~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/rfcomm/sock.c

Version: ~ [ linux-5.13-rc5 ] ~ [ linux-5.12.9 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.42 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.124 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.193 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.235 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.271 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.271 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
  4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
  5 
  6    This program is free software; you can redistribute it and/or modify
  7    it under the terms of the GNU General Public License version 2 as
  8    published by the Free Software Foundation;
  9 
 10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18 
 19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 21    SOFTWARE IS DISCLAIMED.
 22 */
 23 
 24 /*
 25  * RFCOMM sockets.
 26  */
 27 
 28 #include <linux/export.h>
 29 #include <linux/debugfs.h>
 30 #include <linux/sched/signal.h>
 31 
 32 #include <net/bluetooth/bluetooth.h>
 33 #include <net/bluetooth/hci_core.h>
 34 #include <net/bluetooth/l2cap.h>
 35 #include <net/bluetooth/rfcomm.h>
 36 
 37 static const struct proto_ops rfcomm_sock_ops;
 38 
 39 static struct bt_sock_list rfcomm_sk_list = {
 40         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
 41 };
 42 
 43 static void rfcomm_sock_close(struct sock *sk);
 44 static void rfcomm_sock_kill(struct sock *sk);
 45 
 46 /* ---- DLC callbacks ----
 47  *
 48  * called under rfcomm_dlc_lock()
 49  */
 50 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
 51 {
 52         struct sock *sk = d->owner;
 53         if (!sk)
 54                 return;
 55 
 56         atomic_add(skb->len, &sk->sk_rmem_alloc);
 57         skb_queue_tail(&sk->sk_receive_queue, skb);
 58         sk->sk_data_ready(sk);
 59 
 60         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
 61                 rfcomm_dlc_throttle(d);
 62 }
 63 
 64 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
 65 {
 66         struct sock *sk = d->owner, *parent;
 67         unsigned long flags;
 68 
 69         if (!sk)
 70                 return;
 71 
 72         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
 73 
 74         local_irq_save(flags);
 75         bh_lock_sock(sk);
 76 
 77         if (err)
 78                 sk->sk_err = err;
 79 
 80         sk->sk_state = d->state;
 81 
 82         parent = bt_sk(sk)->parent;
 83         if (parent) {
 84                 if (d->state == BT_CLOSED) {
 85                         sock_set_flag(sk, SOCK_ZAPPED);
 86                         bt_accept_unlink(sk);
 87                 }
 88                 parent->sk_data_ready(parent);
 89         } else {
 90                 if (d->state == BT_CONNECTED)
 91                         rfcomm_session_getaddr(d->session,
 92                                                &rfcomm_pi(sk)->src, NULL);
 93                 sk->sk_state_change(sk);
 94         }
 95 
 96         bh_unlock_sock(sk);
 97         local_irq_restore(flags);
 98 
 99         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
100                 /* We have to drop DLC lock here, otherwise
101                  * rfcomm_sock_destruct() will dead lock. */
102                 rfcomm_dlc_unlock(d);
103                 rfcomm_sock_kill(sk);
104                 rfcomm_dlc_lock(d);
105         }
106 }
107 
108 /* ---- Socket functions ---- */
109 static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
110 {
111         struct sock *sk = NULL;
112 
113         sk_for_each(sk, &rfcomm_sk_list.head) {
114                 if (rfcomm_pi(sk)->channel != channel)
115                         continue;
116 
117                 if (bacmp(&rfcomm_pi(sk)->src, src))
118                         continue;
119 
120                 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
121                         break;
122         }
123 
124         return sk ? sk : NULL;
125 }
126 
127 /* Find socket with channel and source bdaddr.
128  * Returns closest match.
