~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/rfcomm/sock.c

Version: ~ [ linux-5.8-rc4 ] ~ [ linux-5.7.7 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.50 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.131 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.187 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.229 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.229 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
  4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
  5 
  6    This program is free software; you can redistribute it and/or modify
  7    it under the terms of the GNU General Public License version 2 as
  8    published by the Free Software Foundation;
  9 
 10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18 
 19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 21    SOFTWARE IS DISCLAIMED.
 22 */
 23 
 24 /*
 25  * RFCOMM sockets.
 26  */
 27 
 28 #include <linux/export.h>
 29 #include <linux/debugfs.h>
 30 
 31 #include <net/bluetooth/bluetooth.h>
 32 #include <net/bluetooth/hci_core.h>
 33 #include <net/bluetooth/l2cap.h>
 34 #include <net/bluetooth/rfcomm.h>
 35 
 36 static const struct proto_ops rfcomm_sock_ops;
 37 
 38 static struct bt_sock_list rfcomm_sk_list = {
 39         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
 40 };
 41 
 42 static void rfcomm_sock_close(struct sock *sk);
 43 static void rfcomm_sock_kill(struct sock *sk);
 44 
 45 /* ---- DLC callbacks ----
 46  *
 47  * called under rfcomm_dlc_lock()
 48  */
 49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
 50 {
 51         struct sock *sk = d->owner;
 52         if (!sk)
 53                 return;
 54 
 55         atomic_add(skb->len, &sk->sk_rmem_alloc);
 56         skb_queue_tail(&sk->sk_receive_queue, skb);
 57         sk->sk_data_ready(sk);
 58 
 59         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
 60                 rfcomm_dlc_throttle(d);
 61 }
 62 
 63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
 64 {
 65         struct sock *sk = d->owner, *parent;
 66         unsigned long flags;
 67 
 68         if (!sk)
 69                 return;
 70 
 71         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
 72 
 73         local_irq_save(flags);
 74         bh_lock_sock(sk);
 75 
 76         if (err)
 77                 sk->sk_err = err;
 78 
 79         sk->sk_state = d->state;
 80 
 81         parent = bt_sk(sk)->parent;
 82         if (parent) {
 83                 if (d->state == BT_CLOSED) {
 84                         sock_set_flag(sk, SOCK_ZAPPED);
 85                         bt_accept_unlink(sk);
 86                 }
 87                 parent->sk_data_ready(parent);
 88         } else {
 89                 if (d->state == BT_CONNECTED)
 90                         rfcomm_session_getaddr(d->session,
 91                                                &rfcomm_pi(sk)->src, NULL);
 92                 sk->sk_state_change(sk);
 93         }
 94 
 95         bh_unlock_sock(sk);
 96         local_irq_restore(flags);
 97 
 98         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
 99                 /* We have to drop DLC lock here, otherwise
100                  * rfcomm_sock_destruct() will dead lock. */
101                 rfcomm_dlc_unlock(d);
102                 rfcomm_sock_kill(sk);
103                 rfcomm_dlc_lock(d);
104         }
105 }
106 
107 /* ---- Socket functions ---- */
108 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
109 {
110         struct sock *sk = NULL;
111 
112         sk_for_each(sk, &rfcomm_sk_list.head) {
113                 if (rfcomm_pi(sk)->channel != channel)
114                         continue;
115 
116                 if (bacmp(&rfcomm_pi(sk)->src, src))
117                         continue;
118 
119                 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
120                         break;
121         }
122 
123         return sk ? sk : NULL;
124 }
125 
126 /* Find socket with channel and source bdaddr.
127  * Returns closest match.
