Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
[linux-2.6] / net / bluetooth / rfcomm / sock.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47
48 #include <net/bluetooth/bluetooth.h>
49 #include <net/bluetooth/hci_core.h>
50 #include <net/bluetooth/l2cap.h>
51 #include <net/bluetooth/rfcomm.h>
52
53 #ifndef CONFIG_BT_RFCOMM_DEBUG
54 #undef  BT_DBG
55 #define BT_DBG(D...)
56 #endif
57
58 static const struct proto_ops rfcomm_sock_ops;
59
60 static struct bt_sock_list rfcomm_sk_list = {
61         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
62 };
63
64 static void rfcomm_sock_close(struct sock *sk);
65 static void rfcomm_sock_kill(struct sock *sk);
66
67 /* ---- DLC callbacks ----
68  *
69  * called under rfcomm_dlc_lock()
70  */
71 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
72 {
73         struct sock *sk = d->owner;
74         if (!sk)
75                 return;
76
77         atomic_add(skb->len, &sk->sk_rmem_alloc);
78         skb_queue_tail(&sk->sk_receive_queue, skb);
79         sk->sk_data_ready(sk, skb->len);
80
81         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
82                 rfcomm_dlc_throttle(d);
83 }
84
85 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
86 {
87         struct sock *sk = d->owner, *parent;
88         if (!sk)
89                 return;
90
91         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
92
93         bh_lock_sock(sk);
94
95         if (err)
96                 sk->sk_err = err;
97
98         sk->sk_state = d->state;
99
100         parent = bt_sk(sk)->parent;
101         if (parent) {
102                 if (d->state == BT_CLOSED) {
103                         sock_set_flag(sk, SOCK_ZAPPED);
104                         bt_accept_unlink(sk);
105                 }
106                 parent->sk_data_ready(parent, 0);
107         } else {
108                 if (d->state == BT_CONNECTED)
109                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110                 sk->sk_state_change(sk);
111         }
112
113         bh_unlock_sock(sk);
114
115         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
116                 /* We have to drop DLC lock here, otherwise
117                  * rfcomm_sock_destruct() will dead lock. */
118                 rfcomm_dlc_unlock(d);
119                 rfcomm_sock_kill(sk);
120                 rfcomm_dlc_lock(d);
121         }
122 }
123
124 /* ---- Socket functions ---- */
125 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
126 {
127         struct sock *sk = NULL;
128         struct hlist_node *node;
129
130         sk_for_each(sk, node, &rfcomm_sk_list.head) {
131                 if (rfcomm_pi(sk)->channel == channel &&
132                                 !bacmp(&bt_sk(sk)->src, src))
133                         break;
134         }
135
136         return node ? sk : NULL;
137 }
138
139 /* Find socket with channel and source bdaddr.
140  * Returns closest match.
141  */
142 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
143 {
144         struct sock *sk = NULL, *sk1 = NULL;
145         struct hlist_node *node;
146
147         sk_for_each(sk, node, &rfcomm_sk_list.head) {
148                 if (state && sk->sk_state != state)
149                         continue;
150
151                 if (rfcomm_pi(sk)->channel == channel) {
152                         /* Exact match. */
153                         if (!bacmp(&bt_sk(sk)->src, src))
154                                 break;
155
156                         /* Closest match */
157                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
158                                 sk1 = sk;
159                 }
160         }
161         return node ? sk : sk1;
162 }
163
164 /* Find socket with given address (channel, src).