129  */
130 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
131 {
132         struct sock *sk = NULL, *sk1 = NULL;
133 
134         read_lock(&rfcomm_sk_list.lock);
135 
136         sk_for_each(sk, &rfcomm_sk_list.head) {
137                 if (state && sk->sk_state != state)
138                         continue;
139 
140                 if (rfcomm_pi(sk)->channel == channel) {
141                         /* Exact match. */
142                         if (!bacmp(&rfcomm_pi(sk)->src, src))
143                                 break;
144 
145                         /* Closest match */
146                         if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
147                                 sk1 = sk;
148                 }
149         }
150 
151         read_unlock(&rfcomm_sk_list.lock);
152 
153         return sk ? sk : sk1;
154 }
155 
156 static void rfcomm_sock_destruct(struct sock *sk)
157 {
158         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
159 
160         BT_DBG("sk %p dlc %p", sk, d);
161 
162         skb_queue_purge(&sk->sk_receive_queue);
163         skb_queue_purge(&sk->sk_write_queue);
164 
165         rfcomm_dlc_lock(d);
166         rfcomm_pi(sk)->dlc = NULL;
167 
168         /* Detach DLC if it's owned by this socket */
169         if (d->owner == sk)
170                 d->owner = NULL;
171         rfcomm_dlc_unlock(d);
172 
173         rfcomm_dlc_put(d);
174 }
175 
176 static void rfcomm_sock_cleanup_listen(struct sock *parent)
177 {
178         struct sock *sk;
179 
180         BT_DBG("parent %p", parent);
181 
182         /* Close not yet accepted dlcs */
183         while ((sk = bt_accept_dequeue(parent, NULL))) {
184                 rfcomm_sock_close(sk);
185                 rfcomm_sock_kill(sk);
186         }
187 
188         parent->sk_state  = BT_CLOSED;
189         sock_set_flag(parent, SOCK_ZAPPED);
190 }
191 
192 /* Kill socket (only if zapped and orphan)
193  * Must be called on unlocked socket.
194  */
195 static void rfcomm_sock_kill(struct sock *sk)
196 {
197         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
198                 return;
199 
200         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
201 
202         /* Kill poor orphan */
203         bt_sock_unlink(&rfcomm_sk_list, sk);
204         sock_set_flag(sk, SOCK_DEAD);
205         sock_put(sk);
206 }
207 
208 static void __rfcomm_sock_close(struct sock *sk)
209 {
210         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
211 
212         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
213 
214         switch (sk->sk_state) {
215         case BT_LISTEN:
216                 rfcomm_sock_cleanup_listen(sk);
217                 break;
218 
219         case BT_CONNECT:
220         case BT_CONNECT2:
221         case BT_CONFIG:
222         case BT_CONNECTED:
223                 rfcomm_dlc_close(d, 0);
224 
225         default:
226                 sock_set_flag(sk, SOCK_ZAPPED);
227                 break;
228         }
229 }
230 
231 /* Close socket.
232  * Must be called on unlocked socket.
233  */
234 static void rfcomm_sock_close(struct sock *sk)
235 {
236         lock_sock(sk);
237         __rfcomm_sock_close(sk);
238         release_sock(sk);
239 }
240 
241 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
242 {
243         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
244 
245         BT_DBG("sk %p", sk);
246 
247         if (parent) {
248                 sk->sk_type = parent->sk_type;
249                 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
250                                                 &bt_sk(parent)->flags);
251 
252                 pi->sec_level = rfcomm_pi(parent)->sec_level;
253                 pi->role_switch = rfcomm_pi(parent)->role_switch;
254 
255                 security_sk_clone(parent, sk);
256         } else {
257                 pi->dlc->defer_setup = 0;
258 
259                 pi->sec_level = BT_SECURITY_LOW;
260                 pi->role_switch = 0;
261         }
262 
263         pi->dlc->sec_level = pi->sec_level;
264         pi->dlc->role_switch = pi->role_switch;
265 }
266 
267 static struct proto rfcomm_proto = {
268         .name           = "RFCOMM",
269         .owner          = THIS_MODULE,
270         .obj_size       = sizeof(struct rfcomm_pinfo)
271 };
272 
273 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
274 {
275         struct rfcomm_dlc *d;
276         struct sock *sk;
277 
278         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
279         if (!sk)
280                 return NULL;
281 
282         sock_init_data(sock, sk);
283         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
284 
285         d = rfcomm_dlc_alloc(prio);
286         if (!d) {
287                 sk_free(sk);
288                 return NULL;
289         }
290 
291         d->data_ready   = rfcomm_sk_data_ready;
292         d->state_change = rfcomm_sk_state_change;
293 
294         rfcomm_pi(sk)->dlc = d;
295         d->owner = sk;
296 
297         sk->sk_destruct = rfcomm_sock_destruct;
