Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
[linux-2.6] / net / bluetooth / rfcomm / sock.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47
48 #include <net/bluetooth/bluetooth.h>
49 #include <net/bluetooth/hci_core.h>
50 #include <net/bluetooth/l2cap.h>
51 #include <net/bluetooth/rfcomm.h>
52
53 #ifndef CONFIG_BT_RFCOMM_DEBUG
54 #undef  BT_DBG
55 #define BT_DBG(D...)
56 #endif
57
58 static const struct proto_ops rfcomm_sock_ops;
59
60 static struct bt_sock_list rfcomm_sk_list = {
61         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
62 };
63
64 static void rfcomm_sock_close(struct sock *sk);
65 static void rfcomm_sock_kill(struct sock *sk);
66
67 /* ---- DLC callbacks ----
68  *
69  * called under rfcomm_dlc_lock()
70  */
71 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
72 {
73         struct sock *sk = d->owner;
74         if (!sk)
75                 return;
76
77         atomic_add(skb->len, &sk->sk_rmem_alloc);
78         skb_queue_tail(&sk->sk_receive_queue, skb);
79         sk->sk_data_ready(sk, skb->len);
80
81         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
82                 rfcomm_dlc_throttle(d);
83 }
84
85 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
86 {
87         struct sock *sk = d->owner, *parent;
88         if (!sk)
89                 return;
90
91         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
92
93         bh_lock_sock(sk);
94
95         if (err)
96                 sk->sk_err = err;
97
98         sk->sk_state = d->state;
99
100         parent = bt_sk(sk)->parent;
101         if (parent) {
102                 if (d->state == BT_CLOSED) {
103                         sock_set_flag(sk, SOCK_ZAPPED);
104                         bt_accept_unlink(sk);
105                 }
106                 parent->sk_data_ready(parent, 0);
107         } else {
108                 if (d->state == BT_CONNECTED)
109                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110                 sk->sk_state_change(sk);
111         }
112
113         bh_unlock_sock(sk);
114
115         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
116                 /* We have to drop DLC lock here, otherwise
117                  * rfcomm_sock_destruct() will dead lock. */
118                 rfcomm_dlc_unlock(d);
119                 rfcomm_sock_kill(sk);
120                 rfcomm_dlc_lock(d);
121         }
122 }
123
124 /* ---- Socket functions ---- */
125 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
126 {
127         struct sock *sk = NULL;
128         struct hlist_node *node;
129
130         sk_for_each(sk, node, &rfcomm_sk_list.head) {
131                 if (rfcomm_pi(sk)->channel == channel &&
132                                 !bacmp(&bt_sk(sk)->src, src))
133                         break;
134         }
135
136         return node ? sk : NULL;
137 }
138
139 /* Find socket with channel and source bdaddr.
140  * Returns closest match.
141  */
142 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
143 {
144         struct sock *sk = NULL, *sk1 = NULL;
145         struct hlist_node *node;
146
147         sk_for_each(sk, node, &rfcomm_sk_list.head) {
148                 if (state && sk->sk_state != state)
149                         continue;
150
151                 if (rfcomm_pi(sk)->channel == channel) {
152                         /* Exact match. */
153                         if (!bacmp(&bt_sk(sk)->src, src))
154                                 break;
155
156                         /* Closest match */
157                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
158                                 sk1 = sk;
159                 }
160         }
161         return node ? sk : sk1;
162 }
163
164 /* Find socket with given address (channel, src).
165  * Returns locked socket */
166 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
167 {
168         struct sock *s;
169         read_lock(&rfcomm_sk_list.lock);
170         s = __rfcomm_get_sock_by_channel(state, channel, src);
171         if (s) bh_lock_sock(s);
172         read_unlock(&rfcomm_sk_list.lock);
173         return s;
174 }
175
176 static void rfcomm_sock_destruct(struct sock *sk)
177 {
178         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
179
180         BT_DBG("sk %p dlc %p", sk, d);
181
182         skb_queue_purge(&sk->sk_receive_queue);
183         skb_queue_purge(&sk->sk_write_queue);
184
185         rfcomm_dlc_lock(d);
186         rfcomm_pi(sk)->dlc = NULL;
187
188         /* Detach DLC if it's owned by this socket */
189         if (d->owner == sk)
190                 d->owner = NULL;
191         rfcomm_dlc_unlock(d);
192
193         rfcomm_dlc_put(d);
194 }
195
196 static void rfcomm_sock_cleanup_listen(struct sock *parent)
197 {
198         struct sock *sk;
199
200         BT_DBG("parent %p", parent);
201
202         /* Close not yet accepted dlcs */
203         while ((sk = bt_accept_dequeue(parent, NULL))) {
204                 rfcomm_sock_close(sk);
205                 rfcomm_sock_kill(sk);
206         }
207
208         parent->sk_state  = BT_CLOSED;
209         sock_set_flag(parent, SOCK_ZAPPED);
210 }
211
212 /* Kill socket (only if zapped and orphan)
213  * Must be called on unlocked socket.
214  */
215 static void rfcomm_sock_kill(struct sock *sk)
216 {
217         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
218                 return;
219
220         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
221
222         /* Kill poor orphan */
223         bt_sock_unlink(&rfcomm_sk_list, sk);
224         sock_set_flag(sk, SOCK_DEAD);
225         sock_put(sk);
226 }
227
228 static void __rfcomm_sock_close(struct sock *sk)
229 {
230         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
231
232         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
233
234         switch (sk->sk_state) {
235         case BT_LISTEN:
236                 rfcomm_sock_cleanup_listen(sk);
237                 break;
238
239         case BT_CONNECT:
240         case BT_CONNECT2:
241         case BT_CONFIG:
242         case BT_CONNECTED:
243                 rfcomm_dlc_close(d, 0);
244
245         default:
246                 sock_set_flag(sk, SOCK_ZAPPED);
247                 break;
248         }
249 }
250
251 /* Close socket.
252  * Must be called on unlocked socket.
253  */
254 static void rfcomm_sock_close(struct sock *sk)
255 {
256         lock_sock(sk);
257         __rfcomm_sock_close(sk);
258         release_sock(sk);
259 }
260
261 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
262 {
263         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
264
265         BT_DBG("sk %p", sk);
266
267         if (parent) {
268                 sk->sk_type = parent->sk_type;
269                 pi->link_mode = rfcomm_pi(parent)->link_mode;
270         } else {
271                 pi->link_mode = 0;
272         }
273
274         pi->dlc->link_mode = pi->link_mode;
275 }
276
277 static struct proto rfcomm_proto = {
278         .name           = "RFCOMM",
279         .owner          = THIS_MODULE,
280         .obj_size       = sizeof(struct rfcomm_pinfo)
281 };
282
283 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
284 {
285         struct rfcomm_dlc *d;
286         struct sock *sk;
287
288         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
289         if (!sk)
290                 return NULL;
291
292         sock_init_data(sock, sk);
293         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
294
295         d = rfcomm_dlc_alloc(prio);
296         if (!d) {
297                 sk_free(sk);
298                 return NULL;
299         }
300
301         d->data_ready   = rfcomm_sk_data_ready;
302         d->state_change = rfcomm_sk_state_change;
303
304         rfcomm_pi(sk)->dlc = d;
305         d->owner = sk;
306
307         sk->sk_destruct = rfcomm_sock_destruct;
308         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
309
310         sk->sk_sndbuf   = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
311         sk->sk_rcvbuf   = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
312
313         sock_reset_flag(sk, SOCK_ZAPPED);
314
315         sk->sk_protocol = proto;
316         sk->sk_state    = BT_OPEN;
317
318         bt_sock_link(&rfcomm_sk_list, sk);
319
320         BT_DBG("sk %p", sk);
321         return sk;
322 }
323
324 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
325 {
326         struct sock *sk;
327
328         BT_DBG("sock %p", sock);
329
330         sock->state = SS_UNCONNECTED;
331
332         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
333                 return -ESOCKTNOSUPPORT;
334
335         sock->ops = &rfcomm_sock_ops;
336
337         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
338         if (!sk)
339                 return -ENOMEM;
340
341         rfcomm_sock_init(sk, NULL);
342         return 0;
343 }
344
345 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
346 {
347         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
348         struct sock *sk = sock->sk;
349         int err = 0;
350
351         BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
352
353         if (!addr || addr->sa_family != AF_BLUETOOTH)
354                 return -EINVAL;
355
356         lock_sock(sk);
357
358         if (sk->sk_state != BT_OPEN) {
359                 err = -EBADFD;
360                 goto done;
361         }
362
363         if (sk->sk_type != SOCK_STREAM) {
364                 err = -EINVAL;
365                 goto done;
366         }
367
368         write_lock_bh(&rfcomm_sk_list.lock);
369
370         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
371                 err = -EADDRINUSE;
372         } else {
373                 /* Save source address */
374                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
375                 rfcomm_pi(sk)->channel = sa->rc_channel;
376                 sk->sk_state = BT_BOUND;
377         }
378
379         write_unlock_bh(&rfcomm_sk_list.lock);
380
381 done:
382         release_sock(sk);
383         return err;
384 }
385
386 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
387 {
388         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
389         struct sock *sk = sock->sk;
390         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
391         int err = 0;
392
393         BT_DBG("sk %p", sk);
394
395         if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
396                 return -EINVAL;
397
398         lock_sock(sk);
399
400         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
401                 err = -EBADFD;
402                 goto done;
403         }
404
405         if (sk->sk_type != SOCK_STREAM) {
406                 err = -EINVAL;
407                 goto done;
408         }
409
410         sk->sk_state = BT_CONNECT;
411         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
412         rfcomm_pi(sk)->channel = sa->rc_channel;
413
414         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
415         if (!err)
416                 err = bt_sock_wait_state(sk, BT_CONNECTED,
417                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
418
419 done:
420         release_sock(sk);
421         return err;
422 }
423
424 static int rfcomm_sock_listen(struct socket *sock, int backlog)
425 {
426         struct sock *sk = sock->sk;
427         int err = 0;
428
429         BT_DBG("sk %p backlog %d", sk, backlog);
430
431         lock_sock(sk);
432
433         if (sk->sk_state != BT_BOUND) {
434                 err = -EBADFD;
435                 goto done;
436         }
437
438         if (sk->sk_type != SOCK_STREAM) {
439                 err = -EINVAL;
440                 goto done;
441         }
442
443         if (!rfcomm_pi(sk)->channel) {
444                 bdaddr_t *src = &bt_sk(sk)->src;
445                 u8 channel;
446
447                 err = -EINVAL;
448
449                 write_lock_bh(&rfcomm_sk_list.lock);
450
451                 for (channel = 1; channel < 31; channel++)
452                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
453                                 rfcomm_pi(sk)->channel = channel;
454                                 err = 0;
455                                 break;
456                         }
457
458                 write_unlock_bh(&rfcomm_sk_list.lock);
459
460                 if (err < 0)
461                         goto done;
462         }
463
464         sk->sk_max_ack_backlog = backlog;
465         sk->sk_ack_backlog = 0;
466         sk->sk_state = BT_LISTEN;
467
468 done:
469         release_sock(sk);
470         return err;
471 }
472
473 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
474 {
475         DECLARE_WAITQUEUE(wait, current);
476         struct sock *sk = sock->sk, *nsk;
477         long timeo;
478         int err = 0;
479
480         lock_sock(sk);
481
482         if (sk->sk_state != BT_LISTEN) {
483                 err = -EBADFD;
484                 goto done;
485         }
486
487         if (sk->sk_type != SOCK_STREAM) {
488                 err = -EINVAL;
489                 goto done;
490         }
491
492         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
493
494         BT_DBG("sk %p timeo %ld", sk, timeo);
495
496         /* Wait for an incoming connection. (wake-one). */
497         add_wait_queue_exclusive(sk->sk_sleep, &wait);
498         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
499                 set_current_state(TASK_INTERRUPTIBLE);
500                 if (!timeo) {
501                         err = -EAGAIN;
502                         break;
503                 }
504
505                 release_sock(sk);
506                 timeo = schedule_timeout(timeo);
507                 lock_sock(sk);
508
509                 if (sk->sk_state != BT_LISTEN) {
510                         err = -EBADFD;
511                         break;
512                 }
513
514                 if (signal_pending(current)) {
515                         err = sock_intr_errno(timeo);
516                         break;
517                 }
518         }
519         set_current_state(TASK_RUNNING);
520         remove_wait_queue(sk->sk_sleep, &wait);
521
522         if (err)
523                 goto done;
524
525         newsock->state = SS_CONNECTED;
526
527         BT_DBG("new socket %p", nsk);
528
529 done:
530         release_sock(sk);
531         return err;
532 }
533
534 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
535 {
536         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
537         struct sock *sk = sock->sk;
538
539         BT_DBG("sock %p, sk %p", sock, sk);
540
541         sa->rc_family  = AF_BLUETOOTH;
542         sa->rc_channel = rfcomm_pi(sk)->channel;
543         if (peer)
544                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
545         else
546                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
547
548         *len = sizeof(struct sockaddr_rc);
549         return 0;
550 }
551
552 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
553                                struct msghdr *msg, size_t len)
554 {
555         struct sock *sk = sock->sk;
556         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
557         struct sk_buff *skb;
558         int sent = 0;
559
560         if (msg->msg_flags & MSG_OOB)
561                 return -EOPNOTSUPP;
562
563         if (sk->sk_shutdown & SEND_SHUTDOWN)
564                 return -EPIPE;
565
566         BT_DBG("sock %p, sk %p", sock, sk);
567
568         lock_sock(sk);
569
570         while (len) {
571                 size_t size = min_t(size_t, len, d->mtu);
572                 int err;
573
574                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
575                                 msg->msg_flags & MSG_DONTWAIT, &err);
576                 if (!skb)
577                         break;
578                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
579
580                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
581                 if (err) {
582                         kfree_skb(skb);
583                         if (sent == 0)
584                                 sent = err;
585                         break;
586                 }
587
588                 err = rfcomm_dlc_send(d, skb);
589                 if (err < 0) {
590                         kfree_skb(skb);
591                         if (sent == 0)
592                                 sent = err;
593                         break;
594                 }
595
596                 sent += size;
597                 len  -= size;
598         }
599
600         release_sock(sk);
601
602         return sent;
603 }
604
605 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
606 {
607         DECLARE_WAITQUEUE(wait, current);
608
609         add_wait_queue(sk->sk_sleep, &wait);
610         for (;;) {
611                 set_current_state(TASK_INTERRUPTIBLE);
612
613                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
614                     sk->sk_err ||
615                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
616                     signal_pending(current) ||
617                     !timeo)
618                         break;
619
620                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
621                 release_sock(sk);
622                 timeo = schedule_timeout(timeo);
623                 lock_sock(sk);
624                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
625         }
626
627         __set_current_state(TASK_RUNNING);
628         remove_wait_queue(sk->sk_sleep, &wait);
629         return timeo;
630 }
631
632 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
633                                struct msghdr *msg, size_t size, int flags)
634 {
635         struct sock *sk = sock->sk;
636         int err = 0;
637         size_t target, copied = 0;
638         long timeo;
639
640         if (flags & MSG_OOB)
641                 return -EOPNOTSUPP;
642
643         msg->msg_namelen = 0;
644
645         BT_DBG("sk %p size %d", sk, size);
646
647         lock_sock(sk);
648
649         target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
650         timeo  = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
651
652         do {
653                 struct sk_buff *skb;
654                 int chunk;
655
656                 skb = skb_dequeue(&sk->sk_receive_queue);
657                 if (!skb) {
658                         if (copied >= target)
659                                 break;
660
661                         if ((err = sock_error(sk)) != 0)
662                                 break;
663                         if (sk->sk_shutdown & RCV_SHUTDOWN)
664                                 break;
665
666                         err = -EAGAIN;
667                         if (!timeo)
668                                 break;
669
670                         timeo = rfcomm_sock_data_wait(sk, timeo);
671
672                         if (signal_pending(current)) {
673                                 err = sock_intr_errno(timeo);
674                                 goto out;
675                         }
676                         continue;
677                 }
678
679                 chunk = min_t(unsigned int, skb->len, size);
680                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
681                         skb_queue_head(&sk->sk_receive_queue, skb);
682                         if (!copied)
683                                 copied = -EFAULT;
684                         break;
685                 }
686                 copied += chunk;
687                 size   -= chunk;
688
689                 if (!(flags & MSG_PEEK)) {
690                         atomic_sub(chunk, &sk->sk_rmem_alloc);
691
692                         skb_pull(skb, chunk);
693                         if (skb->len) {
694                                 skb_queue_head(&sk->sk_receive_queue, skb);
695                                 break;
696                         }
697                         kfree_skb(skb);
698
699                 } else {
700                         /* put message back and return */
701                         skb_queue_head(&sk->sk_receive_queue, skb);
702                         break;
703                 }
704         } while (size);
705
706 out:
707         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
708                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
709
710         release_sock(sk);
711         return copied ? : err;
712 }
713
714 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
715 {
716         struct sock *sk = sock->sk;
717         int err = 0;
718         u32 opt;
719
720         BT_DBG("sk %p", sk);
721
722         lock_sock(sk);
723
724         switch (optname) {
725         case RFCOMM_LM:
726                 if (get_user(opt, (u32 __user *) optval)) {
727                         err = -EFAULT;
728                         break;
729                 }
730
731                 rfcomm_pi(sk)->link_mode = opt;
732                 break;
733
734         default:
735                 err = -ENOPROTOOPT;
736                 break;
737         }
738
739         release_sock(sk);
740         return err;
741 }
742
743 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
744 {
745         struct sock *sk = sock->sk;
746         struct sock *l2cap_sk;
747         struct rfcomm_conninfo cinfo;
748         int len, err = 0;
749
750         BT_DBG("sk %p", sk);
751
752         if (get_user(len, optlen))
753                 return -EFAULT;
754
755         lock_sock(sk);
756
757         switch (optname) {
758         case RFCOMM_LM:
759                 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
760                         err = -EFAULT;
761                 break;
762
763         case RFCOMM_CONNINFO:
764                 if (sk->sk_state != BT_CONNECTED) {
765                         err = -ENOTCONN;
766                         break;
767                 }
768
769                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
770
771                 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
772                 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
773
774                 len = min_t(unsigned int, len, sizeof(cinfo));
775                 if (copy_to_user(optval, (char *) &cinfo, len))
776                         err = -EFAULT;
777
778                 break;
779
780         default:
781                 err = -ENOPROTOOPT;
782                 break;
783         }
784
785         release_sock(sk);
786         return err;
787 }
788
789 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
790 {
791         struct sock *sk = sock->sk;
792         int err;
793
794         lock_sock(sk);
795
796 #ifdef CONFIG_BT_RFCOMM_TTY
797         err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg);
798 #else
799         err = -EOPNOTSUPP;
800 #endif
801
802         release_sock(sk);
803         return err;
804 }
805
806 static int rfcomm_sock_shutdown(struct socket *sock, int how)
807 {
808         struct sock *sk = sock->sk;
809         int err = 0;
810
811         BT_DBG("sock %p, sk %p", sock, sk);
812
813         if (!sk) return 0;
814
815         lock_sock(sk);
816         if (!sk->sk_shutdown) {
817                 sk->sk_shutdown = SHUTDOWN_MASK;
818                 __rfcomm_sock_close(sk);
819
820                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
821                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
822         }
823         release_sock(sk);
824         return err;
825 }
826
827 static int rfcomm_sock_release(struct socket *sock)
828 {
829         struct sock *sk = sock->sk;
830         int err;
831
832         BT_DBG("sock %p, sk %p", sock, sk);
833
834         if (!sk)
835                 return 0;
836
837         err = rfcomm_sock_shutdown(sock, 2);
838
839         sock_orphan(sk);
840         rfcomm_sock_kill(sk);
841         return err;
842 }
843
844 /* ---- RFCOMM core layer callbacks ----
845  *
846  * called under rfcomm_lock()
847  */
848 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
849 {
850         struct sock *sk, *parent;
851         bdaddr_t src, dst;
852         int result = 0;
853
854         BT_DBG("session %p channel %d", s, channel);
855
856         rfcomm_session_getaddr(s, &src, &dst);
857
858         /* Check if we have socket listening on channel */
859         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
860         if (!parent)
861                 return 0;
862
863         /* Check for backlog size */
864         if (sk_acceptq_is_full(parent)) {
865                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
866                 goto done;
867         }
868
869         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
870         if (!sk)
871                 goto done;
872
873         rfcomm_sock_init(sk, parent);
874         bacpy(&bt_sk(sk)->src, &src);
875         bacpy(&bt_sk(sk)->dst, &dst);
876         rfcomm_pi(sk)->channel = channel;
877
878         sk->sk_state = BT_CONFIG;
879         bt_accept_enqueue(parent, sk);
880
881         /* Accept connection and return socket DLC */
882         *d = rfcomm_pi(sk)->dlc;
883         result = 1;
884
885 done:
886         bh_unlock_sock(parent);
887         return result;
888 }
889
890 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
891 {
892         struct sock *sk;
893         struct hlist_node *node;
894         char *str = buf;
895
896         read_lock_bh(&rfcomm_sk_list.lock);
897
898         sk_for_each(sk, node, &rfcomm_sk_list.head) {
899                 str += sprintf(str, "%s %s %d %d\n",
900                                 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
901                                 sk->sk_state, rfcomm_pi(sk)->channel);
902         }
903
904         read_unlock_bh(&rfcomm_sk_list.lock);
905
906         return (str - buf);
907 }
908
909 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
910
911 static const struct proto_ops rfcomm_sock_ops = {
912         .family         = PF_BLUETOOTH,
913         .owner          = THIS_MODULE,
914         .release        = rfcomm_sock_release,
915         .bind           = rfcomm_sock_bind,
916         .connect        = rfcomm_sock_connect,
917         .listen         = rfcomm_sock_listen,
918         .accept         = rfcomm_sock_accept,
919         .getname        = rfcomm_sock_getname,
920         .sendmsg        = rfcomm_sock_sendmsg,
921         .recvmsg        = rfcomm_sock_recvmsg,
922         .shutdown       = rfcomm_sock_shutdown,
923         .setsockopt     = rfcomm_sock_setsockopt,
924         .getsockopt     = rfcomm_sock_getsockopt,
925         .ioctl          = rfcomm_sock_ioctl,
926         .poll           = bt_sock_poll,
927         .socketpair     = sock_no_socketpair,
928         .mmap           = sock_no_mmap
929 };
930
931 static struct net_proto_family rfcomm_sock_family_ops = {
932         .family         = PF_BLUETOOTH,
933         .owner          = THIS_MODULE,
934         .create         = rfcomm_sock_create
935 };
936
937 int __init rfcomm_init_sockets(void)
938 {
939         int err;
940
941         err = proto_register(&rfcomm_proto, 0);
942         if (err < 0)
943                 return err;
944
945         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
946         if (err < 0)
947                 goto error;
948
949         if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
950                 BT_ERR("Failed to create RFCOMM info file");
951
952         BT_INFO("RFCOMM socket layer initialized");
953
954         return 0;
955
956 error:
957         BT_ERR("RFCOMM socket layer registration failed");
958         proto_unregister(&rfcomm_proto);
959         return err;
960 }
961
962 void __exit rfcomm_cleanup_sockets(void)
963 {
964         class_remove_file(bt_class, &class_attr_rfcomm);
965
966         if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
967                 BT_ERR("RFCOMM socket layer unregistration failed");
968
969         proto_unregister(&rfcomm_proto);
970 }