1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * RFCOMM sockets. 26 * 27 * $Id: sock.c,v 1.1.1.1 2007/08/03 18:53:50 Exp $ 28 */ 29 30#include <linux/module.h> 31 32#include <linux/types.h> 33#include <linux/errno.h> 34#include <linux/kernel.h> 35#include <linux/sched.h> 36#include <linux/slab.h> 37#include <linux/poll.h> 38#include <linux/fcntl.h> 39#include <linux/init.h> 40#include <linux/interrupt.h> 41#include <linux/socket.h> 42#include <linux/skbuff.h> 43#include <linux/list.h> 44#include <linux/device.h> 45#include <net/sock.h> 46 47#include <asm/system.h> 48#include <asm/uaccess.h> 49 50#include <net/bluetooth/bluetooth.h> 51#include <net/bluetooth/hci_core.h> 52#include <net/bluetooth/l2cap.h> 53#include <net/bluetooth/rfcomm.h> 54 55#ifndef CONFIG_BT_RFCOMM_DEBUG 56#undef BT_DBG 57#define BT_DBG(D...) 58#endif 59 60static const struct proto_ops rfcomm_sock_ops; 61 62static struct bt_sock_list rfcomm_sk_list = { 63 .lock = RW_LOCK_UNLOCKED 64}; 65 66static void rfcomm_sock_close(struct sock *sk); 67static void rfcomm_sock_kill(struct sock *sk); 68 69/* ---- DLC callbacks ---- 70 * 71 * called under rfcomm_dlc_lock() 72 */ 73static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 74{ 75 struct sock *sk = d->owner; 76 if (!sk) 77 return; 78 79 atomic_add(skb->len, &sk->sk_rmem_alloc); 80 skb_queue_tail(&sk->sk_receive_queue, skb); 81 sk->sk_data_ready(sk, skb->len); 82 83 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 84 rfcomm_dlc_throttle(d); 85} 86 87static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 88{ 89 struct sock *sk = d->owner, *parent; 90 if (!sk) 91 return; 92 93 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 94 95 bh_lock_sock(sk); 96 97 if (err) 98 sk->sk_err = err; 99 100 sk->sk_state = d->state; 101 102 parent = bt_sk(sk)->parent; 103 if (parent) { 104 if (d->state == BT_CLOSED) { 105 sock_set_flag(sk, SOCK_ZAPPED); 106 bt_accept_unlink(sk); 107 } 108 parent->sk_data_ready(parent, 0); 109 } else { 110 if (d->state == BT_CONNECTED) 111 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 112 sk->sk_state_change(sk); 113 } 114 115 bh_unlock_sock(sk); 116 117 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 118 /* We have to drop DLC lock here, otherwise 119 * rfcomm_sock_destruct() will dead lock. */ 120 rfcomm_dlc_unlock(d); 121 rfcomm_sock_kill(sk); 122 rfcomm_dlc_lock(d); 123 } 124} 125 126/* ---- Socket functions ---- */ 127static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 128{ 129 struct sock *sk = NULL; 130 struct hlist_node *node; 131 132 sk_for_each(sk, node, &rfcomm_sk_list.head) { 133 if (rfcomm_pi(sk)->channel == channel && 134 !bacmp(&bt_sk(sk)->src, src)) 135 break; 136 } 137 138 return node ? sk : NULL; 139} 140 141/* Find socket with channel and source bdaddr. 142 * Returns closest match. 143 */ 144static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 145{ 146 struct sock *sk = NULL, *sk1 = NULL; 147 struct hlist_node *node; 148 149 sk_for_each(sk, node, &rfcomm_sk_list.head) { 150 if (state && sk->sk_state != state) 151 continue; 152 153 if (rfcomm_pi(sk)->channel == channel) { 154 /* Exact match. */ 155 if (!bacmp(&bt_sk(sk)->src, src)) 156 break; 157 158 /* Closest match */ 159 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 160 sk1 = sk; 161 } 162 } 163 return node ? sk : sk1; 164} 165 166/* Find socket with given address (channel, src). 167 * Returns locked socket */ 168static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 169{ 170 struct sock *s; 171 read_lock(&rfcomm_sk_list.lock); 172 s = __rfcomm_get_sock_by_channel(state, channel, src); 173 if (s) bh_lock_sock(s); 174 read_unlock(&rfcomm_sk_list.lock); 175 return s; 176} 177 178static void rfcomm_sock_destruct(struct sock *sk) 179{ 180 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 181 182 BT_DBG("sk %p dlc %p", sk, d); 183 184 skb_queue_purge(&sk->sk_receive_queue); 185 skb_queue_purge(&sk->sk_write_queue); 186 187 rfcomm_dlc_lock(d); 188 rfcomm_pi(sk)->dlc = NULL; 189 190 /* Detach DLC if it's owned by this socket */ 191 if (d->owner == sk) 192 d->owner = NULL; 193 rfcomm_dlc_unlock(d); 194 195 rfcomm_dlc_put(d); 196} 197 198static void rfcomm_sock_cleanup_listen(struct sock *parent) 199{ 200 struct sock *sk; 201 202 BT_DBG("parent %p", parent); 203 204 /* Close not yet accepted dlcs */ 205 while ((sk = bt_accept_dequeue(parent, NULL))) { 206 rfcomm_sock_close(sk); 207 rfcomm_sock_kill(sk); 208 } 209 210 parent->sk_state = BT_CLOSED; 211 sock_set_flag(parent, SOCK_ZAPPED); 212} 213 214/* Kill socket (only if zapped and orphan) 215 * Must be called on unlocked socket. 216 */ 217static void rfcomm_sock_kill(struct sock *sk) 218{ 219 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 220 return; 221 222 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 223 224 /* Kill poor orphan */ 225 bt_sock_unlink(&rfcomm_sk_list, sk); 226 sock_set_flag(sk, SOCK_DEAD); 227 sock_put(sk); 228} 229 230static void __rfcomm_sock_close(struct sock *sk) 231{ 232 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 233 234 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 235 236 switch (sk->sk_state) { 237 case BT_LISTEN: 238 rfcomm_sock_cleanup_listen(sk); 239 break; 240 241 case BT_CONNECT: 242 case BT_CONNECT2: 243 case BT_CONFIG: 244 case BT_CONNECTED: 245 rfcomm_dlc_close(d, 0); 246 247 default: 248 sock_set_flag(sk, SOCK_ZAPPED); 249 break; 250 } 251} 252 253/* Close socket. 254 * Must be called on unlocked socket. 255 */ 256static void rfcomm_sock_close(struct sock *sk) 257{ 258 lock_sock(sk); 259 __rfcomm_sock_close(sk); 260 release_sock(sk); 261} 262 263static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 264{ 265 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 266 267 BT_DBG("sk %p", sk); 268 269 if (parent) { 270 sk->sk_type = parent->sk_type; 271 pi->link_mode = rfcomm_pi(parent)->link_mode; 272 } else { 273 pi->link_mode = 0; 274 } 275 276 pi->dlc->link_mode = pi->link_mode; 277} 278 279static struct proto rfcomm_proto = { 280 .name = "RFCOMM", 281 .owner = THIS_MODULE, 282 .obj_size = sizeof(struct rfcomm_pinfo) 283}; 284 285static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, gfp_t prio) 286{ 287 struct rfcomm_dlc *d; 288 struct sock *sk; 289 290 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 291 if (!sk) 292 return NULL; 293 294 sock_init_data(sock, sk); 295 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 296 297 d = rfcomm_dlc_alloc(prio); 298 if (!d) { 299 sk_free(sk); 300 return NULL; 301 } 302 303 d->data_ready = rfcomm_sk_data_ready; 304 d->state_change = rfcomm_sk_state_change; 305 306 rfcomm_pi(sk)->dlc = d; 307 d->owner = sk; 308 309 sk->sk_destruct = rfcomm_sock_destruct; 310 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 311 312 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 313 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 314 315 sock_reset_flag(sk, SOCK_ZAPPED); 316 317 sk->sk_protocol = proto; 318 sk->sk_state = BT_OPEN; 319 320 bt_sock_link(&rfcomm_sk_list, sk); 321 322 BT_DBG("sk %p", sk); 323 return sk; 324} 325 326static int