]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/bluetooth/rfcomm/sock.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[net-next-2.6.git] / net / bluetooth / rfcomm / sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
aef7d97c
MH		 43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
1da177e4
LT		 45#include <net/sock.h>
46
47#include <asm/system.h>
48#include <asm/uaccess.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/l2cap.h>
53#include <net/bluetooth/rfcomm.h>
54
90ddc4f0 55static const struct proto_ops rfcomm_sock_ops;
1da177e4
LT		 56
57static struct bt_sock_list rfcomm_sk_list = {
d5fb2962 58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
1da177e4
LT		 59};
60
61static void rfcomm_sock_close(struct sock *sk);
62static void rfcomm_sock_kill(struct sock *sk);
63
64/* ---- DLC callbacks ----
65 *
66 * called under rfcomm_dlc_lock()
67 */
68static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
69{
70 struct sock *sk = d->owner;
71 if (!sk)
72 return;
73
74 atomic_add(skb->len, &sk->sk_rmem_alloc);
75 skb_queue_tail(&sk->sk_receive_queue, skb);
76 sk->sk_data_ready(sk, skb->len);
77
78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
79 rfcomm_dlc_throttle(d);
80}
81
82static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
83{
84 struct sock *sk = d->owner, *parent;
fad003b6
GP		 85 unsigned long flags;
86
1da177e4
LT		 87 if (!sk)
88 return;
89
90 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
91
fad003b6 92 local_irq_save(flags);
1da177e4
LT		 93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
fad003b6 114 local_irq_restore(flags);
1da177e4
LT		 115
116 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
117 /* We have to drop DLC lock here, otherwise
118 * rfcomm_sock_destruct() will dead lock. */
119 rfcomm_dlc_unlock(d);
120 rfcomm_sock_kill(sk);
121 rfcomm_dlc_lock(d);
122 }
123}
124
125/* ---- Socket functions ---- */
126static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
127{
128 struct sock *sk = NULL;
129 struct hlist_node *node;
130
131 sk_for_each(sk, node, &rfcomm_sk_list.head) {
8e87d142 132 if (rfcomm_pi(sk)->channel == channel &&
1da177e4
LT		 133 !bacmp(&bt_sk(sk)->src, src))
134 break;
135 }
136
137 return node ? sk : NULL;
138}
139
140/* Find socket with channel and source bdaddr.
141 * Returns closest match.
142 */
143static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144{
145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node;
147
148 sk_for_each(sk, node, &rfcomm_sk_list.head) {
149 if (state && sk->sk_state != state)
150 continue;
151
152 if (rfcomm_pi(sk)->channel == channel) {
153 /* Exact match. */
154 if (!bacmp(&bt_sk(sk)->src, src))
155 break;
156
157 /* Closest match */
158 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
159 sk1 = sk;
160 }
161 }
162 return node ? sk : sk1;
163}
164
165/* Find socket with given address (channel, src).
166 * Returns locked socket */
167static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
168{
169 struct sock *s;
170 read_lock(&rfcomm_sk_list.lock);
171 s = __rfcomm_get_sock_by_channel(state, channel, src);
172 if (s) bh_lock_sock(s);
173 read_unlock(&rfcomm_sk_list.lock);
174 return s;
175}
176
177static void rfcomm_sock_destruct(struct sock *sk)
178{
179 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
180
181 BT_DBG("sk %p dlc %p", sk, d);
182
183 skb_queue_purge(&sk->sk_receive_queue);
184 skb_queue_purge(&sk->sk_write_queue);
185
186 rfcomm_dlc_lock(d);
187 rfcomm_pi(sk)->dlc = NULL;
188
189 /* Detach DLC if it's owned by this socket */
190 if (d->owner == sk)
191 d->owner = NULL;
192 rfcomm_dlc_unlock(d);
193
194 rfcomm_dlc_put(d);
195}
196
197static void rfcomm_sock_cleanup_listen(struct sock *parent)
198{
199 struct sock *sk;
200
201 BT_DBG("parent %p", parent);
202
203 /* Close not yet accepted dlcs */
204 while ((sk = bt_accept_dequeue(parent, NULL))) {
205 rfcomm_sock_close(sk);
206 rfcomm_sock_kill(sk);
207 }
208
209 parent->sk_state = BT_CLOSED;
210 sock_set_flag(parent, SOCK_ZAPPED);
211}
212
213/* Kill socket (only if zapped and orphan)
214 * Must be called on unlocked socket.
215 */
216static void rfcomm_sock_kill(struct sock *sk)
217{
218 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
219 return;
220
221 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
222
223 /* Kill poor orphan */
224 bt_sock_unlink(&rfcomm_sk_list, sk);
225 sock_set_flag(sk, SOCK_DEAD);
226 sock_put(sk);
227}
228
229static void __rfcomm_sock_close(struct sock *sk)
230{
231 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
232
233 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
234
235 switch (sk->sk_state) {
236 case BT_LISTEN:
237 rfcomm_sock_cleanup_listen(sk);
238 break;
239
240 case BT_CONNECT:
241 case BT_CONNECT2:
242 case BT_CONFIG:
243 case BT_CONNECTED:
244 rfcomm_dlc_close(d, 0);
245
246 default:
247 sock_set_flag(sk, SOCK_ZAPPED);
248 break;
249 }
250}
251
252/* Close socket.
253 * Must be called on unlocked socket.
254 */
255static void rfcomm_sock_close(struct sock *sk)
256{
257 lock_sock(sk);
258 __rfcomm_sock_close(sk);
259 release_sock(sk);
260}
261
262static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
263{
264 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
265
266 BT_DBG("sk %p", sk);
267
268 if (parent) {
269 sk->sk_type = parent->sk_type;
bb23c0ab 270 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
9f2c8a03
MH		 271
272 pi->sec_level = rfcomm_pi(parent)->sec_level;
273 pi->role_switch = rfcomm_pi(parent)->role_switch;
1da177e4 274 } else {
bb23c0ab 275 pi->dlc->defer_setup = 0;
9f2c8a03
MH		 276
277 pi->sec_level = BT_SECURITY_LOW;
278 pi->role_switch = 0;
1da177e4
LT		 279 }
280
9f2c8a03
MH		 281 pi->dlc->sec_level = pi->sec_level;
282 pi->dlc->role_switch = pi->role_switch;
1da177e4
LT		 283}
284
285static struct proto rfcomm_proto = {
286 .name = "RFCOMM",
287 .owner = THIS_MODULE,
288 .obj_size = sizeof(struct rfcomm_pinfo)
289};
290
1b8d7ae4 291static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 292{
293 struct rfcomm_dlc *d;
294 struct sock *sk;
295
6257ff21 296 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
1da177e4
LT		 297 if (!sk)
298 return NULL;
299
300 sock_init_data(sock, sk);
301 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
302
303 d = rfcomm_dlc_alloc(prio);
304 if (!d) {
305 sk_free(sk);
306 return NULL;
307 }
308
309 d->data_ready = rfcomm_sk_data_ready;
310 d->state_change = rfcomm_sk_state_change;
311
312 rfcomm_pi(sk)->dlc = d;
313 d->owner = sk;
314
315 sk->sk_destruct = rfcomm_sock_destruct;
316 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
317
77db1980
MH		 318 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
319 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
1da177e4
LT		 320
321 sock_reset_flag(sk, SOCK_ZAPPED);
322
323 sk->sk_protocol = proto;
77db1980 324 sk->sk_state = BT_OPEN;
1da177e4
LT		 325
326 bt_sock_link(&rfcomm_sk_list, sk);
327
328 BT_DBG("sk %p", sk);
329 return sk;
330}
331
3f378b68
EP		 332static int rfcomm_sock_create(struct net *net, struct socket *sock,
333 int protocol, int kern)
1da177e4
LT		 334{
335 struct sock *sk;
336
337 BT_DBG("sock %p", sock);
338
339 sock->state = SS_UNCONNECTED;
340
341 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
342 return -ESOCKTNOSUPPORT;
343
344 sock->ops = &rfcomm_sock_ops;
345
1b8d7ae4 346 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
74da626a 347 if (!sk)
1da177e4
LT		 348 return -ENOMEM;
349
350 rfcomm_sock_init(sk, NULL);
351 return 0;
352}
353
354static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
355{
356 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
357 struct sock *sk = sock->sk;
358 int err = 0;
359
360 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
361
362 if (!addr || addr->sa_family != AF_BLUETOOTH)
363 return -EINVAL;
364
365 lock_sock(sk);
366
367 if (sk->sk_state != BT_OPEN) {
368 err = -EBADFD;
369 goto done;
370 }
371
354d28d5
MH		 372 if (sk->sk_type != SOCK_STREAM) {
373 err = -EINVAL;
374 goto done;
375 }
376
1da177e4
LT		 377 write_lock_bh(&rfcomm_sk_list.lock);
378
379 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
380 err = -EADDRINUSE;
381 } else {
382 /* Save source address */
383 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
384 rfcomm_pi(sk)->channel = sa->rc_channel;
385 sk->sk_state = BT_BOUND;
386 }
387
388 write_unlock_bh(&rfcomm_sk_list.lock);
389
390done:
391 release_sock(sk);
392 return err;
393}
394
395static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
396{
397 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
398 struct sock *sk = sock->sk;
399 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
400 int err = 0;
401
402 BT_DBG("sk %p", sk);
403
6503d961
CG		 404 if (alen < sizeof(struct sockaddr_rc) ||
405 addr->sa_family != AF_BLUETOOTH)
1da177e4
LT		 406 return -EINVAL;
407
354d28d5 408 lock_sock(sk);
1da177e4 409
354d28d5
MH		 410 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
411 err = -EBADFD;
412 goto done;
413 }
1da177e4 414
354d28d5
MH		 415 if (sk->sk_type != SOCK_STREAM) {
416 err = -EINVAL;
417 goto done;
418 }
1da177e4
LT		 419
420 sk->sk_state = BT_CONNECT;
421 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
422 rfcomm_pi(sk)->channel = sa->rc_channel;
423
9f2c8a03
MH		 424 d->sec_level = rfcomm_pi(sk)->sec_level;
425 d->role_switch = rfcomm_pi(sk)->role_switch;
77db1980 426
1da177e4
LT		 427 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
428 if (!err)
429 err = bt_sock_wait_state(sk, BT_CONNECTED,
430 sock_sndtimeo(sk, flags & O_NONBLOCK));
431
354d28d5 432done:
1da177e4
LT		 433 release_sock(sk);
434 return err;
435}
436
437static int rfcomm_sock_listen(struct socket *sock, int backlog)
438{
439 struct sock *sk = sock->sk;
440 int err = 0;
441
442 BT_DBG("sk %p backlog %d", sk, backlog);
443
444 lock_sock(sk);
445
446 if (sk->sk_state != BT_BOUND) {
447 err = -EBADFD;
448 goto done;
449 }
450
354d28d5
MH		 451 if (sk->sk_type != SOCK_STREAM) {
452 err = -EINVAL;
453 goto done;
454 }
455
1da177e4
LT		 456 if (!rfcomm_pi(sk)->channel) {
457 bdaddr_t *src = &bt_sk(sk)->src;
458 u8 channel;
459
460 err = -EINVAL;
461
462 write_lock_bh(&rfcomm_sk_list.lock);
463
464 for (channel = 1; channel < 31; channel++)
465 if (!__rfcomm_get_sock_by_addr(channel, src)) {
466 rfcomm_pi(sk)->channel = channel;
467 err = 0;
468 break;
469 }
470
471 write_unlock_bh(&rfcomm_sk_list.lock);
472
473 if (err < 0)
474 goto done;
475 }
476
477 sk->sk_max_ack_backlog = backlog;
478 sk->sk_ack_backlog = 0;
479 sk->sk_state = BT_LISTEN;
480
481done:
482 release_sock(sk);
483 return err;
484}
485
486static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
487{
488 DECLARE_WAITQUEUE(wait, current);
489 struct sock *sk = sock->sk, *nsk;
490 long timeo;
491 int err = 0;
492
493 lock_sock(sk);
494
495 if (sk->sk_state != BT_LISTEN) {
496 err = -EBADFD;
497 goto done;
498 }
499
354d28d5
MH		 500 if (sk->sk_type != SOCK_STREAM) {
501 err = -EINVAL;
502 goto done;
503 }
504
1da177e4
LT		 505 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
506
507 BT_DBG("sk %p timeo %ld", sk, timeo);
508
509 /* Wait for an incoming connection. (wake-one). */
aa395145 510 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1da177e4
LT		 511 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
512 set_current_state(TASK_INTERRUPTIBLE);
513 if (!timeo) {
514 err = -EAGAIN;
515 break;
516 }
517
518 release_sock(sk);
519 timeo = schedule_timeout(timeo);
520 lock_sock(sk);
521
522 if (sk->sk_state != BT_LISTEN) {
523 err = -EBADFD;
524 break;
525 }
526
527 if (signal_pending(current)) {
528 err = sock_intr_errno(timeo);
529 break;
530 }
531 }
532 set_current_state(TASK_RUNNING);
aa395145 533 remove_wait_queue(sk_sleep(sk), &wait);
1da177e4
LT		 534
535 if (err)
536 goto done;
537
538 newsock->state = SS_CONNECTED;
539
540 BT_DBG("new socket %p", nsk);
541
542done:
543 release_sock(sk);
544 return err;
545}
546
547static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
548{
549 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
550 struct sock *sk = sock->sk;
551
552 BT_DBG("sock %p, sk %p", sock, sk);
553
554 sa->rc_family = AF_BLUETOOTH;
555 sa->rc_channel = rfcomm_pi(sk)->channel;
556 if (peer)
557 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
558 else
559 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
560
561 *len = sizeof(struct sockaddr_rc);
562 return 0;
563}
564
565static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
566 struct msghdr *msg, size_t len)
567{
568 struct sock *sk = sock->sk;
569 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
570 struct sk_buff *skb;
1da177e4
LT		 571 int sent = 0;
572
bb23c0ab
MH		 573 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
574 return -ENOTCONN;
575
1da177e4
LT		 576 if (msg->msg_flags & MSG_OOB)
577 return -EOPNOTSUPP;
578
579 if (sk->sk_shutdown & SEND_SHUTDOWN)
580 return -EPIPE;
581
582 BT_DBG("sock %p, sk %p", sock, sk);
583
584 lock_sock(sk);
585
586 while (len) {
587 size_t size = min_t(size_t, len, d->mtu);
4d6a2188 588 int err;
8e87d142 589
1da177e4
LT		 590 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
591 msg->msg_flags & MSG_DONTWAIT, &err);
91aa35a5
VS		 592 if (!skb) {
593 if (sent == 0)
594 sent = err;
1da177e4 595 break;
91aa35a5 596 }
1da177e4
LT		 597 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
598
599 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
600 if (err) {
601 kfree_skb(skb);
4d6a2188
MH		 602 if (sent == 0)
603 sent = err;
1da177e4
LT		 604 break;
605 }
606
607 err = rfcomm_dlc_send(d, skb);
608 if (err < 0) {
609 kfree_skb(skb);
4d6a2188
MH		 610 if (sent == 0)
611 sent = err;
1da177e4
LT		 612 break;
613 }
614
615 sent += size;
616 len -= size;
617 }
618
619 release_sock(sk);
620
4d6a2188 621 return sent;
1da177e4
LT		 622}
623
624static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
625{
626 DECLARE_WAITQUEUE(wait, current);
627
aa395145 628 add_wait_queue(sk_sleep(sk), &wait);
1da177e4
LT		 629 for (;;) {
630 set_current_state(TASK_INTERRUPTIBLE);
631
b03efcfb
DM		 632 if (!skb_queue_empty(&sk->sk_receive_queue) ||
633 sk->sk_err ||
634 (sk->sk_shutdown & RCV_SHUTDOWN) ||
635 signal_pending(current) ||
636 !timeo)
1da177e4
LT		 637 break;
638
639 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
640 release_sock(sk);
641 timeo = schedule_timeout(timeo);
642 lock_sock(sk);
643 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
644 }
645
646 __set_current_state(TASK_RUNNING);
aa395145 647 remove_wait_queue(sk_sleep(sk), &wait);
1da177e4
LT		 648 return timeo;
649}
650
651static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
652 struct msghdr *msg, size_t size, int flags)
653{
654 struct sock *sk = sock->sk;
bb23c0ab 655 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
1da177e4
LT		 656 int err = 0;
657 size_t target, copied = 0;
658 long timeo;
659
bb23c0ab
MH		 660 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
661 rfcomm_dlc_accept(d);
662 return 0;
663 }
664
1da177e4
LT		 665 if (flags & MSG_OOB)
666 return -EOPNOTSUPP;
667
668 msg->msg_namelen = 0;
669
a418b893 670 BT_DBG("sk %p size %zu", sk, size);
1da177e4
LT		 671
672 lock_sock(sk);
673
674 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
675 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
676
677 do {
678 struct sk_buff *skb;
679 int chunk;
680
681 skb = skb_dequeue(&sk->sk_receive_queue);
682 if (!skb) {
683 if (copied >= target)
684 break;
685
686 if ((err = sock_error(sk)) != 0)
687 break;
688 if (sk->sk_shutdown & RCV_SHUTDOWN)
689 break;
690
691 err = -EAGAIN;
692 if (!timeo)
693 break;
694
695 timeo = rfcomm_sock_data_wait(sk, timeo);
696
697 if (signal_pending(current)) {
698 err = sock_intr_errno(timeo);
699 goto out;
700 }
701 continue;
702 }
703
704 chunk = min_t(unsigned int, skb->len, size);
705 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
706 skb_queue_head(&sk->sk_receive_queue, skb);
707 if (!copied)
708 copied = -EFAULT;
709 break;
710 }
711 copied += chunk;
712 size -= chunk;
713
3b885787 714 sock_recv_ts_and_drops(msg, sk, skb);
3241ad82 715
1da177e4
LT		 716 if (!(flags & MSG_PEEK)) {
717 atomic_sub(chunk, &sk->sk_rmem_alloc);
718
719 skb_pull(skb, chunk);
720 if (skb->len) {
721 skb_queue_head(&sk->sk_receive_queue, skb);
722 break;
723 }
724 kfree_skb(skb);
725
726 } else {
727 /* put message back and return */
728 skb_queue_head(&sk->sk_receive_queue, skb);
729 break;
730 }
731 } while (size);
732
733out:
734 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
735 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
736
737 release_sock(sk);
738 return copied ? : err;
739}
740
b7058842 741static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1da177e4
LT		 742{
743 struct sock *sk = sock->sk;
744 int err = 0;
745 u32 opt;
746
747 BT_DBG("sk %p", sk);
748
749 lock_sock(sk);
750
751 switch (optname) {
752 case RFCOMM_LM:
753 if (get_user(opt, (u32 __user *) optval)) {
754 err = -EFAULT;
755 break;
756 }
757
9f2c8a03
MH		 758 if (opt & RFCOMM_LM_AUTH)
759 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
760 if (opt & RFCOMM_LM_ENCRYPT)
761 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
762 if (opt & RFCOMM_LM_SECURE)
763 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
764
765 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
1da177e4
LT		 766 break;
767
768 default:
769 err = -ENOPROTOOPT;
770 break;
771 }
772
773 release_sock(sk);
774 return err;
775}
776
b7058842 777static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
d58daf42
MH		 778{
779 struct sock *sk = sock->sk;
9f2c8a03
MH		 780 struct bt_security sec;
781 int len, err = 0;
bb23c0ab 782 u32 opt;
d58daf42
MH		 783
784 BT_DBG("sk %p", sk);
785
786 if (level == SOL_RFCOMM)
787 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
788
0588d94f
MH		 789 if (level != SOL_BLUETOOTH)
790 return -ENOPROTOOPT;
791
d58daf42
MH		 792 lock_sock(sk);
793
794 switch (optname) {
9f2c8a03 795 case BT_SECURITY:
0588d94f
MH		 796 if (sk->sk_type != SOCK_STREAM) {
797 err = -EINVAL;
798 break;
799 }
800
9f2c8a03
MH		 801 sec.level = BT_SECURITY_LOW;
802
803 len = min_t(unsigned int, sizeof(sec), optlen);
804 if (copy_from_user((char *) &sec, optval, len)) {
805 err = -EFAULT;
806 break;
807 }
808
809 if (sec.level > BT_SECURITY_HIGH) {
810 err = -EINVAL;
811 break;
812 }
813
814 rfcomm_pi(sk)->sec_level = sec.level;
815 break;
816
bb23c0ab
MH		 817 case BT_DEFER_SETUP:
818 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
819 err = -EINVAL;
820 break;
821 }
822
823 if (get_user(opt, (u32 __user *) optval)) {
824 err = -EFAULT;
825 break;
826 }
827
828 bt_sk(sk)->defer_setup = opt;
829 break;
830
d58daf42
MH		 831 default:
832 err = -ENOPROTOOPT;
833 break;
834 }
835
836 release_sock(sk);
837 return err;
838}
839
840static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 841{
842 struct sock *sk = sock->sk;
843 struct sock *l2cap_sk;
844 struct rfcomm_conninfo cinfo;
845 int len, err = 0;
9f2c8a03 846 u32 opt;
1da177e4
LT		 847
848 BT_DBG("sk %p", sk);
849
850 if (get_user(len, optlen))
851 return -EFAULT;
852
853 lock_sock(sk);
854
855 switch (optname) {
856 case RFCOMM_LM:
9f2c8a03
MH		 857 switch (rfcomm_pi(sk)->sec_level) {
858 case BT_SECURITY_LOW:
859 opt = RFCOMM_LM_AUTH;
860 break;
861 case BT_SECURITY_MEDIUM:
862 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
863 break;
864 case BT_SECURITY_HIGH:
865 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
866 RFCOMM_LM_SECURE;
867 break;
868 default:
869 opt = 0;
870 break;
871 }
872
873 if (rfcomm_pi(sk)->role_switch)
874 opt |= RFCOMM_LM_MASTER;
875
876 if (put_user(opt, (u32 __user *) optval))
1da177e4
LT		 877 err = -EFAULT;
878 break;
879
880 case RFCOMM_CONNINFO:
bb23c0ab
MH		 881 if (sk->sk_state != BT_CONNECTED &&
882 !rfcomm_pi(sk)->dlc->defer_setup) {
1da177e4
LT		 883 err = -ENOTCONN;
884 break;
885 }
886
887 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
888
889 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
890 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
891
892 len = min_t(unsigned int, len, sizeof(cinfo));
893 if (copy_to_user(optval, (char *) &cinfo, len))
894 err = -EFAULT;
895
896 break;
897
898 default:
899 err = -ENOPROTOOPT;
900 break;
901 }
902
903 release_sock(sk);
d58daf42
MH		 904 return err;
905}
906
907static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
908{
909 struct sock *sk = sock->sk;
9f2c8a03 910 struct bt_security sec;
d58daf42
MH		 911 int len, err = 0;
912
913 BT_DBG("sk %p", sk);
914
915 if (level == SOL_RFCOMM)
916 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
917
0588d94f
MH		 918 if (level != SOL_BLUETOOTH)
919 return -ENOPROTOOPT;
920
d58daf42
MH		 921 if (get_user(len, optlen))
922 return -EFAULT;
923
924 lock_sock(sk);
925
926 switch (optname) {
9f2c8a03 927 case BT_SECURITY:
0588d94f
MH		 928 if (sk->sk_type != SOCK_STREAM) {
929 err = -EINVAL;
930 break;
931 }
932
9f2c8a03
MH		 933 sec.level = rfcomm_pi(sk)->sec_level;
934
935 len = min_t(unsigned int, len, sizeof(sec));
936 if (copy_to_user(optval, (char *) &sec, len))
937 err = -EFAULT;
938
939 break;
940
bb23c0ab
MH		 941 case BT_DEFER_SETUP:
942 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
943 err = -EINVAL;
944 break;
945 }
946
947 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
948 err = -EFAULT;
949
950 break;
951
d58daf42
MH		 952 default:
953 err = -ENOPROTOOPT;
954 break;
955 }
956
957 release_sock(sk);
1da177e4
LT		 958 return err;
959}
960
961static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
962{
e19caae7 963 struct sock *sk __maybe_unused = sock->sk;
1da177e4
LT		 964 int err;
965
e19caae7 966 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
1da177e4 967
3241ad82 968 err = bt_sock_ioctl(sock, cmd, arg);
1da177e4 969
3241ad82 970 if (err == -ENOIOCTLCMD) {
1da177e4 971#ifdef CONFIG_BT_RFCOMM_TTY
3241ad82
MH		 972 lock_sock(sk);
973 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
974 release_sock(sk);
1da177e4 975#else
3241ad82 976 err = -EOPNOTSUPP;
1da177e4 977#endif
3241ad82 978 }
1da177e4 979
1da177e4
LT		 980 return err;
981}
982
983static int rfcomm_sock_shutdown(struct socket *sock, int how)
984{
985 struct sock *sk = sock->sk;
986 int err = 0;
987
988 BT_DBG("sock %p, sk %p", sock, sk);
989
990 if (!sk) return 0;
991
992 lock_sock(sk);
993 if (!sk->sk_shutdown) {
994 sk->sk_shutdown = SHUTDOWN_MASK;
995 __rfcomm_sock_close(sk);
996
997 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
998 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
999 }
1000 release_sock(sk);
1001 return err;
1002}
1003
1004static int rfcomm_sock_release(struct socket *sock)
1005{
1006 struct sock *sk = sock->sk;
1007 int err;
1008
1009 BT_DBG("sock %p, sk %p", sock, sk);
1010
1011 if (!sk)
1012 return 0;
1013
1014 err = rfcomm_sock_shutdown(sock, 2);
1015
1016 sock_orphan(sk);
1017 rfcomm_sock_kill(sk);
1018 return err;
1019}
1020
8e87d142 1021/* ---- RFCOMM core layer callbacks ----
1da177e4
LT		 1022 *
1023 * called under rfcomm_lock()
1024 */
1025int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
1026{
1027 struct sock *sk, *parent;
1028 bdaddr_t src, dst;
1029 int result = 0;
1030
1031 BT_DBG("session %p channel %d", s, channel);
1032
1033 rfcomm_session_getaddr(s, &src, &dst);
1034
1035 /* Check if we have socket listening on channel */
1036 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
1037 if (!parent)
1038 return 0;
1039
1040 /* Check for backlog size */
1041 if (sk_acceptq_is_full(parent)) {
8e87d142 1042 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 1043 goto done;
1044 }
1045
3b1e0a65 1046 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1da177e4
LT		 1047 if (!sk)
1048 goto done;
1049
1050 rfcomm_sock_init(sk, parent);
1051 bacpy(&bt_sk(sk)->src, &src);
1052 bacpy(&bt_sk(sk)->dst, &dst);
1053 rfcomm_pi(sk)->channel = channel;
1054
1055 sk->sk_state = BT_CONFIG;
1056 bt_accept_enqueue(parent, sk);
1057
1058 /* Accept connection and return socket DLC */
1059 *d = rfcomm_pi(sk)->dlc;
1060 result = 1;
1061
1062done:
1063 bh_unlock_sock(parent);
bb23c0ab
MH		 1064
1065 if (bt_sk(parent)->defer_setup)
1066 parent->sk_state_change(parent);
1067
1da177e4
LT		 1068 return result;
1069}
1070
aef7d97c 1071static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1da177e4
LT		 1072{
1073 struct sock *sk;
1074 struct hlist_node *node;
1da177e4
LT		 1075
1076 read_lock_bh(&rfcomm_sk_list.lock);
1077
be9d1227 1078 sk_for_each(sk, node, &rfcomm_sk_list.head) {
aef7d97c
MH		 1079 seq_printf(f, "%s %s %d %d\n",
1080 batostr(&bt_sk(sk)->src),
1081 batostr(&bt_sk(sk)->dst),
be9d1227
MH		 1082 sk->sk_state, rfcomm_pi(sk)->channel);
1083 }
1da177e4 1084
1da177e4 1085 read_unlock_bh(&rfcomm_sk_list.lock);
1da177e4 1086
aef7d97c 1087 return 0;
1da177e4
LT		 1088}
1089
aef7d97c
MH		 1090static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1091{
1092 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1093}
1094
1095static const struct file_operations rfcomm_sock_debugfs_fops = {
1096 .open = rfcomm_sock_debugfs_open,
1097 .read = seq_read,
1098 .llseek = seq_lseek,
1099 .release = single_release,
1100};
1101
1102static struct dentry *rfcomm_sock_debugfs;
1da177e4 1103
90ddc4f0 1104static const struct proto_ops rfcomm_sock_ops = {
1da177e4
LT		 1105 .family = PF_BLUETOOTH,
1106 .owner = THIS_MODULE,
1107 .release = rfcomm_sock_release,
1108 .bind = rfcomm_sock_bind,
1109 .connect = rfcomm_sock_connect,
1110 .listen = rfcomm_sock_listen,
1111 .accept = rfcomm_sock_accept,
1112 .getname = rfcomm_sock_getname,
1113 .sendmsg = rfcomm_sock_sendmsg,
1114 .recvmsg = rfcomm_sock_recvmsg,
1115 .shutdown = rfcomm_sock_shutdown,
1116 .setsockopt = rfcomm_sock_setsockopt,
1117 .getsockopt = rfcomm_sock_getsockopt,
1118 .ioctl = rfcomm_sock_ioctl,
1119 .poll = bt_sock_poll,
1120 .socketpair = sock_no_socketpair,
1121 .mmap = sock_no_mmap
1122};
1123
ec1b4cf7 1124static const struct net_proto_family rfcomm_sock_family_ops = {
1da177e4
LT		 1125 .family = PF_BLUETOOTH,
1126 .owner = THIS_MODULE,
1127 .create = rfcomm_sock_create
1128};
1129
be9d1227 1130int __init rfcomm_init_sockets(void)
1da177e4
LT		 1131{
1132 int err;
1133
1134 err = proto_register(&rfcomm_proto, 0);
1135 if (err < 0)
1136 return err;
1137
1138 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1139 if (err < 0)
1140 goto error;
1141
aef7d97c
MH		 1142 if (bt_debugfs) {
1143 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1144 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1145 if (!rfcomm_sock_debugfs)
1146 BT_ERR("Failed to create RFCOMM debug file");
1147 }
1da177e4
LT		 1148
1149 BT_INFO("RFCOMM socket layer initialized");
1150
1151 return 0;
1152
1153error:
1154 BT_ERR("RFCOMM socket layer registration failed");
1155 proto_unregister(&rfcomm_proto);
1156 return err;
1157}
1158
2f8362af 1159void __exit rfcomm_cleanup_sockets(void)
1da177e4 1160{
aef7d97c 1161 debugfs_remove(rfcomm_sock_debugfs);
1da177e4
LT		 1162
1163 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1164 BT_ERR("RFCOMM socket layer unregistration failed");
1165
1166 proto_unregister(&rfcomm_proto);
1167}
Clone of davem's net-next-2.6 tree