\n", |
|
&rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst, |
|
sk->sk_state, rfcomm_pi(sk)->channel); |
|
} |
|
|
|
read_unlock(&rfcomm_sk_list.lock); |
|
|
|
return 0; |
|
} |
|
|
|
DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs); |
|
|
|
static struct dentry *rfcomm_sock_debugfs; |
|
|
|
static const struct proto_ops rfcomm_sock_ops = { |
|
.family = PF_BLUETOOTH, |
|
.owner = THIS_MODULE, |
|
.release = rfcomm_sock_release, |
|
.bind = rfcomm_sock_bind, |
|
.connect = rfcomm_sock_connect, |
|
.listen = rfcomm_sock_listen, |
|
.accept = rfcomm_sock_accept, |
|
.getname = rfcomm_sock_getname, |
|
.sendmsg = rfcomm_sock_sendmsg, |
|
.recvmsg = rfcomm_sock_recvmsg, |
|
.shutdown = rfcomm_sock_shutdown, |
|
.setsockopt = rfcomm_sock_setsockopt, |
|
.getsockopt = rfcomm_sock_getsockopt, |
|
.ioctl = rfcomm_sock_ioctl, |
|
.gettstamp = sock_gettstamp, |
|
.poll = bt_sock_poll, |
|
.socketpair = sock_no_socketpair, |
|
.mmap = sock_no_mmap, |
|
#ifdef CONFIG_COMPAT |
|
.compat_ioctl = rfcomm_sock_compat_ioctl, |
|
#endif |
|
}; |
|
|
|
static const struct net_proto_family rfcomm_sock_family_ops = { |
|
.family = PF_BLUETOOTH, |
|
.owner = THIS_MODULE, |
|
.create = rfcomm_sock_create |
|
}; |
|
|
|
int __init rfcomm_init_sockets(void) |
|
{ |
|
int err; |
|
|
|
BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr)); |
|
|
|
err = proto_register(&rfcomm_proto, 0); |
|
if (err < 0) |
|
return err; |
|
|
|
err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); |
|
if (err < 0) { |
|
BT_ERR("RFCOMM socket layer registration failed"); |
|
goto error; |
|
} |
|
|
|
err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL); |
|
if (err < 0) { |
|
BT_ERR("Failed to create RFCOMM proc file"); |
|
bt_sock_unregister(BTPROTO_RFCOMM); |
|
goto error; |
|
} |
|
|
|
BT_INFO("RFCOMM socket layer initialized"); |
|
|
|
if (IS_ERR_OR_NULL(bt_debugfs)) |
|
return 0; |
|
|
|
rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444, |
|
bt_debugfs, NULL, |
|
&rfcomm_sock_debugfs_fops); |
|
|
|
return 0; |
|
|
|
error: |
|
proto_unregister(&rfcomm_proto); |
|
return err; |
|
} |
|
|
|
void __exit rfcomm_cleanup_sockets(void) |
|
{ |
|
bt_procfs_cleanup(&init_net, "rfcomm"); |
|
|
|
debugfs_remove(rfcomm_sock_debugfs); |
|
|
|
bt_sock_unregister(BTPROTO_RFCOMM); |
|
|
|
proto_unregister(&rfcomm_proto); |
|
}
|
|
|