/home/lenb/src/to-akpm branch 'acpi-2.6.12'
[linux-2.6] / net / bluetooth / rfcomm / sock.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  *
27  * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $
28  */
29
30 #include <linux/config.h>
31 #include <linux/module.h>
32
33 #include <linux/types.h>
34 #include <linux/errno.h>
35 #include <linux/kernel.h>
36 #include <linux/sched.h>
37 #include <linux/slab.h>
38 #include <linux/poll.h>
39 #include <linux/fcntl.h>
40 #include <linux/init.h>
41 #include <linux/interrupt.h>
42 #include <linux/socket.h>
43 #include <linux/skbuff.h>
44 #include <linux/list.h>
45 #include <linux/proc_fs.h>
46 #include <linux/seq_file.h>
47 #include <net/sock.h>
48
49 #include <asm/system.h>
50 #include <asm/uaccess.h>
51
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
54 #include <net/bluetooth/l2cap.h>
55 #include <net/bluetooth/rfcomm.h>
56
57 #ifndef CONFIG_BT_RFCOMM_DEBUG
58 #undef  BT_DBG
59 #define BT_DBG(D...)
60 #endif
61
62 static struct proto_ops rfcomm_sock_ops;
63
64 static struct bt_sock_list rfcomm_sk_list = {
65         .lock = RW_LOCK_UNLOCKED
66 };
67
68 static void rfcomm_sock_close(struct sock *sk);
69 static void rfcomm_sock_kill(struct sock *sk);
70
71 /* ---- DLC callbacks ----
72  *
73  * called under rfcomm_dlc_lock()
74  */
75 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
76 {
77         struct sock *sk = d->owner;
78         if (!sk)
79                 return;
80
81         atomic_add(skb->len, &sk->sk_rmem_alloc);
82         skb_queue_tail(&sk->sk_receive_queue, skb);
83         sk->sk_data_ready(sk, skb->len);
84
85         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
86                 rfcomm_dlc_throttle(d);
87 }
88
89 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
90 {
91         struct sock *sk = d->owner, *parent;
92         if (!sk)
93                 return;
94
95         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
96
97         bh_lock_sock(sk);
98
99         if (err)
100                 sk->sk_err = err;
101
102         sk->sk_state = d->state;
103
104         parent = bt_sk(sk)->parent;
105         if (parent) {
106                 if (d->state == BT_CLOSED) {
107                         sock_set_flag(sk, SOCK_ZAPPED);
108                         bt_accept_unlink(sk);
109                 }
110                 parent->sk_data_ready(parent, 0);
111         } else {
112                 if (d->state == BT_CONNECTED)
113                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
114                 sk->sk_state_change(sk);
115         }
116
117         bh_unlock_sock(sk);
118
119         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
120                 /* We have to drop DLC lock here, otherwise
121                  * rfcomm_sock_destruct() will dead lock. */
122                 rfcomm_dlc_unlock(d);
123                 rfcomm_sock_kill(sk);
124                 rfcomm_dlc_lock(d);
125         }
126 }
127
128 /* ---- Socket functions ---- */
129 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
130 {
131         struct sock *sk = NULL;
132         struct hlist_node *node;
133
134         sk_for_each(sk, node, &rfcomm_sk_list.head) {
135                 if (rfcomm_pi(sk)->channel == channel && 
136                                 !bacmp(&bt_sk(sk)->src, src))
137                         break;
138         }
139
140         return node ? sk : NULL;
141 }
142
143 /* Find socket with channel and source bdaddr.
144  * Returns closest match.
145  */
146 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
147 {
148         struct sock *sk = NULL, *sk1 = NULL;
149         struct hlist_node *node;
150
151         sk_for_each(sk, node, &rfcomm_sk_list.head) {
152                 if (state && sk->sk_state != state)
153                         continue;
154
155                 if (rfcomm_pi(sk)->channel == channel) {
156                         /* Exact match. */
157                         if (!bacmp(&bt_sk(sk)->src, src))
158                                 break;
159
160                         /* Closest match */
161                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
162                                 sk1 = sk;
163                 }
164         }
165         return node ? sk : sk1;
166 }
167
168 /* Find socket with given address (channel, src).
169  * Returns locked socket */
170 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
171 {
172         struct sock *s;
173         read_lock(&rfcomm_sk_list.lock);
174         s = __rfcomm_get_sock_by_channel(state, channel, src);
175         if (s) bh_lock_sock(s);
176         read_unlock(&rfcomm_sk_list.lock);
177         return s;
178 }
179
180 static void rfcomm_sock_destruct(struct sock *sk)
181 {
182         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
183
184         BT_DBG("sk %p dlc %p", sk, d);
185
186         skb_queue_purge(&sk->sk_receive_queue);
187         skb_queue_purge(&sk->sk_write_queue);
188
189         rfcomm_dlc_lock(d);
190         rfcomm_pi(sk)->dlc = NULL;
191
192         /* Detach DLC if it's owned by this socket */
193         if (d->owner == sk)
194                 d->owner = NULL;
195         rfcomm_dlc_unlock(d);
196
197         rfcomm_dlc_put(d);
198 }
199
200 static void rfcomm_sock_cleanup_listen(struct sock *parent)
201 {
202         struct sock *sk;
203
204         BT_DBG("parent %p", parent);
205
206         /* Close not yet accepted dlcs */
207         while ((sk = bt_accept_dequeue(parent, NULL))) {
208                 rfcomm_sock_close(sk);
209                 rfcomm_sock_kill(sk);
210         }
211
212         parent->sk_state  = BT_CLOSED;
213         sock_set_flag(parent, SOCK_ZAPPED);
214 }
215
216 /* Kill socket (only if zapped and orphan)
217  * Must be called on unlocked socket.
218  */
219 static void rfcomm_sock_kill(struct sock *sk)
220 {
221         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
222                 return;
223
224         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
225
226         /* Kill poor orphan */
227         bt_sock_unlink(&rfcomm_sk_list, sk);
228         sock_set_flag(sk, SOCK_DEAD);
229         sock_put(sk);
230 }
231
232 static void __rfcomm_sock_close(struct sock *sk)
233 {
234         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
235
236         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
237
238         switch (sk->sk_state) {
239         case BT_LISTEN:
240                 rfcomm_sock_cleanup_listen(sk);
241                 break;
242
243         case BT_CONNECT:
244         case BT_CONNECT2:
245         case BT_CONFIG:
246         case BT_CONNECTED:
247                 rfcomm_dlc_close(d, 0);
248
249         default:
250                 sock_set_flag(sk, SOCK_ZAPPED);
251                 break;
252         }
253 }
254
255 /* Close socket.
256  * Must be called on unlocked socket.
257  */
258 static void rfcomm_sock_close(struct sock *sk)
259 {
260         lock_sock(sk);
261         __rfcomm_sock_close(sk);
262         release_sock(sk);
263 }
264
265 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
266 {
267         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
268
269         BT_DBG("sk %p", sk);
270
271         if (parent) {
272                 sk->sk_type = parent->sk_type;
273                 pi->link_mode = rfcomm_pi(parent)->link_mode;
274         } else {
275                 pi->link_mode = 0;
276         }
277
278         pi->dlc->link_mode = pi->link_mode;
279 }
280
281 static struct proto rfcomm_proto = {
282         .name           = "RFCOMM",
283         .owner          = THIS_MODULE,
284         .obj_size       = sizeof(struct rfcomm_pinfo)
285 };
286
287 static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, int prio)
288 {
289         struct rfcomm_dlc *d;
290         struct sock *sk;
291
292         sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1);
293         if (!sk)
294                 return NULL;
295
296         sock_init_data(sock, sk);
297         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
298
299         d = rfcomm_dlc_alloc(prio);
300         if (!d) {
301                 sk_free(sk);
302                 return NULL;
303         }
304
305         d->data_ready   = rfcomm_sk_data_ready;
306         d->state_change = rfcomm_sk_state_change;
307
308         rfcomm_pi(sk)->dlc = d;
309         d->owner = sk;
310
311         sk->sk_destruct = rfcomm_sock_destruct;
312         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
313
314         sk->sk_sndbuf   = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
315         sk->sk_rcvbuf   = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
316
317         sock_reset_flag(sk, SOCK_ZAPPED);
318
319         sk->sk_protocol = proto;
320         sk->sk_state    = BT_OPEN;
321
322         bt_sock_link(&rfcomm_sk_list, sk);
323
324         BT_DBG("sk %p", sk);
325         return sk;
326 }
327
328 static int rfcomm_sock_create(struct socket *sock, int protocol)
329 {
330         struct sock *sk;
331
332         BT_DBG("sock %p", sock);
333
334         sock->state = SS_UNCONNECTED;
335
336         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
337                 return -ESOCKTNOSUPPORT;
338
339         sock->ops = &rfcomm_sock_ops;
340
341         if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL)))
342                 return -ENOMEM;
343
344         rfcomm_sock_init(sk, NULL);
345         return 0;
346 }
347
348 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
349 {
350         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
351         struct sock *sk = sock->sk;
352         int err = 0;
353
354         BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
355
356         if (!addr || addr->sa_family != AF_BLUETOOTH)
357                 return -EINVAL;
358
359         lock_sock(sk);
360
361         if (sk->sk_state != BT_OPEN) {
362                 err = -EBADFD;
363                 goto done;
364         }
365
366         write_lock_bh(&rfcomm_sk_list.lock);
367
368         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
369                 err = -EADDRINUSE;
370         } else {
371                 /* Save source address */
372                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
373                 rfcomm_pi(sk)->channel = sa->rc_channel;
374                 sk->sk_state = BT_BOUND;
375         }
376
377         write_unlock_bh(&rfcomm_sk_list.lock);
378
379 done:
380         release_sock(sk);
381         return err;
382 }
383
384 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
385 {
386         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
387         struct sock *sk = sock->sk;
388         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
389         int err = 0;
390
391         BT_DBG("sk %p", sk);
392
393         if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
394                 return -EINVAL;
395
396         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
397                 return -EBADFD;
398
399         if (sk->sk_type != SOCK_STREAM)
400                 return -EINVAL;
401
402         lock_sock(sk);
403
404         sk->sk_state = BT_CONNECT;
405         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
406         rfcomm_pi(sk)->channel = sa->rc_channel;
407
408         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
409         if (!err)
410                 err = bt_sock_wait_state(sk, BT_CONNECTED,
411                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
412
413         release_sock(sk);
414         return err;
415 }
416
417 static int rfcomm_sock_listen(struct socket *sock, int backlog)
418 {
419         struct sock *sk = sock->sk;
420         int err = 0;
421
422         BT_DBG("sk %p backlog %d", sk, backlog);
423
424         lock_sock(sk);
425
426         if (sk->sk_state != BT_BOUND) {
427                 err = -EBADFD;
428                 goto done;
429         }
430
431         if (!rfcomm_pi(sk)->channel) {
432                 bdaddr_t *src = &bt_sk(sk)->src;
433                 u8 channel;
434
435                 err = -EINVAL;
436
437                 write_lock_bh(&rfcomm_sk_list.lock);
438
439                 for (channel = 1; channel < 31; channel++)
440                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
441                                 rfcomm_pi(sk)->channel = channel;
442                                 err = 0;
443                                 break;
444                         }
445
446                 write_unlock_bh(&rfcomm_sk_list.lock);
447
448                 if (err < 0)
449                         goto done;
450         }
451
452         sk->sk_max_ack_backlog = backlog;
453         sk->sk_ack_backlog = 0;
454         sk->sk_state = BT_LISTEN;
455
456 done:
457         release_sock(sk);
458         return err;
459 }
460
461 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
462 {
463         DECLARE_WAITQUEUE(wait, current);
464         struct sock *sk = sock->sk, *nsk;
465         long timeo;
466         int err = 0;
467
468         lock_sock(sk);
469
470         if (sk->sk_state != BT_LISTEN) {
471                 err = -EBADFD;
472                 goto done;
473         }
474
475         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
476
477         BT_DBG("sk %p timeo %ld", sk, timeo);
478
479         /* Wait for an incoming connection. (wake-one). */
480         add_wait_queue_exclusive(sk->sk_sleep, &wait);
481         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
482                 set_current_state(TASK_INTERRUPTIBLE);
483                 if (!timeo) {
484                         err = -EAGAIN;
485                         break;
486                 }
487
488                 release_sock(sk);
489                 timeo = schedule_timeout(timeo);
490                 lock_sock(sk);
491
492                 if (sk->sk_state != BT_LISTEN) {
493                         err = -EBADFD;
494                         break;
495                 }
496
497                 if (signal_pending(current)) {
498                         err = sock_intr_errno(timeo);
499                         break;
500                 }
501         }
502         set_current_state(TASK_RUNNING);
503         remove_wait_queue(sk->sk_sleep, &wait);
504
505         if (err)
506                 goto done;
507
508         newsock->state = SS_CONNECTED;
509
510         BT_DBG("new socket %p", nsk);
511
512 done:
513         release_sock(sk);
514         return err;
515 }
516
517 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
518 {
519         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
520         struct sock *sk = sock->sk;
521
522         BT_DBG("sock %p, sk %p", sock, sk);
523
524         sa->rc_family  = AF_BLUETOOTH;
525         sa->rc_channel = rfcomm_pi(sk)->channel;
526         if (peer)
527                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
528         else
529                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
530
531         *len = sizeof(struct sockaddr_rc);
532         return 0;
533 }
534
535 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
536                                struct msghdr *msg, size_t len)
537 {
538         struct sock *sk = sock->sk;
539         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
540         struct sk_buff *skb;
541         int err;
542         int sent = 0;
543
544         if (msg->msg_flags & MSG_OOB)
545                 return -EOPNOTSUPP;
546
547         if (sk->sk_shutdown & SEND_SHUTDOWN)
548                 return -EPIPE;
549
550         BT_DBG("sock %p, sk %p", sock, sk);
551
552         lock_sock(sk);
553
554         while (len) {
555                 size_t size = min_t(size_t, len, d->mtu);
556                 
557                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
558                                 msg->msg_flags & MSG_DONTWAIT, &err);
559                 if (!skb)
560                         break;
561                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
562
563                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
564                 if (err) {
565                         kfree_skb(skb);
566                         sent = err;
567                         break;
568                 }
569
570                 err = rfcomm_dlc_send(d, skb);
571                 if (err < 0) {
572                         kfree_skb(skb);
573                         break;
574                 }
575
576                 sent += size;
577                 len  -= size;
578         }
579
580         release_sock(sk);
581
582         return sent ? sent : err;
583 }
584
585 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
586 {
587         DECLARE_WAITQUEUE(wait, current);
588
589         add_wait_queue(sk->sk_sleep, &wait);
590         for (;;) {
591                 set_current_state(TASK_INTERRUPTIBLE);
592
593                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
594                     sk->sk_err ||
595                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
596                     signal_pending(current) ||
597                     !timeo)
598                         break;
599
600                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
601                 release_sock(sk);
602                 timeo = schedule_timeout(timeo);
603                 lock_sock(sk);
604                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
605         }
606
607         __set_current_state(TASK_RUNNING);
608         remove_wait_queue(sk->sk_sleep, &wait);
609         return timeo;
610 }
611
612 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
613                                struct msghdr *msg, size_t size, int flags)
614 {
615         struct sock *sk = sock->sk;
616         int err = 0;
617         size_t target, copied = 0;
618         long timeo;
619
620         if (flags & MSG_OOB)
621                 return -EOPNOTSUPP;
622
623         msg->msg_namelen = 0;
624
625         BT_DBG("sk %p size %d", sk, size);
626
627         lock_sock(sk);
628
629         target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
630         timeo  = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
631
632         do {
633                 struct sk_buff *skb;
634                 int chunk;
635
636                 skb = skb_dequeue(&sk->sk_receive_queue);
637                 if (!skb) {
638                         if (copied >= target)
639                                 break;
640
641                         if ((err = sock_error(sk)) != 0)
642                                 break;
643                         if (sk->sk_shutdown & RCV_SHUTDOWN)
644                                 break;
645
646                         err = -EAGAIN;
647                         if (!timeo)
648                                 break;
649
650                         timeo = rfcomm_sock_data_wait(sk, timeo);
651
652                         if (signal_pending(current)) {
653                                 err = sock_intr_errno(timeo);
654                                 goto out;
655                         }
656                         continue;
657                 }
658
659                 chunk = min_t(unsigned int, skb->len, size);
660                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
661                         skb_queue_head(&sk->sk_receive_queue, skb);
662                         if (!copied)
663                                 copied = -EFAULT;
664                         break;
665                 }
666                 copied += chunk;
667                 size   -= chunk;
668
669                 if (!(flags & MSG_PEEK)) {
670                         atomic_sub(chunk, &sk->sk_rmem_alloc);
671
672                         skb_pull(skb, chunk);
673                         if (skb->len) {
674                                 skb_queue_head(&sk->sk_receive_queue, skb);
675                                 break;
676                         }
677                         kfree_skb(skb);
678
679                 } else {
680                         /* put message back and return */
681                         skb_queue_head(&sk->sk_receive_queue, skb);
682                         break;
683                 }
684         } while (size);
685
686 out:
687         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
688                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
689
690         release_sock(sk);
691         return copied ? : err;
692 }
693
694 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
695 {
696         struct sock *sk = sock->sk;
697         int err = 0;
698         u32 opt;
699
700         BT_DBG("sk %p", sk);
701
702         lock_sock(sk);
703
704         switch (optname) {
705         case RFCOMM_LM:
706                 if (get_user(opt, (u32 __user *) optval)) {
707                         err = -EFAULT;
708                         break;
709                 }
710
711                 rfcomm_pi(sk)->link_mode = opt;
712                 break;
713
714         default:
715                 err = -ENOPROTOOPT;
716                 break;
717         }
718
719         release_sock(sk);
720         return err;
721 }
722
723 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
724 {
725         struct sock *sk = sock->sk;
726         struct sock *l2cap_sk;
727         struct rfcomm_conninfo cinfo;
728         int len, err = 0;
729
730         BT_DBG("sk %p", sk);
731
732         if (get_user(len, optlen))
733                 return -EFAULT;
734
735         lock_sock(sk);
736
737         switch (optname) {
738         case RFCOMM_LM:
739                 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
740                         err = -EFAULT;
741                 break;
742
743         case RFCOMM_CONNINFO:
744                 if (sk->sk_state != BT_CONNECTED) {
745                         err = -ENOTCONN;
746                         break;
747                 }
748
749                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
750
751                 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
752                 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
753
754                 len = min_t(unsigned int, len, sizeof(cinfo));
755                 if (copy_to_user(optval, (char *) &cinfo, len))
756                         err = -EFAULT;
757
758                 break;
759
760         default:
761                 err = -ENOPROTOOPT;
762                 break;
763         }
764
765         release_sock(sk);
766         return err;
767 }
768
769 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
770 {
771         struct sock *sk = sock->sk;
772         int err;
773
774         lock_sock(sk);
775
776 #ifdef CONFIG_BT_RFCOMM_TTY
777         err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg);
778 #else
779         err = -EOPNOTSUPP;
780 #endif
781
782         release_sock(sk);
783         return err;
784 }
785
786 static int rfcomm_sock_shutdown(struct socket *sock, int how)
787 {
788         struct sock *sk = sock->sk;
789         int err = 0;
790
791         BT_DBG("sock %p, sk %p", sock, sk);
792
793         if (!sk) return 0;
794
795         lock_sock(sk);
796         if (!sk->sk_shutdown) {
797                 sk->sk_shutdown = SHUTDOWN_MASK;
798                 __rfcomm_sock_close(sk);
799
800                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
801                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
802         }
803         release_sock(sk);
804         return err;
805 }
806
807 static int rfcomm_sock_release(struct socket *sock)
808 {
809         struct sock *sk = sock->sk;
810         int err;
811
812         BT_DBG("sock %p, sk %p", sock, sk);
813
814         if (!sk)
815                 return 0;
816
817         err = rfcomm_sock_shutdown(sock, 2);
818
819         sock_orphan(sk);
820         rfcomm_sock_kill(sk);
821         return err;
822 }
823
824 /* ---- RFCOMM core layer callbacks ---- 
825  *
826  * called under rfcomm_lock()
827  */
828 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
829 {
830         struct sock *sk, *parent;
831         bdaddr_t src, dst;
832         int result = 0;
833
834         BT_DBG("session %p channel %d", s, channel);
835
836         rfcomm_session_getaddr(s, &src, &dst);
837
838         /* Check if we have socket listening on channel */
839         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
840         if (!parent)
841                 return 0;
842
843         /* Check for backlog size */
844         if (sk_acceptq_is_full(parent)) {
845                 BT_DBG("backlog full %d", parent->sk_ack_backlog); 
846                 goto done;
847         }
848
849         sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
850         if (!sk)
851                 goto done;
852
853         rfcomm_sock_init(sk, parent);
854         bacpy(&bt_sk(sk)->src, &src);
855         bacpy(&bt_sk(sk)->dst, &dst);
856         rfcomm_pi(sk)->channel = channel;
857
858         sk->sk_state = BT_CONFIG;
859         bt_accept_enqueue(parent, sk);
860
861         /* Accept connection and return socket DLC */
862         *d = rfcomm_pi(sk)->dlc;
863         result = 1;
864
865 done:
866         bh_unlock_sock(parent);
867         return result;
868 }
869
870 /* ---- Proc fs support ---- */
871 #ifdef CONFIG_PROC_FS
872 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
873 {
874         struct sock *sk;
875         struct hlist_node *node;
876         loff_t l = *pos;
877
878         read_lock_bh(&rfcomm_sk_list.lock);
879
880         sk_for_each(sk, node, &rfcomm_sk_list.head)
881                 if (!l--)
882                         return sk;
883         return NULL;
884 }
885
886 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
887 {
888         struct sock *sk = e;
889         (*pos)++;
890         return sk_next(sk);
891 }
892
893 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
894 {
895         read_unlock_bh(&rfcomm_sk_list.lock);
896 }
897
898 static int  rfcomm_seq_show(struct seq_file *seq, void *e)
899 {
900         struct sock *sk = e;
901         seq_printf(seq, "%s %s %d %d\n",
902                         batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
903                         sk->sk_state, rfcomm_pi(sk)->channel);
904         return 0;
905 }
906
907 static struct seq_operations rfcomm_seq_ops = {
908         .start  = rfcomm_seq_start,
909         .next   = rfcomm_seq_next,
910         .stop   = rfcomm_seq_stop,
911         .show   = rfcomm_seq_show 
912 };
913
914 static int rfcomm_seq_open(struct inode *inode, struct file *file)
915 {
916         return seq_open(file, &rfcomm_seq_ops);
917 }
918
919 static struct file_operations rfcomm_seq_fops = {
920         .owner   = THIS_MODULE,
921         .open    = rfcomm_seq_open,
922         .read    = seq_read,
923         .llseek  = seq_lseek,
924         .release = seq_release,
925 };
926
927 static int  __init rfcomm_sock_proc_init(void)
928 {
929         struct proc_dir_entry *p = create_proc_entry("sock", S_IRUGO, proc_bt_rfcomm);
930         if (!p)
931                 return -ENOMEM;
932         p->proc_fops = &rfcomm_seq_fops;
933         return 0;
934 }
935
936 static void __exit rfcomm_sock_proc_cleanup(void)
937 {
938         remove_proc_entry("sock", proc_bt_rfcomm);
939 }
940
941 #else /* CONFIG_PROC_FS */
942
943 static int  __init rfcomm_sock_proc_init(void)
944 {
945         return 0;
946 }
947
948 static void __exit rfcomm_sock_proc_cleanup(void)
949 {
950         return;
951 }
952 #endif /* CONFIG_PROC_FS */
953
954 static struct proto_ops rfcomm_sock_ops = {
955         .family         = PF_BLUETOOTH,
956         .owner          = THIS_MODULE,
957         .release        = rfcomm_sock_release,
958         .bind           = rfcomm_sock_bind,
959         .connect        = rfcomm_sock_connect,
960         .listen         = rfcomm_sock_listen,
961         .accept         = rfcomm_sock_accept,
962         .getname        = rfcomm_sock_getname,
963         .sendmsg        = rfcomm_sock_sendmsg,
964         .recvmsg        = rfcomm_sock_recvmsg,
965         .shutdown       = rfcomm_sock_shutdown,
966         .setsockopt     = rfcomm_sock_setsockopt,
967         .getsockopt     = rfcomm_sock_getsockopt,
968         .ioctl          = rfcomm_sock_ioctl,
969         .poll           = bt_sock_poll,
970         .socketpair     = sock_no_socketpair,
971         .mmap           = sock_no_mmap
972 };
973
974 static struct net_proto_family rfcomm_sock_family_ops = {
975         .family         = PF_BLUETOOTH,
976         .owner          = THIS_MODULE,
977         .create         = rfcomm_sock_create
978 };
979
980 int  __init rfcomm_init_sockets(void)
981 {
982         int err;
983
984         err = proto_register(&rfcomm_proto, 0);
985         if (err < 0)
986                 return err;
987
988         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
989         if (err < 0)
990                 goto error;
991
992         rfcomm_sock_proc_init();
993
994         BT_INFO("RFCOMM socket layer initialized");
995
996         return 0;
997
998 error:
999         BT_ERR("RFCOMM socket layer registration failed");
1000         proto_unregister(&rfcomm_proto);
1001         return err;
1002 }
1003
1004 void __exit rfcomm_cleanup_sockets(void)
1005 {
1006         rfcomm_sock_proc_cleanup();
1007
1008         if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1009                 BT_ERR("RFCOMM socket layer unregistration failed");
1010
1011         proto_unregister(&rfcomm_proto);
1012 }