165  * Returns locked socket */
166 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
167 {
168         struct sock *s;
169         read_lock(&rfcomm_sk_list.lock);
170         s = __rfcomm_get_sock_by_channel(state, channel, src);
171         if (s) bh_lock_sock(s);
172         read_unlock(&rfcomm_sk_list.lock);
173         return s;
174 }
175
176 static void rfcomm_sock_destruct(struct sock *sk)
177 {
178         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
179
180         BT_DBG("sk %p dlc %p", sk, d);
181
182         skb_queue_purge(&sk->sk_receive_queue);
183         skb_queue_purge(&sk->sk_write_queue);
184
185         rfcomm_dlc_lock(d);
186         rfcomm_pi(sk)->dlc = NULL;
187
188         /* Detach DLC if it's owned by this socket */
189         if (d->owner == sk)
190                 d->owner = NULL;
191         rfcomm_dlc_unlock(d);
192
193         rfcomm_dlc_put(d);
194 }
195
196 static void rfcomm_sock_cleanup_listen(struct sock *parent)
197 {
198         struct sock *sk;
199
200         BT_DBG("parent %p", parent);
201
202         /* Close not yet accepted dlcs */
203         while ((sk = bt_accept_dequeue(parent, NULL))) {
204                 rfcomm_sock_close(sk);
205                 rfcomm_sock_kill(sk);
206         }
207
208         parent->sk_state  = BT_CLOSED;
209         sock_set_flag(parent, SOCK_ZAPPED);
210 }
211
212 /* Kill socket (only if zapped and orphan)
213  * Must be called on unlocked socket.
214  */
215 static void rfcomm_sock_kill(struct sock *sk)
216 {
217         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
218                 return;
219
220         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
221
222         /* Kill poor orphan */
223         bt_sock_unlink(&rfcomm_sk_list, sk);
224         sock_set_flag(sk, SOCK_DEAD);
225         sock_put(sk);
226 }
227
228 static void __rfcomm_sock_close(struct sock *sk)
229 {
230         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
231
232         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
233
234         switch (sk->sk_state) {
235         case BT_LISTEN:
236                 rfcomm_sock_cleanup_listen(sk);
237                 break;
238
239         case BT_CONNECT:
240         case BT_CONNECT2:
241         case BT_CONFIG:
242         case BT_CONNECTED:
243                 rfcomm_dlc_close(d, 0);
244
245         default:
246                 sock_set_flag(sk, SOCK_ZAPPED);
247                 break;
248         }
249 }
250
251 /* Close socket.
252  * Must be called on unlocked socket.
253  */
254 static void rfcomm_sock_close(struct sock *sk)
255 {
256         lock_sock(sk);
257         __rfcomm_sock_close(sk);
258         release_sock(sk);
259 }
260
261 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
262 {
263         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
264
265         BT_DBG("sk %p", sk);
266
267         if (parent) {
268                 sk->sk_type = parent->sk_type;
269                 pi->link_mode = rfcomm_pi(parent)->link_mode;
270         } else {
271                 pi->link_mode = 0;
272         }
273
274         pi->dlc->link_mode = pi->link_mode;
275 }
276
277 static struct proto rfcomm_proto = {
278         .name           = "RFCOMM",
279         .owner          = THIS_MODULE,
280         .obj_size       = sizeof(struct rfcomm_pinfo)
281 };
282
283 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
284 {
285         struct rfcomm_dlc *d;
286         struct sock *sk;
287
288         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
289         if (!sk)
290                 return NULL;
291
292         sock_init_data(sock, sk);
293         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
294
295         d = rfcomm_dlc_alloc(prio);
296         if (!d) {
297                 sk_free(sk);
298                 return NULL;
299         }
300
301         d->data_ready   = rfcomm_sk_data_ready;
302         d->state_change = rfcomm_sk_state_change;
303
304         rfcomm_pi(sk)->dlc = d;
305         d->owner = sk;
306
307         sk->sk_destruct = rfcomm_sock_destruct;
308         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
309
310         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
311         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
312
313         sock_reset_flag(sk, SOCK_ZAPPED);
314
315         sk->sk_protocol = proto;
316         sk->sk_state    = BT_OPEN;
317
318         bt_sock_link(&rfcomm_sk_list, sk);
319
320         BT_DBG("sk %p", sk);
321         return sk;
322 }
323
324 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
325 {
326         struct sock *sk;
327
328         BT_DBG("sock %p", sock);
329
330         sock->state = SS_UNCONNECTED;
331
332         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
333                 return -ESOCKTNOSUPPORT;
334
335         sock->ops = &rfcomm_sock_ops;
336
337         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