298         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
299 
300         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
301         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
302 
303         sock_reset_flag(sk, SOCK_ZAPPED);
304 
305         sk->sk_protocol = proto;
306         sk->sk_state    = BT_OPEN;
307 
308         bt_sock_link(&rfcomm_sk_list, sk);
309 
310         BT_DBG("sk %p", sk);
311         return sk;
312 }
313 
314 static int rfcomm_sock_create(struct net *net, struct socket *sock,
315                               int protocol, int kern)
316 {
317         struct sock *sk;
318 
319         BT_DBG("sock %p", sock);
320 
321         sock->state = SS_UNCONNECTED;
322 
323         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
324                 return -ESOCKTNOSUPPORT;
325 
326         sock->ops = &rfcomm_sock_ops;
327 
328         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
329         if (!sk)
330                 return -ENOMEM;
331 
332         rfcomm_sock_init(sk, NULL);
333         return 0;
334 }
335 
336 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
337 {
338         struct sockaddr_rc sa;
339         struct sock *sk = sock->sk;
340         int len, err = 0;
341 
342         if (!addr || addr->sa_family != AF_BLUETOOTH)
343                 return -EINVAL;
344 
345         memset(&sa, 0, sizeof(sa));
346         len = min_t(unsigned int, sizeof(sa), addr_len);
347         memcpy(&sa, addr, len);
348 
349         BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
350 
351         lock_sock(sk);
352 
353         if (sk->sk_state != BT_OPEN) {
354                 err = -EBADFD;
355                 goto done;
356         }
357 
358         if (sk->sk_type != SOCK_STREAM) {
359                 err = -EINVAL;
360                 goto done;
361         }
362 
363         write_lock(&rfcomm_sk_list.lock);
364 
365         if (sa.rc_channel &&
366             __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
367                 err = -EADDRINUSE;
368         } else {
369                 /* Save source address */
370                 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
371                 rfcomm_pi(sk)->channel = sa.rc_channel;
372                 sk->sk_state = BT_BOUND;
373         }
374 
375         write_unlock(&rfcomm_sk_list.lock);
376 
377 done:
378         release_sock(sk);
379         return err;
380 }
381 
382 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
383 {
384         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
385         struct sock *sk = sock->sk;
386         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
387         int err = 0;
388 
389         BT_DBG("sk %p", sk);
390 
391         if (alen < sizeof(struct sockaddr_rc) ||
392             addr->sa_family != AF_BLUETOOTH)
393                 return -EINVAL;
394 
395         lock_sock(sk);
396 
397         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
398                 err = -EBADFD;
399                 goto done;
400         }
401 
402         if (sk->sk_type != SOCK_STREAM) {
403                 err = -EINVAL;
404                 goto done;
405         }
406 
407         sk->sk_state = BT_CONNECT;
408         bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
409         rfcomm_pi(sk)->channel = sa->rc_channel;
410 
411         d->sec_level = rfcomm_pi(sk)->sec_level;
412         d->role_switch = rfcomm_pi(sk)->role_switch;
413 
414         err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
415                               sa->rc_channel);
416         if (!err)
417                 err = bt_sock_wait_state(sk, BT_CONNECTED,
418                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
419 
420 done:
421         release_sock(sk);
422         return err;
423 }
424 
425 static int rfcomm_sock_listen(struct socket *sock, int backlog)
426 {
427         struct sock *sk = sock->sk;
428         int err = 0;
429 
430         BT_DBG("sk %p backlog %d", sk, backlog);
431 
432         lock_sock(sk);
433 
434         if (sk->sk_state != BT_BOUND) {
435                 err = -EBADFD;
436                 goto done;
437         }
438 
439         if (sk->sk_type != SOCK_STREAM) {
440                 err = -EINVAL;
441                 goto done;
442         }
443 
444         if (!rfcomm_pi(sk)->channel) {
445                 bdaddr_t *src = &rfcomm_pi(sk)->src;
446                 u8 channel;
447 
448                 err = -EINVAL;
449 
450                 write_lock(&rfcomm_sk_list.lock);
451 
452                 for (channel = 1; channel < 31; channel++)
453                         if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
454                                 rfcomm_pi(sk)->channel = channel;
455                                 err = 0;
456                                 break;
457                         }
458 
459                 write_unlock(&rfcomm_sk_list.lock);
460 
461                 if (err < 0)
462                         goto done;
463         }
464 
465         sk->sk_max_ack_backlog = backlog;