128  */
129 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
130 {
131         struct sock *sk = NULL, *sk1 = NULL;
132 
133         read_lock(&rfcomm_sk_list.lock);
134 
135         sk_for_each(sk, &rfcomm_sk_list.head) {
136                 if (state && sk->sk_state != state)
137                         continue;
138 
139                 if (rfcomm_pi(sk)->channel == channel) {
140                         /* Exact match. */
141                         if (!bacmp(&rfcomm_pi(sk)->src, src))
142                                 break;
143 
144                         /* Closest match */
145                         if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
146                                 sk1 = sk;
147                 }
148         }
149 
150         read_unlock(&rfcomm_sk_list.lock);
151 
152         return sk ? sk : sk1;
153 }
154 
155 static void rfcomm_sock_destruct(struct sock *sk)
156 {
157         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
158 
159         BT_DBG("sk %p dlc %p", sk, d);
160 
161         skb_queue_purge(&sk->sk_receive_queue);
162         skb_queue_purge(&sk->sk_write_queue);
163 
164         rfcomm_dlc_lock(d);
165         rfcomm_pi(sk)->dlc = NULL;
166 
167         /* Detach DLC if it's owned by this socket */
168         if (d->owner == sk)
169                 d->owner = NULL;
170         rfcomm_dlc_unlock(d);
171 
172         rfcomm_dlc_put(d);
173 }
174 
175 static void rfcomm_sock_cleanup_listen(struct sock *parent)
176 {
177         struct sock *sk;
178 
179         BT_DBG("parent %p", parent);
180 
181         /* Close not yet accepted dlcs */
182         while ((sk = bt_accept_dequeue(parent, NULL))) {
183                 rfcomm_sock_close(sk);
184                 rfcomm_sock_kill(sk);
185         }
186 
187         parent->sk_state  = BT_CLOSED;
188         sock_set_flag(parent, SOCK_ZAPPED);
189 }
190 
191 /* Kill socket (only if zapped and orphan)
192  * Must be called on unlocked socket.
193  */
194 static void rfcomm_sock_kill(struct sock *sk)
195 {
196         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
197                 return;
198 
199         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
200 
201         /* Kill poor orphan */
202         bt_sock_unlink(&rfcomm_sk_list, sk);
203         sock_set_flag(sk, SOCK_DEAD);
204         sock_put(sk);
205 }
206 
207 static void __rfcomm_sock_close(struct sock *sk)
208 {
209         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
210 
211         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
212 
213         switch (sk->sk_state) {
214         case BT_LISTEN:
215                 rfcomm_sock_cleanup_listen(sk);
216                 break;
217 
218         case BT_CONNECT:
219         case BT_CONNECT2:
220         case BT_CONFIG:
221         case BT_CONNECTED:
222                 rfcomm_dlc_close(d, 0);
223 
224         default:
225                 sock_set_flag(sk, SOCK_ZAPPED);
226                 break;
227         }
228 }
229 
230 /* Close socket.
231  * Must be called on unlocked socket.
232  */
233 static void rfcomm_sock_close(struct sock *sk)
234 {
235         lock_sock(sk);
236         __rfcomm_sock_close(sk);
237         release_sock(sk);
238 }
239 
240 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
241 {
242         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
243 
244         BT_DBG("sk %p", sk);
245 
246         if (parent) {
247                 sk->sk_type = parent->sk_type;
248                 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
249                                                 &bt_sk(parent)->flags);
250 
251                 pi->sec_level = rfcomm_pi(parent)->sec_level;
252                 pi->role_switch = rfcomm_pi(parent)->role_switch;
253 
254                 security_sk_clone(parent, sk);
255         } else {
256                 pi->dlc->defer_setup = 0;
257 
258                 pi->sec_level = BT_SECURITY_LOW;
259                 pi->role_switch = 0;
260         }
261 
262         pi->dlc->sec_level = pi->sec_level;
263         pi->dlc->role_switch = pi->role_switch;
264 }
265 
266 static struct proto rfcomm_proto = {
267         .name           = "RFCOMM",
268         .owner          = THIS_MODULE,
269         .obj_size       = sizeof(struct rfcomm_pinfo)
270 };
271 
272 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
273 {
274         struct rfcomm_dlc *d;
275         struct sock *sk;
276 
277         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
278         if (!sk)
279                 return NULL;
280 
281         sock_init_data(sock, sk);
282         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
283 
284         d = rfcomm_dlc_alloc(prio);
285         if (!d) {
286                 sk_free(sk);
287                 return NULL;
288         }
289 
290         d->data_ready   = rfcomm_sk_data_ready;
291         d->state_change = rfcomm_sk_state_change;
292 
293         rfcomm_pi(sk)->dlc = d;
294         d->owner = sk;
295 
296         sk->sk_destruct = rfcomm_sock_destruct;