338         if (!sk)
339                 return -ENOMEM;
340
341         rfcomm_sock_init(sk, NULL);
342         return 0;
343 }
344
345 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
346 {
347         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
348         struct sock *sk = sock->sk;
349         int err = 0;
350
351         BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
352
353         if (!addr || addr->sa_family != AF_BLUETOOTH)
354                 return -EINVAL;
355
356         lock_sock(sk);
357
358         if (sk->sk_state != BT_OPEN) {
359                 err = -EBADFD;
360                 goto done;
361         }
362
363         if (sk->sk_type != SOCK_STREAM) {
364                 err = -EINVAL;
365                 goto done;
366         }
367
368         write_lock_bh(&rfcomm_sk_list.lock);
369
370         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
371                 err = -EADDRINUSE;
372         } else {
373                 /* Save source address */
374                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
375                 rfcomm_pi(sk)->channel = sa->rc_channel;
376                 sk->sk_state = BT_BOUND;
377         }
378
379         write_unlock_bh(&rfcomm_sk_list.lock);
380
381 done:
382         release_sock(sk);
383         return err;
384 }
385
386 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
387 {
388         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
389         struct sock *sk = sock->sk;
390         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
391         int err = 0;
392
393         BT_DBG("sk %p", sk);
394
395         if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
396                 return -EINVAL;
397
398         lock_sock(sk);
399
400         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
401                 err = -EBADFD;
402                 goto done;
403         }
404
405         if (sk->sk_type != SOCK_STREAM) {
406                 err = -EINVAL;
407                 goto done;
408         }
409
410         sk->sk_state = BT_CONNECT;
411         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
412         rfcomm_pi(sk)->channel = sa->rc_channel;
413
414         d->link_mode = rfcomm_pi(sk)->link_mode;
415
416         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
417         if (!err)
418                 err = bt_sock_wait_state(sk, BT_CONNECTED,
419                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
420
421 done:
422         release_sock(sk);
423         return err;
424 }
425
426 static int rfcomm_sock_listen(struct socket *sock, int backlog)
427 {
428         struct sock *sk = sock->sk;
429         int err = 0;
430
431         BT_DBG("sk %p backlog %d", sk, backlog);
432
433         lock_sock(sk);
434
435         if (sk->sk_state != BT_BOUND) {
436                 err = -EBADFD;
437                 goto done;
438         }
439
440         if (sk->sk_type != SOCK_STREAM) {
441                 err = -EINVAL;
442                 goto done;
443         }
444
445         if (!rfcomm_pi(sk)->channel) {
446                 bdaddr_t *src = &bt_sk(sk)->src;
447                 u8 channel;
448
449                 err = -EINVAL;
450
451                 write_lock_bh(&rfcomm_sk_list.lock);
452
453                 for (channel = 1; channel < 31; channel++)
454                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
455                                 rfcomm_pi(sk)->channel = channel;
456                                 err = 0;
457                                 break;
458                         }
459
460                 write_unlock_bh(&rfcomm_sk_list.lock);
461
462                 if (err < 0)
463                         goto done;
464         }
465
466         sk->sk_max_ack_backlog = backlog;
467         sk->sk_ack_backlog = 0;
468         sk->sk_state = BT_LISTEN;
469
470 done:
471         release_sock(sk);
472         return err;
473 }
474
475 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
476 {
477         DECLARE_WAITQUEUE(wait, current);
478         struct sock *sk = sock->sk, *nsk;
479         long timeo;
480         int err = 0;
481
482         lock_sock(sk);
483
484         if (sk->sk_state != BT_LISTEN) {
485                 err = -EBADFD;
486                 goto done;
487         }
488
489         if (sk->sk_type != SOCK_STREAM) {
490                 err = -EINVAL;
491                 goto done;
492         }
493
494         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
495
496         BT_DBG("sk %p timeo %ld", sk, timeo);
497
498         /* Wait for an incoming connection. (wake-one). */
499         add_wait_queue_exclusive(sk->sk_sleep, &wait);
500         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
501                 set_current_state(TASK_INTERRUPTIBLE);
502                 if (!timeo) {
503                         err = -EAGAIN;
504                         break;
505                 }