rfcomm_sock_create(struct socket *sock, int protocol) 327{ 328 struct sock *sk; 329 330 BT_DBG("sock %p", sock); 331 332 sock->state = SS_UNCONNECTED; 333 334 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 335 return -ESOCKTNOSUPPORT; 336 337 sock->ops = &rfcomm_sock_ops; 338 339 sk = rfcomm_sock_alloc(sock, protocol, GFP_ATOMIC); 340 if (!sk) 341 return -ENOMEM; 342 343 rfcomm_sock_init(sk, NULL); 344 return 0; 345} 346 347static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 348{ 349 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 350 struct sock *sk = sock->sk; 351 int err = 0; 352 353 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 354 355 if (!addr || addr->sa_family != AF_BLUETOOTH) 356 return -EINVAL; 357 358 lock_sock(sk); 359 360 if (sk->sk_state != BT_OPEN) { 361 err = -EBADFD; 362 goto done; 363 } 364 365 if (sk->sk_type != SOCK_STREAM) { 366 err = -EINVAL; 367 goto done; 368 } 369 370 write_lock_bh(&rfcomm_sk_list.lock); 371 372 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 373 err = -EADDRINUSE; 374 } else { 375 /* Save source address */ 376 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 377 rfcomm_pi(sk)->channel = sa->rc_channel; 378 sk->sk_state = BT_BOUND; 379 } 380 381 write_unlock_bh(&rfcomm_sk_list.lock); 382 383done: 384 release_sock(sk); 385 return err; 386} 387 388static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 389{ 390 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 391 struct sock *sk = sock->sk; 392 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 393 int err = 0; 394 395 BT_DBG("sk %p", sk); 396 397 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 398 return -EINVAL; 399 400 lock_sock(sk); 401 402 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 403 err = -EBADFD; 404 goto done; 405 } 406 407 if (sk->sk_type != SOCK_STREAM) { 408 err = -EINVAL; 409 goto done; 410 } 411 412 sk->sk_state = BT_CONNECT; 413 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 414 rfcomm_pi(sk)->channel = sa->rc_channel; 415 416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 417 if (!err) 418 err = bt_sock_wait_state(sk, BT_CONNECTED, 419 sock_sndtimeo(sk, flags & O_NONBLOCK)); 420 421done: 422 release_sock(sk); 423 return err; 424} 425 426static int rfcomm_sock_listen(struct socket *sock, int backlog) 427{ 428 struct sock *sk = sock->sk; 429 int err = 0; 430 431 BT_DBG("sk %p backlog %d", sk, backlog); 432 433 lock_sock(sk); 434 435 if (sk->sk_state != BT_BOUND) { 436 err = -EBADFD; 437 goto done; 438 } 439 440 if (sk->sk_type != SOCK_STREAM) { 441 err = -EINVAL; 442 goto done; 443 } 444 445 if (!rfcomm_pi(sk)->channel) { 446 bdaddr_t *src = &bt_sk(sk)->src; 447 u8 channel; 448 449 err = -EINVAL; 450 451 write_lock_bh(&rfcomm_sk_list.lock); 452 453 for (channel = 1; channel < 31; channel++) 454 if (!__rfcomm_get_sock_by_addr(channel, src)) { 455 rfcomm_pi(sk)->channel = channel; 456 err = 0; 457 break; 458 } 459 460 write_unlock_bh(&rfcomm_sk_list.lock); 461 462 if (err < 0) 463 goto done; 464 } 465 466 sk->sk_max_ack_backlog = backlog; 467 sk->sk_ack_backlog = 0; 468 sk->sk_state = BT_LISTEN; 469 470done: 471 release_sock(sk); 472 return err; 473} 474 475static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 476{ 477 DECLARE_WAITQUEUE(wait, current); 478 struct sock *sk = sock->sk, *nsk; 479 long timeo; 480 int err = 0; 481 482 lock_sock(sk); 483 484 if (sk->sk_state != BT_LISTEN) { 485 err = -EBADFD; 486 goto done; 487 } 488 489 if (sk->sk_type != SOCK_STREAM) { 490 err = -EINVAL; 491 goto done; 492 } 493 