297         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
298 
299         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
300         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
301 
302         sock_reset_flag(sk, SOCK_ZAPPED);
303 
304         sk->sk_protocol = proto;
305         sk->sk_state    = BT_OPEN;
306 
307         bt_sock_link(&rfcomm_sk_list, sk);
308 
309         BT_DBG("sk %p", sk);
310         return sk;
311 }
312 
313 static int rfcomm_sock_create(struct net *net, struct socket *sock,
314                               int protocol, int kern)
315 {
316         struct sock *sk;
317 
318         BT_DBG("sock %p", sock);
319 
320         sock->state = SS_UNCONNECTED;
321 
322         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
323                 return -ESOCKTNOSUPPORT;
324 
325         sock->ops = &rfcomm_sock_ops;
326 
327         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
328         if (!sk)
329                 return -ENOMEM;
330 
331         rfcomm_sock_init(sk, NULL);
332         return 0;
333 }
334 
335 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
336 {
337         struct sockaddr_rc sa;
338         struct sock *sk = sock->sk;
339         int len, err = 0;
340 
341         if (!addr || addr->sa_family != AF_BLUETOOTH)
342                 return -EINVAL;
343 
344         memset(&sa, 0, sizeof(sa));
345         len = min_t(unsigned int, sizeof(sa), addr_len);
346         memcpy(&sa, addr, len);
347 
348         BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
349 
350         lock_sock(sk);
351 
352         if (sk->sk_state != BT_OPEN) {
353                 err = -EBADFD;
354                 goto done;
355         }
356 
357         if (sk->sk_type != SOCK_STREAM) {
358                 err = -EINVAL;
359                 goto done;
360         }
361 
362         write_lock(&rfcomm_sk_list.lock);
363 
364         if (sa.rc_channel &&
365             __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
366                 err = -EADDRINUSE;
367         } else {
368                 /* Save source address */
369                 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
370                 rfcomm_pi(sk)->channel = sa.rc_channel;
371                 sk->sk_state = BT_BOUND;
372         }
373 
374         write_unlock(&rfcomm_sk_list.lock);
375 
376 done:
377         release_sock(sk);
378         return err;
379 }
380 
381 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
382 {
383         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
384         struct sock *sk = sock->sk;
385         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
386         int err = 0;
387 
388         BT_DBG("sk %p", sk);
389 
390         if (alen < sizeof(struct sockaddr_rc) ||
391             addr->sa_family != AF_BLUETOOTH)
392                 return -EINVAL;
393 
394         lock_sock(sk);
395 
396         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
397                 err = -EBADFD;
398                 goto done;
399         }
400 
401         if (sk->sk_type != SOCK_STREAM) {
402                 err = -EINVAL;
403                 goto done;
404         }
405 
406         sk->sk_state = BT_CONNECT;
407         bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
408         rfcomm_pi(sk)->channel = sa->rc_channel;
409 
410         d->sec_level = rfcomm_pi(sk)->sec_level;
411         d->role_switch = rfcomm_pi(sk)->role_switch;
412 
413         err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
414                               sa->rc_channel);
415         if (!err)
416                 err = bt_sock_wait_state(sk, BT_CONNECTED,
417                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
418 
419 done:
420         release_sock(sk);
421         return err;
422 }
423 
424 static int rfcomm_sock_listen(struct socket *sock, int backlog)
425 {
426         struct sock *sk = sock->sk;
427         int err = 0;
428 
429         BT_DBG("sk %p backlog %d", sk, backlog);
430 
431         lock_sock(sk);
432 
433         if (sk->sk_state != BT_BOUND) {
434                 err = -EBADFD;
435                 goto done;
436         }
437 
438         if (sk->sk_type != SOCK_STREAM) {
439                 err = -EINVAL;
440                 goto done;
441         }
442 
443         if (!rfcomm_pi(sk)->channel) {
444                 bdaddr_t *src = &rfcomm_pi(sk)->src;
445                 u8 channel;
446 
447                 err = -EINVAL;
448 
449                 write_lock(&rfcomm_sk_list.lock);
450 
451                 for (channel = 1; channel < 31; channel++)
452                         if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
453                                 rfcomm_pi(sk)->channel = channel;
454                                 err = 0;
455                                 break;
456                         }
457 
458                 write_unlock(&rfcomm_sk_list.lock);
459 
460                 if (err < 0)
461                         goto done;
462         }
463 
464         sk->sk_max_ack_backlog = backlog;