466         sk->sk_ack_backlog = 0;
467         sk->sk_state = BT_LISTEN;
468 
469 done:
470         release_sock(sk);
471         return err;
472 }
473 
474 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
475                               bool kern)
476 {
477         DEFINE_WAIT_FUNC(wait, woken_wake_function);
478         struct sock *sk = sock->sk, *nsk;
479         long timeo;
480         int err = 0;
481 
482         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
483 
484         if (sk->sk_type != SOCK_STREAM) {
485                 err = -EINVAL;
486                 goto done;
487         }
488 
489         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
490 
491         BT_DBG("sk %p timeo %ld", sk, timeo);
492 
493         /* Wait for an incoming connection. (wake-one). */
494         add_wait_queue_exclusive(sk_sleep(sk), &wait);
495         while (1) {
496                 if (sk->sk_state != BT_LISTEN) {
497                         err = -EBADFD;
498                         break;
499                 }
500 
501                 nsk = bt_accept_dequeue(sk, newsock);
502                 if (nsk)
503                         break;
504 
505                 if (!timeo) {
506                         err = -EAGAIN;
507                         break;
508                 }
509 
510                 if (signal_pending(current)) {
511                         err = sock_intr_errno(timeo);
512                         break;
513                 }
514 
515                 release_sock(sk);
516 
517                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
518 
519                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
520         }
521         remove_wait_queue(sk_sleep(sk), &wait);
522 
523         if (err)
524                 goto done;
525 
526         newsock->state = SS_CONNECTED;
527 
528         BT_DBG("new socket %p", nsk);
529 
530 done:
531         release_sock(sk);
532         return err;
533 }
534 
535 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
536 {
537         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
538         struct sock *sk = sock->sk;
539 
540         BT_DBG("sock %p, sk %p", sock, sk);
541 
542         if (peer && sk->sk_state != BT_CONNECTED &&
543             sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
544                 return -ENOTCONN;
545 
546         memset(sa, 0, sizeof(*sa));
547         sa->rc_family  = AF_BLUETOOTH;
548         sa->rc_channel = rfcomm_pi(sk)->channel;
549         if (peer)
550                 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
551         else
552                 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
553 
554         *len = sizeof(struct sockaddr_rc);
555         return 0;
556 }
557 
558 static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
559                                size_t len)
560 {
561         struct sock *sk = sock->sk;
562         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
563         struct sk_buff *skb;
564         int sent;
565 
566         if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
567                 return -ENOTCONN;
568 
569         if (msg->msg_flags & MSG_OOB)
570                 return -EOPNOTSUPP;
571 
572         if (sk->sk_shutdown & SEND_SHUTDOWN)
573                 return -EPIPE;
574 
575         BT_DBG("sock %p, sk %p", sock, sk);
576 
577         lock_sock(sk);
578 
579         sent = bt_sock_wait_ready(sk, msg->msg_flags);
580         if (sent)
581                 goto done;
582 
583         while (len) {
584                 size_t size = min_t(size_t, len, d->mtu);
585                 int err;
586 
587                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
588                                 msg->msg_flags & MSG_DONTWAIT, &err);
589                 if (!skb) {
590                         if (sent == 0)
591                                 sent = err;
592                         break;
593                 }
594                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
595 
596                 err = memcpy_from_msg(skb_put(skb, size), msg, size);
597                 if (err) {
598                         kfree_skb(skb);
599                         if (sent == 0)
600                                 sent = err;
601                         break;
602                 }
603 
604                 skb->priority = sk->sk_priority;
605 
606                 err = rfcomm_dlc_send(d, skb);
607                 if (err < 0) {
608                         kfree_skb(skb);
609                         if (sent == 0)
610                                 sent = err;
611                         break;
612                 }
613 
614                 sent += size;
615                 len  -= size;
616         }
617 
618 done:
619         release_sock(sk);
620 
621         return sent;
622 }
623 
624 static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
625                                size_t size, int flags)
626 {
627         struct sock *sk = sock->sk;
628         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
629         int len;
630 
631         if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
632                 rfcomm_dlc_accept(d);
633                 return 0;
634         }
635 
636         len = bt_sock_stream_recvmsg(sock, msg, size, flags);
637 
638         lock_sock(sk);
639         if (!(flags & MSG_PEEK) && len > 0)
640                 atomic_sub(len, &sk->sk_rmem_alloc);
641 
642         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
643                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
644         release_sock(sk);
645 
646         return len;
647 }
648 
649 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
650 {
651         struct sock *sk = sock->sk;
652         int err = 0;
653         u32 opt;
654 
655         BT_DBG("sk %p", sk);
656 
657         lock_sock(sk);
658 
659         switch (optname) {
660         case RFCOMM_LM:
661                 if (get_user(opt, (u32 __user *) optval)) {
662                         err = -EFAULT;
663                         break;
664                 }
665 
666                 if (opt & RFCOMM_LM_FIPS) {
667                         err = -EINVAL;
668                         break;
669                 }
670 
671                 if (opt & RFCOMM_LM_AUTH)
672                         rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
673                 if (opt & RFCOMM_LM_ENCRYPT)
674                         rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
675                 if (opt & RFCOMM_LM_SECURE)
676                         rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
677 
678                 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
679                 break;
680 
681         default:
682                 err = -ENOPROTOOPT;
683                 break;
684         }
685 
686         release_sock(sk);
687         return err;
688 }
689 
690 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
691 {
692         struct sock *sk = sock->sk;
693         struct bt_security sec;
694         int err = 0;
695         size_t len;
696         u32 opt;
697 
698         BT_DBG("sk %p", sk);
699 
700         if (level == SOL_RFCOMM)
701                 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
702 
703         if (level != SOL_BLUETOOTH)
704                 return -ENOPROTOOPT;
705 
706         lock_sock(sk);
707 
708         switch (optname) {
709         case BT_SECURITY:
710                 if (sk->sk_type != SOCK_STREAM) {
711                         err = -EINVAL;
712                         break;
713                 }
714 
715                 sec.level = BT_SECURITY_LOW;
716 
717                 len = min_t(unsigned int, sizeof(sec), optlen);
718                 if (copy_from_user((char *) &sec, optval, len)) {
719                         err = -EFAULT;
720                         break;
721                 }
722 
723                 if (sec.level > BT_SECURITY_HIGH) {
724                         err = -EINVAL;
725                         break;
726                 }
727 
728                 rfcomm_pi(sk)->sec_level = sec.level;
729                 break;
730 
731         case BT_DEFER_SETUP:
732                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
733                         err = -EINVAL;
734                         break;
735                 }
736 
737                 if (get_user(opt, (u32 __user *) optval)) {
738                         err = -EFAULT;
739                         break;
740                 }
741 
742                 if (opt)
743                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
744                 else
745                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
746 
747                 break;
748 
749         default:
750                 err = -ENOPROTOOPT;
751                 break;
752         }
753 
754         release_sock(sk);
755         return err;
756 }
757 
758 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
759 {
760         struct sock *sk = sock->sk;
761         struct sock *l2cap_sk;
762         struct l2cap_conn *conn;
763         struct rfcomm_conninfo cinfo;
764         int len, err = 0;
765         u32 opt;
766 
767         BT_DBG("sk %p", sk);
768 
769         if (get_user(len, optlen))
770                 return -EFAULT;
771 
772         lock_sock(sk);
773 
774         switch (optname) {
775         case RFCOMM_LM:
776                 switch (rfcomm_pi(sk)->sec_level) {
777                 case BT_SECURITY_LOW:
778                         opt = RFCOMM_LM_AUTH;
779                         break;
780                 case BT_SECURITY_MEDIUM:
781                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
782                         break;
783                 case BT_SECURITY_HIGH:
784                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
785                               RFCOMM_LM_SECURE;
786                         break;
787                 case BT_SECURITY_FIPS:
788                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
789                               RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
790                         break;
791                 default:
792                         opt = 0;
793                         break;
794                 }
795 
796                 if (rfcomm_pi(sk)->role_switch)
797                         opt |= RFCOMM_LM_MASTER;
798 
799                 if (put_user(opt, (u32 __user *) optval))
800                         err = -EFAULT;
801 
802                 break;
803 
804         case RFCOMM_CONNINFO:
805                 if (sk->sk_state != BT_CONNECTED &&
806                                         !rfcomm_pi(sk)->dlc->defer_setup) {
807                         err = -ENOTCONN;
808                         break;
809                 }
810 
811                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
812                 conn = l2cap_pi(l2cap_sk)->chan->conn;
813 
814                 memset(&cinfo, 0, sizeof(cinfo));
815                 cinfo.hci_handle = conn->hcon->handle;
816                 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
817 
818                 len = min_t(unsigned int, len, sizeof(cinfo));
819                 if (copy_to_user(optval, (char *) &cinfo, len))
820                         err = -EFAULT;
821 
822                 break;
823 
824         default:
825                 err = -ENOPROTOOPT;
826                 break;
827         }
828 
829         release_sock(sk);
830         return err;
831 }
832 
833 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
834 {
835         struct sock *sk = sock->sk;
836         struct bt_security sec;
837         int len, err = 0;
838 
839         BT_DBG("sk %p", sk);
840 
841         if (level == SOL_RFCOMM)
842                 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
843 
844         if (level != SOL_BLUETOOTH)
845                 return -ENOPROTOOPT;
846 
847         if (get_user(len, optlen))
848                 return -EFAULT;
849 
850         lock_sock(sk);
851 
852         switch (optname) {
853         case BT_SECURITY:
854                 if (sk->sk_type != SOCK_STREAM) {
855                         err = -EINVAL;
856                         break;
857                 }
858 
859                 sec.level = rfcomm_pi(sk)->sec_level;
860                 sec.key_size = 0;
861 
862                 len = min_t(unsigned int, len, sizeof(sec));
863                 if (copy_to_user(optval, (char *) &sec, len))
864                         err = -EFAULT;
865 
866                 break;
867 
868         case BT_DEFER_SETUP:
869                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
870                         err = -EINVAL;
871                         break;
872                 }
873 
874                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
875                              (u32 __user *) optval))
876                         err = -EFAULT;
877 
878                 break;
879 
880         default:
881                 err = -ENOPROTOOPT;
882                 break;
883         }
884 
885         release_sock(sk);
886         return err;
887 }
888 
889 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
890 {
891         struct sock *sk __maybe_unused = sock->sk;
892         int err;
893 
894         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
895 
896         err = bt_sock_ioctl(sock, cmd, arg);
897 
898         if (err == -ENOIOCTLCMD) {
899 #ifdef CONFIG_BT_RFCOMM_TTY
900                 lock_sock(sk);
901                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
902                 release_sock(sk);
903 #else
904                 err = -EOPNOTSUPP;
905 #endif
906         }
907 
908         return err;
909 }
910 
911 static int rfcomm_sock_shutdown(struct socket *sock, int how)
912 {
913         struct sock *sk = sock->sk;
914         int err = 0;
915 
916         BT_DBG("sock %p, sk %p", sock, sk);
917 
918         if (!sk)
919                 return 0;
920 
921         lock_sock(sk);
922         if (!sk->sk_shutdown) {
923                 sk->sk_shutdown = SHUTDOWN_MASK;
924                 __rfcomm_sock_close(sk);
925 
926                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
927                     !(current->flags & PF_EXITING))
928                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
929         }
930         release_sock(sk);
931         return err;
932 }
933 
934 static int rfcomm_sock_release(struct socket *sock)
935 {
936         struct sock *sk = sock->sk;
937         int err;
938 
939         BT_DBG("sock %p, sk %p", sock, sk);
940 
941         if (!sk)
942                 return 0;
943 
944         err = rfcomm_sock_shutdown(sock, 2);
945 
946         sock_orphan(sk);
947         rfcomm_sock_kill(sk);
948         return err;
949 }
950 
951 /* ---- RFCOMM core layer callbacks ----
952  *
953  * called under rfcomm_lock()
954  */
955 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
956 {
957         struct sock *sk, *parent;
958         bdaddr_t src, dst;
959         int result = 0;
960 
961         BT_DBG("session %p channel %d", s, channel);
962 
963         rfcomm_session_getaddr(s, &src, &dst);
964 
965         /* Check if we have socket listening on channel */
966         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
967         if (!parent)
968                 return 0;
969 
970         bh_lock_sock(parent);
971 
972         /* Check for backlog size */
973         if (sk_acceptq_is_full(parent)) {
974                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
975                 goto done;
976         }
977 
978         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
979         if (!sk)
980                 goto done;
981 
982         bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
983 
984         rfcomm_sock_init(sk, parent);
985         bacpy(&rfcomm_pi(sk)->src, &src);
986         bacpy(&rfcomm_pi(sk)->dst, &dst);
987         rfcomm_pi(sk)->channel = channel;
988 
989         sk->sk_state = BT_CONFIG;
990         bt_accept_enqueue(parent, sk);
991 
992         /* Accept connection and return socket DLC */
993         *d = rfcomm_pi(sk)->dlc;
994         result = 1;
995 
996 done:
997         bh_unlock_sock(parent);
998 
999         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1000                 parent->sk_state_change(parent);
1001 
1002         return result;
1003 }
1004 
1005 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1006 {
1007         struct sock *sk;
1008 
1009         read_lock(&rfcomm_sk_list.lock);
1010 
1011         sk_for_each(sk, &rfcomm_sk_list.head) {
1012                 seq_printf(f, "%pMR %pMR %d %d\n",
1013                            &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
1014                            sk->sk_state, rfcomm_pi(sk)->channel);
1015         }
1016 
1017         read_unlock(&rfcomm_sk_list.lock);
1018 
1019         return 0;
1020 }
1021 
1022 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1023 {
1024         return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1025 }
1026 
1027 static const struct file_operations rfcomm_sock_debugfs_fops = {
1028         .open           = rfcomm_sock_debugfs_open,
1029         .read           = seq_read,
1030         .llseek         = seq_lseek,
1031         .release        = single_release,
1032 };
1033 
1034 static struct dentry *rfcomm_sock_debugfs;
1035 
1036 static const struct proto_ops rfcomm_sock_ops = {
1037         .family         = PF_BLUETOOTH,
1038         .owner          = THIS_MODULE,
1039         .release        = rfcomm_sock_release,
1040         .bind           = rfcomm_sock_bind,
1041         .connect        = rfcomm_sock_connect,
1042         .listen         = rfcomm_sock_listen,
1043         .accept         = rfcomm_sock_accept,
1044         .getname        = rfcomm_sock_getname,
1045         .sendmsg        = rfcomm_sock_sendmsg,
1046         .recvmsg        = rfcomm_sock_recvmsg,
1047         .shutdown       = rfcomm_sock_shutdown,
1048         .setsockopt     = rfcomm_sock_setsockopt,
1049         .getsockopt     = rfcomm_sock_getsockopt,
1050         .ioctl          = rfcomm_sock_ioctl,
1051         .poll           = bt_sock_poll,
1052         .socketpair     = sock_no_socketpair,
1053         .mmap           = sock_no_mmap
1054 };
1055 
1056 static const struct net_proto_family rfcomm_sock_family_ops = {
1057         .family         = PF_BLUETOOTH,
1058         .owner          = THIS_MODULE,
1059         .create         = rfcomm_sock_create
1060 };
1061 
1062 int __init rfcomm_init_sockets(void)
1063 {
1064         int err;
1065 
1066         BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1067 
1068         err = proto_register(&rfcomm_proto, 0);
1069         if (err < 0)
1070                 return err;
1071 
1072         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1073         if (err < 0) {
1074                 BT_ERR("RFCOMM socket layer registration failed");
1075                 goto error;
1076         }
1077 
1078         err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1079         if (err < 0) {
1080                 BT_ERR("Failed to create RFCOMM proc file");
1081                 bt_sock_unregister(BTPROTO_RFCOMM);
1082                 goto error;
1083         }
1084 
1085         BT_INFO("RFCOMM socket layer initialized");
1086 
1087         if (IS_ERR_OR_NULL(bt_debugfs))
1088                 return 0;
1089 
1090         rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1091                                                   bt_debugfs, NULL,
1092                                                   &rfcomm_sock_debugfs_fops);
1093 
1094         return 0;
1095 
1096 error:
1097         proto_unregister(&rfcomm_proto);
1098         return err;
1099 }
1100 
1101 void __exit rfcomm_cleanup_sockets(void)
1102 {
1103         bt_procfs_cleanup(&init_net, "rfcomm");
1104 
1105         debugfs_remove(rfcomm_sock_debugfs);
1106 
1107         bt_sock_unregister(BTPROTO_RFCOMM);
1108 
1109         proto_unregister(&rfcomm_proto);
1110 }
1111 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp