Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
[linux-2.6] / net / bluetooth / rfcomm / sock.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47
48 #include <net/bluetooth/bluetooth.h>
49 #include <net/bluetooth/hci_core.h>
50 #include <net/bluetooth/l2cap.h>
51 #include <net/bluetooth/rfcomm.h>
52
53 static const struct proto_ops rfcomm_sock_ops;
54
55 static struct bt_sock_list rfcomm_sk_list = {
56         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
57 };
58
59 static void rfcomm_sock_close(struct sock *sk);
60 static void rfcomm_sock_kill(struct sock *sk);
61
62 /* ---- DLC callbacks ----
63  *
64  * called under rfcomm_dlc_lock()
65  */
66 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
67 {
68         struct sock *sk = d->owner;
69         if (!sk)
70                 return;
71
72         atomic_add(skb->len, &sk->sk_rmem_alloc);
73         skb_queue_tail(&sk->sk_receive_queue, skb);
74         sk->sk_data_ready(sk, skb->len);
75
76         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
77                 rfcomm_dlc_throttle(d);
78 }
79
80 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
81 {
82         struct sock *sk = d->owner, *parent;
83         if (!sk)
84                 return;
85
86         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
87
88         bh_lock_sock(sk);
89
90         if (err)
91                 sk->sk_err = err;
92
93         sk->sk_state = d->state;
94
95         parent = bt_sk(sk)->parent;
96         if (parent) {
97                 if (d->state == BT_CLOSED) {
98                         sock_set_flag(sk, SOCK_ZAPPED);
99                         bt_accept_unlink(sk);
100                 }
101                 parent->sk_data_ready(parent, 0);
102         } else {
103                 if (d->state == BT_CONNECTED)
104                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
105                 sk->sk_state_change(sk);
106         }
107
108         bh_unlock_sock(sk);
109
110         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
111                 /* We have to drop DLC lock here, otherwise
112                  * rfcomm_sock_destruct() will dead lock. */
113                 rfcomm_dlc_unlock(d);
114                 rfcomm_sock_kill(sk);
115                 rfcomm_dlc_lock(d);
116         }
117 }
118
119 /* ---- Socket functions ---- */
120 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
121 {
122         struct sock *sk = NULL;
123         struct hlist_node *node;
124
125         sk_for_each(sk, node, &rfcomm_sk_list.head) {
126                 if (rfcomm_pi(sk)->channel == channel &&
127                                 !bacmp(&bt_sk(sk)->src, src))
128                         break;
129         }
130
131         return node ? sk : NULL;
132 }
133
134 /* Find socket with channel and source bdaddr.
135  * Returns closest match.
136  */
137 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
138 {
139         struct sock *sk = NULL, *sk1 = NULL;
140         struct hlist_node *node;
141
142         sk_for_each(sk, node, &rfcomm_sk_list.head) {
143                 if (state && sk->sk_state != state)
144                         continue;
145
146                 if (rfcomm_pi(sk)->channel == channel) {
147                         /* Exact match. */
148                         if (!bacmp(&bt_sk(sk)->src, src))
149                                 break;
150
151                         /* Closest match */
152                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
153                                 sk1 = sk;
154                 }
155         }
156         return node ? sk : sk1;
157 }
158
159 /* Find socket with given address (channel, src).
160  * Returns locked socket */
161 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
162 {
163         struct sock *s;
164         read_lock(&rfcomm_sk_list.lock);
165         s = __rfcomm_get_sock_by_channel(state, channel, src);
166         if (s) bh_lock_sock(s);
167         read_unlock(&rfcomm_sk_list.lock);
168         return s;
169 }
170
171 static void rfcomm_sock_destruct(struct sock *sk)
172 {
173         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
174
175         BT_DBG("sk %p dlc %p", sk, d);
176
177         skb_queue_purge(&sk->sk_receive_queue);
178         skb_queue_purge(&sk->sk_write_queue);
179
180         rfcomm_dlc_lock(d);
181         rfcomm_pi(sk)->dlc = NULL;
182
183         /* Detach DLC if it's owned by this socket */
184         if (d->owner == sk)
185                 d->owner = NULL;
186         rfcomm_dlc_unlock(d);
187
188         rfcomm_dlc_put(d);
189 }
190
191 static void rfcomm_sock_cleanup_listen(struct sock *parent)
192 {
193         struct sock *sk;
194
195         BT_DBG("parent %p", parent);
196
197         /* Close not yet accepted dlcs */
198         while ((sk = bt_accept_dequeue(parent, NULL))) {
199                 rfcomm_sock_close(sk);
200                 rfcomm_sock_kill(sk);
201         }
202
203         parent->sk_state  = BT_CLOSED;
204         sock_set_flag(parent, SOCK_ZAPPED);
205 }
206
207 /* Kill socket (only if zapped and orphan)
208  * Must be called on unlocked socket.
209  */
210 static void rfcomm_sock_kill(struct sock *sk)
211 {
212         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
213                 return;
214
215         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
216
217         /* Kill poor orphan */
218         bt_sock_unlink(&rfcomm_sk_list, sk);
219         sock_set_flag(sk, SOCK_DEAD);
220         sock_put(sk);
221 }
222
223 static void __rfcomm_sock_close(struct sock *sk)
224 {
225         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
226
227         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
228
229         switch (sk->sk_state) {
230         case BT_LISTEN:
231                 rfcomm_sock_cleanup_listen(sk);
232                 break;
233
234         case BT_CONNECT:
235         case BT_CONNECT2:
236         case BT_CONFIG:
237         case BT_CONNECTED:
238                 rfcomm_dlc_close(d, 0);
239
240         default:
241                 sock_set_flag(sk, SOCK_ZAPPED);
242                 break;
243         }
244 }
245
246 /* Close socket.
247  * Must be called on unlocked socket.
248  */
249 static void rfcomm_sock_close(struct sock *sk)
250 {
251         lock_sock(sk);
252         __rfcomm_sock_close(sk);
253         release_sock(sk);
254 }
255
256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
257 {
258         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
259
260         BT_DBG("sk %p", sk);
261
262         if (parent) {
263                 sk->sk_type = parent->sk_type;
264                 pi->link_mode = rfcomm_pi(parent)->link_mode;
265         } else {
266                 pi->link_mode = 0;
267         }
268
269         pi->dlc->link_mode = pi->link_mode;
270 }
271
272 static struct proto rfcomm_proto = {
273         .name           = "RFCOMM",
274         .owner          = THIS_MODULE,
275         .obj_size       = sizeof(struct rfcomm_pinfo)
276 };
277
278 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
279 {
280         struct rfcomm_dlc *d;
281         struct sock *sk;
282
283         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
284         if (!sk)
285                 return NULL;
286
287         sock_init_data(sock, sk);
288         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
289
290         d = rfcomm_dlc_alloc(prio);
291         if (!d) {
292                 sk_free(sk);
293                 return NULL;
294         }
295
296         d->data_ready   = rfcomm_sk_data_ready;
297         d->state_change = rfcomm_sk_state_change;
298
299         rfcomm_pi(sk)->dlc = d;
300         d->owner = sk;
301
302         sk->sk_destruct = rfcomm_sock_destruct;
303         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
304
305         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
306         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
307
308         sock_reset_flag(sk, SOCK_ZAPPED);
309
310         sk->sk_protocol = proto;
311         sk->sk_state    = BT_OPEN;
312
313         bt_sock_link(&rfcomm_sk_list, sk);
314
315         BT_DBG("sk %p", sk);
316         return sk;
317 }
318
319 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
320 {
321         struct sock *sk;
322
323         BT_DBG("sock %p", sock);
324
325         sock->state = SS_UNCONNECTED;
326
327         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
328                 return -ESOCKTNOSUPPORT;
329
330         sock->ops = &rfcomm_sock_ops;
331
332         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
333         if (!sk)
334                 return -ENOMEM;
335
336         rfcomm_sock_init(sk, NULL);
337         return 0;
338 }
339
340 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
341 {
342         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
343         struct sock *sk = sock->sk;
344         int err = 0;
345
346         BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
347
348         if (!addr || addr->sa_family != AF_BLUETOOTH)
349                 return -EINVAL;
350
351         lock_sock(sk);
352
353         if (sk->sk_state != BT_OPEN) {
354                 err = -EBADFD;
355                 goto done;
356         }
357
358         if (sk->sk_type != SOCK_STREAM) {
359                 err = -EINVAL;
360                 goto done;
361         }
362
363         write_lock_bh(&rfcomm_sk_list.lock);
364
365         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
366                 err = -EADDRINUSE;
367         } else {
368                 /* Save source address */
369                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
370                 rfcomm_pi(sk)->channel = sa->rc_channel;
371                 sk->sk_state = BT_BOUND;
372         }
373
374         write_unlock_bh(&rfcomm_sk_list.lock);
375
376 done:
377         release_sock(sk);
378         return err;
379 }
380
381 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
382 {
383         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
384         struct sock *sk = sock->sk;
385         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
386         int err = 0;
387
388         BT_DBG("sk %p", sk);
389
390         if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
391                 return -EINVAL;
392
393         lock_sock(sk);
394
395         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
396                 err = -EBADFD;
397                 goto done;
398         }
399
400         if (sk->sk_type != SOCK_STREAM) {
401                 err = -EINVAL;
402                 goto done;
403         }
404
405         sk->sk_state = BT_CONNECT;
406         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
407         rfcomm_pi(sk)->channel = sa->rc_channel;
408
409         d->link_mode = rfcomm_pi(sk)->link_mode;
410
411         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
412         if (!err)
413                 err = bt_sock_wait_state(sk, BT_CONNECTED,
414                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
415
416 done:
417         release_sock(sk);
418         return err;
419 }
420
421 static int rfcomm_sock_listen(struct socket *sock, int backlog)
422 {
423         struct sock *sk = sock->sk;
424         int err = 0;
425
426         BT_DBG("sk %p backlog %d", sk, backlog);
427
428         lock_sock(sk);
429
430         if (sk->sk_state != BT_BOUND) {
431                 err = -EBADFD;
432                 goto done;
433         }
434
435         if (sk->sk_type != SOCK_STREAM) {
436                 err = -EINVAL;
437                 goto done;
438         }
439
440         if (!rfcomm_pi(sk)->channel) {
441                 bdaddr_t *src = &bt_sk(sk)->src;
442                 u8 channel;
443
444                 err = -EINVAL;
445
446                 write_lock_bh(&rfcomm_sk_list.lock);
447
448                 for (channel = 1; channel < 31; channel++)
449                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
450                                 rfcomm_pi(sk)->channel = channel;
451                                 err = 0;
452                                 break;
453                         }
454
455                 write_unlock_bh(&rfcomm_sk_list.lock);
456
457                 if (err < 0)
458                         goto done;
459         }
460
461         sk->sk_max_ack_backlog = backlog;
462         sk->sk_ack_backlog = 0;
463         sk->sk_state = BT_LISTEN;
464
465 done:
466         release_sock(sk);
467         return err;
468 }
469
470 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
471 {
472         DECLARE_WAITQUEUE(wait, current);
473         struct sock *sk = sock->sk, *nsk;
474         long timeo;
475         int err = 0;
476
477         lock_sock(sk);
478
479         if (sk->sk_state != BT_LISTEN) {
480                 err = -EBADFD;
481                 goto done;
482         }
483
484         if (sk->sk_type != SOCK_STREAM) {
485                 err = -EINVAL;
486                 goto done;
487         }
488
489         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
490
491         BT_DBG("sk %p timeo %ld", sk, timeo);
492
493         /* Wait for an incoming connection. (wake-one). */
494         add_wait_queue_exclusive(sk->sk_sleep, &wait);
495         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
496                 set_current_state(TASK_INTERRUPTIBLE);
497                 if (!timeo) {
498                         err = -EAGAIN;
499                         break;
500                 }
501
502                 release_sock(sk);
503                 timeo = schedule_timeout(timeo);
504                 lock_sock(sk);
505
506                 if (sk->sk_state != BT_LISTEN) {
507                         err = -EBADFD;
508                         break;
509                 }
510
511                 if (signal_pending(current)) {
512                         err = sock_intr_errno(timeo);
513                         break;
514                 }
515         }
516         set_current_state(TASK_RUNNING);
517         remove_wait_queue(sk->sk_sleep, &wait);
518
519         if (err)
520                 goto done;
521
522         newsock->state = SS_CONNECTED;
523
524         BT_DBG("new socket %p", nsk);
525
526 done:
527         release_sock(sk);
528         return err;
529 }
530
531 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
532 {
533         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
534         struct sock *sk = sock->sk;
535
536         BT_DBG("sock %p, sk %p", sock, sk);
537
538         sa->rc_family  = AF_BLUETOOTH;
539         sa->rc_channel = rfcomm_pi(sk)->channel;
540         if (peer)
541                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
542         else
543                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
544
545         *len = sizeof(struct sockaddr_rc);
546         return 0;
547 }
548
549 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
550                                struct msghdr *msg, size_t len)
551 {
552         struct sock *sk = sock->sk;
553         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
554         struct sk_buff *skb;
555         int sent = 0;
556
557         if (msg->msg_flags & MSG_OOB)
558                 return -EOPNOTSUPP;
559
560         if (sk->sk_shutdown & SEND_SHUTDOWN)
561                 return -EPIPE;
562
563         BT_DBG("sock %p, sk %p", sock, sk);
564
565         lock_sock(sk);
566
567         while (len) {
568                 size_t size = min_t(size_t, len, d->mtu);
569                 int err;
570
571                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
572                                 msg->msg_flags & MSG_DONTWAIT, &err);
573                 if (!skb)
574                         break;
575                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
576
577                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
578                 if (err) {
579                         kfree_skb(skb);
580                         if (sent == 0)
581                                 sent = err;
582                         break;
583                 }
584
585                 err = rfcomm_dlc_send(d, skb);
586                 if (err < 0) {
587                         kfree_skb(skb);
588                         if (sent == 0)
589                                 sent = err;
590                         break;
591                 }
592
593                 sent += size;
594                 len  -= size;
595         }
596
597         release_sock(sk);
598
599         return sent;
600 }
601
602 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
603 {
604         DECLARE_WAITQUEUE(wait, current);
605
606         add_wait_queue(sk->sk_sleep, &wait);
607         for (;;) {
608                 set_current_state(TASK_INTERRUPTIBLE);
609
610                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
611                     sk->sk_err ||
612                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
613                     signal_pending(current) ||
614                     !timeo)
615                         break;
616
617                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
618                 release_sock(sk);
619                 timeo = schedule_timeout(timeo);
620                 lock_sock(sk);
621                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
622         }
623
624         __set_current_state(TASK_RUNNING);
625         remove_wait_queue(sk->sk_sleep, &wait);
626         return timeo;
627 }
628
629 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
630                                struct msghdr *msg, size_t size, int flags)
631 {
632         struct sock *sk = sock->sk;
633         int err = 0;
634         size_t target, copied = 0;
635         long timeo;
636
637         if (flags & MSG_OOB)
638                 return -EOPNOTSUPP;
639
640         msg->msg_namelen = 0;
641
642         BT_DBG("sk %p size %zu", sk, size);
643
644         lock_sock(sk);
645
646         target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
647         timeo  = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
648
649         do {
650                 struct sk_buff *skb;
651                 int chunk;
652
653                 skb = skb_dequeue(&sk->sk_receive_queue);
654                 if (!skb) {
655                         if (copied >= target)
656                                 break;
657
658                         if ((err = sock_error(sk)) != 0)
659                                 break;
660                         if (sk->sk_shutdown & RCV_SHUTDOWN)
661                                 break;
662
663                         err = -EAGAIN;
664                         if (!timeo)
665                                 break;
666
667                         timeo = rfcomm_sock_data_wait(sk, timeo);
668
669                         if (signal_pending(current)) {
670                                 err = sock_intr_errno(timeo);
671                                 goto out;
672                         }
673                         continue;
674                 }
675
676                 chunk = min_t(unsigned int, skb->len, size);
677                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
678                         skb_queue_head(&sk->sk_receive_queue, skb);
679                         if (!copied)
680                                 copied = -EFAULT;
681                         break;
682                 }
683                 copied += chunk;
684                 size   -= chunk;
685
686                 sock_recv_timestamp(msg, sk, skb);
687
688                 if (!(flags & MSG_PEEK)) {
689                         atomic_sub(chunk, &sk->sk_rmem_alloc);
690
691                         skb_pull(skb, chunk);
692                         if (skb->len) {
693                                 skb_queue_head(&sk->sk_receive_queue, skb);
694                                 break;
695                         }
696                         kfree_skb(skb);
697
698                 } else {
699                         /* put message back and return */
700                         skb_queue_head(&sk->sk_receive_queue, skb);
701                         break;
702                 }
703         } while (size);
704
705 out:
706         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
707                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
708
709         release_sock(sk);
710         return copied ? : err;
711 }
712
713 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
714 {
715         struct sock *sk = sock->sk;
716         int err = 0;
717         u32 opt;
718
719         BT_DBG("sk %p", sk);
720
721         lock_sock(sk);
722
723         switch (optname) {
724         case RFCOMM_LM:
725                 if (get_user(opt, (u32 __user *) optval)) {
726                         err = -EFAULT;
727                         break;
728                 }
729
730                 rfcomm_pi(sk)->link_mode = opt;
731                 break;
732
733         default:
734                 err = -ENOPROTOOPT;
735                 break;
736         }
737
738         release_sock(sk);
739         return err;
740 }
741
742 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
743 {
744         struct sock *sk = sock->sk;
745         struct sock *l2cap_sk;
746         struct rfcomm_conninfo cinfo;
747         int len, err = 0;
748
749         BT_DBG("sk %p", sk);
750
751         if (get_user(len, optlen))
752                 return -EFAULT;
753
754         lock_sock(sk);
755
756         switch (optname) {
757         case RFCOMM_LM:
758                 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
759                         err = -EFAULT;
760                 break;
761
762         case RFCOMM_CONNINFO:
763                 if (sk->sk_state != BT_CONNECTED) {
764                         err = -ENOTCONN;
765                         break;
766                 }
767
768                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
769
770                 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
771                 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
772
773                 len = min_t(unsigned int, len, sizeof(cinfo));
774                 if (copy_to_user(optval, (char *) &cinfo, len))
775                         err = -EFAULT;
776
777                 break;
778
779         default:
780                 err = -ENOPROTOOPT;
781                 break;
782         }
783
784         release_sock(sk);
785         return err;
786 }
787
788 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
789 {
790         struct sock *sk __maybe_unused = sock->sk;
791         int err;
792
793         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
794
795         err = bt_sock_ioctl(sock, cmd, arg);
796
797         if (err == -ENOIOCTLCMD) {
798 #ifdef CONFIG_BT_RFCOMM_TTY
799                 lock_sock(sk);
800                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
801                 release_sock(sk);
802 #else
803                 err = -EOPNOTSUPP;
804 #endif
805         }
806
807         return err;
808 }
809
810 static int rfcomm_sock_shutdown(struct socket *sock, int how)
811 {
812         struct sock *sk = sock->sk;
813         int err = 0;
814
815         BT_DBG("sock %p, sk %p", sock, sk);
816
817         if (!sk) return 0;
818
819         lock_sock(sk);
820         if (!sk->sk_shutdown) {
821                 sk->sk_shutdown = SHUTDOWN_MASK;
822                 __rfcomm_sock_close(sk);
823
824                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
825                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
826         }
827         release_sock(sk);
828         return err;
829 }
830
831 static int rfcomm_sock_release(struct socket *sock)
832 {
833         struct sock *sk = sock->sk;
834         int err;
835
836         BT_DBG("sock %p, sk %p", sock, sk);
837
838         if (!sk)
839                 return 0;
840
841         err = rfcomm_sock_shutdown(sock, 2);
842
843         sock_orphan(sk);
844         rfcomm_sock_kill(sk);
845         return err;
846 }
847
848 /* ---- RFCOMM core layer callbacks ----
849  *
850  * called under rfcomm_lock()
851  */
852 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
853 {
854         struct sock *sk, *parent;
855         bdaddr_t src, dst;
856         int result = 0;
857
858         BT_DBG("session %p channel %d", s, channel);
859
860         rfcomm_session_getaddr(s, &src, &dst);
861
862         /* Check if we have socket listening on channel */
863         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
864         if (!parent)
865                 return 0;
866
867         /* Check for backlog size */
868         if (sk_acceptq_is_full(parent)) {
869                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
870                 goto done;
871         }
872
873         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
874         if (!sk)
875                 goto done;
876
877         rfcomm_sock_init(sk, parent);
878         bacpy(&bt_sk(sk)->src, &src);
879         bacpy(&bt_sk(sk)->dst, &dst);
880         rfcomm_pi(sk)->channel = channel;
881
882         sk->sk_state = BT_CONFIG;
883         bt_accept_enqueue(parent, sk);
884
885         /* Accept connection and return socket DLC */
886         *d = rfcomm_pi(sk)->dlc;
887         result = 1;
888
889 done:
890         bh_unlock_sock(parent);
891         return result;
892 }
893
894 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
895 {
896         struct sock *sk;
897         struct hlist_node *node;
898         char *str = buf;
899
900         read_lock_bh(&rfcomm_sk_list.lock);
901
902         sk_for_each(sk, node, &rfcomm_sk_list.head) {
903                 str += sprintf(str, "%s %s %d %d\n",
904                                 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
905                                 sk->sk_state, rfcomm_pi(sk)->channel);
906         }
907
908         read_unlock_bh(&rfcomm_sk_list.lock);
909
910         return (str - buf);
911 }
912
913 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
914
915 static const struct proto_ops rfcomm_sock_ops = {
916         .family         = PF_BLUETOOTH,
917         .owner          = THIS_MODULE,
918         .release        = rfcomm_sock_release,
919         .bind           = rfcomm_sock_bind,
920         .connect        = rfcomm_sock_connect,
921         .listen         = rfcomm_sock_listen,
922         .accept         = rfcomm_sock_accept,
923         .getname        = rfcomm_sock_getname,
924         .sendmsg        = rfcomm_sock_sendmsg,
925         .recvmsg        = rfcomm_sock_recvmsg,
926         .shutdown       = rfcomm_sock_shutdown,
927         .setsockopt     = rfcomm_sock_setsockopt,
928         .getsockopt     = rfcomm_sock_getsockopt,
929         .ioctl          = rfcomm_sock_ioctl,
930         .poll           = bt_sock_poll,
931         .socketpair     = sock_no_socketpair,
932         .mmap           = sock_no_mmap
933 };
934
935 static struct net_proto_family rfcomm_sock_family_ops = {
936         .family         = PF_BLUETOOTH,
937         .owner          = THIS_MODULE,
938         .create         = rfcomm_sock_create
939 };
940
941 int __init rfcomm_init_sockets(void)
942 {
943         int err;
944
945         err = proto_register(&rfcomm_proto, 0);
946         if (err < 0)
947                 return err;
948
949         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
950         if (err < 0)
951                 goto error;
952
953         if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
954                 BT_ERR("Failed to create RFCOMM info file");
955
956         BT_INFO("RFCOMM socket layer initialized");
957
958         return 0;
959
960 error:
961         BT_ERR("RFCOMM socket layer registration failed");
962         proto_unregister(&rfcomm_proto);
963         return err;
964 }
965
966 void __exit rfcomm_cleanup_sockets(void)
967 {
968         class_remove_file(bt_class, &class_attr_rfcomm);
969
970         if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
971                 BT_ERR("RFCOMM socket layer unregistration failed");
972
973         proto_unregister(&rfcomm_proto);
974 }