465         sk->sk_ack_backlog = 0;
466         sk->sk_state = BT_LISTEN;
467 
468 done:
469         release_sock(sk);
470         return err;
471 }
472 
473 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
474 {
475         DEFINE_WAIT_FUNC(wait, woken_wake_function);
476         struct sock *sk = sock->sk, *nsk;
477         long timeo;
478         int err = 0;
479 
480         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
481 
482         if (sk->sk_type != SOCK_STREAM) {
483                 err = -EINVAL;
484                 goto done;
485         }
486 
487         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
488 
489         BT_DBG("sk %p timeo %ld", sk, timeo);
490 
491         /* Wait for an incoming connection. (wake-one). */
492         add_wait_queue_exclusive(sk_sleep(sk), &wait);
493         while (1) {
494                 if (sk->sk_state != BT_LISTEN) {
495                         err = -EBADFD;
496                         break;
497                 }
498 
499                 nsk = bt_accept_dequeue(sk, newsock);
500                 if (nsk)
501                         break;
502 
503                 if (!timeo) {
504                         err = -EAGAIN;
505                         break;
506                 }
507 
508                 if (signal_pending(current)) {
509                         err = sock_intr_errno(timeo);
510                         break;
511                 }
512 
513                 release_sock(sk);
514 
515                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
516 
517                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
518         }
519         remove_wait_queue(sk_sleep(sk), &wait);
520 
521         if (err)
522                 goto done;
523 
524         newsock->state = SS_CONNECTED;
525 
526         BT_DBG("new socket %p", nsk);
527 
528 done:
529         release_sock(sk);
530         return err;
531 }
532 
533 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
534 {
535         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
536         struct sock *sk = sock->sk;
537 
538         BT_DBG("sock %p, sk %p", sock, sk);
539 
540         if (peer && sk->sk_state != BT_CONNECTED &&
541             sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
542                 return -ENOTCONN;
543 
544         memset(sa, 0, sizeof(*sa));
545         sa->rc_family  = AF_BLUETOOTH;
546         sa->rc_channel = rfcomm_pi(sk)->channel;
547         if (peer)
548                 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
549         else
550                 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
551 
552         *len = sizeof(struct sockaddr_rc);
553         return 0;
554 }
555 
556 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
557                                size_t len)
558 {
559         struct sock *sk = sock->sk;
560         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
561         struct sk_buff *skb;
562         int sent;
563 
564         if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
565                 return -ENOTCONN;
566 
567         if (msg->msg_flags & MSG_OOB)
568                 return -EOPNOTSUPP;
569 
570         if (sk->sk_shutdown & SEND_SHUTDOWN)
571                 return -EPIPE;
572 
573         BT_DBG("sock %p, sk %p", sock, sk);
574 
575         lock_sock(sk);
576 
577         sent = bt_sock_wait_ready(sk, msg->msg_flags);
578         if (sent)
579                 goto done;
580 
581         while (len) {
582                 size_t size = min_t(size_t, len, d->mtu);
583                 int err;
584 
585                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
586                                 msg->msg_flags & MSG_DONTWAIT, &err);
587                 if (!skb) {
588                         if (sent == 0)
589                                 sent = err;
590                         break;
591                 }
592                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
593 
594                 err = memcpy_from_msg(skb_put(skb, size), msg, size);
595                 if (err) {
596                         kfree_skb(skb);
597                         if (sent == 0)
598                                 sent = err;
599                         break;
600                 }
601 
602                 skb->priority = sk->sk_priority;
603 
604                 err = rfcomm_dlc_send(d, skb);
605                 if (err < 0) {
606                         kfree_skb(skb);
607                         if (sent == 0)
608                                 sent = err;
609                         break;
610                 }
611 
612                 sent += size;
613                 len  -= size;
614         }
615 
616 done:
617         release_sock(sk);
618 
619         return sent;
620 }
621 
622 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
623                                size_t size, int flags)
624 {
625         struct sock *sk = sock->sk;
626         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
627         int len;
628 
629         if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
630                 rfcomm_dlc_accept(d);
631                 return 0;
632         }
633 
634         len = bt_sock_stream_recvmsg(sock, msg, size, flags);
635 
636         lock_sock(sk);
637         if (!(flags & MSG_PEEK) && len > 0)
638                 atomic_sub(len, &sk->sk_rmem_alloc);
639 
640         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
641                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
642         release_sock(sk);
643 
644         return len;
645 }
646 
647 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
648 {
649         struct sock *sk = sock->sk;
650         int err = 0;
651         u32 opt;
652 
653         BT_DBG("sk %p", sk);
654 
655         lock_sock(sk);
656 
657         switch (optname) {
658         case RFCOMM_LM:
659                 if (get_user(opt, (u32 __user *) optval)) {
660                         err = -EFAULT;
661                         break;
662                 }
663 
664                 if (opt & RFCOMM_LM_FIPS) {
665                         err = -EINVAL;
666                         break;
667                 }
668 
669                 if (opt & RFCOMM_LM_AUTH)
670                         rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
671                 if (opt & RFCOMM_LM_ENCRYPT)
672                         rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
673                 if (opt & RFCOMM_LM_SECURE)
674                         rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
675 
676                 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
677                 break;
678 
679         default:
680                 err = -ENOPROTOOPT;
681                 break;
682         }
683 
684         release_sock(sk);
685         return err;
686 }
687 
688 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
689 {
690         struct sock *sk = sock->sk;
691         struct bt_security sec;
692         int err = 0;
693         size_t len;
694         u32 opt;
695 
696         BT_DBG("sk %p", sk);
697 
698         if (level == SOL_RFCOMM)
699                 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
700 
701         if (level != SOL_BLUETOOTH)
702                 return -ENOPROTOOPT;
703 
704         lock_sock(sk);
705 
706         switch (optname) {
707         case BT_SECURITY:
708                 if (sk->sk_type != SOCK_STREAM) {
709                         err = -EINVAL;
710                         break;
711                 }
712 
713                 sec.level = BT_SECURITY_LOW;
714 
715                 len = min_t(unsigned int, sizeof(sec), optlen);
716                 if (copy_from_user((char *) &sec, optval, len)) {
717                         err = -EFAULT;
718                         break;
719                 }
720 
721                 if (sec.level > BT_SECURITY_HIGH) {
722                         err = -EINVAL;
723                         break;
724                 }
725 
726                 rfcomm_pi(sk)->sec_level = sec.level;
727                 break;
728 
729         case BT_DEFER_SETUP:
730                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
731                         err = -EINVAL;
732                         break;
733                 }
734 
735                 if (get_user(opt, (u32 __user *) optval)) {
736                         err = -EFAULT;
737                         break;
738                 }
739 
740                 if (opt)
741                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
742                 else
743                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
744 
745                 break;
746 
747         default:
748                 err = -ENOPROTOOPT;
749                 break;
750         }
751 
752         release_sock(sk);
753         return err;
754 }
755 
756 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
757 {
758         struct sock *sk = sock->sk;
759         struct sock *l2cap_sk;
760         struct l2cap_conn *conn;
761         struct rfcomm_conninfo cinfo;
762         int len, err = 0;
763         u32 opt;
764 
765         BT_DBG("sk %p", sk);
766 
767         if (get_user(len, optlen))
768                 return -EFAULT;
769 
770         lock_sock(sk);
771 
772         switch (optname) {
773         case RFCOMM_LM:
774                 switch (rfcomm_pi(sk)->sec_level) {
775                 case BT_SECURITY_LOW:
776                         opt = RFCOMM_LM_AUTH;
777                         break;
778                 case BT_SECURITY_MEDIUM:
779                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
780                         break;
781                 case BT_SECURITY_HIGH:
782                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
783                               RFCOMM_LM_SECURE;
784                         break;
785                 case BT_SECURITY_FIPS:
786                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
787                               RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
788                         break;
789                 default:
790                         opt = 0;
791                         break;
792                 }
793 
794                 if (rfcomm_pi(sk)->role_switch)
795                         opt |= RFCOMM_LM_MASTER;
796 
797                 if (put_user(opt, (u32 __user *) optval))
798                         err = -EFAULT;
799 
800                 break;
801 
802         case RFCOMM_CONNINFO:
803                 if (sk->sk_state != BT_CONNECTED &&
804                                         !rfcomm_pi(sk)->dlc->defer_setup) {
805                         err = -ENOTCONN;
806                         break;
807                 }
808 
809                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
810                 conn = l2cap_pi(l2cap_sk)->chan->conn;
811 
812                 memset(&cinfo, 0, sizeof(cinfo));
813                 cinfo.hci_handle = conn->hcon->handle;
814                 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
815 
816                 len = min_t(unsigned int, len, sizeof(cinfo));
817                 if (copy_to_user(optval, (char *) &cinfo, len))
818                         err = -EFAULT;
819 
820                 break;
821 
822         default:
823                 err = -ENOPROTOOPT;
824                 break;
825         }
826 
827         release_sock(sk);
828         return err;
829 }
830 
831 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
832 {
833         struct sock *sk = sock->sk;
834         struct bt_security sec;
835         int len, err = 0;
836 
837         BT_DBG("sk %p", sk);
838 
839         if (level == SOL_RFCOMM)
840                 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
841 
842         if (level != SOL_BLUETOOTH)
843                 return -ENOPROTOOPT;
844 
845         if (get_user(len, optlen))
846                 return -EFAULT;
847 
848         lock_sock(sk);
849 
850         switch (optname) {
851         case BT_SECURITY:
852                 if (sk->sk_type != SOCK_STREAM) {
853                         err = -EINVAL;
854                         break;
855                 }
856 
857                 sec.level = rfcomm_pi(sk)->sec_level;
858                 sec.key_size = 0;
859 
860                 len = min_t(unsigned int, len, sizeof(sec));
861                 if (copy_to_user(optval, (char *) &sec, len))
862                         err = -EFAULT;
863 
864                 break;
865 
866         case BT_DEFER_SETUP:
867                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
868                         err = -EINVAL;
869                         break;
870                 }
871 
872                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
873                              (u32 __user *) optval))
874                         err = -EFAULT;
875 
876                 break;
877 
878         default:
879                 err = -ENOPROTOOPT;
880                 break;
881         }
882 
883         release_sock(sk);
884         return err;
885 }
886 
887 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
888 {
889         struct sock *sk __maybe_unused = sock->sk;
890         int err;
891 
892         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
893 
894         err = bt_sock_ioctl(sock, cmd, arg);
895 
896         if (err == -ENOIOCTLCMD) {
897 #ifdef CONFIG_BT_RFCOMM_TTY
898                 lock_sock(sk);
899                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
900                 release_sock(sk);
901 #else
902                 err = -EOPNOTSUPP;
903 #endif
904         }
905 
906         return err;
907 }
908 
909 static int rfcomm_sock_shutdown(struct socket *sock, int how)
910 {
911         struct sock *sk = sock->sk;
912         int err = 0;
913 
914         BT_DBG("sock %p, sk %p", sock, sk);
915 
916         if (!sk)
917                 return 0;
918 
919         lock_sock(sk);
920         if (!sk->sk_shutdown) {
921                 sk->sk_shutdown = SHUTDOWN_MASK;
922                 __rfcomm_sock_close(sk);
923 
924                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
925                     !(current->flags & PF_EXITING))
926                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
927         }
928         release_sock(sk);
929         return err;
930 }
931 
932 static int rfcomm_sock_release(struct socket *sock)
933 {
934         struct sock *sk = sock->sk;
935         int err;
936 
937         BT_DBG("sock %p, sk %p", sock, sk);
938 
939         if (!sk)
940                 return 0;
941 
942         err = rfcomm_sock_shutdown(sock, 2);
943 
944         sock_orphan(sk);
945         rfcomm_sock_kill(sk);
946         return err;
947 }
948 
949 /* ---- RFCOMM core layer callbacks ----
950  *
951  * called under rfcomm_lock()
952  */
953 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
954 {
955         struct sock *sk, *parent;
956         bdaddr_t src, dst;
957         int result = 0;
958 
959         BT_DBG("session %p channel %d", s, channel);
960 
961         rfcomm_session_getaddr(s, &src, &dst);
962 
963         /* Check if we have socket listening on channel */
964         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
965         if (!parent)
966                 return 0;
967 
968         bh_lock_sock(parent);
969 
970         /* Check for backlog size */
971         if (sk_acceptq_is_full(parent)) {
972                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
973                 goto done;
974         }
975 
976         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
977         if (!sk)
978                 goto done;
979 
980         bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
981 
982         rfcomm_sock_init(sk, parent);
983         bacpy(&rfcomm_pi(sk)->src, &src);
984         bacpy(&rfcomm_pi(sk)->dst, &dst);
985         rfcomm_pi(sk)->channel = channel;
986 
987         sk->sk_state = BT_CONFIG;
988         bt_accept_enqueue(parent, sk);
989 
990         /* Accept connection and return socket DLC */
991         *d = rfcomm_pi(sk)->dlc;
992         result = 1;
993 
994 done:
995         bh_unlock_sock(parent);
996 
997         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
998                 parent->sk_state_change(parent);
999 
1000         return result;
1001 }
1002 
1003 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1004 {
1005         struct sock *sk;
1006 
1007         read_lock(&rfcomm_sk_list.lock);
1008 
1009         sk_for_each(sk, &rfcomm_sk_list.head) {
1010                 seq_printf(f, "%pMR %pMR %d %d\n",
1011                            &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1012                            sk->sk_state, rfcomm_pi(sk)->channel);
1013         }
1014 
1015         read_unlock(&rfcomm_sk_list.lock);
1016 
1017         return 0;
1018 }
1019 
1020 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1021 {
1022         return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1023 }
1024 
1025 static const struct file_operations rfcomm_sock_debugfs_fops = {
1026         .open           = rfcomm_sock_debugfs_open,
1027         .read           = seq_read,
1028         .llseek         = seq_lseek,
1029         .release        = single_release,
1030 };
1031 
1032 static struct dentry *rfcomm_sock_debugfs;
1033 
1034 static const struct proto_ops rfcomm_sock_ops = {
1035         .family         = PF_BLUETOOTH,
1036         .owner          = THIS_MODULE,
1037         .release        = rfcomm_sock_release,
1038         .bind           = rfcomm_sock_bind,
1039         .connect        = rfcomm_sock_connect,
1040         .listen         = rfcomm_sock_listen,
1041         .accept         = rfcomm_sock_accept,
1042         .getname        = rfcomm_sock_getname,
1043         .sendmsg        = rfcomm_sock_sendmsg,
1044         .recvmsg        = rfcomm_sock_recvmsg,
1045         .shutdown       = rfcomm_sock_shutdown,
1046         .setsockopt     = rfcomm_sock_setsockopt,
1047         .getsockopt     = rfcomm_sock_getsockopt,
1048         .ioctl          = rfcomm_sock_ioctl,
1049         .poll           = bt_sock_poll,
1050         .socketpair     = sock_no_socketpair,
1051         .mmap           = sock_no_mmap
1052 };
1053 
1054 static const struct net_proto_family rfcomm_sock_family_ops = {
1055         .family         = PF_BLUETOOTH,
1056         .owner          = THIS_MODULE,
1057         .create         = rfcomm_sock_create
1058 };
1059 
1060 int __init rfcomm_init_sockets(void)
1061 {
1062         int err;
1063 
1064         BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1065 
1066         err = proto_register(&rfcomm_proto, 0);
1067         if (err < 0)
1068                 return err;
1069 
1070         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1071         if (err < 0) {
1072                 BT_ERR("RFCOMM socket layer registration failed");
1073                 goto error;
1074         }
1075 
1076         err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1077         if (err < 0) {
1078                 BT_ERR("Failed to create RFCOMM proc file");
1079                 bt_sock_unregister(BTPROTO_RFCOMM);
1080                 goto error;
1081         }
1082 
1083         BT_INFO("RFCOMM socket layer initialized");
1084 
1085         if (IS_ERR_OR_NULL(bt_debugfs))
1086                 return 0;
1087 
1088         rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1089                                                   bt_debugfs, NULL,
1090                                                   &rfcomm_sock_debugfs_fops);
1091 
1092         return 0;
1093 
1094 error:
1095         proto_unregister(&rfcomm_proto);
1096         return err;
1097 }
1098 
1099 void __exit rfcomm_cleanup_sockets(void)
1100 {
1101         bt_procfs_cleanup(&init_net, "rfcomm");
1102 
1103         debugfs_remove(rfcomm_sock_debugfs);
1104 
1105         bt_sock_unregister(BTPROTO_RFCOMM);
1106 
1107         proto_unregister(&rfcomm_proto);
1108 }
1109 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp