1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 * 27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 33 #include <linux/types.h> 34 #include <linux/errno.h> 35 #include <linux/kernel.h> 36 #include <linux/sched.h> 37 #include <linux/slab.h> 38 #include <linux/poll.h> 39 #include <linux/fcntl.h> 40 #include <linux/init.h> 41 #include <linux/interrupt.h> 42 #include <linux/socket.h> 43 #include <linux/skbuff.h> 44 #include <linux/list.h> 45 #include <linux/proc_fs.h> 46 #include <linux/seq_file.h> 47 #include <net/sock.h> 48 49 #include <asm/system.h> 50 #include <asm/uaccess.h> 51 52 #include <net/bluetooth/bluetooth.h> 53 #include <net/bluetooth/hci_core.h> 54 #include <net/bluetooth/l2cap.h> 55 #include <net/bluetooth/rfcomm.h> 56 57 #ifndef CONFIG_BT_RFCOMM_DEBUG 58 #undef BT_DBG 59 #define BT_DBG(D...) 60 #endif 61 62 static struct proto_ops rfcomm_sock_ops; 63 64 static struct bt_sock_list rfcomm_sk_list = { 65 .lock = RW_LOCK_UNLOCKED 66 }; 67 68 static void rfcomm_sock_close(struct sock *sk); 69 static void rfcomm_sock_kill(struct sock *sk); 70 71 /* ---- DLC callbacks ---- 72 * 73 * called under rfcomm_dlc_lock() 74 */ 75 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 76 { 77 struct sock *sk = d->owner; 78 if (!sk) 79 return; 80 81 atomic_add(skb->len, &sk->sk_rmem_alloc); 82 skb_queue_tail(&sk->sk_receive_queue, skb); 83 sk->sk_data_ready(sk, skb->len); 84 85 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 86 rfcomm_dlc_throttle(d); 87 } 88 89 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 90 { 91 struct sock *sk = d->owner, *parent; 92 if (!sk) 93 return; 94 95 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 96 97 bh_lock_sock(sk); 98 99 if (err) 100 sk->sk_err = err; 101 102 sk->sk_state = d->state; 103 104 parent = bt_sk(sk)->parent; 105 if (parent) { 106 if (d->state == BT_CLOSED) { 107 sock_set_flag(sk, SOCK_ZAPPED); 108 bt_accept_unlink(sk); 109 } 110 parent->sk_data_ready(parent, 0); 111 } else { 112 if (d->state == BT_CONNECTED) 113 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 114 sk->sk_state_change(sk); 115 } 116 117 bh_unlock_sock(sk); 118 119 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 120 /* We have to drop DLC lock here, otherwise 121 * rfcomm_sock_destruct() will dead lock. */ 122 rfcomm_dlc_unlock(d); 123 rfcomm_sock_kill(sk); 124 rfcomm_dlc_lock(d); 125 } 126 } 127 128 /* ---- Socket functions ---- */ 129 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 130 { 131 struct sock *sk = NULL; 132 struct hlist_node *node; 133 134 sk_for_each(sk, node, &rfcomm_sk_list.head) { 135 if (rfcomm_pi(sk)->channel == channel && 136 !bacmp(&bt_sk(sk)->src, src)) 137 break; 138 } 139 140 return node ? sk : NULL; 141 } 142 143 /* Find socket with channel and source bdaddr. 144 * Returns closest match. 145 */ 146 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 147 { 148 struct sock *sk = NULL, *sk1 = NULL; 149 struct hlist_node *node; 150 151 sk_for_each(sk, node, &rfcomm_sk_list.head) { 152 if (state && sk->sk_state != state) 153 continue; 154 155 if (rfcomm_pi(sk)->channel == channel) { 156 /* Exact match. */ 157 if (!bacmp(&bt_sk(sk)->src, src)) 158 break; 159 160 /* Closest match */ 161 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 162 sk1 = sk; 163 } 164 } 165 return node ? sk : sk1; 166 } 167 168 /* Find socket with given address (channel, src). 169 * Returns locked socket */ 170 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 171 { 172 struct sock *s; 173 read_lock(&rfcomm_sk_list.lock); 174 s = __rfcomm_get_sock_by_channel(state, channel, src); 175 if (s) bh_lock_sock(s); 176 read_unlock(&rfcomm_sk_list.lock); 177 return s; 178 } 179 180 static void rfcomm_sock_destruct(struct sock *sk) 181 { 182 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 183 184 BT_DBG("sk %p dlc %p", sk, d); 185 186 skb_queue_purge(&sk->sk_receive_queue); 187 skb_queue_purge(&sk->sk_write_queue); 188 189 rfcomm_dlc_lock(d); 190 rfcomm_pi(sk)->dlc = NULL; 191 192 /* Detach DLC if it's owned by this socket */ 193 if (d->owner == sk) 194 d->owner = NULL; 195 rfcomm_dlc_unlock(d); 196 197 rfcomm_dlc_put(d); 198 } 199 200 static void rfcomm_sock_cleanup_listen(struct sock *parent) 201 { 202 struct sock *sk; 203 204 BT_DBG("parent %p", parent); 205 206 /* Close not yet accepted dlcs */ 207 while ((sk = bt_accept_dequeue(parent, NULL))) { 208 rfcomm_sock_close(sk); 209 rfcomm_sock_kill(sk); 210 } 211 212 parent->sk_state = BT_CLOSED; 213 sock_set_flag(parent, SOCK_ZAPPED); 214 } 215 216 /* Kill socket (only if zapped and orphan) 217 * Must be called on unlocked socket. 218 */ 219 static void rfcomm_sock_kill(struct sock *sk) 220 { 221 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 222 return; 223 224 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 225 226 /* Kill poor orphan */ 227 bt_sock_unlink(&rfcomm_sk_list, sk); 228 sock_set_flag(sk, SOCK_DEAD); 229 sock_put(sk); 230 } 231 232 static void __rfcomm_sock_close(struct sock *sk) 233 { 234 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 235 236 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 237 238 switch (sk->sk_state) { 239 case BT_LISTEN: 240 rfcomm_sock_cleanup_listen(sk); 241 break; 242 243 case BT_CONNECT: 244 case BT_CONNECT2: 245 case BT_CONFIG: 246 case BT_CONNECTED: 247 rfcomm_dlc_close(d, 0); 248 249 default: 250 sock_set_flag(sk, SOCK_ZAPPED); 251 break; 252 } 253 } 254 255 /* Close socket. 256 * Must be called on unlocked socket. 257 */ 258 static void rfcomm_sock_close(struct sock *sk) 259 { 260 lock_sock(sk); 261 __rfcomm_sock_close(sk); 262 release_sock(sk); 263 } 264 265 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 266 { 267 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 268 269 BT_DBG("sk %p", sk); 270 271 if (parent) { 272 sk->sk_type = parent->sk_type; 273 pi->link_mode = rfcomm_pi(parent)->link_mode; 274 } else { 275 pi->link_mode = 0; 276 } 277 278 pi->dlc->link_mode = pi->link_mode; 279 } 280 281 static struct proto rfcomm_proto = { 282 .name = "RFCOMM", 283 .owner = THIS_MODULE, 284 .obj_size = sizeof(struct rfcomm_pinfo) 285 }; 286 287 static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, int prio) 288 { 289 struct rfcomm_dlc *d; 290 struct sock *sk; 291 292 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 293 if (!sk) 294 return NULL; 295 296 sock_init_data(sock, sk); 297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 298 299 d = rfcomm_dlc_alloc(prio); 300 if (!d) { 301 sk_free(sk); 302 return NULL; 303 } 304 305 d->data_ready = rfcomm_sk_data_ready; 306 d->state_change = rfcomm_sk_state_change; 307 308 rfcomm_pi(sk)->dlc = d; 309 d->owner = sk; 310 311 sk->sk_destruct = rfcomm_sock_destruct; 312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 313 314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 316 317 sock_reset_flag(sk, SOCK_ZAPPED); 318 319 sk->sk_protocol = proto; 320 sk->sk_state = BT_OPEN; 321 322 bt_sock_link(&rfcomm_sk_list, sk); 323 324 BT_DBG("sk %p", sk); 325 return sk; 326 } 327 328 static int rfcomm_sock_create(struct socket *sock, int protocol) 329 { 330 struct sock *sk; 331 332 BT_DBG("sock %p", sock); 333 334 sock->state = SS_UNCONNECTED; 335 336 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 337 return -ESOCKTNOSUPPORT; 338 339 sock->ops = &rfcomm_sock_ops; 340 341 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL))) 342 return -ENOMEM; 343 344 rfcomm_sock_init(sk, NULL); 345 return 0; 346 } 347 348 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 349 { 350 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 351 struct sock *sk = sock->sk; 352 int err = 0; 353 354 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 355 356 if (!addr || addr->sa_family != AF_BLUETOOTH) 357 return -EINVAL; 358 359 lock_sock(sk); 360 361 if (sk->sk_state != BT_OPEN) { 362 err = -EBADFD; 363 goto done; 364 } 365 366 write_lock_bh(&rfcomm_sk_list.lock); 367 368 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 369 err = -EADDRINUSE; 370 } else { 371 /* Save source address */ 372 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 373 rfcomm_pi(sk)->channel = sa->rc_channel; 374 sk->sk_state = BT_BOUND; 375 } 376 377 write_unlock_bh(&rfcomm_sk_list.lock); 378 379 done: 380 release_sock(sk); 381 return err; 382 } 383 384 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 385 { 386 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 387 struct sock *sk = sock->sk; 388 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 389 int err = 0; 390 391 BT_DBG("sk %p", sk); 392 393 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 394 return -EINVAL; 395 396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 397 return -EBADFD; 398 399 if (sk->sk_type != SOCK_STREAM) 400 return -EINVAL; 401 402 lock_sock(sk); 403 404 sk->sk_state = BT_CONNECT; 405 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 406 rfcomm_pi(sk)->channel = sa->rc_channel; 407 408 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 409 if (!err) 410 err = bt_sock_wait_state(sk, BT_CONNECTED, 411 sock_sndtimeo(sk, flags & O_NONBLOCK)); 412 413 release_sock(sk); 414 return err; 415 } 416 417 static int rfcomm_sock_listen(struct socket *sock, int backlog) 418 { 419 struct sock *sk = sock->sk; 420 int err = 0; 421 422 BT_DBG("sk %p backlog %d", sk, backlog); 423 424 lock_sock(sk); 425 426 if (sk->sk_state != BT_BOUND) { 427 err = -EBADFD; 428 goto done; 429 } 430 431 if (!rfcomm_pi(sk)->channel) { 432 bdaddr_t *src = &bt_sk(sk)->src; 433 u8 channel; 434 435 err = -EINVAL; 436 437 write_lock_bh(&rfcomm_sk_list.lock); 438 439 for (channel = 1; channel < 31; channel++) 440 if (!__rfcomm_get_sock_by_addr(channel, src)) { 441 rfcomm_pi(sk)->channel = channel; 442 err = 0; 443 break; 444 } 445 446 write_unlock_bh(&rfcomm_sk_list.lock); 447 448 if (err < 0) 449 goto done; 450 } 451 452 sk->sk_max_ack_backlog = backlog; 453 sk->sk_ack_backlog = 0; 454 sk->sk_state = BT_LISTEN; 455 456 done: 457 release_sock(sk); 458 return err; 459 } 460 461 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 462 { 463 DECLARE_WAITQUEUE(wait, current); 464 struct sock *sk = sock->sk, *nsk; 465 long timeo; 466 int err = 0; 467 468 lock_sock(sk); 469 470 if (sk->sk_state != BT_LISTEN) { 471 err = -EBADFD; 472 goto done; 473 } 474 475 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 476 477 BT_DBG("sk %p timeo %ld", sk, timeo); 478 479 /* Wait for an incoming connection. (wake-one). */ 480 add_wait_queue_exclusive(sk->sk_sleep, &wait); 481 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 482 set_current_state(TASK_INTERRUPTIBLE); 483 if (!timeo) { 484 err = -EAGAIN; 485 break; 486 } 487 488 release_sock(sk); 489 timeo = schedule_timeout(timeo); 490 lock_sock(sk); 491 492 if (sk->sk_state != BT_LISTEN) { 493 err = -EBADFD; 494 break; 495 } 496 497 if (signal_pending(current)) { 498 err = sock_intr_errno(timeo); 499 break; 500 } 501 } 502 set_current_state(TASK_RUNNING); 503 remove_wait_queue(sk->sk_sleep, &wait); 504 505 if (err) 506 goto done; 507 508 newsock->state = SS_CONNECTED; 509 510 BT_DBG("new socket %p", nsk); 511 