506
507                 release_sock(sk);
508                 timeo = schedule_timeout(timeo);
509                 lock_sock(sk);
510
511                 if (sk->sk_state != BT_LISTEN) {
512                         err = -EBADFD;
513                         break;
514                 }
515
516                 if (signal_pending(current)) {
517                         err = sock_intr_errno(timeo);
518                         break;
519                 }
520         }
521         set_current_state(TASK_RUNNING);
522         remove_wait_queue(sk->sk_sleep, &wait);
523
524         if (err)
525                 goto done;
526
527         newsock->state = SS_CONNECTED;
528
529         BT_DBG("new socket %p", nsk);
530
531 done:
532         release_sock(sk);
533         return err;
534 }
535
536 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
537 {
538         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
539         struct sock *sk = sock->sk;
540
541         BT_DBG("sock %p, sk %p", sock, sk);
542
543         sa->rc_family  = AF_BLUETOOTH;
544         sa->rc_channel = rfcomm_pi(sk)->channel;
545         if (peer)
546                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
547         else
548                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
549
550         *len = sizeof(struct sockaddr_rc);
551         return 0;
552 }
553
554 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
555                                struct msghdr *msg, size_t len)
556 {
557         struct sock *sk = sock->sk;
558         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559         struct sk_buff *skb;
560         int sent = 0;
561
562         if (msg->msg_flags & MSG_OOB)
563                 return -EOPNOTSUPP;
564
565         if (sk->sk_shutdown & SEND_SHUTDOWN)
566                 return -EPIPE;
567
568         BT_DBG("sock %p, sk %p", sock, sk);
569
570         lock_sock(sk);
571
572         while (len) {
573                 size_t size = min_t(size_t, len, d->mtu);
574                 int err;
575
576                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
577                                 msg->msg_flags & MSG_DONTWAIT, &err);
578                 if (!skb)
579                         break;
580                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
581
582                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
583                 if (err) {
584                         kfree_skb(skb);
585                         if (sent == 0)
586                                 sent = err;
587                         break;
588                 }
589
590                 err = rfcomm_dlc_send(d, skb);
591                 if (err < 0) {
592                         kfree_skb(skb);
593                         if (sent == 0)
594                                 sent = err;
595                         break;
596                 }
597
598                 sent += size;
599                 len  -= size;
600         }
601
602         release_sock(sk);
603
604         return sent;
605 }
606
607 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
608 {
609         DECLARE_WAITQUEUE(wait, current);
610
611         add_wait_queue(sk->sk_sleep, &wait);
612         for (;;) {
613                 set_current_state(TASK_INTERRUPTIBLE);
614
615                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
616                     sk->sk_err ||
617                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
618                     signal_pending(current) ||
619                     !timeo)
620                         break;
621
622                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
623                 release_sock(sk);
624                 timeo = schedule_timeout(timeo);
625                 lock_sock(sk);
626                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
627         }
628
629         __set_current_state(TASK_RUNNING);
630         remove_wait_queue(sk->sk_sleep, &wait);
631         return timeo;
632 }
633
634 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
635                                struct msghdr *msg, size_t size, int flags)
636 {
637         struct sock *sk = sock->sk;
638         int err = 0;
639         size_t target, copied = 0;
640         long timeo;
641
642         if (flags & MSG_OOB)
643                 return -EOPNOTSUPP;
644
645         msg->msg_namelen = 0;
646
647         BT_DBG("sk %p size %d", sk, size);
648
649         lock_sock(sk);
650
651         target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
652         timeo  = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
653
654         do {
655                 struct sk_buff *skb;
656                 int chunk;
657
658                 skb = skb_dequeue(&sk->sk_receive_queue);
659                 if (!skb) {
660                         if (copied >= target)
661                                 break;
662
663                         if ((err = sock_error(sk)) != 0)
664                                 break;
665                         if (sk->sk_shutdown & RCV_SHUTDOWN)
666                                 break;
667
668                         err = -EAGAIN;
669                         if (!timeo)
670                                 break;
671
672                         timeo = rfcomm_sock_data_wait(sk, timeo);
673
674                         if (signal_pending(current)) {
675                                 err = sock_intr_errno(timeo);
676                                 goto out;
677                         }
678                         continue;
679                 }
680
681                 chunk = min_t(unsigned int, skb->len, size);
682                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
683                         skb_queue_head(&sk->sk_receive_queue, skb);
684                         if (!copied)
685                                 copied = -EFAULT;
686                         break;
687                 }
688                 copied += chunk;
689                 size   -= chunk;
690
691                 sock_recv_timestamp(msg, sk, skb);
692
693                 if (!(flags & MSG_PEEK)) {
694                         atomic_sub(chunk, &sk->sk_rmem_alloc);
695
696                         skb_pull(skb, chunk);
697                         if (skb->len) {
698                                 skb_queue_head(&sk->sk_receive_queue, skb);
699                                 break;
700                         }
701                         kfree_skb(skb);
702
703                 } else {
704                         /* put message back and return */
705                         skb_queue_head(&sk->sk_receive_queue, skb);
706                         break;
707                 }
708         } while (size);
709
710 out:
711         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
712                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
713
714         release_sock(sk);
715         return copied ? : err;
716 }
717
718 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
719 {
720         struct sock *sk = sock->sk;
721         int err = 0;
722         u32 opt;
723
724         BT_DBG("sk %p", sk);
725
726         lock_sock(sk);
727
728         switch (optname) {
729         case RFCOMM_LM:
730                 if (get_user(opt, (u32 __user *) optval)) {
731                         err = -EFAULT;
732                         break;
733                 }
734
735                 rfcomm_pi(sk)->link_mode = opt;
736                 break;
737
738         default:
739                 err = -ENOPROTOOPT;
740                 break;
741         }
742
743         release_sock(sk);
744         return err;
745 }
746
747 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
748 {
749         struct sock *sk = sock->sk;
750         struct sock *l2cap_sk;
751         struct rfcomm_conninfo cinfo;
752         int len, err = 0;
753
754         BT_DBG("sk %p", sk);
755
756         if (get_user(len, optlen))
757                 return -EFAULT;
758
759         lock_sock(sk);
760
761         switch (optname) {
762         case RFCOMM_LM:
763                 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
764                         err = -EFAULT;
765                 break;
766
767         case RFCOMM_CONNINFO:
768                 if (sk->sk_state != BT_CONNECTED) {
769                         err = -ENOTCONN;
770                         break;
771                 }
772
773                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
774
775                 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
776                 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
777
778                 len = min_t(unsigned int, len, sizeof(cinfo));
779                 if (copy_to_user(optval, (char *) &cinfo, len))
780                         err = -EFAULT;
781
782                 break;
783
784         default:
785                 err = -ENOPROTOOPT;
786                 break;
787         }
788
789         release_sock(sk);
790         return err;
791 }
792
793 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
794 {
795 #if defined(CONFIG_BT_RFCOMM_TTY) || defined(CONFIG_BT_RFCOMM_DEBUG)
796         struct sock *sk = sock->sk;
797 #endif
798         int err;
799
800         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
801
802         err = bt_sock_ioctl(sock, cmd, arg);
803
804         if (err == -ENOIOCTLCMD) {
805 #ifdef CONFIG_BT_RFCOMM_TTY
806                 lock_sock(sk);
807                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
808                 release_sock(sk);
809 #else
810                 err = -EOPNOTSUPP;
811 #endif
812         }
813
814         return err;
815 }
816
817 static int rfcomm_sock_shutdown(struct socket *sock, int how)
818 {
819         struct sock *sk = sock->sk;
820         int err = 0;
821
822         BT_DBG("sock %p, sk %p", sock, sk);
823
824         if (!sk) return 0;
825
826         lock_sock(sk);
827         if (!sk->sk_shutdown) {
828                 sk->sk_shutdown = SHUTDOWN_MASK;
829                 __rfcomm_sock_close(sk);
830
831                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
832                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
833         }
834         release_sock(sk);
835         return err;
836 }
837
838 static int rfcomm_sock_release(struct socket *sock)
839 {
840         struct sock *sk = sock->sk;
841         int err;
842
843         BT_DBG("sock %p, sk %p", sock, sk);
844
845         if (!sk)
846                 return 0;
847
848         err = rfcomm_sock_shutdown(sock, 2);
849
850         sock_orphan(sk);
851         rfcomm_sock_kill(sk);
852         return err;
853 }
854
855 /* ---- RFCOMM core layer callbacks ----
856  *
857  * called under rfcomm_lock()
858  */
859 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
860 {
861         struct sock *sk, *parent;
862         bdaddr_t src, dst;
863         int result = 0;
864
865         BT_DBG("session %p channel %d", s, channel);
866
867         rfcomm_session_getaddr(s, &src, &dst);
868
869         /* Check if we have socket listening on channel */
870         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
871         if (!parent)
872                 return 0;
873
874         /* Check for backlog size */
875         if (sk_acceptq_is_full(parent)) {
876                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
877                 goto done;
878         }
879
880         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
881         if (!sk)
882                 goto done;
883
884         rfcomm_sock_init(sk, parent);
885         bacpy(&bt_sk(sk)->src, &src);
886         bacpy(&bt_sk(sk)->dst, &dst);
887         rfcomm_pi(sk)->channel = channel;
888
889         sk->sk_state = BT_CONFIG;
890         bt_accept_enqueue(parent, sk);
891
892         /* Accept connection and return socket DLC */
893         *d = rfcomm_pi(sk)->dlc;
894         result = 1;
895
896 done:
897         bh_unlock_sock(parent);
898         return result;
899 }
900
901 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
902 {
903         struct sock *sk;
904         struct hlist_node *node;
905         char *str = buf;
906
907         read_lock_bh(&rfcomm_sk_list.lock);
908
909         sk_for_each(sk, node, &rfcomm_sk_list.head) {
910                 str += sprintf(str, "%s %s %d %d\n",
911                                 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
912                                 sk->sk_state, rfcomm_pi(sk)->channel);
913         }
914
915         read_unlock_bh(&rfcomm_sk_list.lock);
916
917         return (str - buf);
918 }
919
920 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
921
922 static const struct proto_ops rfcomm_sock_ops = {
923         .family         = PF_BLUETOOTH,
924         .owner          = THIS_MODULE,
925         .release        = rfcomm_sock_release,
926         .bind           = rfcomm_sock_bind,
927         .connect        = rfcomm_sock_connect,
928         .listen         = rfcomm_sock_listen,
929         .accept         = rfcomm_sock_accept,
930         .getname        = rfcomm_sock_getname,
931         .sendmsg        = rfcomm_sock_sendmsg,
932         .recvmsg        = rfcomm_sock_recvmsg,
933         .shutdown       = rfcomm_sock_shutdown,
934         .setsockopt     = rfcomm_sock_setsockopt,
935         .getsockopt     = rfcomm_sock_getsockopt,
936         .ioctl          = rfcomm_sock_ioctl,
937         .poll           = bt_sock_poll,
938         .socketpair     = sock_no_socketpair,
939         .mmap           = sock_no_mmap
940 };
941
942 static struct net_proto_family rfcomm_sock_family_ops = {
943         .family         = PF_BLUETOOTH,
944         .owner          = THIS_MODULE,
945         .create         = rfcomm_sock_create
946 };
947
948 int __init rfcomm_init_sockets(void)
949 {
950         int err;
951
952         err = proto_register(&rfcomm_proto, 0);
953         if (err < 0)
954                 return err;
955
956         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
957         if (err < 0)
958                 goto error;
959
960         if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
961                 BT_ERR("Failed to create RFCOMM info file");
962
963         BT_INFO("RFCOMM socket layer initialized");
964
965         return 0;
966
967 error:
968         BT_ERR("RFCOMM socket layer registration failed");
969         proto_unregister(&rfcomm_proto);
970         return err;
971 }
972
973 void __exit rfcomm_cleanup_sockets(void)
974 {
975         class_remove_file(bt_class, &class_attr_rfcomm);
976
977         if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
978                 BT_ERR("RFCOMM socket layer unregistration failed");
979
980         proto_unregister(&rfcomm_proto);
981 }