494 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 495 496 BT_DBG("sk %p timeo %ld", sk, timeo); 497 498 /* Wait for an incoming connection. (wake-one). */ 499 add_wait_queue_exclusive(sk->sk_sleep, &wait); 500 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 501 set_current_state(TASK_INTERRUPTIBLE); 502 if (!timeo) { 503 err = -EAGAIN; 504 break; 505 } 506 507 release_sock(sk); 508 timeo = schedule_timeout(timeo); 509 lock_sock(sk); 510 511 if (sk->sk_state != BT_LISTEN) { 512 err = -EBADFD; 513 break; 514 } 515 516 if (signal_pending(current)) { 517 err = sock_intr_errno(timeo); 518 break; 519 } 520 } 521 set_current_state(TASK_RUNNING); 522 remove_wait_queue(sk->sk_sleep, &wait); 523 524 if (err) 525 goto done; 526 527 newsock->state = SS_CONNECTED; 528 529 BT_DBG("new socket %p", nsk); 530 531done: 532 release_sock(sk); 533 return err; 534} 535 536static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 537{ 538 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 539 struct sock *sk = sock->sk; 540 541 BT_DBG("sock %p, sk %p", sock, sk); 542 543 sa->rc_family = AF_BLUETOOTH; 544 sa->rc_channel = rfcomm_pi(sk)->channel; 545 if (peer) 546 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 547 else 548 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 549 550 *len = sizeof(struct sockaddr_rc); 551 return 0; 552} 553 554static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 555 struct msghdr *msg, size_t len) 556{ 557 struct sock *sk = sock->sk; 558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 559 struct sk_buff *skb; 560 int sent = 0; 561 562 if (msg->msg_flags & MSG_OOB) 563 return -EOPNOTSUPP; 564 565 if (sk->sk_shutdown & SEND_SHUTDOWN) 566 return -EPIPE; 567 568 BT_DBG("sock %p, sk %p", sock, sk); 569 570 lock_sock(sk); 571 572 while (len) { 573 size_t size = min_t(size_t, len, d->mtu); 574 int err; 575 576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 577 msg->msg_flags & MSG_DONTWAIT, &err); 578 if (!skb) 579 break; 580 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 581 582 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 583 if (err) { 584 kfree_skb(skb); 585 if (sent == 0) 586 sent = err; 587 break; 588 } 589 590 err = rfcomm_dlc_send(d, skb); 591 if (err < 0) { 592 kfree_skb(skb); 593 if (sent == 0) 594 sent = err; 595 break; 596 } 597 598 sent += size; 599 len -= size; 600 } 601 602 release_sock(sk); 603 604 return sent; 605} 606 607static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 608{ 609 DECLARE_WAITQUEUE(wait, current); 610 611 add_wait_queue(sk->sk_sleep, &wait); 612 for (;;) { 613 set_current_state(TASK_INTERRUPTIBLE); 614 615 if (!skb_queue_empty(&sk->sk_receive_queue) || 616 sk->sk_err || 617 (sk->sk_shutdown & RCV_SHUTDOWN) || 618 signal_pending(current) || 619 !timeo) 620 break; 621 622 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 623 release_sock(sk); 624 timeo = schedule_timeout(timeo); 625 lock_sock(sk); 626 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 627 } 628 629 __set_current_state(TASK_RUNNING); 630 remove_wait_queue(sk->sk_sleep, &wait); 631 return timeo; 632} 633 634static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 635 struct msghdr *msg, size_t size, int flags) 636{ 637 struct sock *sk = sock->sk; 638 int err = 0; 639 size_t target, copied = 0; 640 long timeo; 641 642 if (flags & MSG_OOB) 643 return -EOPNOTSUPP; 644 645 msg->msg_namelen = 0; 646 647 BT_DBG("sk %p size %d", sk, size); 648 649 lock_sock(sk); 650 651 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 652 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 653 654 do { 655 struct sk_buff *skb; 656 int chunk; 657 658 skb = skb_dequeue(&sk->sk_receive_queue); 659 if (!skb) { 660 if (copied >= target) 661 break; 662 663 if ((err = sock_error(sk)) != 0) 664 break; 665 if (sk->sk_shutdown & RCV_SHUTDOWN) 666 break; 667 668 err = -EAGAIN; 669 if (!timeo) 670 break; 671 672 timeo = rfcomm_sock_data_wait(sk, timeo); 673 674 if (signal_pending(current)) { 675 err = sock_intr_errno(timeo); 676 goto out; 677 } 678 continue; 679 } 680 681 chunk = min_t(unsigned int, skb->len, size); 682 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 683 skb_queue_head(&sk->sk_receive_queue, skb); 684 if (!copied) 685 copied = -EFAULT; 686 break; 687 } 688 copied += chunk; 689 size -= chunk; 690 691 if (!(flags & MSG_PEEK)) { 692 atomic_sub(chunk, &sk->sk_rmem_alloc); 693 694 skb_pull(skb, chunk); 695 if (skb->len) { 696 skb_queue_head(&sk->sk_receive_queue, skb); 697 break; 698 } 699 kfree_skb(skb); 700 701 } else { 702 /* put message back and return */ 703 skb_queue_head(&sk->sk_receive_queue, skb); 704 break; 705 } 706 } while (size); 707 708out: 709 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 710 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 711 712 release_sock(sk); 713 return copied ? : err; 714} 715 716static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 717{ 718 struct sock *sk = sock->sk; 719 int err = 0; 720 u32 opt; 721 722 BT_DBG("sk %p", sk); 723 724 lock_sock(sk); 725 726 switch (optname) { 727 case RFCOMM_LM: 728 if (get_user(opt, (u32 __user *) optval)) { 729 err = -EFAULT; 730 break; 731 } 732 733 rfcomm_pi(sk)->link_mode = opt; 734 break; 735 736 default: 737 err = -ENOPROTOOPT; 738 break; 739 } 740 741 release_sock(sk); 742 return err; 743} 744 745static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 746{ 747 struct sock *sk = sock->sk; 748 struct sock *l2cap_sk; 749 struct rfcomm_conninfo cinfo; 750 int len, err = 0; 751 752 BT_DBG("sk %p", sk); 753 754 if (get_user(len, optlen)) 755 return -EFAULT; 756 757 lock_sock(sk); 758 759 switch (optname) { 760 case RFCOMM_LM: 761 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 762 err = -EFAULT; 763 break; 764 765 case RFCOMM_CONNINFO: 766 if (sk->sk_state != BT_CONNECTED) { 767 err = -ENOTCONN; 768 break; 769 } 770 771 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 772 773 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 774 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 775 776 len = min_t(unsigned int, len, sizeof(cinfo)); 777 if (copy_to_user(optval, (char *) &cinfo, len)) 778 err = -EFAULT; 779 780 break; 781 782 default: 783 err = -ENOPROTOOPT; 784 break; 785 } 786 787 release_sock(sk); 788 return err; 789} 790 791static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 792{ 793 struct sock *sk = sock->sk; 794 int err; 795 796 lock_sock(sk); 797 798#ifdef CONFIG_BT_RFCOMM_TTY 799 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 800#else 801 err = -EOPNOTSUPP; 802#endif 803 804 release_sock(sk); 805 return err; 806} 807 808static int rfcomm_sock_shutdown(struct socket *sock, int how) 809{ 810 struct sock *sk = sock->sk; 811 int err = 0; 812 813 BT_DBG("sock %p, sk %p", sock, sk); 814 815 if (!sk) return 0; 816 817 lock_sock(sk); 818 if (!sk->sk_shutdown) { 819 sk->sk_shutdown = SHUTDOWN_MASK; 820 __rfcomm_sock_close(sk); 821 822 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 823 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 824 } 825 release_sock(sk); 826 return err; 827} 828 829static int rfcomm_sock_release(struct socket *sock) 830{ 831 struct sock *sk = sock->sk; 832 int err; 833 834 BT_DBG("sock %p, sk %p", sock, sk); 835 836 if (!sk) 837 return 0; 838 839 err = rfcomm_sock_shutdown(sock, 2); 840 841 sock_orphan(sk); 842 rfcomm_sock_kill(sk); 843 return err; 844} 845 846/* ---- RFCOMM core layer callbacks ---- 847 * 848 * called under rfcomm_lock() 849 */ 850int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 851{ 852 struct sock *sk, *parent; 853 bdaddr_t src, dst; 854 int result = 0; 855 856 BT_DBG("session %p channel %d", s, channel); 857 858 rfcomm_session_getaddr(s, &src, &dst); 859 860 /* Check if we have socket listening on channel */ 861 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 862 if (!parent) 863 return 0; 864 865 /* Check for backlog size */ 866 if (sk_acceptq_is_full(parent)) { 867 BT_DBG("backlog full %d", parent->sk_ack_backlog); 868 goto done; 869 } 870 871 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 872 if (!sk) 873 goto done; 874 875 rfcomm_sock_init(sk, parent); 876 bacpy(&bt_sk(sk)->src, &src); 877 bacpy(&bt_sk(sk)->dst, &dst); 878 rfcomm_pi(sk)->channel = channel; 879 880 sk->sk_state = BT_CONFIG; 881 bt_accept_enqueue(parent, sk); 882 883 /* Accept connection and return socket DLC */ 884 *d = rfcomm_pi(sk)->dlc; 885 result = 1; 886 887done: 888 bh_unlock_sock(parent); 889 return result; 890} 891 892static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 893{ 894 struct sock *sk; 895 struct hlist_node *node; 896 char *str = buf; 897 898 read_lock_bh(&rfcomm_sk_list.lock); 899 900 sk_for_each(sk, node, &rfcomm_sk_list.head) { 901 str += sprintf(str, "%s %s %d %d\n", 902 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 903 sk->sk_state, rfcomm_pi(sk)->channel); 904 } 905 906 read_unlock_bh(&rfcomm_sk_list.lock); 907 908 return (str - buf); 909} 910 911static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 912 913static const struct proto_ops rfcomm_sock_ops = { 914 .family = PF_BLUETOOTH, 915 .owner = THIS_MODULE, 916 .release = rfcomm_sock_release, 917 .bind = rfcomm_sock_bind, 918 .connect = rfcomm_sock_connect, 919 .listen = rfcomm_sock_listen, 920 .accept = rfcomm_sock_accept, 921 .getname = rfcomm_sock_getname, 922 .sendmsg = rfcomm_sock_sendmsg, 923 .recvmsg = rfcomm_sock_recvmsg, 924 .shutdown = rfcomm_sock_shutdown, 925 .setsockopt = rfcomm_sock_setsockopt, 926 .getsockopt = rfcomm_sock_getsockopt, 927 .ioctl = rfcomm_sock_ioctl, 928 .poll = bt_sock_poll, 929 .socketpair = sock_no_socketpair, 930 .mmap = sock_no_mmap 931}; 932 933static struct net_proto_family rfcomm_sock_family_ops = { 934 .family = PF_BLUETOOTH, 935 .owner = THIS_MODULE, 936 .create = rfcomm_sock_create 937}; 938 939int __init rfcomm_init_sockets(void) 940{ 941 int err; 942 943 err = proto_register(&rfcomm_proto, 0); 944 if (err < 0) 945 return err; 946 947 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 948 if (err < 0) 949 goto error; 950 951 if (class_create_file(bt_class, &class_attr_rfcomm) < 0) 952 BT_ERR("Failed to create RFCOMM info file"); 953 954 BT_INFO("RFCOMM socket layer initialized"); 955 956 return 0; 957 958error: 959 BT_ERR("RFCOMM socket layer registration failed"); 960 proto_unregister(&rfcomm_proto); 961 return err; 962} 963 964void __exit rfcomm_cleanup_sockets(void) 965{ 966 class_remove_file(bt_class, &class_attr_rfcomm); 967 968 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 969 BT_ERR("RFCOMM socket layer unregistration failed"); 970 971 proto_unregister(&rfcomm_proto); 972} 973