512 done: 513 release_sock(sk); 514 return err; 515 } 516 517 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 518 { 519 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 520 struct sock *sk = sock->sk; 521 522 BT_DBG("sock %p, sk %p", sock, sk); 523 524 sa->rc_family = AF_BLUETOOTH; 525 sa->rc_channel = rfcomm_pi(sk)->channel; 526 if (peer) 527 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 528 else 529 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 530 531 *len = sizeof(struct sockaddr_rc); 532 return 0; 533 } 534 535 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 536 struct msghdr *msg, size_t len) 537 { 538 struct sock *sk = sock->sk; 539 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 540 struct sk_buff *skb; 541 int err; 542 int sent = 0; 543 544 if (msg->msg_flags & MSG_OOB) 545 return -EOPNOTSUPP; 546 547 if (sk->sk_shutdown & SEND_SHUTDOWN) 548 return -EPIPE; 549 550 BT_DBG("sock %p, sk %p", sock, sk); 551 552 lock_sock(sk); 553 554 while (len) { 555 size_t size = min_t(size_t, len, d->mtu); 556 557 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 558 msg->msg_flags & MSG_DONTWAIT, &err); 559 if (!skb) 560 break; 561 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 562 563 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 564 if (err) { 565 kfree_skb(skb); 566 sent = err; 567 break; 568 } 569 570 err = rfcomm_dlc_send(d, skb); 571 if (err < 0) { 572 kfree_skb(skb); 573 break; 574 } 575 576 sent += size; 577 len -= size; 578 } 579 580 release_sock(sk); 581 582 return sent ? sent : err; 583 } 584 585 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 586 { 587 DECLARE_WAITQUEUE(wait, current); 588 589 add_wait_queue(sk->sk_sleep, &wait); 590 for (;;) { 591 set_current_state(TASK_INTERRUPTIBLE); 592 593 if (skb_queue_len(&sk->sk_receive_queue) || sk->sk_err || (sk->sk_shutdown & RCV_SHUTDOWN) || 594 signal_pending(current) || !timeo) 595 break; 596 597 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 598 release_sock(sk); 599 timeo = schedule_timeout(timeo); 600 lock_sock(sk); 601 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 602 } 603 604 __set_current_state(TASK_RUNNING); 605 remove_wait_queue(sk->sk_sleep, &wait); 606 return timeo; 607 } 608 609 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 610 struct msghdr *msg, size_t size, int flags) 611 { 612 struct sock *sk = sock->sk; 613 int err = 0; 614 size_t target, copied = 0; 615 long timeo; 616 617 if (flags & MSG_OOB) 618 return -EOPNOTSUPP; 619 620 msg->msg_namelen = 0; 621 622 BT_DBG("sk %p size %d", sk, size); 623 624 lock_sock(sk); 625 626 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 627 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 628 629 do { 630 struct sk_buff *skb; 631 int chunk; 632 633 skb = skb_dequeue(&sk->sk_receive_queue); 634 if (!skb) { 635 if (copied >= target) 636 break; 637 638 if ((err = sock_error(sk)) != 0) 639 break; 640 if (sk->sk_shutdown & RCV_SHUTDOWN) 641 break; 642 643 err = -EAGAIN; 644 if (!timeo) 645 break; 646 647 timeo = rfcomm_sock_data_wait(sk, timeo); 648 649 if (signal_pending(current)) { 650 err = sock_intr_errno(timeo); 651 goto out; 652 } 653 continue; 654 } 655 656 chunk = min_t(unsigned int, skb->len, size); 657 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 658 skb_queue_head(&sk->sk_receive_queue, skb); 659 if (!copied) 660 copied = -EFAULT; 661 break; 662 } 663 copied += chunk; 664 size -= chunk; 665 666 if (!(flags & MSG_PEEK)) { 667 atomic_sub(chunk, &sk->sk_rmem_alloc); 668 669 skb_pull(skb, chunk); 670 if (skb->len) { 671 skb_queue_head(&sk->sk_receive_queue, skb); 672 break; 673 } 674 kfree_skb(skb); 675 676 } else { 677 /* put message back and return */ 678 skb_queue_head(&sk->sk_receive_queue, skb); 679 break; 680 } 681 } while (size); 682 683 out: 684 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 685 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 686 687 release_sock(sk); 688 return copied ? : err; 689 } 690 691 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 692 { 693 struct sock *sk = sock->sk; 694 int err = 0; 695 u32 opt; 696 697 BT_DBG("sk %p", sk); 698 699 lock_sock(sk); 700 701 switch (optname) { 702 case RFCOMM_LM: 703 if (get_user(opt, (u32 __user *) optval)) { 704 err = -EFAULT; 705 break; 706 } 707 708 rfcomm_pi(sk)->link_mode = opt; 709 break; 710 711 default: 712 err = -ENOPROTOOPT; 713 break; 714 } 715 716 release_sock(sk); 717 return err; 718 } 719 720 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 721 { 722 struct sock *sk = sock->sk; 723 struct sock *l2cap_sk; 724 struct rfcomm_conninfo cinfo; 725 int len, err = 0; 726 727 BT_DBG("sk %p", sk); 728 729 if (get_user(len, optlen)) 730 return -EFAULT; 731 732 lock_sock(sk); 733 734 switch (optname) { 735 case RFCOMM_LM: 736 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 737 err = -EFAULT; 738 break; 739 740 case RFCOMM_CONNINFO: 741 if (sk->sk_state != BT_CONNECTED) { 742 err = -ENOTCONN; 743 break; 744 } 745 746 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 747 748 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 749 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 750 751 len = min_t(unsigned int, len, sizeof(cinfo)); 752 if (copy_to_user(optval, (char *) &cinfo, len)) 753 err = -EFAULT; 754 755 break; 756 757 default: 758 err = -ENOPROTOOPT; 759 break; 760 } 761 762 release_sock(sk); 763 return err; 764 } 765 766 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 767 { 768 struct sock *sk = sock->sk; 769 int err; 770 771 lock_sock(sk); 772 773 #ifdef CONFIG_BT_RFCOMM_TTY 774 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 775 #else 776 err = -EOPNOTSUPP; 777 #endif 778 779 release_sock(sk); 780 return err; 781 } 782 783 static int rfcomm_sock_shutdown(struct socket *sock, int how) 784 { 785 struct sock *sk = sock->sk; 786 int err = 0; 787 788 BT_DBG("sock %p, sk %p", sock, sk); 789 790 if (!sk) return 0; 791 792 lock_sock(sk); 793 if (!sk->sk_shutdown) { 794 sk->sk_shutdown = SHUTDOWN_MASK; 795 __rfcomm_sock_close(sk); 796 797 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 798 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 799 } 800 release_sock(sk); 801 return err; 802 } 803 804 static int rfcomm_sock_release(struct socket *sock) 805 { 806 struct sock *sk = sock->sk; 807 int err; 808 809 BT_DBG("sock %p, sk %p", sock, sk); 810 811 if (!sk) 812 return 0; 813 814 err = rfcomm_sock_shutdown(sock, 2); 815 816 sock_orphan(sk); 817 rfcomm_sock_kill(sk); 818 return err; 819 } 820 821 /* ---- RFCOMM core layer callbacks ---- 822 * 823 * called under rfcomm_lock() 824 */ 825 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 826 { 827 struct sock *sk, *parent; 828 bdaddr_t src, dst; 829 int result = 0; 830 831 BT_DBG("session %p channel %d", s, channel); 832 833 rfcomm_session_getaddr(s, &src, &dst); 834 835 /* Check if we have socket listening on channel */ 836 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 837 if (!parent) 838 return 0; 839 840 /* Check for backlog size */ 841 if (sk_acceptq_is_full(parent)) { 842 BT_DBG("backlog full %d", parent->sk_ack_backlog); 843 goto done; 844 } 845 846 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 847 if (!sk) 848 goto done; 849 850 rfcomm_sock_init(sk, parent); 851 bacpy(&bt_sk(sk)->src, &src); 852 bacpy(&bt_sk(sk)->dst, &dst); 853 rfcomm_pi(sk)->channel = channel; 854 855 sk->sk_state = BT_CONFIG; 856 bt_accept_enqueue(parent, sk); 857 858 /* Accept connection and return socket DLC */ 859 *d = rfcomm_pi(sk)->dlc; 860 result = 1; 861 862 done: 863 bh_unlock_sock(parent); 864 return result; 865 } 866 867 /* ---- Proc fs support ---- */ 868 #ifdef CONFIG_PROC_FS 869 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos) 870 { 871 struct sock *sk; 872 struct hlist_node *node; 873 loff_t l = *pos; 874 875 read_lock_bh(&rfcomm_sk_list.lock); 876 877 sk_for_each(sk, node, &rfcomm_sk_list.head) 878 if (!l--) 879 return sk; 880 return NULL; 881 } 882 883 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos) 884 { 885 struct sock *sk = e; 886 (*pos)++; 887 return sk_next(sk); 888 } 889 890 static void rfcomm_seq_stop(struct seq_file *seq, void *e) 891 { 892 read_unlock_bh(&rfcomm_sk_list.lock); 893 } 894 895 static int rfcomm_seq_show(struct seq_file *seq, void *e) 896 { 897 struct sock *sk = e; 898 seq_printf(seq, "%s %s %d %d\n", 899 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 900 sk->sk_state, rfcomm_pi(sk)->channel); 901 return 0; 902 } 903 904 static struct seq_operations rfcomm_seq_ops = { 905 .start = rfcomm_seq_start, 906 .next = rfcomm_seq_next, 907 .stop = rfcomm_seq_stop, 908 .show = rfcomm_seq_show 909 }; 910 911 static int rfcomm_seq_open(struct inode *inode, struct file *file) 912 { 913 return seq_open(file, &rfcomm_seq_ops); 914 } 915 916 static struct file_operations rfcomm_seq_fops = { 917 .owner = THIS_MODULE, 918 .open = rfcomm_seq_open, 919 .read = seq_read, 920 .llseek = seq_lseek, 921 .release = seq_release, 922 }; 923 924 static int __init rfcomm_sock_proc_init(void) 925 { 926 struct proc_dir_entry *p = create_proc_entry("sock", S_IRUGO, proc_bt_rfcomm); 927 if (!p) 928 return -ENOMEM; 929 p->proc_fops = &rfcomm_seq_fops; 930 return 0; 931 } 932 933 static void __exit rfcomm_sock_proc_cleanup(void) 934 { 935 remove_proc_entry("sock", proc_bt_rfcomm); 936 } 937 938 #else /* CONFIG_PROC_FS */ 939 940 static int __init rfcomm_sock_proc_init(void) 941 { 942 return 0; 943 } 944 945 static void __exit rfcomm_sock_proc_cleanup(void) 946 { 947 return; 948 } 949 #endif /* CONFIG_PROC_FS */ 950 951 static struct proto_ops rfcomm_sock_ops = { 952 .family = PF_BLUETOOTH, 953 .owner = THIS_MODULE, 954 .release = rfcomm_sock_release, 955 .bind = rfcomm_sock_bind, 956 .connect = rfcomm_sock_connect, 957 .listen = rfcomm_sock_listen, 958 .accept = rfcomm_sock_accept, 959 .getname = rfcomm_sock_getname, 960 .sendmsg = rfcomm_sock_sendmsg, 961 .recvmsg = rfcomm_sock_recvmsg, 962 .shutdown = rfcomm_sock_shutdown, 963 .setsockopt = rfcomm_sock_setsockopt, 964 .getsockopt = rfcomm_sock_getsockopt, 965 .ioctl = rfcomm_sock_ioctl, 966 .poll = bt_sock_poll, 967 .socketpair = sock_no_socketpair, 968 .mmap = sock_no_mmap 969 }; 970 971 static struct net_proto_family rfcomm_sock_family_ops = { 972 .family = PF_BLUETOOTH, 973 .owner = THIS_MODULE, 974 .create = rfcomm_sock_create 975 }; 976 977 int __init rfcomm_init_sockets(void) 978 { 979 int err; 980 981 err = proto_register(&rfcomm_proto, 0); 982 if (err < 0) 983 return err; 984 985 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 986 if (err < 0) 987 goto error; 988 989 rfcomm_sock_proc_init(); 990 991 BT_INFO("RFCOMM socket layer initialized"); 992 993 return 0; 994 995 error: 996 BT_ERR("RFCOMM socket layer registration failed"); 997 proto_unregister(&rfcomm_proto); 998 return err; 999 } 1000 1001 void __exit rfcomm_cleanup_sockets(void) 1002 { 1003 rfcomm_sock_proc_cleanup(); 1004 1005 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1006 BT_ERR("RFCOMM socket layer unregistration failed"); 1007 1008 proto_unregister(&rfcomm_proto); 1009 } 1010